package d.f.b.w.h;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import io.netty.handler.ssl.OpenSslKeyMaterialManager;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;

/* compiled from: OfflineKeyManagerV2.java */
/* loaded from: classes4.dex */
public final class g extends f {

    /* renamed from: h, reason: collision with root package name */
    public final SecureRandom f8098h;

    /* renamed from: e, reason: collision with root package name */
    public Context f8095e = null;

    /* renamed from: f, reason: collision with root package name */
    public SecretKey f8096f = null;

    /* renamed from: g, reason: collision with root package name */
    public Object f8097g = new Object();

    /* renamed from: i, reason: collision with root package name */
    public KeyPair f8099i = null;

    public g() throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT < 18) {
            throw new GeneralSecurityException("Cannot instantiate this class when API is less than 18");
        }
        this.f8098h = new SecureRandom();
    }

    @Override // d.f.b.w.h.f
    public byte[] f(Context context) throws GeneralSecurityException {
        d.f.b.t.e.i("OfflineKeyManagerV2", "#retrieveOfflineKey");
        this.f8095e = context;
        SecretKey secretKey = this.f8096f;
        return secretKey != null ? secretKey.getEncoded() : l(context);
    }

    public final void h(Cipher cipher) throws GeneralSecurityException {
        if (super.c(this.f8095e)) {
            d.f.b.t.e.i("OfflineKeyManagerV2", "#checkAndUpdateKeyManagementToCurrentVersion");
            this.f8096f = new SecretKeySpec(super.f(this.f8095e), "AES");
            m(cipher);
            super.d(this.f8095e);
        }
    }

    public final SecretKey i() throws NoSuchAlgorithmException, InvalidKeySpecException {
        d.f.b.t.e.i("OfflineKeyManagerV2", "#generateSecretKey");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, this.f8098h);
        return keyGenerator.generateKey();
    }

    @TargetApi(18)
    public final synchronized KeyPair j() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateException, IOException, UnrecoverableEntryException {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias("MsipKeysRootCert")) {
            d.f.b.t.e.i("OfflineKeyManagerV2", "KeyStore alias is available");
        } else {
            d.f.b.t.e.i("OfflineKeyManagerV2", "KeyStore alias is not available");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            String format = String.format("CN=%s, OU=%s", "MsipKeysRootCert", this.f8095e.getPackageName());
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f8095e).setAlias("MsipKeysRootCert").setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(OpenSslKeyMaterialManager.KEY_TYPE_RSA, "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            d.f.b.t.e.i("OfflineKeyManagerV2", "Key entry is generated for cert " + format);
        }
        d.f.b.t.e.i("OfflineKeyManagerV2", "Reading Key entry");
        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("MsipKeysRootCert", null);
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    public final void k() throws NoSuchAlgorithmException, NoSuchPaddingException, KeyStoreException, CertificateException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableEntryException {
        if (this.f8099i == null) {
            this.f8099i = j();
        }
    }

    public final byte[] l(Context context) throws GeneralSecurityException {
        synchronized (this.f8097g) {
            this.f8095e = context;
            SecretKey secretKey = this.f8096f;
            if (secretKey != null) {
                return secretKey.getEncoded();
            }
            try {
                k();
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                h(cipher);
                String string = this.f8095e.getSharedPreferences("SHARED_PREFS_NAME", 0).getString("BASE_KEY_NAME_V2", null);
                if (string == null) {
                    this.f8096f = i();
                    m(cipher);
                } else {
                    byte[] decode = Base64.decode(string, 0);
                    cipher.init(4, this.f8099i.getPrivate());
                    this.f8096f = (SecretKey) cipher.unwrap(decode, "AES", 3);
                }
                return this.f8096f.getEncoded();
            } catch (IOException e2) {
                d.f.b.t.e.d("OfflineKeyManagerV2", e2, "IOException during loading keypair from Android KeyStore");
                throw new GeneralSecurityException("IOException during loading keypair from Android KeyStore. " + e2.getMessage());
            }
        }
    }

    public final void m(Cipher cipher) throws GeneralSecurityException {
        d.f.b.t.e.i("OfflineKeyManagerV2", "#saveOfflineKey");
        Assert.assertNotNull(this.f8096f);
        cipher.init(3, this.f8099i.getPublic());
        String encodeToString = Base64.encodeToString(cipher.wrap(this.f8096f), 0);
        SharedPreferences.Editor edit = this.f8095e.getSharedPreferences("SHARED_PREFS_NAME", 0).edit();
        edit.putString("BASE_KEY_NAME_V2", encodeToString);
        if (edit.commit()) {
            return;
        }
        d.f.b.t.e.e("OfflineKeyManagerV2", "Unable to save key BASE_KEY_NAME_V2");
        throw new GeneralSecurityException("Unable to save key BASE_KEY_NAME_V2");
    }
}
