package portal.aqua.security;

import android.app.Activity;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Log;
import androidx.activity.result.ActivityResult;
import androidx.activity.result.ActivityResultCallback;
import androidx.activity.result.ActivityResultLauncher;
import androidx.activity.result.contract.ActivityResultContracts;
import androidx.appcompat.app.AppCompatActivity;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.core.content.ContextCompat;
import androidx.fragment.app.FragmentActivity;
import com.docusign.androidsdk.core.security.SecureStoreBelowMarshmallow;
import com.docusign.androidsdk.core.security.SecureStoreMarshmallowAndAbove;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang3.StringUtils;
import portal.aqua.portal.App;
import portal.aqua.utils.dictionary.Loc;

/* loaded from: classes3.dex */
public class BiometricAuthentication {
    private static final String ENCRYPTED_BYTE_ARR = "encrypted";
    private static final String HAS_SAVED_PASSWORD = "hasSavedPassword";
    private static final String INIT_VECTOR_BYTE_ARR = "iv";
    static final String KEY_NAME = "credentials";
    static final int REQUEST_CODE = 1000;
    private static final String SHARED_PREFS_NAME = "biometricsPrefs";
    private static boolean deviceCanUseBio = false;
    private static byte[] encrypted = null;
    private static boolean hasSavedPassword = false;
    private static boolean isBioSetup = false;
    private static byte[] iv;

    public static void authenticate(Activity activity, final boolean z, final String str, final String str2, final BioLoginCallbackInterface bioLoginCallbackInterface) throws NoSuchPaddingException, NoSuchAlgorithmException, CertificateException, IOException, InvalidKeyException, UnrecoverableKeyException, KeyStoreException, InvalidAlgorithmParameterException, NoSuchProviderException {
        BiometricPrompt biometricPrompt = new BiometricPrompt((FragmentActivity) activity, ContextCompat.getMainExecutor(activity), new BiometricPrompt.AuthenticationCallback() { // from class: portal.aqua.security.BiometricAuthentication.1
            @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
            public void onAuthenticationError(int i, CharSequence charSequence) {
                super.onAuthenticationError(i, charSequence);
                Log.e("BIO_AUTH", "Biometric authentication error: " + ((Object) charSequence));
            }

            @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
            public void onAuthenticationFailed() {
                super.onAuthenticationFailed();
                Log.e("BIO_AUTH", "Biometric authentication failed");
            }

            @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
            public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult authenticationResult) {
                super.onAuthenticationSucceeded(authenticationResult);
                Log.d("BIO_AUTH", "Biometric authentication succeeded... encrypt: " + z);
                if (!z) {
                    try {
                        Log.d("BIO_AUTH", "Info to decrypt: " + Arrays.toString(BiometricAuthentication.encrypted));
                        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(authenticationResult.getCryptoObject().getCipher().doFinal(BiometricAuthentication.encrypted)));
                        String readUTF = dataInputStream.readUTF();
                        String readUTF2 = dataInputStream.readUTF();
                        Log.d("BIO_AUTH", "Decrypted information: " + readUTF + StringUtils.SPACE + readUTF2);
                        bioLoginCallbackInterface.gotUserPassSuccess(readUTF, readUTF2);
                        return;
                    } catch (Exception unused) {
                        bioLoginCallbackInterface.gotUserPassFailed(Loc.getTextOffline("securityPrefsDisabled"));
                        return;
                    }
                }
                try {
                    Cipher cipher = authenticationResult.getCryptoObject().getCipher();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(str);
                    arrayList.add(str2);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        dataOutputStream.writeUTF((String) it.next());
                    }
                    byte[] doFinal = cipher.doFinal(byteArrayOutputStream.toByteArray());
                    byte[] unused2 = BiometricAuthentication.iv = cipher.getIV();
                    Log.d("BIO_AUTH", "Encrypted information: " + Arrays.toString(doFinal));
                    byte[] unused3 = BiometricAuthentication.encrypted = doFinal;
                    boolean unused4 = BiometricAuthentication.hasSavedPassword = true;
                    BiometricAuthentication.saveSharedPrefs();
                    bioLoginCallbackInterface.savedPasswordSuccess();
                } catch (Exception e) {
                    bioLoginCallbackInterface.savedPasswordFailed(e);
                }
            }
        });
        BiometricPrompt.PromptInfo build = new BiometricPrompt.PromptInfo.Builder().setTitle(Loc.getTextOffline("bioLoginTitle")).setNegativeButtonText(Loc.getTextOffline("cancel")).setAllowedAuthenticators(15).build();
        if (z) {
            biometricPrompt.authenticate(build, new BiometricPrompt.CryptoObject(getInitializedCipherForEncryption(KEY_NAME)));
        } else {
            biometricPrompt.authenticate(build, new BiometricPrompt.CryptoObject(getInitializedCipherForDecryption(KEY_NAME)));
        }
    }

