package com.google.android.gms.auth.c;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Log;
import com.google.android.gms.auth.a.j;
import com.google.android.gms.common.net.SSLCertificateSocketFactory;
import com.google.android.gms.common.util.al;
import com.google.android.gms.common.util.m;
import com.google.android.gms.http.GoogleHttpClient;
import com.google.android.gms.org.conscrypt.OpenSSLProvider;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static Object f6729a = new Object();

    /* renamed from: b, reason: collision with root package name */
    private static volatile a f6730b;

    /* renamed from: c, reason: collision with root package name */
    private static volatile j f6731c;

    /* renamed from: d, reason: collision with root package name */
    private static volatile PrivateKey f6732d;

    /* renamed from: e, reason: collision with root package name */
    private static volatile PublicKey f6733e;

    /* renamed from: f, reason: collision with root package name */
    private static volatile byte[] f6734f;

    /* renamed from: g, reason: collision with root package name */
    private static volatile PublicKey f6735g;

    private a() {
    }

    public static a a() {
        synchronized (f6729a) {
            if (f6730b == null) {
                f6730b = new a();
            }
        }
        return f6730b;
    }

    @TargetApi(19)
    public final PublicKey a(Context context, GoogleHttpClient googleHttpClient) {
        Log.i("GLSUser", "[ ChannelManager ] Attempting to channel bind connection HttpClient.");
        boolean z = ((Long) com.google.android.gms.auth.b.a.j.c()).longValue() <= 6585000;
        boolean z2 = ((Integer) com.google.android.gms.auth.b.a.k.c()).intValue() <= Build.VERSION.SDK_INT;
        if (!z || !z2 || !al.a(19)) {
            Log.i("GLSUser", "[ ChannelManager ] Skip channel binding on pre-KLP devices.");
            return null;
        }
        try {
            synchronized (f6729a) {
                if (f6732d == null) {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
                    if (privateKeyEntry == null) {
                        GregorianCalendar gregorianCalendar = new GregorianCalendar();
                        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                        gregorianCalendar2.add(1, 100);
                        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("rsa.channel.wrapper").setSubject(new X500Principal("CN=rsa.channel.wrapper")).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).setKeyType("RSA").build();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        if (keyPairGenerator.generateKeyPair() == null) {
                            throw new IOException("Unable to generate RSA key in AndroidKeyStore!");
                        }
                        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
                        if (privateKeyEntry == null) {
                            throw new IOException("Unable to retrieve newly create RSA key from AndroidKeyStore!");
                        }
                    }
                    f6732d = privateKeyEntry.getPrivateKey();
                    f6733e = privateKeyEntry.getCertificate().getPublicKey();
                }
                if (f6731c == null) {
                    f6731c = new j(new File(context.getFilesDir(), "auth.channel.store.properties"));
                }
                String a2 = f6731c.a("wrapped_private_channel_key_b64");
                String a3 = f6731c.a("public_channel_key_b64");
                if (a2 == null || a3 == null) {
                    Log.i("GLSUser", "[ ChannelManager ] Initializing channel key");
                    f6731c.c();
                    f6731c.b();
                    ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("secp256r1");
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("EC", "BC");
                    keyPairGenerator2.initialize(eCGenParameterSpec, new SecureRandom());
                    KeyPair generateKeyPair = keyPairGenerator2.generateKeyPair();
                    PrivateKey privateKey = generateKeyPair.getPrivate();
                    f6735g = generateKeyPair.getPublic();
                    byte[] encoded = privateKey.getEncoded();
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", OpenSSLProvider.PROVIDER_NAME);
                    cipher.init(1, f6733e);
                    byte[] doFinal = cipher.doFinal(encoded);
                    f6734f = doFinal;
                    boolean z3 = (f6731c.a("wrapped_private_channel_key_b64", m.a(doFinal), null) && f6731c.a("wrapped_private_channel_key_format_b64", privateKey.getFormat(), null)) && f6731c.a("public_channel_key_format_b64", f6735g.getFormat(), null);
                    String a4 = m.a(f6735g.getEncoded());
                    boolean z4 = z3 && f6731c.a("public_channel_key_b64", a4, null);
                    Log.w("GLSUser", "[ ChannelManager ] Successfully pubKey? " + z4 + " [" + a4 + "]");
                    if (!z4) {
                        throw new IllegalStateException("Expected a clean key store!");
                    }
                    f6731c.b();
                } else {
                    Log.i("GLSUser", "[ ChannelManager ] Using existing channel key.");
                    f6734f = m.a(a2);
                    f6735g = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(m.a(a3)));
                }
            }
            byte[] bArr = f6734f;
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", OpenSSLProvider.PROVIDER_NAME);
            cipher2.init(2, f6732d);
            ((SSLCertificateSocketFactory) googleHttpClient.getSocketFactory()).a(KeyFactory.getInstance("EC", "BC").generatePrivate(new PKCS8EncodedKeySpec(cipher2.doFinal(bArr))));
            Log.i("GLSUser", "[ ChannelManager ] Successfulling bound channel!");
            return f6735g;
        } catch (Exception e2) {
            Log.w("GLSUser", "[ ChannelManager ] Will proceed without channel binding: " + e2.getMessage());
            return null;
        }
    }
}
