package e.g.b.t.g;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.huawei.cbg.phoenix.encrypt.aes.PhxAESKeystore;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;

/* compiled from: OfflineKeyManagerV2.java */
/* loaded from: classes2.dex */
public final class g extends f {

    /* renamed from: d, reason: collision with root package name */
    public Context f8572d = null;

    /* renamed from: e, reason: collision with root package name */
    public SecretKey f8573e = null;

    /* renamed from: f, reason: collision with root package name */
    public Object f8574f = new Object();

    /* renamed from: h, reason: collision with root package name */
    public KeyPair f8576h = null;

    /* renamed from: g, reason: collision with root package name */
    public final SecureRandom f8575g = new SecureRandom();

    @Override // e.g.b.t.g.f
    public byte[] a(Context context) throws GeneralSecurityException {
        byte[] encoded;
        e.g.b.q.e.h("OfflineKeyManagerV2", "#retrieveOfflineKey");
        this.f8572d = context;
        SecretKey secretKey = this.f8573e;
        if (secretKey != null) {
            return secretKey.getEncoded();
        }
        synchronized (this.f8574f) {
            this.f8572d = context;
            if (this.f8573e != null) {
                encoded = this.f8573e.getEncoded();
            } else {
                try {
                    c();
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                    b(cipher);
                    String string = this.f8572d.getSharedPreferences("SHARED_PREFS_NAME", 0).getString("BASE_KEY_NAME_V2", null);
                    if (string == null) {
                        e.g.b.q.e.h("OfflineKeyManagerV2", "#generateSecretKey");
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                        keyGenerator.init(256, this.f8575g);
                        this.f8573e = keyGenerator.generateKey();
                        d(cipher);
                    } else {
                        byte[] decode = Base64.decode(string, 0);
                        cipher.init(4, this.f8576h.getPrivate());
                        this.f8573e = (SecretKey) cipher.unwrap(decode, "AES", 3);
                    }
                    encoded = this.f8573e.getEncoded();
                } catch (IOException e2) {
                    e.g.b.q.e.c("OfflineKeyManagerV2", e2, "IOException during loading keypair from Android KeyStore");
                    throw new GeneralSecurityException("IOException during loading keypair from Android KeyStore. " + e2.getMessage());
                }
            }
        }
        return encoded;
    }

    public final void b(Cipher cipher) throws GeneralSecurityException {
        Context context = this.f8572d;
        e.g.b.q.e.h("OfflineKeyManager", "#isOfflineKeyStoragePreferenceUsed");
        if (context.getSharedPreferences("SHARED_PREFS_NAME", 0).contains("BASE_KEY_NAME")) {
            e.g.b.q.e.h("OfflineKeyManagerV2", "#checkAndUpdateKeyManagementToCurrentVersion");
            this.f8573e = new SecretKeySpec(super.a(this.f8572d), "AES");
            d(cipher);
            Context context2 = this.f8572d;
            e.g.b.q.e.h("OfflineKeyManager", "removing shared preference key-value for offlineKey");
            SharedPreferences sharedPreferences = context2.getSharedPreferences("SHARED_PREFS_NAME", 0);
            if (sharedPreferences.contains("BASE_KEY_NAME")) {
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.remove("BASE_KEY_NAME");
                if (edit.commit()) {
                    return;
                }
                e.g.b.q.e.d("OfflineKeyManager", "Unable to remove BASE_KEY_NAME");
                throw new GeneralSecurityException("Unable to remove BASE_KEY_NAME");
            }
        }
    }

    public final void c() throws NoSuchAlgorithmException, NoSuchPaddingException, KeyStoreException, CertificateException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableEntryException {
        KeyPair keyPair;
        if (this.f8576h == null) {
            synchronized (this) {
                KeyStore keyStore = KeyStore.getInstance(PhxAESKeystore.KEY_STORE_PROVIDER);
                keyStore.load(null);
                if (keyStore.containsAlias("MsipKeysRootCert")) {
                    e.g.b.q.e.h("OfflineKeyManagerV2", "KeyStore alias is available");
                } else {
                    e.g.b.q.e.h("OfflineKeyManagerV2", "KeyStore alias is not available");
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 100);
                    String format = String.format("CN=%s, OU=%s", "MsipKeysRootCert", this.f8572d.getPackageName());
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f8572d).setAlias("MsipKeysRootCert").setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PhxAESKeystore.KEY_STORE_PROVIDER);
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                    e.g.b.q.e.h("OfflineKeyManagerV2", "Key entry is generated for cert " + format);
                }
                e.g.b.q.e.h("OfflineKeyManagerV2", "Reading Key entry");
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("MsipKeysRootCert", null);
                keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
            this.f8576h = keyPair;
        }
    }

    public final void d(Cipher cipher) throws GeneralSecurityException {
        e.g.b.q.e.h("OfflineKeyManagerV2", "#saveOfflineKey");
        Assert.assertNotNull(this.f8573e);
        cipher.init(3, this.f8576h.getPublic());
        String encodeToString = Base64.encodeToString(cipher.wrap(this.f8573e), 0);
        SharedPreferences.Editor edit = this.f8572d.getSharedPreferences("SHARED_PREFS_NAME", 0).edit();
        edit.putString("BASE_KEY_NAME_V2", encodeToString);
        if (edit.commit()) {
            return;
        }
        e.g.b.q.e.d("OfflineKeyManagerV2", "Unable to save key BASE_KEY_NAME_V2");
        throw new GeneralSecurityException("Unable to save key BASE_KEY_NAME_V2");
    }
}
