package qr;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import bs.b;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.HashMap;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import ns.n;
import ns.p;
import ns.w;
import org.jivesoftware.smack.sasl.packet.SaslStreamElements;
import rr.e;
import rr.f;
import vt.a;
import vt.h;
import vt.u;

/* compiled from: WebPushKeyManager.java */
/* loaded from: classes2.dex */
public final class g extends e {

    /* renamed from: h, reason: collision with root package name */
    public static final OAEPParameterSpec f35694h = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);

    /* renamed from: i, reason: collision with root package name */
    public static final HashMap f35695i = new HashMap();

    /* renamed from: f, reason: collision with root package name */
    public final KeyStore f35696f;

    /* renamed from: g, reason: collision with root package name */
    public final SharedPreferences f35697g;

    public g(Context context, f fVar) throws GeneralSecurityException {
        super(context, fVar, "web_push_Rainbow_keychain_id");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        try {
            keyStore.load(null);
            this.f35696f = keyStore;
            this.f35697g = (Build.VERSION.SDK_INT >= 24 ? context.createDeviceProtectedStorageContext() : context).getSharedPreferences(String.format("%s_%s_preferences", "com.google.capillary.android.WebPushKeyManager", "Rainbow_keychain_id"), 0);
        } catch (IOException e11) {
            throw new GeneralSecurityException("unable to load keystore", e11);
        }
    }

    public static synchronized g l(Context context) throws GeneralSecurityException {
        synchronized (g.class) {
            HashMap hashMap = f35695i;
            if (hashMap.containsKey("Rainbow_keychain_id")) {
                return (g) hashMap.get("Rainbow_keychain_id");
            }
            g gVar = new g(context, f.b());
            hashMap.put("Rainbow_keychain_id", gVar);
            return gVar;
        }
    }

    public static String m(boolean z11, boolean z12) {
        return (z11 ? SaslStreamElements.AuthMechanism.ELEMENT : "no_auth").concat(z12 ? "_web_push_public_key" : "_encrypted_web_push_private_key");
    }

    @Override // qr.e
    public final synchronized void h(boolean z11) throws GeneralSecurityException {
        a.b(this.f35689b, z11);
        byte[] a11 = w.a(16);
        n.b bVar = n.b.NIST_P256;
        ECParameterSpec b11 = n.b(bVar);
        KeyPairGenerator a12 = p.f30570g.a("EC");
        a12.initialize(b11);
        KeyPair generateKeyPair = a12.generateKeyPair();
        byte[] g11 = n.g(bVar, n.d.UNCOMPRESSED, ((ECPublicKey) generateKeyPair.getPublic()).getW());
        f.b c11 = rr.f.A.c();
        c11.f36607g = h.j(a11, 0, a11.length);
        c11.F();
        c11.f36608r = h.j(g11, 0, g11.length);
        c11.F();
        rr.f fVar = new rr.f(c11);
        fVar.f36604r = c11.f36607g;
        fVar.f36605x = c11.f36608r;
        c11.E();
        if (!fVar.g()) {
            throw a.AbstractC0780a.x(fVar);
        }
        byte[] r11 = fVar.r();
        byte[] byteArray = ((ECPrivateKey) generateKeyPair.getPrivate()).getS().toByteArray();
        e.b c12 = rr.e.C.c();
        c12.f36601g = h.j(a11, 0, a11.length);
        c12.F();
        c12.f36602r = h.j(g11, 0, g11.length);
        c12.F();
        c12.f36603x = h.j(byteArray, 0, byteArray.length);
        c12.F();
        rr.e eVar = new rr.e(c12);
        eVar.f36598r = c12.f36601g;
        eVar.f36599x = c12.f36602r;
        eVar.f36600y = c12.f36603x;
        c12.E();
        if (!eVar.g()) {
            throw a.AbstractC0780a.x(eVar);
        }
        byte[] r12 = eVar.r();
        try {
            KeyStore keyStore = this.f35696f;
            String c13 = a.c(this.f35689b, z11);
            a.a(c13, keyStore);
            this.f35697g.edit().putString(m(z11, true), ns.e.b(r11)).putString(m(z11, false), ns.e.b(pr.b.b(r12, keyStore.getCertificate(c13).getPublicKey(), pr.d.OAEP, f35694h))).apply();
        } catch (pr.c e11) {
            throw new GeneralSecurityException("unable to load rsa public key", e11);
        }
    }

    @Override // qr.e
    public final synchronized bs.b i(boolean z11) throws pr.c, GeneralSecurityException {
        b.a aVar;
        k(z11);
        byte[] a11 = ns.e.a(2, this.f35697g.getString(m(z11, false), null));
        KeyStore keyStore = this.f35696f;
        String c11 = a.c(this.f35689b, z11);
        a.a(c11, keyStore);
        try {
            rr.e c12 = rr.e.D.c(pr.b.a(a11, (PrivateKey) keyStore.getKey(c11, null), pr.d.OAEP, f35694h), vt.c.f42759a);
            aVar = new b.a();
            aVar.f7900c = (byte[]) c12.f36598r.Q().clone();
            aVar.f7899b = (byte[]) c12.f36599x.Q().clone();
            aVar.f7898a = n.c(bs.a.f7894e, c12.f36600y.Q());
        } catch (u e11) {
            throw new GeneralSecurityException("unable to load web push private key", e11);
        }
        return new bs.b(aVar);
    }

    @Override // qr.e
    public final synchronized byte[] j(boolean z11) throws pr.c, GeneralSecurityException {
        a.a(a.c(this.f35689b, z11), this.f35696f);
        k(z11);
        return ns.e.a(2, this.f35697g.getString(m(z11, true), null));
    }

    public final void k(boolean z11) throws pr.c, KeyStoreException {
        String m11 = m(z11, true);
        SharedPreferences sharedPreferences = this.f35697g;
        if (sharedPreferences.contains(m11) && sharedPreferences.contains(m(z11, false))) {
        } else {
            throw new pr.c((z11 ? "Auth" : "NoAuth").concat(" web push key not initialized"));
        }
    }
}
