package e.g.b.t.g;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;

/* compiled from: OfflineKeyManagerV2.java */
/* loaded from: classes2.dex */
public final class g extends f {

    /* renamed from: d, reason: collision with root package name */
    public Context f11289d = null;

    /* renamed from: e, reason: collision with root package name */
    public SecretKey f11290e = null;

    /* renamed from: f, reason: collision with root package name */
    public Object f11291f = new Object();

    /* renamed from: h, reason: collision with root package name */
    public KeyPair f11293h = null;

    /* renamed from: g, reason: collision with root package name */
    public final SecureRandom f11292g = new SecureRandom();

    @TargetApi(18)
    public final synchronized KeyPair a() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateException, IOException, UnrecoverableEntryException {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias("MsipKeysRootCert")) {
            e.g.b.q.e.b("OfflineKeyManagerV2", "KeyStore alias is available");
        } else {
            e.g.b.q.e.b("OfflineKeyManagerV2", "KeyStore alias is not available");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            String format = String.format("CN=%s, OU=%s", "MsipKeysRootCert", this.f11289d.getPackageName());
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f11289d).setAlias("MsipKeysRootCert").setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            e.g.b.q.e.b("OfflineKeyManagerV2", "Key entry is generated for cert " + format);
        }
        e.g.b.q.e.b("OfflineKeyManagerV2", "Reading Key entry");
        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("MsipKeysRootCert", null);
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    public final void a(Cipher cipher) throws GeneralSecurityException {
        Context context = this.f11289d;
        e.g.b.q.e.b("OfflineKeyManager", "#isOfflineKeyStoragePreferenceUsed");
        if (context.getSharedPreferences("SHARED_PREFS_NAME", 0).contains("BASE_KEY_NAME")) {
            e.g.b.q.e.b("OfflineKeyManagerV2", "#checkAndUpdateKeyManagementToCurrentVersion");
            this.f11290e = new SecretKeySpec(super.a(this.f11289d), "AES");
            b(cipher);
            Context context2 = this.f11289d;
            e.g.b.q.e.b("OfflineKeyManager", "removing shared preference key-value for offlineKey");
            SharedPreferences sharedPreferences = context2.getSharedPreferences("SHARED_PREFS_NAME", 0);
            if (sharedPreferences.contains("BASE_KEY_NAME")) {
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.remove("BASE_KEY_NAME");
                if (edit.commit()) {
                    return;
                }
                e.g.b.q.e.a("OfflineKeyManager", "Unable to remove BASE_KEY_NAME");
                throw new GeneralSecurityException("Unable to remove BASE_KEY_NAME");
            }
        }
    }

    @Override // e.g.b.t.g.f
    public byte[] a(Context context) throws GeneralSecurityException {
        e.g.b.q.e.b("OfflineKeyManagerV2", "#retrieveOfflineKey");
        this.f11289d = context;
        SecretKey secretKey = this.f11290e;
        return secretKey != null ? secretKey.getEncoded() : b(context);
    }

    public final void b(Cipher cipher) throws GeneralSecurityException {
        e.g.b.q.e.b("OfflineKeyManagerV2", "#saveOfflineKey");
        Assert.assertNotNull(this.f11290e);
        cipher.init(3, this.f11293h.getPublic());
        String encodeToString = Base64.encodeToString(cipher.wrap(this.f11290e), 0);
        SharedPreferences.Editor edit = this.f11289d.getSharedPreferences("SHARED_PREFS_NAME", 0).edit();
        edit.putString("BASE_KEY_NAME_V2", encodeToString);
        if (edit.commit()) {
            return;
        }
        e.g.b.q.e.a("OfflineKeyManagerV2", "Unable to save key BASE_KEY_NAME_V2");
        throw new GeneralSecurityException("Unable to save key BASE_KEY_NAME_V2");
    }

    public final byte[] b(Context context) throws GeneralSecurityException {
        synchronized (this.f11291f) {
            this.f11289d = context;
            if (this.f11290e != null) {
                return this.f11290e.getEncoded();
            }
            try {
                if (this.f11293h == null) {
                    this.f11293h = a();
                }
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                a(cipher);
                String string = this.f11289d.getSharedPreferences("SHARED_PREFS_NAME", 0).getString("BASE_KEY_NAME_V2", null);
                if (string == null) {
                    e.g.b.q.e.b("OfflineKeyManagerV2", "#generateSecretKey");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                    keyGenerator.init(256, this.f11292g);
                    this.f11290e = keyGenerator.generateKey();
                    b(cipher);
                } else {
                    byte[] decode = Base64.decode(string, 0);
                    cipher.init(4, this.f11293h.getPrivate());
                    this.f11290e = (SecretKey) cipher.unwrap(decode, "AES", 3);
                }
                return this.f11290e.getEncoded();
            } catch (IOException e2) {
                e.g.b.q.e.a("OfflineKeyManagerV2", e2, "IOException during loading keypair from Android KeyStore");
                throw new GeneralSecurityException("IOException during loading keypair from Android KeyStore. " + e2.getMessage());
            }
        }
    }
}
