package com.firstdata.util.crypto;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import androidx.core.hardware.fingerprint.FingerprintManagerCompat;
import androidx.core.os.CancellationSignal;
import com.firstdata.util.utils.DeviceUtils;
import com.firstdata.util.utils.FDLogger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: FingerprintKeystoreManager.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u0001:\u0001'B-\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\u0007\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ\b\u0010\u0012\u001a\u00020\u0013H\u0007J\u0006\u0010\u0014\u001a\u00020\u0015J\u0018\u0010\u0016\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0007J\u0018\u0010\u001a\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u0007J\b\u0010\u001c\u001a\u00020\u0015H\u0003J\u001a\u0010\u001d\u001a\u0004\u0018\u00010\u00182\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020\u0013H\u0003J\b\u0010!\u001a\u00020\u0013H\u0007J\u0018\u0010\"\u001a\u00020\u00132\u0006\u0010#\u001a\u00020$2\u0006\u0010\u001e\u001a\u00020\u001fH\u0003J\u0010\u0010%\u001a\u00020\u00132\u0006\u0010#\u001a\u00020$H\u0007J\u0010\u0010&\u001a\u00020\u00132\u0006\u0010#\u001a\u00020$H\u0007R\u0010\u0010\f\u001a\u0004\u0018\u00010\rX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u000e\u001a\u0004\u0018\u00010\u000fX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u0010\u001a\u0004\u0018\u00010\u0011X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006("}, d2 = {"Lcom/firstdata/util/crypto/FingerprintKeystoreManager;", "", "context", "Landroid/content/Context;", "sharedPreferences", "Landroid/content/SharedPreferences;", "encryptedDataKey", "", "keystoreAlias", "fingerprintConfig", "Lcom/firstdata/util/crypto/FingerprintKeystoreManager$FingerprintConfig;", "(Landroid/content/Context;Landroid/content/SharedPreferences;Ljava/lang/String;Ljava/lang/String;Lcom/firstdata/util/crypto/FingerprintKeystoreManager$FingerprintConfig;)V", "cancellationSignal", "Landroidx/core/os/CancellationSignal;", "fingerprintManager", "Landroidx/core/hardware/fingerprint/FingerprintManagerCompat;", "keyStore", "Ljava/security/KeyStore;", "canUseFingerprintAuth", "", "cancelListenForFingerprint", "", "decryptUsingFingerprint", "cipher", "Ljavax/crypto/Cipher;", "encryptedText", "encryptUsingFingerprint", "plainText", "generateFingerprintKeyPair", "getFingerprintCipher", "mode", "", "isRetry", "hasEnrolledFingerprints", "listenForFingerprint", "callback", "Landroidx/core/hardware/fingerprint/FingerprintManagerCompat$AuthenticationCallback;", "listenForFingerprintForDecryption", "listenForFingerprintForEncryption", "FingerprintConfig", "library_release"}, k = 1, mv = {1, 1, 13})
/* loaded from: classes2.dex */
public final class FingerprintKeystoreManager {
    private CancellationSignal cancellationSignal;
    private final String encryptedDataKey;
    private final FingerprintConfig fingerprintConfig;
    private FingerprintManagerCompat fingerprintManager;
    private KeyStore keyStore;
    private final String keystoreAlias;
    private final SharedPreferences sharedPreferences;

    /* compiled from: FingerprintKeystoreManager.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\bf\u0018\u00002\u00020\u0001R\u0012\u0010\u0002\u001a\u00020\u0003X¦\u0004¢\u0006\u0006\u001a\u0004\b\u0002\u0010\u0004¨\u0006\u0005"}, d2 = {"Lcom/firstdata/util/crypto/FingerprintKeystoreManager$FingerprintConfig;", "", "isFingerprintFeatureEnabled", "", "()Z", "library_release"}, k = 1, mv = {1, 1, 13})
    /* loaded from: classes2.dex */
    public interface FingerprintConfig {
        boolean isFingerprintFeatureEnabled();
    }

