package x3;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import android.util.Log;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Signature;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: KeyStoreManager.java */
/* loaded from: classes2.dex */
public final class a {

    /* renamed from: b, reason: collision with root package name */
    public static volatile String f7323b;

    /* renamed from: a, reason: collision with root package name */
    public b f7324a = new b();

    public final String a(Context context) throws GeneralSecurityException {
        Log.i("SQLCipherManager", "deriveKeyOnlyOnce");
        try {
            Key key = this.f7324a.a().getKey("XMPassport", null);
            if (key == null) {
                throw new GeneralSecurityException("Failed to obtain private key from a generated key pair");
            }
            if (!(key instanceof PrivateKey)) {
                Log.w("SQLCipherManager", "generateKey() start");
                try {
                    this.f7324a.a().deleteEntry("XMPassport");
                } catch (GeneralSecurityException unused) {
                    Log.w("SQLCipherManager", "Failed to discard a key");
                }
                Calendar calendar = Calendar.getInstance();
                calendar.set(1, 2000);
                calendar.set(14, 0);
                calendar.set(13, 0);
                calendar.set(12, 0);
                calendar.set(11, 0);
                Date time = calendar.getTime();
                calendar.set(1, 2200);
                Date time2 = calendar.getTime();
                b bVar = this.f7324a;
                Objects.requireNonNull(bVar);
                Context applicationContext = context.getApplicationContext();
                X500Principal x500Principal = new X500Principal("CN=Database/O=Xiaomi Corporation");
                KeyStore a8 = bVar.a();
                KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(applicationContext);
                builder.setAlias("XMPassport");
                builder.setStartDate(time);
                builder.setEndDate(time2);
                builder.setSerialNumber(BigInteger.valueOf(1));
                builder.setSubject(x500Principal);
                builder.setKeySize(2048);
                Locale locale = Locale.getDefault();
                b.b(applicationContext, Locale.ENGLISH);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                keyPairGenerator.initialize(builder.build());
                try {
                    try {
                        try {
                            keyPairGenerator.generateKeyPair();
                            try {
                                if (((PrivateKey) a8.getKey("XMPassport", null)) == null) {
                                    throw new GeneralSecurityException("Failed to obtain private key from a generated key pair");
                                }
                                if (a8.getCertificate("XMPassport").getPublicKey() == null) {
                                    throw new GeneralSecurityException("Failed to obtain private key from a generated key pair");
                                }
                                Log.w("SQLCipherManager", "generateKey() end");
                            } catch (RuntimeException e8) {
                                throw new GeneralSecurityException(e8);
                            }
                        } catch (ProviderException e9) {
                            throw new GeneralSecurityException(e9);
                        }
                    } catch (IllegalStateException e10) {
                        throw new GeneralSecurityException(e10);
                    }
                } finally {
                    b.b(applicationContext, locale);
                }
            }
            int i8 = 32;
            try {
                Key key2 = this.f7324a.a().getKey("XMPassport", null);
                if (key2 == null) {
                    throw new GeneralSecurityException("Failed to obtain private key from a generated key pair");
                }
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initSign((PrivateKey) key2);
                signature.update("db-key".getBytes());
                byte[] sign = signature.sign();
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(new byte[mac.getMacLength()], "HmacSHA256"));
                SecretKeySpec secretKeySpec = new SecretKeySpec(mac.doFinal(sign), "HmacSHA256");
                for (int i9 = 0; i9 < sign.length; i9++) {
                    sign[i9] = 119;
                }
                byte[] bArr = new byte[0];
                int ceil = (int) Math.ceil(32 / mac.getMacLength());
                if (ceil > 255) {
                    throw new IllegalArgumentException("out length must be maximal 255 * hash-length; requested: 32 bytes");
                }
                ByteBuffer allocate = ByteBuffer.allocate(32);
                int i10 = 0;
                while (i10 < ceil) {
                    Mac mac2 = Mac.getInstance("HmacSHA256");
                    mac2.init(secretKeySpec);
                    mac2.update(bArr);
                    mac2.update("db-key".getBytes());
                    i10++;
                    mac2.update((byte) i10);
                    bArr = mac2.doFinal();
                    int min = Math.min(i8, bArr.length);
                    allocate.put(bArr, 0, min);
                    i8 -= min;
                }
                byte[] array = allocate.array();
                if (array != null) {
                    return Base64.encodeToString(array, 2);
                }
                Log.w("SQLCipherManager", "key is null, use fail over key");
                return "010203040506070809";
            } catch (RuntimeException e11) {
                throw new GeneralSecurityException(e11);
            }
        } catch (RuntimeException e12) {
            throw new GeneralSecurityException(e12);
        }
    }
}
