package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@210214047@21.02.14 (150406-352619232) */
/* loaded from: classes3.dex */
public final class acja {
    static {
        rqf.d("AccountDataUtil", rfm.IDENTITY);
    }

    public static acit a(Context context) {
        SecretKey secretKey;
        SecretKey secretKey2;
        adrc a = adsj.a(context, "identity", "identity_accountDataSharedPrefs", 0);
        aciz b = b(context);
        aciu aciuVar = b == null ? null : new aciu(a, b);
        if (aciuVar == null) {
            return null;
        }
        SecureRandom secureRandom = new SecureRandom();
        if (aciuVar.b == null) {
            aciuVar.b = aciuVar.b("messageKey");
        }
        SecretKey secretKey3 = aciuVar.b;
        if (secretKey3 == null) {
            SecretKey d = d(secureRandom);
            aciuVar.b = d;
            aciuVar.a("messageKey", d);
            secretKey = d;
        } else {
            secretKey = secretKey3;
        }
        if (aciuVar.a == null) {
            aciuVar.a = aciuVar.b("macKey");
        }
        SecretKey secretKey4 = aciuVar.a;
        if (secretKey4 == null) {
            SecretKey d2 = d(secureRandom);
            aciuVar.a = d2;
            aciuVar.a("macKey", d2);
            secretKey2 = d2;
        } else {
            secretKey2 = secretKey4;
        }
        try {
            try {
                return new acit(new aciw(Cipher.getInstance("AES/CBC/PKCS5Padding")), secretKey, new acix(Mac.getInstance("HmacSHA512")), secretKey2, secureRandom);
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        } catch (NoSuchAlgorithmException e2) {
            return null;
        } catch (NoSuchPaddingException e3) {
            return null;
        }
    }

    private static aciz b(Context context) {
        KeyPair c = c(context);
        if (c == null) {
            return null;
        }
        try {
            return new aciy(Cipher.getInstance("RSA/ECB/PKCS1Padding"), c);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            return null;
        }
    }

    private static KeyPair c(Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    if (keyStore.containsAlias("identity_accountWrapKey")) {
                        try {
                            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("identity_accountWrapKey", null);
                            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
                        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
                            try {
                                keyStore.deleteEntry("identity_accountWrapKey");
                            } catch (KeyStoreException e2) {
                                return null;
                            }
                        }
                    }
                    rbj.p(context, "Context must not be null.");
                    rbj.o("identity_accountWrapKey", "Alias must not be empty.");
                    rbj.f("identity_accountWrapKey".matches("[a-zA-Z0-9_]*"), "Alias must match: [a-zA-Z0-9_]*");
                    try {
                        GregorianCalendar gregorianCalendar = new GregorianCalendar();
                        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                        gregorianCalendar2.add(1, 100);
                        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("identity_accountWrapKey").setSubject(new X500Principal("CN=identity_accountWrapKey")).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        return keyPairGenerator.generateKeyPair();
                    } catch (InvalidAlgorithmParameterException e3) {
                        return null;
                    } catch (NoSuchAlgorithmException e4) {
                        return null;
                    } catch (NoSuchProviderException e5) {
                        return null;
                    }
                } catch (KeyStoreException e6) {
                    return null;
                }
            } catch (IOException e7) {
                return null;
            } catch (NoSuchAlgorithmException e8) {
                return null;
            } catch (CertificateException e9) {
                return null;
            }
        } catch (KeyStoreException e10) {
            return null;
        }
    }

    private static SecretKey d(SecureRandom secureRandom) {
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }
}
