package fi.richie.maggio.library.login.oauth2;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import androidx.fragment.app.Fragment$$ExternalSyntheticOutline0;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.fasterxml.jackson.databind.util.ArrayBuilders;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.aead.AesCtrKeyManager;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.daead.DeterministicAeadConfig;
import com.google.crypto.tink.daead.DeterministicAeadWrapper;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import fi.richie.common.Log;
import fi.richie.maggio.library.io.model.OAuth2Config;
import io.sentry.Dsn;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyGenerator;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class OAuth2LoginManagerKt {
    private static final long EXPIRATION_THRESHOLD = 60000;
    private static final String EXPIRATION_TIME_KEY = "OAuth2LoginManager.ExpiresIn";

    public static final SharedPreferences createEncryptedPrefs(Context context, String str) {
        Dsn keysetHandle;
        Dsn keysetHandle2;
        context.getApplicationContext();
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("_androidx_security_master_key_", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
        if (build == null) {
            throw new NullPointerException("KeyGenParameterSpec was null after build() check");
        }
        Object obj = MasterKeys.sLock;
        if (build.getKeySize() != 256) {
            throw new IllegalArgumentException("invalid key size, want 256 bits got " + build.getKeySize() + " bits");
        }
        if (!Arrays.equals(build.getBlockModes(), new String[]{"GCM"})) {
            throw new IllegalArgumentException("invalid block mode, want GCM got " + Arrays.toString(build.getBlockModes()));
        }
        if (build.getPurposes() != 3) {
            throw new IllegalArgumentException("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got " + build.getPurposes());
        }
        if (!Arrays.equals(build.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            throw new IllegalArgumentException("invalid padding mode, want NoPadding got " + Arrays.toString(build.getEncryptionPaddings()));
        }
        if (build.isUserAuthenticationRequired() && build.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
        }
        synchronized (MasterKeys.sLock) {
            String keystoreAlias = build.getKeystoreAlias();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(keystoreAlias)) {
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(build);
                    keyGenerator.generateKey();
                } catch (ProviderException e) {
                    throw new GeneralSecurityException(e.getMessage(), e);
                }
            }
        }
        String keystoreAlias2 = build.getKeystoreAlias();
        int i = DeterministicAeadConfig.$r8$clinit;
        Registry.registerPrimitiveWrapper(DeterministicAeadWrapper.WRAPPER);
        if (!TinkFipsUtil.isRestrictedToFips.get()) {
            Registry.registerKeyManager(new AesCtrKeyManager(9), true);
        }
        AeadConfig.register();
        Context applicationContext = context.getApplicationContext();
        ArrayBuilders arrayBuilders = new ArrayBuilders();
        arrayBuilders._floatBuilder = Key.get("AES256_SIV");
        if (applicationContext == null) {
            throw new IllegalArgumentException("need an Android context");
        }
        arrayBuilders._booleanBuilder = applicationContext;
        arrayBuilders._byteBuilder = "__androidx_security_crypto_encrypted_prefs_key_keyset__";
        arrayBuilders._shortBuilder = str;
        String m$1 = Fragment$$ExternalSyntheticOutline0.m$1("android-keystore://", keystoreAlias2);
        if (!m$1.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        arrayBuilders._intBuilder = m$1;
        AndroidKeysetManager build2 = arrayBuilders.build();
        synchronized (build2) {
            keysetHandle = build2.keysetManager.getKeysetHandle();
        }
        ArrayBuilders arrayBuilders2 = new ArrayBuilders();
        arrayBuilders2._floatBuilder = Key.get("AES256_GCM");
        arrayBuilders2._booleanBuilder = applicationContext;
        arrayBuilders2._byteBuilder = "__androidx_security_crypto_encrypted_prefs_value_keyset__";
        arrayBuilders2._shortBuilder = str;
        String m$12 = Fragment$$ExternalSyntheticOutline0.m$1("android-keystore://", keystoreAlias2);
        if (!m$12.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        arrayBuilders2._intBuilder = m$12;
        AndroidKeysetManager build3 = arrayBuilders2.build();
        synchronized (build3) {
            keysetHandle2 = build3.keysetManager.getKeysetHandle();
        }
        return new EncryptedSharedPreferences(str, applicationContext.getSharedPreferences(str, 0), (Aead) keysetHandle2.getPrimitive(Aead.class), (DeterministicAead) keysetHandle.getPrimitive(DeterministicAead.class));
    }

    private static final Object walkIndexed(JSONObject jSONObject, int i, List<? extends OAuth2Config.UsernamePathElement> list) {
        JSONArray optJSONArray = jSONObject.optJSONArray(String.valueOf(i));
        if (optJSONArray == null) {
            Log.warn("Trying to access index " + i + " in a non-array value");
            return null;
        }
        if (optJSONArray.length() > i) {
            Object obj = optJSONArray.get(i);
            Intrinsics.checkNotNull(obj, "null cannot be cast to non-null type org.json.JSONObject");
            return walkObject((JSONObject) obj, list);
        }
        Log.warn("Invalid index " + i + " for a " + optJSONArray.length() + " element array");
        return null;
    }

    private static final Object walkKeyed(JSONObject jSONObject, String str, List<? extends OAuth2Config.UsernamePathElement> list) {
        if (jSONObject.has(str)) {
            Object obj = jSONObject.get(str);
            return !(obj instanceof JSONObject) ? obj : walkObject((JSONObject) obj, list);
        }
        Log.warn("Trying to access key " + str + " in a non-object value");
        return null;
    }

    public static final Object walkObject(JSONObject jSONObject, List<? extends OAuth2Config.UsernamePathElement> list) {
        if (list.isEmpty()) {
            return jSONObject;
        }
        OAuth2Config.UsernamePathElement usernamePathElement = (OAuth2Config.UsernamePathElement) CollectionsKt.first(list);
        List drop = CollectionsKt.drop(list, 1);
        if (usernamePathElement instanceof OAuth2Config.UsernamePathElement.Index) {
            return walkIndexed(jSONObject, ((OAuth2Config.UsernamePathElement.Index) usernamePathElement).getIndex(), drop);
        }
        if (usernamePathElement instanceof OAuth2Config.UsernamePathElement.Key) {
            return walkKeyed(jSONObject, ((OAuth2Config.UsernamePathElement.Key) usernamePathElement).getKey(), drop);
        }
        throw new RuntimeException();
    }
}
