package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import j$.util.DesugarDate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class bnz {
    private static final glx a = glx.l("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl");
    private final Context b;
    private final Object c = new Object();
    private KeyPair d;
    private KeyStore.Entry e;
    private int f;
    private bpl g;

    public bnz(Context context) {
        this.b = context;
    }

    private final KeyPair c() {
        if (this.d == null) {
            KeyStore.Entry d = d();
            if (!(d instanceof KeyStore.PrivateKeyEntry)) {
                throw new bnx("Key store entry is not of type PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) d;
            this.d = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        }
        return this.d;
    }

    private final KeyStore.Entry d() {
        KeyStore.Entry entry = this.e;
        if (entry != null) {
            return entry;
        }
        if (!((KeyStore) f().a).containsAlias("Authenticator")) {
            throw new bny();
        }
        KeyStore.Entry entry2 = ((KeyStore) f().a).getEntry("Authenticator", null);
        if (entry2 == null) {
            throw new bnx("Invalid entry in key store");
        }
        this.e = entry2;
        return entry2;
    }

    private final int e() {
        int i = this.f;
        if (i != 0) {
            return i;
        }
        try {
            if (d() instanceof KeyStore.PrivateKeyEntry) {
                this.f = 2;
                return 2;
            }
            this.f = 1;
            return 1;
        } catch (bny unused) {
            this.f = 1;
            return 1;
        }
    }

    private final bpl f() {
        if (this.g == null) {
            bpl bplVar = new bpl(KeyStore.getInstance("AndroidKeyStore"));
            this.g = bplVar;
            ((KeyStore) bplVar.a).load(null);
        }
        return this.g;
    }

    public final String a(String str) {
        byte[] a2;
        String str2;
        synchronized (this.c) {
            try {
                try {
                    if (e() - 1 != 0) {
                        byte[] decode = Base64.decode(str, 0);
                        Cipher j = qp.j();
                        j.init(2, c().getPrivate());
                        iax q = iax.q(decode);
                        a2 = iax.t(new CipherInputStream(new ByteArrayInputStream(((iav) q).a, 0, ((iav) q).d()), j)).w();
                    } else {
                        gws.a();
                        a2 = new gyn().a(Base64.decode(str, 0), new byte[0]);
                    }
                    str2 = new String(a2, StandardCharsets.UTF_8);
                } finally {
                }
            } catch (bny e) {
                e = e;
                throw new bnx(e);
            } catch (IOException e2) {
                e = e2;
                throw new bnx(e);
            } catch (GeneralSecurityException e3) {
                e = e3;
                throw new bnx(e);
            }
        }
        return str2;
    }

    public final String b(String str) {
        byte[] b;
        String encodeToString;
        synchronized (this.c) {
            try {
                try {
                    if (e() - 1 != 0) {
                        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
                        Cipher j = qp.j();
                        KeyPair keyPair = this.d;
                        if (keyPair == null) {
                            try {
                                keyPair = c();
                            } catch (bny unused) {
                                ((glv) ((glv) a.e()).i("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl", "getOrCreateCipherEncryptionKeyPair", 283, "SecretEncryptorImpl.java")).r("Generating an encryption key for the first time for below M");
                                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(this.b).setAlias("Authenticator").setSubject(new X500Principal(String.format("CN=%s", "Authenticator"))).setSerialNumber(BigInteger.TEN).setStartDate(DesugarDate.from(cyz.i())).setEndDate(DesugarDate.from(cyz.i().plusMillis(630720000000L))).build());
                                keyPair = keyPairGenerator.generateKeyPair();
                            }
                            this.d = keyPair;
                        }
                        j.init(1, keyPair.getPublic());
                        iaw iawVar = new iaw();
                        CipherOutputStream cipherOutputStream = new CipherOutputStream(iawVar, j);
                        try {
                            cipherOutputStream.write(bytes);
                            cipherOutputStream.close();
                            b = iawVar.b().w();
                        } catch (Throwable th) {
                            try {
                                cipherOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } else {
                        try {
                            d();
                        } catch (bny unused2) {
                            ((glv) ((glv) a.e()).i("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl", "generateAeadKeyIfNotPresent", 204, "SecretEncryptorImpl.java")).r("Generating an encryption key for the first time for M+");
                            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                            keyGenerator.init(new KeyGenParameterSpec.Builder("Authenticator", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
                            keyGenerator.generateKey();
                        }
                        gws.a();
                        b = new gyn().b(str.getBytes(StandardCharsets.UTF_8), new byte[0]);
                    }
                    encodeToString = Base64.encodeToString(b, 0);
                } finally {
                }
            } catch (IOException e) {
                e = e;
                throw new bnx(e);
            } catch (GeneralSecurityException e2) {
                e = e2;
                throw new bnx(e);
            }
        }
        return encodeToString;
    }
}
