package defpackage;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import j$.nio.charset.StandardCharsets;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;

/* compiled from: PG */
/* loaded from: classes.dex */
final class bng {
    private static final bwj a = bwj.k("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader");
    private static final btw b;
    private final Context c;
    private final boolean d;
    private final String e;
    private final KeyStore f;

    static {
        int i = btw.d;
        b = btw.l("axel", "axel2", "axel3", "axel3dp");
    }

    public bng(Context context, boolean z) {
        this.c = context;
        this.d = z;
        this.e = true != z ? "axel3" : "axel3dp";
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f = keyStore;
            keyStore.load(null);
        } catch (IOException e) {
            throw new bnh("Got IOException", e);
        } catch (KeyStoreException e2) {
            throw new bnh("Got KeyStoreException", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new bnh("Got NoSuchAlgorithmException", e3);
        } catch (CertificateException e4) {
            throw new bnh("Got CertificateException", e4);
        }
    }

    private final void c() {
        if (this.d) {
            ((bwi) a.e().h("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader", "generateAndStoreCertificate", 104, "AttestationPreloader.java")).n("Generating attestation certificate with device properties...");
        } else {
            ((bwi) a.g().h("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader", "generateAndStoreCertificate", 106, "AttestationPreloader.java")).n("Generating attestation certificate without device properties...");
        }
        try {
            Date date = new Date(0L);
            Date date2 = new Date(TimeUnit.MILLISECONDS.convert(2147483647L, TimeUnit.SECONDS));
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.e, 4);
            SharedPreferences sharedPreferences = this.c.getSharedPreferences("attestation", 0);
            String string = sharedPreferences.getString("challenge", null);
            if (string == null) {
                byte[] bArr = new byte[12];
                new SecureRandom().nextBytes(bArr);
                string = Base64.encodeToString(bArr, 2);
                sharedPreferences.edit().putString("challenge", string).commit();
            }
            KeyGenParameterSpec.Builder keyValidityEnd = builder.setAttestationChallenge(string.getBytes(StandardCharsets.ISO_8859_1)).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setRandomizedEncryptionRequired(true).setDigests("NONE").setCertificateNotBefore(date).setCertificateNotAfter(date2).setKeyValidityStart(date).setKeyValidityEnd(date2);
            if (this.d) {
                keyValidityEnd.setDevicePropertiesAttestationIncluded(true);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(keyValidityEnd.build());
            keyPairGenerator.generateKeyPair();
            ((bwi) a.e().h("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader", "generateAndStoreCertificate", 133, "AttestationPreloader.java")).n("Attestation certificate generated");
        } catch (InvalidAlgorithmParameterException e) {
            throw new bnh("Got InvalidAlgorithmParameterException", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new bnh("Got NoSuchAlgorithmException", e2);
        } catch (NoSuchProviderException e3) {
            throw new bnh("Got NoSuchProviderException", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final KeyManager[] a() {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.f, new char[0]);
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e) {
            throw new bnh("Got KeyStoreException", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new bnh("Got NoSuchAlgorithmException", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new bnh("Unable to initialize KeyManagerFactory", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final avd b() {
        try {
            if (!this.f.containsAlias(this.e)) {
                ((bwi) a.e().h("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader", "getAttestationKeyManager", 73, "AttestationPreloader.java")).n("No suitable attestation certificates in KeyStore");
                ArrayList list = Collections.list(this.f.aliases());
                bsc ak = bzc.ak(b);
                list.getClass();
                for (String str : new bte(list, ak)) {
                    ((bwi) a.e().h("com/google/android/tv/axel/irdb/impl/auth/AttestationPreloader", "getAttestationKeyManager", 75, "AttestationPreloader.java")).q("Deleting obsolete attestation certificate: %s", str);
                    this.f.deleteEntry(str);
                }
            }
            c();
            return new avd(this.f.getCertificateChain(this.e));
        } catch (KeyStoreException e) {
            throw new bnh("Got KeyStoreException", e);
        }
    }
}
