package com.google.android.apps.wallet.instruments;

import android.content.Context;
import android.os.Build;
import android.os.SystemClock;
import com.google.android.apps.wallet.WalletApplication;
import com.google.android.apps.wallet.datamanager.BillingKeysProtoManager;
import com.google.android.apps.wallet.instruments.EncryptionService;
import com.google.android.apps.wallet.security.WalletSecurityProvider;
import com.google.common.base.Charsets;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import java.security.Security;
import java.util.concurrent.TimeUnit;
import org.keyczar.DefaultKeyType;
import org.keyczar.Encrypter;
import org.keyczar.KeyMetadata;
import org.keyczar.KeyVersion;
import org.keyczar.SignedSessionEncrypter;
import org.keyczar.Signer;
import org.keyczar.enums.KeyPurpose;
import org.keyczar.enums.KeyStatus;
import org.keyczar.exceptions.KeyczarException;
import org.keyczar.interfaces.KeyType;
import org.keyczar.interfaces.KeyczarReader;
import org.keyczar.util.Base64Coder;

/* loaded from: classes.dex */
public class KeyczarEncryptionService implements EncryptionService {
    private final BillingKeysProtoManager mBillingKeysProtoManager;
    private int mKeyHash;
    private Encrypter mRsaEncrypter;
    private Signer mSigner;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class JsonLiteralKeyczarReader implements KeyczarReader {
        private final KeyMetadata mKeyMetadata;
        private final String mRawKey;

        JsonLiteralKeyczarReader(KeyPurpose keyPurpose, KeyType keyType, String str) {
            this.mRawKey = str;
            this.mKeyMetadata = new KeyMetadata("", keyPurpose, keyType);
            this.mKeyMetadata.addVersion(new KeyVersion(1, KeyStatus.PRIMARY, false));
        }

        @Override // org.keyczar.interfaces.KeyczarReader
        public String getKey(int i) throws KeyczarException {
            return this.mRawKey;
        }

        @Override // org.keyczar.interfaces.KeyczarReader
        public String getMetadata() throws KeyczarException {
            return this.mKeyMetadata.toString();
        }
    }

    /* loaded from: classes.dex */
    private static class KeyczarEncryptionSession implements EncryptionService.EncryptionSession {
        private final SignedSessionEncrypter mSessionEncrypter;
        private final String mSessionMaterial;

        KeyczarEncryptionSession(SignedSessionEncrypter signedSessionEncrypter) throws KeyczarException {
            this.mSessionEncrypter = signedSessionEncrypter;
            this.mSessionMaterial = this.mSessionEncrypter.newSession();
        }

        @Override // com.google.android.apps.wallet.instruments.EncryptionService.EncryptionSession
        public String encrypt(String str) {
            Preconditions.checkNotNull(str);
            try {
                return Base64Coder.encode(this.mSessionEncrypter.encrypt(str.getBytes(Charsets.UTF_8)));
            } catch (KeyczarException e) {
                throw Throwables.propagate(e);
            }
        }

        @Override // com.google.android.apps.wallet.instruments.EncryptionService.EncryptionSession
        public String getSessionMaterial() {
            return this.mSessionMaterial;
        }
    }

    KeyczarEncryptionService(BillingKeysProtoManager billingKeysProtoManager) {
        this.mBillingKeysProtoManager = billingKeysProtoManager;
    }

    private void createEncrypterAndSigner(String str, String str2, int i, int i2) throws KeyczarException {
        try {
            JsonLiteralKeyczarReader jsonLiteralKeyczarReader = new JsonLiteralKeyczarReader(KeyPurpose.ENCRYPT, DefaultKeyType.RSA_PUB, str);
            JsonLiteralKeyczarReader jsonLiteralKeyczarReader2 = new JsonLiteralKeyczarReader(KeyPurpose.SIGN_AND_VERIFY, DefaultKeyType.DSA_PRIV, str2);
            this.mRsaEncrypter = new Encrypter(jsonLiteralKeyczarReader);
            this.mSigner = new Signer(jsonLiteralKeyczarReader2);
            this.mKeyHash = i;
        } catch (NullPointerException e) {
            throw new RuntimeException("NullPointerException with currentRsaKey: " + str, e);
        } catch (KeyczarException e2) {
            if (i2 <= 0) {
                throw e2;
            }
            SystemClock.sleep(TimeUnit.SECONDS.toMillis(5L));
            createEncrypterAndSigner(str, str2, i, i2 - 1);
        }
    }

    private boolean encrypterOrSignerNull() {
        return this.mRsaEncrypter == null || this.mSigner == null;
    }

    public static EncryptionService injectInstance(Context context) {
        return new KeyczarEncryptionService(WalletApplication.getWalletInjector().getBillingKeysProtoManager(context));
    }

    private void maybeLoadAsymmetricKeys() throws KeyczarException {
        String rsaPublicKey = this.mBillingKeysProtoManager.getRsaPublicKey();
        String dsaPrivateKey = this.mBillingKeysProtoManager.getDsaPrivateKey();
        int hashCode = Objects.hashCode(rsaPublicKey, dsaPrivateKey);
        if (Strings.isNullOrEmpty(rsaPublicKey)) {
            throw new RuntimeException("intentionally uncaught exception to help debug issue 6371092");
        }
        if (encrypterOrSignerNull() || hashCode != this.mKeyHash) {
            createEncrypterAndSigner(rsaPublicKey, dsaPrivateKey, hashCode, 3);
        }
    }

    private SignedSessionEncrypter newSessionEncrypter() {
        return new SignedSessionEncrypter(this.mRsaEncrypter, this.mSigner);
    }

    @Override // com.google.android.apps.wallet.instruments.EncryptionService
    public synchronized EncryptionService.EncryptionSession newSession() {
        if (Build.VERSION.SDK_INT < 11) {
            Security.insertProviderAt(new WalletSecurityProvider(), 1);
        }
        try {
            maybeLoadAsymmetricKeys();
        } catch (KeyczarException e) {
            throw Throwables.propagate(e);
        }
        return new KeyczarEncryptionSession(newSessionEncrypter());
    }
}
