package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.google.android.gms.org.conscrypt.EvpMdRef;
import com.google.android.gms.org.conscrypt.NativeConstants;
import com.google.android.gms.org.conscrypt.SSLUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@17455000@17.4.55 (000300-248795830) */
/* loaded from: classes2.dex */
public final class lqo implements X509KeyManager {
    private static final mie b = new mie("CastClientAuthKeyManager", (byte) 0);
    private static final int c = (int) ((bsob) bsny.a.a()).b();
    private static lqo g = null;
    public byte[] a;
    private final Context d;
    private final lrf e;
    private KeyStore.PrivateKeyEntry f;

    private lqo(Context context, lrf lrfVar) {
        this.d = context;
        try {
            lrfVar.a = KeyStore.getInstance("AndroidKeyStore");
            lrfVar.a.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            b.c(e, "Can't retrieve keystore", new Object[0]);
            lrfVar = null;
        }
        this.e = lrfVar;
    }

    public static lqo a(Context context) {
        if (g == null) {
            g = new lqo(context, new lrf());
        }
        return g;
    }

    private final boolean b() {
        b.c("Deleting key %s.", "cast_nearby_client_auth");
        this.a = null;
        this.f = null;
        try {
            KeyStore keyStore = this.e.a;
            if (keyStore == null) {
                throw new IllegalStateException("The KeyStore is not loaded.");
            }
            keyStore.deleteEntry("cast_nearby_client_auth");
            return true;
        } catch (KeyStoreException e) {
            b.c(e, "unable to delete key from keystore.", new Object[0]);
            return false;
        }
    }

    public final void a() {
        KeyStore keyStore;
        if (this.e != null) {
            for (int i = 0; i < 3; i++) {
                try {
                    b.b("Attempting to retrieve client auth cert.");
                    this.a = null;
                    keyStore = this.e.a;
                } catch (RuntimeException e) {
                    b.a(e, "RuntimeExeception detected.");
                    if (!b()) {
                        return;
                    } else {
                        b.a(e, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (InvalidAlgorithmParameterException e2) {
                    b.c(e2, "invalid algorithm parameter.", new Object[0]);
                    return;
                } catch (KeyStoreException e3) {
                    b.c(e3, "unable to use key from keystore.", new Object[0]);
                    return;
                } catch (NoSuchAlgorithmException e4) {
                    b.c(e4, "No algorithm available.", new Object[0]);
                    return;
                } catch (NoSuchProviderException e5) {
                    b.c(e5, "no provider.", new Object[0]);
                    return;
                } catch (UnrecoverableEntryException e6) {
                    b.a(e6, "UnrecoverableEntryException detected.");
                    if (!b()) {
                        return;
                    } else {
                        b.a(e6, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (CertificateExpiredException e7) {
                    if (!b()) {
                        return;
                    } else {
                        b.a(e7, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (CertificateNotYetValidException e8) {
                    if (!b()) {
                        return;
                    } else {
                        b.a(e8, "deleting key and regenerating.", new Object[0]);
                    }
                }
                if (keyStore == null) {
                    throw new IllegalStateException("The KeyStore is not loaded.");
                }
                this.f = (KeyStore.PrivateKeyEntry) keyStore.getEntry("cast_nearby_client_auth", null);
                KeyStore.PrivateKeyEntry privateKeyEntry = this.f;
                if (privateKeyEntry == null) {
                    b.b("Attempting to create a new client auth cert.");
                    Context context = this.d;
                    int i2 = c;
                    b.b("Creating a new privatekey pair for Cast auth.");
                    GregorianCalendar gregorianCalendar = new GregorianCalendar();
                    GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                    gregorianCalendar2.add(12, i2);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("cast_nearby_client_auth").setSubject(new X500Principal("CN=cast_nearby_client_auth")).setSerialNumber(new BigInteger(NativeConstants.EXFLAG_CRITICAL, new SecureRandom())).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SSLUtils.KEY_TYPE_RSA, "AndroidKeyStore");
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                } else {
                    Certificate certificate = privateKeyEntry.getCertificate();
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate != null) {
                        x509Certificate.checkValidity(new Date(new Date().getTime() + 60000));
                        this.a = MessageDigest.getInstance(EvpMdRef.SHA256.JCA_NAME).digest(certificate.getPublicKey().getEncoded());
                        b.a("successfully created hash of public key. %s", Base64.encodeToString(this.a, 0));
                        return;
                    } else if (!b()) {
                        return;
                    }
                }
            }
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return "cast_nearby_client_auth";
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        a();
        KeyStore.PrivateKeyEntry privateKeyEntry = this.f;
        return privateKeyEntry != null ? (X509Certificate[]) privateKeyEntry.getCertificateChain() : new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return new String[]{"cast_nearby_client_auth"};
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        a();
        KeyStore.PrivateKeyEntry privateKeyEntry = this.f;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getPrivateKey();
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }
}