    public FingerprintKeystoreManager(@NotNull Context context, @NotNull SharedPreferences sharedPreferences, @NotNull String encryptedDataKey, @NotNull String keystoreAlias, @NotNull FingerprintConfig fingerprintConfig) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(sharedPreferences, "sharedPreferences");
        Intrinsics.checkParameterIsNotNull(encryptedDataKey, "encryptedDataKey");
        Intrinsics.checkParameterIsNotNull(keystoreAlias, "keystoreAlias");
        Intrinsics.checkParameterIsNotNull(fingerprintConfig, "fingerprintConfig");
        this.sharedPreferences = sharedPreferences;
        this.encryptedDataKey = encryptedDataKey;
        this.keystoreAlias = keystoreAlias;
        this.fingerprintConfig = fingerprintConfig;
        if (DeviceUtils.INSTANCE.isFingerprintSupported()) {
            this.fingerprintManager = FingerprintManagerCompat.from(context);
        }
        try {
            this.keyStore = KeyStore.getInstance(Crypto.ANDROID_KEYSTORE);
            KeyStore keyStore = this.keyStore;
            if (keyStore != null) {
                keyStore.load(null);
            }
        } catch (Exception e) {
            FDLogger.INSTANCE.e(e, "Failed to load keystore");
        }
    }

    @RequiresApi(api = 23)
    private final void generateFingerprintKeyPair() {
        try {
            KeyStore keyStore = this.keyStore;
            if (keyStore == null || !keyStore.containsAlias(this.keystoreAlias)) {
                KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(this.keystoreAlias, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding");
                if (Build.VERSION.SDK_INT >= 24) {
                    encryptionPaddings.setInvalidatedByBiometricEnrollment(true);
                }
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", Crypto.ANDROID_KEYSTORE);
                keyGenerator.init(encryptionPaddings.build());
                keyGenerator.generateKey();
            }
        } catch (Exception e) {
            FDLogger.INSTANCE.e(e, "Failed to generate string");
        }
    }

    @RequiresApi(api = 23)
    private final Cipher getFingerprintCipher(int mode, boolean isRetry) {
        Cipher cipher = (Cipher) null;
        try {
            generateFingerprintKeyPair();
            KeyStore keyStore = this.keyStore;
            Key key = keyStore != null ? keyStore.getKey(this.keystoreAlias, null) : null;
            if (key == null) {
                throw new TypeCastException("null cannot be cast to non-null type javax.crypto.SecretKey");
            }
            SecretKey secretKey = (SecretKey) key;
            cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            if (mode == 1) {
                if (cipher != null) {
                    cipher.init(1, secretKey);
                }
                Intrinsics.checkExpressionValueIsNotNull(cipher, "cipher");
                IvParameterSpec ivParams = (IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class);
                Intrinsics.checkExpressionValueIsNotNull(ivParams, "ivParams");
                byte[] iv = ivParams.getIV();
                String encodedIv = Base64.encodeToString(Arrays.copyOf(iv, iv.length), 2);
                FDLogger fDLogger = FDLogger.INSTANCE;
                Intrinsics.checkExpressionValueIsNotNull(encodedIv, "encodedIv");
                fDLogger.d(FDLogger.CRYPTO_TAG, "encoded IV is %s", encodedIv);
                this.sharedPreferences.edit().putString(Crypto.IV_PREFIX + this.encryptedDataKey, encodedIv).apply();
            } else if (mode == 2) {
                if (!this.sharedPreferences.contains(Crypto.IV_PREFIX + this.encryptedDataKey)) {
                    return null;
                }
                byte[] decode = Base64.decode(this.sharedPreferences.getString(Crypto.IV_PREFIX + this.encryptedDataKey, null), 2);
                if (cipher != null) {
                    cipher.init(2, secretKey, new IvParameterSpec(decode));
                }
            }
            return cipher;
        } catch (KeyPermanentlyInvalidatedException e) {
            try {
                KeyStore keyStore2 = this.keyStore;
                if (keyStore2 != null) {
                    keyStore2.deleteEntry(this.keystoreAlias);
                }
                this.sharedPreferences.edit().remove(Crypto.IV_PREFIX + this.encryptedDataKey).remove(this.encryptedDataKey).apply();
                if (mode == 2) {
                    return null;
                }
                if (isRetry) {
                    FDLogger.INSTANCE.e(e, "single retry failed");
                    return null;
                }
                FDLogger.INSTANCE.d(FDLogger.CRYPTO_TAG, "retrying after key invalidated exception", new Object[0]);
                return getFingerprintCipher(mode, true);
            } catch (KeyStoreException unused) {
                FDLogger.INSTANCE.e(e, "failed to delete key from keystore");
            }
        } catch (InvalidAlgorithmParameterException e2) {
            FDLogger.INSTANCE.e(e2, "failed to create fingerprint cipher");
            return null;
        } catch (InvalidKeyException e3) {
            FDLogger.INSTANCE.e(e3, "failed to create fingerprint cipher");
            return null;
        } catch (KeyStoreException e4) {
            FDLogger.INSTANCE.e(e4, "failed to create fingerprint cipher");
            return null;
        } catch (NoSuchAlgorithmException e5) {
            FDLogger.INSTANCE.e(e5, "failed to create fingerprint cipher");
            return null;
        } catch (UnrecoverableKeyException e6) {
            FDLogger.INSTANCE.e(e6, "failed to create fingerprint cipher");
            return null;
        } catch (InvalidParameterSpecException e7) {
            FDLogger.INSTANCE.e(e7, "failed to create fingerprint cipher");
            return null;
        } catch (NoSuchPaddingException e8) {
            FDLogger.INSTANCE.e(e8, "failed to create fingerprint cipher");
            return null;
        }
    }

