package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@242831000@24.28.31 (020300-652851592) */
/* loaded from: classes3.dex */
public final class atoi {
    static {
        agca.b("AccountDataUtil", afsj.IDENTITY);
    }

    public static atob a(Context context) {
        bapx a = barc.a(context, "identity", "identity_accountDataSharedPrefs", 0);
        atoh b = b(context);
        atoc atocVar = b == null ? null : new atoc(a, b);
        if (atocVar == null) {
            return null;
        }
        SecureRandom secureRandom = new SecureRandom();
        if (atocVar.b == null) {
            atocVar.b = atocVar.a("messageKey");
        }
        SecretKey secretKey = atocVar.b;
        if (secretKey == null) {
            secretKey = d(secureRandom);
            atocVar.b = secretKey;
            atocVar.b("messageKey", secretKey);
        }
        SecretKey secretKey2 = secretKey;
        if (atocVar.a == null) {
            atocVar.a = atocVar.a("macKey");
        }
        SecretKey secretKey3 = atocVar.a;
        if (secretKey3 == null) {
            secretKey3 = d(secureRandom);
            atocVar.a = secretKey3;
            atocVar.b("macKey", secretKey3);
        }
        try {
            return new atob(new atoe(Cipher.getInstance("AES/CBC/PKCS5Padding")), secretKey2, new atof(Mac.getInstance("HmacSHA512")), secretKey3, secureRandom);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException unused) {
            return null;
        }
    }

    private static atoh b(Context context) {
        KeyPair c = c(context);
        if (c != null) {
            try {
                return new atog(Cipher.getInstance("RSA/ECB/PKCS1Padding"), c);
            } catch (NoSuchAlgorithmException | NoSuchPaddingException unused) {
                return null;
            }
        }
        return null;
    }

    private static KeyPair c(Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias("identity_accountWrapKey")) {
                try {
                    try {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("identity_accountWrapKey", null);
                        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
                    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException unused) {
                        keyStore.deleteEntry("identity_accountWrapKey");
                    }
                } catch (KeyStoreException unused2) {
                    return null;
                }
            }
            aflt.s(context, "Context must not be null.");
            aflt.q("identity_accountWrapKey", "Alias must not be empty.");
            aflt.c("identity_accountWrapKey".matches("[a-zA-Z0-9_]*"), "Alias must match: [a-zA-Z0-9_]*");
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 100);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("identity_accountWrapKey").setSubject(new X500Principal("CN=identity_accountWrapKey")).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException unused3) {
            return null;
        }
    }

    private static SecretKey d(SecureRandom secureRandom) {
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }
}
