package com.oblador.keychain;

import android.os.Build;
import android.text.TextUtils;
import android.util.Log;
import ch.datatrans.payment.b10;
import ch.datatrans.payment.fk0;
import ch.datatrans.payment.hy0;
import ch.datatrans.payment.lp0;
import ch.datatrans.payment.mk0;
import ch.datatrans.payment.o62;
import ch.datatrans.payment.paymentmethods.SavedGooglePay;
import ch.datatrans.payment.s00;
import ch.datatrans.payment.t00;
import ch.datatrans.payment.uf0;
import ch.datatrans.payment.uq;
import ch.datatrans.payment.wp4;
import ch.datatrans.payment.y00;
import ch.datatrans.payment.z00;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import com.oblador.keychain.KeychainModule;
import com.oblador.keychain.a;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public class KeychainModule extends ReactContextBaseJavaModule {
    public static final String EMPTY_STRING = "";
    public static final String FACE_SUPPORTED_NAME = "Face";
    public static final String FINGERPRINT_SUPPORTED_NAME = "Fingerprint";
    public static final String IRIS_SUPPORTED_NAME = "Iris";
    public static final String KEYCHAIN_MODULE = "RNKeychainManager";
    private static final String LOG_TAG = "KeychainModule";
    public static final String WARMING_UP_ALIAS = "warmingUp";
    private final Map<String, s00> cipherStorageMap;
    private final a prefsStorage;

    public KeychainModule(ReactApplicationContext reactApplicationContext) {
        super(reactApplicationContext);
        this.cipherStorageMap = new HashMap();
        this.prefsStorage = new a(reactApplicationContext);
        addCipherStorageToMap(new y00(reactApplicationContext));
        addCipherStorageToMap(new z00());
        addCipherStorageToMap(new b10());
    }

    private void addCipherStorageToMap(s00 s00Var) {
        this.cipherStorageMap.put(s00Var.b(), s00Var);
    }

    private s00.c decryptCredentials(String str, s00 s00Var, a.C0329a c0329a, String str2, uq.d dVar) throws uf0, o62 {
        String str3 = c0329a.c;
        if (str3.equals(s00Var.b())) {
            return decryptToResult(str, s00Var, c0329a, dVar);
        }
        s00 cipherStorageByName = getCipherStorageByName(str3);
        if (cipherStorageByName != null) {
            s00.c decryptToResult = decryptToResult(str, cipherStorageByName, c0329a, dVar);
            if ("automaticUpgradeToMoreSecuredStorage".equals(str2)) {
                try {
                    migrateCipherStorage(str, s00Var, cipherStorageByName, decryptToResult);
                } catch (uf0 unused) {
                    Log.w(KEYCHAIN_MODULE, "Migrating to a less safe storage is not allowed. Keeping the old one");
                }
            }
            return decryptToResult;
        }
        throw new o62("Wrong cipher storage name '" + str3 + "' or cipher not available");
    }

    private s00.c decryptToResult(String str, s00 s00Var, a.C0329a c0329a, uq.d dVar) throws uf0 {
        fk0 interactiveHandler = getInteractiveHandler(s00Var, dVar);
        s00Var.e(interactiveHandler, str, (byte[]) c0329a.a, (byte[]) c0329a.b, wp4.ANY);
        uf0.a(interactiveHandler.d());
        if (interactiveHandler.a() != null) {
            return interactiveHandler.a();
        }
        throw new uf0("No decryption results and no error. Something deeply wrong!");
    }

    private Collection<String> doGetAllGenericPasswordServices() throws o62 {
        Set i = this.prefsStorage.i();
        ArrayList arrayList = new ArrayList(i.size());
        Iterator it = i.iterator();
        while (it.hasNext()) {
            arrayList.add(getCipherStorageByName((String) it.next()));
        }
        HashSet hashSet = new HashSet();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            for (String str : ((s00) it2.next()).f()) {
                if (!str.equals(WARMING_UP_ALIAS)) {
                    hashSet.add(str);
                }
            }
        }
        return hashSet;
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap) {
        return getAccessControlOrDefault(readableMap, "None");
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("accessControl")) ? null : readableMap.getString("accessControl");
        return string == null ? str : string;
    }

