package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import j$.util.DesugarDate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class bow {
    private static final grn a = grn.l("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl");
    private final Context b;
    private final cyf c;
    private final Object d = new Object();
    private KeyPair e;
    private KeyStore.Entry f;
    private int g;
    private bqj h;

    public bow(Context context, cyf cyfVar) {
        this.b = context;
        this.c = cyfVar;
    }

    private final KeyPair c() {
        if (this.e == null) {
            KeyStore.Entry d = d();
            if (!(d instanceof KeyStore.PrivateKeyEntry)) {
                throw new bou("Key store entry is not of type PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) d;
            this.e = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        }
        return this.e;
    }

    private final KeyStore.Entry d() {
        KeyStore.Entry entry = this.f;
        if (entry != null) {
            return entry;
        }
        if (!((KeyStore) f().a).containsAlias("Authenticator")) {
            throw new bov();
        }
        KeyStore.Entry entry2 = ((KeyStore) f().a).getEntry("Authenticator", null);
        if (entry2 == null) {
            throw new bou("Invalid entry in key store");
        }
        this.f = entry2;
        return entry2;
    }

    private final int e() {
        int i = this.g;
        if (i != 0) {
            return i;
        }
        try {
            if (d() instanceof KeyStore.PrivateKeyEntry) {
                this.g = 2;
                return 2;
            }
            this.g = 1;
            return 1;
        } catch (bov unused) {
            this.g = 1;
            return 1;
        }
    }

    private final bqj f() {
        if (this.h == null) {
            bqj bqjVar = new bqj(KeyStore.getInstance("AndroidKeyStore"));
            this.h = bqjVar;
            ((KeyStore) bqjVar.a).load(null);
        }
        return this.h;
    }

    public final String a(String str) {
        byte[] a2;
        String str2;
        synchronized (this.d) {
            try {
                try {
                    if (e() - 1 != 0) {
                        byte[] decode = Base64.decode(str, 0);
                        Cipher i = qm.i();
                        i.init(2, c().getPrivate());
                        iho r = iho.r(decode);
                        a2 = iho.u(new CipherInputStream(new ByteArrayInputStream(((ihm) r).a, 0, ((ihm) r).d()), i)).x();
                    } else {
                        hcq.a();
                        a2 = new hes().a(Base64.decode(str, 0), new byte[0]);
                    }
                    str2 = new String(a2, StandardCharsets.UTF_8);
                } finally {
                }
            } catch (bov e) {
                e = e;
                throw new bou(e);
            } catch (IOException e2) {
                e = e2;
                throw new bou(e);
            } catch (GeneralSecurityException e3) {
                e = e3;
                throw new bou(e);
            }
        }
        return str2;
    }

    public final String b(String str) {
        byte[] b;
        String encodeToString;
        synchronized (this.d) {
            try {
                try {
                    if (e() - 1 != 0) {
                        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
                        Cipher i = qm.i();
                        KeyPair keyPair = this.e;
                        if (keyPair == null) {
                            try {
                                keyPair = c();
                            } catch (bov unused) {
                                ((grl) ((grl) a.e()).i("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl", "getOrCreateCipherEncryptionKeyPair", 283, "SecretEncryptorImpl.java")).r("Generating an encryption key for the first time for below M");
                                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(this.b).setAlias("Authenticator").setSubject(new X500Principal(String.format("CN=%s", "Authenticator"))).setSerialNumber(BigInteger.TEN).setStartDate(DesugarDate.from(this.c.d())).setEndDate(DesugarDate.from(this.c.d().plusMillis(630720000000L))).build());
                                keyPair = keyPairGenerator.generateKeyPair();
                            }
                            this.e = keyPair;
                        }
                        i.init(1, keyPair.getPublic());
                        iho ihoVar = iho.b;
                        ihn ihnVar = new ihn();
                        CipherOutputStream cipherOutputStream = new CipherOutputStream(ihnVar, i);
                        try {
                            cipherOutputStream.write(bytes);
                            cipherOutputStream.close();
                            b = ihnVar.b().x();
                        } catch (Throwable th) {
                            try {
                                cipherOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } else {
                        try {
                            d();
                        } catch (bov unused2) {
                            ((grl) ((grl) a.e()).i("com/google/android/apps/authenticator2/db/localencryption/SecretEncryptorImpl", "generateAeadKeyIfNotPresent", 204, "SecretEncryptorImpl.java")).r("Generating an encryption key for the first time for M+");
                            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                            keyGenerator.init(new KeyGenParameterSpec.Builder("Authenticator", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
                            keyGenerator.generateKey();
                        }
                        hcq.a();
                        b = new hes().b(str.getBytes(StandardCharsets.UTF_8), new byte[0]);
                    }
                    encodeToString = Base64.encodeToString(b, 0);
                } finally {
                }
            } catch (IOException e) {
                e = e;
                throw new bou(e);
            } catch (GeneralSecurityException e2) {
                e = e2;
                throw new bou(e);
            }
        }
        return encodeToString;
    }
}
