package com.google.android.gms.identity.accounts.security;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Log;
import com.google.android.gms.common.internal.bx;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public final class j {
    public static a a(Context context) {
        SharedPreferences sharedPreferences = context.getSharedPreferences("identity_accountDataSharedPrefs", 0);
        i b2 = b(context);
        b bVar = b2 == null ? null : new b(sharedPreferences, b2, "AES");
        if (bVar == null) {
            return null;
        }
        SecureRandom secureRandom = new SecureRandom();
        if (bVar.f19473b == null) {
            bVar.f19473b = bVar.a("messageKey");
        }
        SecretKey secretKey = bVar.f19473b;
        if (secretKey == null) {
            secretKey = a(secureRandom);
            bx.a(secretKey, "Message key must not be null.");
            bVar.f19473b = secretKey;
            bVar.a("messageKey", secretKey);
        }
        if (bVar.f19472a == null) {
            bVar.f19472a = bVar.a("macKey");
        }
        SecretKey secretKey2 = bVar.f19472a;
        if (secretKey2 == null) {
            secretKey2 = a(secureRandom);
            bx.a(secretKey2, "MAC key must not be null.");
            bVar.f19472a = secretKey2;
            bVar.a("macKey", secretKey2);
        }
        try {
            try {
                return new a(new d(Cipher.getInstance("AES/CBC/PKCS5Padding")), secretKey, new e(Mac.getInstance("HmacSHA512")), secretKey2, secureRandom);
            } catch (NoSuchAlgorithmException e2) {
                if (!Log.isLoggable("AccountDataUtil", 3)) {
                    return null;
                }
                Log.d("AccountDataUtil", "Can't find MAC algorithm.", e2);
                return null;
            }
        } catch (NoSuchAlgorithmException e3) {
            if (!Log.isLoggable("AccountDataUtil", 3)) {
                return null;
            }
            Log.d("AccountDataUtil", "Can't find AES algorithm.", e3);
            return null;
        } catch (NoSuchPaddingException e4) {
            if (!Log.isLoggable("AccountDataUtil", 3)) {
                return null;
            }
            Log.d("AccountDataUtil", "Can't find padding.", e4);
            return null;
        }
    }

    private static SecretKey a(SecureRandom secureRandom) {
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    private static i b(Context context) {
        if (Build.VERSION.SDK_INT < 18) {
            return i.f19483a;
        }
        KeyPair c2 = c(context);
        if (c2 == null) {
            return null;
        }
        try {
            return new h(Cipher.getInstance("RSA/ECB/PKCS1Padding"), c2);
        } catch (NoSuchAlgorithmException e2) {
            if (!Log.isLoggable("AccountDataUtil", 3)) {
                return null;
            }
            Log.d("AccountDataUtil", "Can't find required algorithm.", e2);
            return null;
        } catch (NoSuchPaddingException e3) {
            if (!Log.isLoggable("AccountDataUtil", 3)) {
                return null;
            }
            Log.d("AccountDataUtil", "Can't find required algorithm.", e3);
            return null;
        }
    }

    @TargetApi(18)
    private static KeyPair c(Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    boolean containsAlias = keyStore.containsAlias("identity_accountWrapKey");
                    if (containsAlias) {
                        try {
                            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("identity_accountWrapKey", null);
                            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
                        } catch (KeyStoreException e2) {
                            if (Log.isLoggable("AccountDataUtil", 3)) {
                                Log.d("AccountDataUtil", "Unexpected key store exception.", e2);
                            }
                        } catch (NoSuchAlgorithmException e3) {
                            if (Log.isLoggable("AccountDataUtil", 3)) {
                                Log.d("AccountDataUtil", "Can't find algorithm in key store.", e3);
                            }
                        } catch (UnrecoverableEntryException e4) {
                            if (Log.isLoggable("AccountDataUtil", 3)) {
                                Log.d("AccountDataUtil", "Unrecoverable entry exception.");
                            }
                        }
                    }
                    if (containsAlias) {
                        try {
                            keyStore.deleteEntry("identity_accountWrapKey");
                        } catch (KeyStoreException e5) {
                            if (Log.isLoggable("AccountDataUtil", 3)) {
                                Log.d("AccountDataUtil", "Unexpected key store exception.", e5);
                            }
                            return null;
                        }
                    }
                    g gVar = new g(context, "identity_accountWrapKey");
                    try {
                        GregorianCalendar gregorianCalendar = new GregorianCalendar();
                        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                        gregorianCalendar2.add(1, 100);
                        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(gVar.f19479a).setAlias(gVar.f19480b).setSubject(new X500Principal("CN=" + gVar.f19480b)).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        return keyPairGenerator.generateKeyPair();
                    } catch (InvalidAlgorithmParameterException e6) {
                        if (Log.isLoggable("AccountDataUtil", 3)) {
                            Log.d("AccountDataUtil", "Bad algorithm parameter.", e6);
                        }
                        return null;
                    } catch (NoSuchAlgorithmException e7) {
                        if (Log.isLoggable("AccountDataUtil", 3)) {
                            Log.d("AccountDataUtil", "Can't find algorithm in key store.", e7);
                        }
                        return null;
                    } catch (NoSuchProviderException e8) {
                        if (Log.isLoggable("AccountDataUtil", 3)) {
                            Log.d("AccountDataUtil", "Can't find provider.", e8);
                        }
                        return null;
                    }
                } catch (KeyStoreException e9) {
                    if (Log.isLoggable("AccountDataUtil", 3)) {
                        Log.d("AccountDataUtil", "Unexpected key store exception.", e9);
                    }
                    return null;
                }
            } catch (IOException e10) {
                if (Log.isLoggable("AccountDataUtil", 3)) {
                    Log.d("AccountDataUtil", "Error reading key store.", e10);
                }
                return null;
            } catch (NoSuchAlgorithmException e11) {
                if (Log.isLoggable("AccountDataUtil", 3)) {
                    Log.d("AccountDataUtil", "Can't find key store algorithm.", e11);
                }
                return null;
            } catch (CertificateException e12) {
                if (Log.isLoggable("AccountDataUtil", 3)) {
                    Log.d("AccountDataUtil", "Certificate problem in key store.", e12);
                }
                return null;
            }
        } catch (KeyStoreException e13) {
            if (Log.isLoggable("AccountDataUtil", 3)) {
                Log.d("AccountDataUtil", "Unexpected key store exception.", e13);
            }
            return null;
        }
    }
}
