package defpackage;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;

/* compiled from: :com.google.android.gms@201215009@20.12.15 (020308-302916295) */
/* loaded from: classes2.dex */
final class sbn {
    public static final Lock a = new ReentrantLock();
    public static final soz b = new soz("GLSUser", "BindingKeyManager");
    public static volatile sbn c;
    public static volatile jer d;

    public static final KeyPair a(String str) {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("secp256r1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        a(generateKeyPair, str);
        return generateKeyPair;
    }

    private static final void a(KeyPair keyPair, String str) {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        boolean a2 = d.a(str.concat("_privateKey"), tam.b(privateKey.getEncoded()), d.a(str.concat("_privateKey")));
        String b2 = tam.b(publicKey.getEncoded());
        boolean z = a2 && d.a(str.concat("_publicKey"), b2, d.a(str.concat("_publicKey")));
        b.a("Successfully pubKey? %s [ %s ]", Boolean.valueOf(z), b2);
        if (!z) {
            throw new IllegalStateException("Failure to set Channel ID keys in store!");
        }
        d.a();
    }

    public final KeyPair a() {
        KeyPair a2;
        jer jerVar;
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("rsa.channel.wrapper", null);
                    if (privateKeyEntry != null) {
                        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                        keyStore.deleteEntry("rsa.channel.wrapper");
                        String a3 = d.a("wrapped_private_channel_key_b64");
                        String a4 = d.a("public_channel_key_b64");
                        if (a3 != null && a4 != null) {
                            byte[] a5 = tam.a(a3);
                            KeyFactory keyFactory = KeyFactory.getInstance("EC");
                            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(tam.a(a4)));
                            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
                            cipher.init(2, privateKey);
                            KeyPair keyPair = new KeyPair(generatePublic, keyFactory.generatePrivate(new PKCS8EncodedKeySpec(cipher.doFinal(a5))));
                            a(keyPair, "channel_binding_manager");
                            b.a("Successfully transitioned wrapped keys.", new Object[0]);
                            return keyPair;
                        }
                        a2 = a("channel_binding_manager");
                        jerVar = d;
                    } else {
                        a2 = a("channel_binding_manager");
                        jerVar = d;
                    }
                } catch (NoSuchProviderException e) {
                    b.d("BOUNCYCASTLE provider unavailable. Creating new keys.", new Object[0]);
                    a2 = a("channel_binding_manager");
                    jerVar = d;
                }
            } catch (KeyStoreException e2) {
                b.d("Unable to get instance of AndroidKeyStore", new Object[0]);
                a2 = a("channel_binding_manager");
                jerVar = d;
            } catch (Exception e3) {
                b.a("We have a borked keystore. Deleting old keys/creating new keys.", new Object[0]);
                a2 = a("channel_binding_manager");
                jerVar = d;
            }
            jerVar.b("wrapped_private_channel_key_b64");
            d.b("public_channel_key_b64");
            d.b("wrapped_private_channel_key_format_b64");
            d.b("public_channel_key_format_b64");
            d.a();
            return a2;
        } finally {
            d.b("wrapped_private_channel_key_b64");
            d.b("public_channel_key_b64");
            d.b("wrapped_private_channel_key_format_b64");
            d.b("public_channel_key_format_b64");
            d.a();
        }
    }
}
