package com.google.android.gms.auth.f;

import android.content.Context;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import com.google.android.gms.auth.d.i;
import com.google.android.gms.common.kf;
import com.google.android.gms.common.util.bm;
import com.google.android.gms.common.util.r;
import com.google.android.gms.org.conscrypt.OpenSSLProvider;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public final class c {

    /* renamed from: c, reason: collision with root package name */
    private static volatile c f10793c;

    /* renamed from: d, reason: collision with root package name */
    private static volatile i f10794d;

    /* renamed from: e, reason: collision with root package name */
    private static volatile PrivateKey f10795e;

    /* renamed from: f, reason: collision with root package name */
    private static volatile PublicKey f10796f;

    /* renamed from: g, reason: collision with root package name */
    private static volatile byte[] f10797g;

    /* renamed from: h, reason: collision with root package name */
    private static volatile PublicKey f10798h;

    /* renamed from: b, reason: collision with root package name */
    private static Object f10792b = new Object();

    /* renamed from: a, reason: collision with root package name */
    public static final com.google.android.gms.auth.i.a f10791a = new com.google.android.gms.auth.i.a("GLSUser", "ChannelManager");

    private c() {
    }

    public static b a(SSLSocketFactory sSLSocketFactory) {
        if (sSLSocketFactory instanceof SSLCertificateSocketFactory) {
            return new a((SSLCertificateSocketFactory) sSLSocketFactory);
        }
        if (sSLSocketFactory instanceof com.google.android.gms.common.net.SSLCertificateSocketFactory) {
            return new d((com.google.android.gms.common.net.SSLCertificateSocketFactory) sSLSocketFactory);
        }
        f10791a.d("Can't channel bind. Unsupported sslSocketFactory: %s", sSLSocketFactory.getClass());
        return null;
    }

    public static c a() {
        synchronized (f10792b) {
            if (f10793c == null) {
                f10793c = new c();
            }
        }
        return f10793c;
    }

    public static boolean b() {
        boolean z = ((Long) com.google.android.gms.auth.e.a.r.d()).longValue() <= ((long) kf.f15141a);
        boolean z2 = ((Integer) com.google.android.gms.auth.e.a.s.d()).intValue() <= Build.VERSION.SDK_INT;
        boolean a2 = bm.a(19);
        f10791a.c("Checking whether channelId is enabled. isEnabledGmsCore? %s, isEnabledSdk? %s, isAtLeastKitKat? %s", Boolean.valueOf(z), Boolean.valueOf(z2), Boolean.valueOf(a2));
        return z && z2 && a2;
    }

    public final PublicKey a(Context context, b bVar) {
        if (!b()) {
            return null;
        }
        try {
            synchronized (f10792b) {
                if (f10795e == null) {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
                    if (privateKeyEntry == null) {
                        GregorianCalendar gregorianCalendar = new GregorianCalendar();
                        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                        gregorianCalendar2.add(1, 100);
                        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("rsa.channel.wrapper").setSubject(new X500Principal("CN=rsa.channel.wrapper")).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).setKeyType("RSA").build();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        if (keyPairGenerator.generateKeyPair() == null) {
                            throw new IOException("Unable to generate RSA key in AndroidKeyStore!");
                        }
                        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
                        if (privateKeyEntry == null) {
                            throw new IOException("Unable to retrieve newly create RSA key from AndroidKeyStore!");
                        }
                    }
                    f10795e = privateKeyEntry.getPrivateKey();
                    f10796f = privateKeyEntry.getCertificate().getPublicKey();
                }
                if (f10794d == null) {
                    f10794d = new i(new File(context.getFilesDir(), "auth.channel.store.properties"));
                }
                String a2 = f10794d.a("wrapped_private_channel_key_b64");
                String a3 = f10794d.a("public_channel_key_b64");
                if (a2 == null || a3 == null) {
                    f10791a.c("Initializing channel key", new Object[0]);
                    f10794d.c();
                    f10794d.b();
                    ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("secp256r1");
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("EC", "BC");
                    keyPairGenerator2.initialize(eCGenParameterSpec, new SecureRandom());
                    KeyPair generateKeyPair = keyPairGenerator2.generateKeyPair();
                    PrivateKey privateKey = generateKeyPair.getPrivate();
                    f10798h = generateKeyPair.getPublic();
                    byte[] encoded = privateKey.getEncoded();
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", OpenSSLProvider.PROVIDER_NAME);
                    cipher.init(1, f10796f);
                    byte[] doFinal = cipher.doFinal(encoded);
                    f10797g = doFinal;
                    boolean z = (f10794d.a("wrapped_private_channel_key_b64", r.a(doFinal), null) && f10794d.a("wrapped_private_channel_key_format_b64", privateKey.getFormat(), null)) && f10794d.a("public_channel_key_format_b64", f10798h.getFormat(), null);
                    String a4 = r.a(f10798h.getEncoded());
                    boolean z2 = z && f10794d.a("public_channel_key_b64", a4, null);
                    f10791a.d("Successfully pubKey? %s [ %s ]", Boolean.valueOf(z2), a4);
                    if (!z2) {
                        throw new IllegalStateException("Expected a clean key store!");
                    }
                    f10794d.b();
                } else {
                    f10791a.c("Using existing channel key.", new Object[0]);
                    f10797g = r.a(a2);
                    f10798h = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(r.a(a3)));
                }
            }
            byte[] bArr = f10797g;
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", OpenSSLProvider.PROVIDER_NAME);
            cipher2.init(2, f10795e);
            bVar.a(KeyFactory.getInstance("EC", "BC").generatePrivate(new PKCS8EncodedKeySpec(cipher2.doFinal(bArr))));
            return f10798h;
        } catch (Exception e2) {
            f10791a.d("Will proceed without channel binding: %s", e2.getMessage());
            return null;
        }
    }
}
