package com.android.server.backup.encryption.keys;

import android.content.Context;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.LockScreenRequiredException;
import android.security.keystore.recovery.RecoveryController;
import android.util.ByteStringUtils;
import com.android.internal.annotations.VisibleForTesting;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Optional;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKeyManager.class */
public class RecoverableKeyStoreSecondaryKeyManager {
    private static final String BACKUP_KEY_ALIAS_PREFIX = "com.android.server.backup/recoverablekeystore/";
    private static final int BACKUP_KEY_SUFFIX_LENGTH_BITS = 128;
    private static final int BITS_PER_BYTE = 8;
    private final RecoveryController mRecoveryController;
    private final SecureRandom mSecureRandom;

    /* loaded from: input_file:com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKeyManager$RecoverableKeyStoreSecondaryKeyManagerProvider.class */
    public interface RecoverableKeyStoreSecondaryKeyManagerProvider {
        RecoverableKeyStoreSecondaryKeyManager get();
    }

    public static RecoverableKeyStoreSecondaryKeyManager getInstance(Context context) {
        return new RecoverableKeyStoreSecondaryKeyManager(RecoveryController.getInstance(context), new SecureRandom());
    }

    @VisibleForTesting
    public RecoverableKeyStoreSecondaryKeyManager(RecoveryController recoveryController, SecureRandom secureRandom) {
        this.mRecoveryController = recoveryController;
        this.mSecureRandom = secureRandom;
    }

    public RecoverableKeyStoreSecondaryKey generate() throws InternalRecoveryServiceException, LockScreenRequiredException, UnrecoverableKeyException {
        String generateId = generateId();
        this.mRecoveryController.generateKey(generateId);
        SecretKey secretKey = (SecretKey) this.mRecoveryController.getKey(generateId);
        if (secretKey == null) {
            throw new InternalRecoveryServiceException(String.format("Generated key %s but could not get it back immediately afterwards.", generateId));
        }
        return new RecoverableKeyStoreSecondaryKey(generateId, secretKey);
    }

    public void remove(String str) throws InternalRecoveryServiceException {
        this.mRecoveryController.removeKey(str);
    }

    public Optional<RecoverableKeyStoreSecondaryKey> get(String str) throws InternalRecoveryServiceException, UnrecoverableKeyException {
        return Optional.ofNullable((SecretKey) this.mRecoveryController.getKey(str)).map(secretKey -> {
            return new RecoverableKeyStoreSecondaryKey(str, secretKey);
        });
    }

    private String generateId() {
        byte[] bArr = new byte[16];
        this.mSecureRandom.nextBytes(bArr);
        return BACKUP_KEY_ALIAS_PREFIX + ByteStringUtils.toHexString(bArr);
    }
}
