package defpackage;

import android.annotation.TargetApi;
import android.content.Context;
import java.io.File;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;

/* compiled from: :com.google.android.gms.policy_sidecar_aps@2052073@2052073.215491873.215491873 */
/* loaded from: classes.dex */
public final class bwo {
    private static volatile apo a;
    private static volatile bwo b;
    private static final Lock d = new ReentrantLock();
    private static final ccr c = new ccr("GLSUser", "BindingKeyManager");

    private bwo() {
    }

    public static bwo a() {
        d.lock();
        try {
            if (b == null) {
                b = new bwo();
            }
            d.unlock();
            return b;
        } catch (Throwable th) {
            d.unlock();
            throw th;
        }
    }

    @TargetApi(14)
    private static KeyPair a(String str) {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("secp256r1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        a(generateKeyPair, str);
        return generateKeyPair;
    }

    private static void a(KeyPair keyPair, String str) {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        boolean a2 = a.a(String.valueOf(str).concat("_privateKey"), civ.a(privateKey.getEncoded()), a.a(String.valueOf(str).concat("_privateKey")));
        String a3 = civ.a(publicKey.getEncoded());
        boolean z = a2 ? a.a(String.valueOf(str).concat("_publicKey"), a3, a.a(String.valueOf(str).concat("_publicKey"))) : false;
        c.h("Successfully pubKey? %s [ %s ]", Boolean.valueOf(z), a3);
        if (!z) {
            throw new IllegalStateException("Failure to set Channel ID keys in store!");
        }
        a.a();
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:28:0x00fc -> B:6:0x003c). Please report as a decompilation issue!!! */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:31:0x0130 -> B:6:0x003c). Please report as a decompilation issue!!! */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:34:0x0164 -> B:6:0x003c). Please report as a decompilation issue!!! */
    private static KeyPair b() {
        KeyPair a2;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
            if (privateKeyEntry == null) {
                a2 = a("channel_binding_manager");
            } else {
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                keyStore.deleteEntry("rsa.channel.wrapper");
                String a3 = a.a("wrapped_private_channel_key_b64");
                String a4 = a.a("public_channel_key_b64");
                if (a3 == null || a4 == null) {
                    a2 = a("channel_binding_manager");
                    a.b("wrapped_private_channel_key_b64");
                    a.b("public_channel_key_b64");
                    a.b("wrapped_private_channel_key_format_b64");
                    a.b("public_channel_key_format_b64");
                    a.a();
                } else {
                    byte[] a5 = civ.a(a3);
                    KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
                    PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(civ.a(a4)));
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
                    cipher.init(2, privateKey);
                    a2 = new KeyPair(generatePublic, keyFactory.generatePrivate(new PKCS8EncodedKeySpec(cipher.doFinal(a5))));
                    a(a2, "channel_binding_manager");
                    c.h("Successfully transitioned wrapped keys.", new Object[0]);
                    a.b("wrapped_private_channel_key_b64");
                    a.b("public_channel_key_b64");
                    a.b("wrapped_private_channel_key_format_b64");
                    a.b("public_channel_key_format_b64");
                    a.a();
                }
            }
        } catch (KeyStoreException e) {
            c.i("Unable to get instance of AndroidKeyStore", new Object[0]);
            a2 = a("channel_binding_manager");
        } catch (NoSuchProviderException e2) {
            c.i("BOUNCYCASTLE provider unavailable. Creating new keys.", new Object[0]);
            a2 = a("channel_binding_manager");
        } catch (Exception e3) {
            c.h("We have a borked keystore. Deleting old keys/creating new keys.", new Object[0]);
            a2 = a("channel_binding_manager");
        } finally {
            a.b("wrapped_private_channel_key_b64");
            a.b("public_channel_key_b64");
            a.b("wrapped_private_channel_key_format_b64");
            a.b("public_channel_key_format_b64");
            a.a();
        }
        return a2;
    }

    public final KeyPair a(Context context, String str) {
        KeyPair keyPair;
        d.lock();
        try {
            if (a == null) {
                a = new apo(new File(context.getFilesDir(), "auth.channel.store.properties"));
            }
            String a2 = a.a(String.valueOf(str).concat("_privateKey"));
            String a3 = a.a(String.valueOf(str).concat("_publicKey"));
            if (a2 != null && a3 != null) {
                c.h("Using existing Channel ID key.", new Object[0]);
                KeyFactory keyFactory = KeyFactory.getInstance("EC");
                keyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(civ.a(a3))), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(civ.a(a2))));
            } else if ("channel_binding_manager".equals(str)) {
                c.h("Checking for old wrapped keys", new Object[0]);
                keyPair = b();
            } else {
                c.h("Generating a new Channel ID key", new Object[0]);
                keyPair = a(str);
            }
            return keyPair;
        } finally {
            d.unlock();
        }
    }
}