    public static void checkAuthenticate(Activity activity, boolean z) throws NoSuchPaddingException, CertificateException, NoSuchAlgorithmException, IOException, InvalidKeyException, UnrecoverableKeyException, KeyStoreException, InvalidAlgorithmParameterException, NoSuchProviderException {
        int canAuthenticate = BiometricManager.from(activity).canAuthenticate(15);
        Log.d("BIO_AUTH", "Biometric Result: " + canAuthenticate);
        if (canAuthenticate == -2) {
            isBioSetup = false;
            hasSavedPassword = false;
            deviceCanUseBio = false;
            saveSharedPrefs();
            Log.e("BIO_AUTH", "Biometric error: Unsupported - incompatible with current android version.");
            return;
        }
        if (canAuthenticate == -1) {
            isBioSetup = false;
            hasSavedPassword = false;
            deviceCanUseBio = true;
            saveSharedPrefs();
            Log.e("BIO_AUTH", "Biometric status unknown");
            if (z) {
                setupBio(activity);
                return;
            }
            return;
        }
        if (canAuthenticate == 0) {
            Log.d("BIO_AUTH", "App can authenticate using biometrics.");
            isBioSetup = true;
            deviceCanUseBio = true;
            return;
        }
        if (canAuthenticate == 1) {
            isBioSetup = false;
            hasSavedPassword = false;
            deviceCanUseBio = false;
            saveSharedPrefs();
            Log.e("BIO_AUTH", "Biometric features are currently unavailable.");
            return;
        }
        if (canAuthenticate == 11) {
            isBioSetup = false;
            hasSavedPassword = false;
            deviceCanUseBio = true;
            saveSharedPrefs();
            Log.e("BIO_AUTH", "Biometric error: None enrolled.");
            if (z) {
                setupBio(activity);
                return;
            }
            return;
        }
        if (canAuthenticate == 12) {
            isBioSetup = false;
            hasSavedPassword = false;
            deviceCanUseBio = false;
            saveSharedPrefs();
            Log.e("BIO_AUTH", "No biometric features available on this device.");
            return;
        }
        if (canAuthenticate != 15) {
            return;
        }
        isBioSetup = false;
        hasSavedPassword = false;
        deviceCanUseBio = false;
        saveSharedPrefs();
        Log.e("BIO_AUTH", "Biometric error: Security update required.");
    }

    public static boolean deviceCanUseBio() {
        return deviceCanUseBio;
    }

    private static SecretKey generateKey(String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        return generateSecretKey(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).setInvalidatedByBiometricEnrollment(true).build());
    }

    private static SecretKey generateSecretKey(KeyGenParameterSpec keyGenParameterSpec) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(SecureStoreBelowMarshmallow.SSTORE_KEYSPEC_ALGNAME, SecureStoreMarshmallowAndAbove.SSTORE_ANDROID_KEY_STORE);
        keyGenerator.init(keyGenParameterSpec);
        return keyGenerator.generateKey();
    }

    private static Cipher getCipher() throws NoSuchPaddingException, NoSuchAlgorithmException {
        return Cipher.getInstance(SecureStoreMarshmallowAndAbove.SSTORE_POST_M_TRANSFORMATION);
    }

    private static Cipher getInitializedCipherForDecryption(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableKeyException, CertificateException, IOException, KeyStoreException, NoSuchProviderException, InvalidKeyException {
        Cipher cipher = getCipher();
        cipher.init(2, getSecretKey(str), new IvParameterSpec(iv));
        return cipher;
    }