    @RequiresApi(api = 23)
    @SuppressLint({"MissingPermission"})
    private final boolean listenForFingerprint(FingerprintManagerCompat.AuthenticationCallback callback, int mode) {
        if (canUseFingerprintAuth() && hasEnrolledFingerprints()) {
            FDLogger.INSTANCE.d(FDLogger.CRYPTO_TAG, "Listening for fingerprint  mode: %d", Integer.valueOf(mode));
            this.cancellationSignal = new CancellationSignal();
            Cipher fingerprintCipher = getFingerprintCipher(mode, false);
            if (fingerprintCipher != null) {
                FingerprintManagerCompat fingerprintManagerCompat = this.fingerprintManager;
                if (fingerprintManagerCompat != null) {
                    fingerprintManagerCompat.authenticate(new FingerprintManagerCompat.CryptoObject(fingerprintCipher), 0, this.cancellationSignal, callback, null);
                }
                return true;
            }
        }
        return false;
    }

    @SuppressLint({"MissingPermission"})
    public final boolean canUseFingerprintAuth() {
        FingerprintManagerCompat fingerprintManagerCompat;
        return this.fingerprintConfig.isFingerprintFeatureEnabled() && (fingerprintManagerCompat = this.fingerprintManager) != null && fingerprintManagerCompat.isHardwareDetected();
    }

    public final void cancelListenForFingerprint() {
        CancellationSignal cancellationSignal = this.cancellationSignal;
        if (cancellationSignal != null) {
            cancellationSignal.cancel();
        }
        this.cancellationSignal = (CancellationSignal) null;
    }

    @Nullable
    public final String decryptUsingFingerprint(@NotNull Cipher cipher, @NotNull String encryptedText) {
        Intrinsics.checkParameterIsNotNull(cipher, "cipher");
        Intrinsics.checkParameterIsNotNull(encryptedText, "encryptedText");
        try {
            byte[] decrypted = cipher.doFinal(Base64.decode(encryptedText, 2));
            Intrinsics.checkExpressionValueIsNotNull(decrypted, "decrypted");
            return new String(decrypted, Charsets.UTF_8);
        } catch (Exception e) {
            FDLogger.INSTANCE.e(e, "failed to decrypt password");
            return null;
        }
    }

    @Nullable
    public final String encryptUsingFingerprint(@NotNull Cipher cipher, @NotNull String plainText) {
        Intrinsics.checkParameterIsNotNull(cipher, "cipher");
        Intrinsics.checkParameterIsNotNull(plainText, "plainText");
        try {
            byte[] bytes = plainText.getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
            return Base64.encodeToString(cipher.doFinal(bytes), 2);
        } catch (Exception e) {
            FDLogger.INSTANCE.e(e, "failed to encrypt password");
            return null;
        }
    }

    @SuppressLint({"MissingPermission"})
    public final boolean hasEnrolledFingerprints() {
        FingerprintManagerCompat fingerprintManagerCompat = this.fingerprintManager;
        return fingerprintManagerCompat != null && fingerprintManagerCompat.hasEnrolledFingerprints();
    }

    @RequiresApi(api = 23)
    public final boolean listenForFingerprintForDecryption(@NotNull FingerprintManagerCompat.AuthenticationCallback callback) {
        Intrinsics.checkParameterIsNotNull(callback, "callback");
        return listenForFingerprint(callback, 2);
    }

    @RequiresApi(api = 23)
    public final boolean listenForFingerprintForEncryption(@NotNull FingerprintManagerCompat.AuthenticationCallback callback) {
        Intrinsics.checkParameterIsNotNull(callback, "callback");
        return listenForFingerprint(callback, 1);
    }
}
