package ru.sberbank.sdakit.storage.data.c;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.internal.DefaultConstructorMarker;

/* loaded from: classes3.dex */
public final class a implements h {
    private final r.b.c.d.p.d a;
    private final Context b;
    private final SharedPreferences c;

    /* renamed from: ru.sberbank.sdakit.storage.data.c.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public static final class C2955a {
        private C2955a() {
        }

        public /* synthetic */ C2955a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        new C2955a(null);
    }

    public a(Context context, SharedPreferences sharedPreferences, r.b.c.d.p.l lVar) {
        this.b = context;
        this.c = sharedPreferences;
        this.a = lVar.get(a.class.getSimpleName());
    }

    private final KeyPair b() {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 32);
        BigInteger bigInteger = BigInteger.ONE;
        if (Build.VERSION.SDK_INT >= 23) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("AssistantSDKStorageRSAKey", 3).setKeySize(512).setCertificateSerialNumber(bigInteger).setCertificateSubject(new X500Principal("CN=AssistantSDKStorageRSAKey")).setDigests("SHA-256").setEncryptionPaddings("PKCS1Padding").setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build());
            return keyPairGenerator.genKeyPair();
        }
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator2.initialize(new KeyPairGeneratorSpec.Builder(this.b).setAlias("AssistantSDKStorageRSAKey").setKeySize(512).setSerialNumber(bigInteger).setSubject(new X500Principal("CN=AssistantSDKStorageRSAKey CA Certificate")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
        return keyPairGenerator2.generateKeyPair();
    }

    @Override // ru.sberbank.sdakit.storage.data.c.h
    public SecretKey a() {
        Unit unit;
        byte[] copyOfRange;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        String string = this.c.getString("storage_encryption_aes_key", null);
        if (string != null) {
            byte[] decode = Base64.decode(string, 0);
            KeyStore.Entry entry = keyStore.getEntry("AssistantSDKStorageRSAKey", null);
            if (entry != null && (entry instanceof KeyStore.PrivateKeyEntry)) {
                copyOfRange = ArraysKt___ArraysJvmKt.copyOfRange(g.a.a(decode, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey()), 0, 32);
                return new SecretKeySpec(copyOfRange, "AES");
            }
            r.b.c.d.p.d dVar = this.a;
            r.b.c.d.p.e eVar = r.b.c.d.p.e.COMMON;
            dVar.a().e("There is no RSA key to decrypt AES key.", null);
            r.b.c.d.p.f a = dVar.a();
            String b = dVar.b();
            int i2 = b.a[a.c().ordinal()];
            if (i2 == 1) {
                unit = Unit.INSTANCE;
            } else if (i2 == 2) {
                a.b().e("SDA/" + b, "There is no RSA key to decrypt AES key.", null);
                a.a(a.d(), b, eVar, "There is no RSA key to decrypt AES key.");
                unit = Unit.INSTANCE;
            } else {
                if (i2 != 3) {
                    throw new NoWhenBranchMatchedException();
                }
                unit = Unit.INSTANCE;
            }
            r.b.c.d.u.e.a(unit);
            if (entry != null) {
                keyStore.deleteEntry("AssistantSDKStorageRSAKey");
            }
        }
        KeyPair b2 = b();
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        this.c.edit().putString("storage_encryption_aes_key", Base64.encodeToString(g.a.b(bArr, b2.getPublic()), 0)).apply();
        return new SecretKeySpec(bArr, "AES");
    }
}