    private static Cipher getInitializedCipherForEncryption(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableKeyException, CertificateException, IOException, KeyStoreException, NoSuchProviderException, InvalidKeyException {
        Cipher cipher = getCipher();
        try {
            cipher.init(1, getSecretKey(str));
        } catch (KeyPermanentlyInvalidatedException unused) {
            KeyStore keyStore = KeyStore.getInstance(SecureStoreMarshmallowAndAbove.SSTORE_ANDROID_KEY_STORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
            cipher.init(1, getSecretKey(str));
        }
        return cipher;
    }

    private static SecretKey getSecretKey(String str) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyStore keyStore = KeyStore.getInstance(SecureStoreMarshmallowAndAbove.SSTORE_ANDROID_KEY_STORE);
        try {
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            if (secretKey != null) {
                return secretKey;
            }
        } catch (Exception e) {
            Log.e("BIO_AUTH", "Error trying to get key: " + e.getMessage());
        }
        return generateKey(str);
    }

    public static boolean hasSavedPassword() {
        return hasSavedPassword;
    }

    public static boolean isBioSetup() {
        return isBioSetup;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$setupBio$0(ActivityResult activityResult) {
        if (activityResult.getResultCode() != -1 && activityResult.getResultCode() != 1) {
            Log.e("BIO_AUTH", "Biometric setup result: " + activityResult.toString());
        } else {
            Log.d("BIO_AUTH", "Successfully setup biometric authenticator.");
            isBioSetup = true;
        }
    }

    public static void loadSharedPrefs() {
        SharedPreferences sharedPreferences = App.getContext().getSharedPreferences(SHARED_PREFS_NAME, 0);
        boolean z = sharedPreferences.getBoolean(HAS_SAVED_PASSWORD, false);
        hasSavedPassword = z;
        if (z) {
            String string = sharedPreferences.getString(ENCRYPTED_BYTE_ARR, null);
            if (string != null) {
                String[] split = string.substring(1, string.length() - 1).split(", ");
                encrypted = new byte[split.length];
                for (int i = 0; i < split.length; i++) {
                    encrypted[i] = Byte.parseByte(split[i]);
                }
            }
            String string2 = sharedPreferences.getString(INIT_VECTOR_BYTE_ARR, null);
            if (string2 != null) {
                String[] split2 = string2.substring(1, string2.length() - 1).split(", ");
                iv = new byte[split2.length];
                for (int i2 = 0; i2 < split2.length; i2++) {
                    iv[i2] = Byte.parseByte(split2[i2]);
                }
            }
        }
        Log.d("BIO_AUTH", "Loaded shared prefs from: biometricsPrefs ... hasSavedPassword: " + hasSavedPassword);
    }

    public static void removeSavedPassword() {
        hasSavedPassword = false;
        saveSharedPrefs();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void saveSharedPrefs() {
        SharedPreferences.Editor edit = App.getContext().getSharedPreferences(SHARED_PREFS_NAME, 0).edit();
        edit.putBoolean(HAS_SAVED_PASSWORD, hasSavedPassword);
        if (hasSavedPassword) {
            edit.putString(ENCRYPTED_BYTE_ARR, Arrays.toString(encrypted));
            edit.putString(INIT_VECTOR_BYTE_ARR, Arrays.toString(iv));
        }
        edit.apply();
        Log.d("BIO_AUTH", "Saved shared prefs to: biometricsPrefs ... hasSavedPassword: " + hasSavedPassword);
    }

    private static void setupBio(Activity activity) {
        ActivityResultLauncher registerForActivityResult = ((AppCompatActivity) activity).registerForActivityResult(new ActivityResultContracts.StartActivityForResult(), new ActivityResultCallback() { // from class: portal.aqua.security.BiometricAuthentication$$ExternalSyntheticLambda0
            @Override // androidx.activity.result.ActivityResultCallback
            public final void onActivityResult(Object obj) {
                BiometricAuthentication.lambda$setupBio$0((ActivityResult) obj);
            }
        });
        if (Build.VERSION.SDK_INT >= 30) {
            registerForActivityResult.launch(new Intent("android.settings.BIOMETRIC_ENROLL"));
        } else {
            registerForActivityResult.launch(new Intent("android.settings.FINGERPRINT_ENROLL"));
        }
    }
}
