package defpackage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@202614060@20.26.14 (110300-320008519) */
/* loaded from: classes2.dex */
public final class mvv implements X509KeyManager {
    private static final npb a = new npb("CastClientAuthKeyManager");
    private static final int b = (int) bxib.a.a().b();
    private static mvv g = null;
    private final Context c;
    private final mwp d;
    private KeyStore.PrivateKeyEntry e;
    private byte[] f;

    public mvv(Context context, mwp mwpVar) {
        this.c = context;
        try {
            mwpVar.a = KeyStore.getInstance("AndroidKeyStore");
            mwpVar.a.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            a.c(e, "Can't retrieve keystore", new Object[0]);
            mwpVar = null;
        }
        this.d = mwpVar;
    }

    public static mvv a(Context context) {
        if (g == null) {
            g = new mvv(context, new mwp());
        }
        return g;
    }

    private final void b() {
        npb npbVar;
        KeyStore keyStore;
        if (this.d != null) {
            for (int i = 0; i < 3; i++) {
                try {
                    npbVar = a;
                    npbVar.b("Attempting to retrieve client auth cert.");
                    this.f = null;
                    keyStore = this.d.a;
                } catch (RuntimeException e) {
                    npb npbVar2 = a;
                    npbVar2.a(e, "RuntimeExeception detected.");
                    if (!c()) {
                        return;
                    } else {
                        npbVar2.a(e, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (InvalidAlgorithmParameterException e2) {
                    a.c(e2, "invalid algorithm parameter.", new Object[0]);
                    return;
                } catch (KeyStoreException e3) {
                    a.c(e3, "unable to use key from keystore.", new Object[0]);
                    return;
                } catch (NoSuchAlgorithmException e4) {
                    a.c(e4, "No algorithm available.", new Object[0]);
                    return;
                } catch (NoSuchProviderException e5) {
                    a.c(e5, "no provider.", new Object[0]);
                    return;
                } catch (UnrecoverableEntryException e6) {
                    npb npbVar3 = a;
                    npbVar3.a(e6, "UnrecoverableEntryException detected.");
                    if (!c()) {
                        return;
                    } else {
                        npbVar3.a(e6, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (CertificateExpiredException e7) {
                    if (!c()) {
                        return;
                    } else {
                        a.a(e7, "deleting key and regenerating.", new Object[0]);
                    }
                } catch (CertificateNotYetValidException e8) {
                    if (!c()) {
                        return;
                    } else {
                        a.a(e8, "deleting key and regenerating.", new Object[0]);
                    }
                }
                if (keyStore == null) {
                    throw new IllegalStateException("The KeyStore is not loaded.");
                }
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("cast_nearby_client_auth", null);
                this.e = privateKeyEntry;
                if (privateKeyEntry == null) {
                    npbVar.b("Attempting to create a new client auth cert.");
                    Context context = this.c;
                    int i2 = b;
                    npbVar.b("Creating a new privatekey pair for Cast auth.");
                    GregorianCalendar gregorianCalendar = new GregorianCalendar();
                    GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                    gregorianCalendar2.add(12, i2);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("cast_nearby_client_auth").setSubject(new X500Principal("CN=cast_nearby_client_auth")).setSerialNumber(new BigInteger(512, new SecureRandom())).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                } else {
                    Certificate certificate = privateKeyEntry.getCertificate();
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate != null) {
                        x509Certificate.checkValidity(new Date(new Date().getTime() + 60000));
                        byte[] digest = MessageDigest.getInstance("SHA-256").digest(certificate.getPublicKey().getEncoded());
                        this.f = digest;
                        npbVar.a("successfully created hash of public key. %s", Base64.encodeToString(digest, 0));
                        return;
                    }
                    if (!c()) {
                        return;
                    }
                }
            }
        }
    }

    private final boolean c() {
        a.b("Deleting key %s.", "cast_nearby_client_auth");
        this.f = null;
        this.e = null;
        try {
            KeyStore keyStore = this.d.a;
            if (keyStore == null) {
                throw new IllegalStateException("The KeyStore is not loaded.");
            }
            keyStore.deleteEntry("cast_nearby_client_auth");
            return true;
        } catch (KeyStoreException e) {
            a.c(e, "unable to delete key from keystore.", new Object[0]);
            return false;
        }
    }

    public final byte[] a() {
        b();
        return this.f;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return "cast_nearby_client_auth";
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        b();
        KeyStore.PrivateKeyEntry privateKeyEntry = this.e;
        return privateKeyEntry != null ? (X509Certificate[]) privateKeyEntry.getCertificateChain() : new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return new String[]{"cast_nearby_client_auth"};
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        b();
        KeyStore.PrivateKeyEntry privateKeyEntry = this.e;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getPrivateKey();
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }
}