    private static String getAliasOrDefault(String str) {
        return str == null ? "" : str;
    }

    private static uq.d getPromptInfo(ReadableMap readableMap) {
        ReadableMap map = (readableMap == null || !readableMap.hasKey("authenticationPrompt")) ? null : readableMap.getMap("authenticationPrompt");
        uq.d.a aVar = new uq.d.a();
        if (map != null && map.hasKey("title")) {
            aVar.g(map.getString("title"));
        }
        if (map != null && map.hasKey("subtitle")) {
            aVar.f(map.getString("subtitle"));
        }
        if (map != null && map.hasKey(SavedGooglePay.DESCRIPTION)) {
            aVar.d(map.getString(SavedGooglePay.DESCRIPTION));
        }
        if (map != null && map.hasKey("cancel")) {
            aVar.e(map.getString("cancel"));
        }
        aVar.b(15);
        aVar.c(false);
        return aVar.a();
    }

    private wp4 getSecurityLevel(boolean z) {
        try {
            s00 cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel(z);
            wp4 a = cipherStorageForCurrentAPILevel.a();
            wp4 wp4Var = wp4.SECURE_SOFTWARE;
            return !a.c(wp4Var) ? wp4.ANY : cipherStorageForCurrentAPILevel.j() ? wp4.SECURE_HARDWARE : wp4Var;
        } catch (uf0 e) {
            Log.w(KEYCHAIN_MODULE, "Security Level Exception: " + e.getMessage(), e);
            return wp4.ANY;
        }
    }

    private static wp4 getSecurityLevelOrDefault(ReadableMap readableMap) {
        return getSecurityLevelOrDefault(readableMap, wp4.ANY.name());
    }

    private static wp4 getSecurityLevelOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("securityLevel")) ? null : readableMap.getString("securityLevel");
        if (string != null) {
            str = string;
        }
        return wp4.valueOf(str);
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap) {
        return getSecurityRulesOrDefault(readableMap, "none");
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("rules")) ? null : readableMap.getString("rules");
        return string == null ? str : string;
    }

    private s00 getSelectedStorage(ReadableMap readableMap) throws uf0 {
        boolean useBiometry = getUseBiometry(getAccessControlOrDefault(readableMap));
        String specificStorageOrDefault = getSpecificStorageOrDefault(readableMap);
        s00 cipherStorageByName = specificStorageOrDefault != null ? getCipherStorageByName(specificStorageOrDefault) : null;
        return cipherStorageByName == null ? getCipherStorageForCurrentAPILevel(useBiometry) : cipherStorageByName;
    }

    private static String getServiceOrDefault(ReadableMap readableMap) {
        return getAliasOrDefault((readableMap == null || !readableMap.hasKey("service")) ? null : readableMap.getString("service"));
    }

    private static String getSpecificStorageOrDefault(ReadableMap readableMap) {
        if (readableMap == null || !readableMap.hasKey("storage")) {
            return null;
        }
        return readableMap.getString("storage");
    }

    public static boolean getUseBiometry(String str) {
        return "BiometryAny".equals(str) || "BiometryCurrentSet".equals(str) || "BiometryAnyOrDevicePasscode".equals(str) || "BiometryCurrentSetOrDevicePasscode".equals(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void internalWarmingBestCipher() {
        try {
            long nanoTime = System.nanoTime();
            Log.v(KEYCHAIN_MODULE, "warming up started at " + nanoTime);
            t00 t00Var = (t00) getCipherStorageForCurrentAPILevel();
            t00Var.t();
            t00Var.s(WARMING_UP_ALIAS, t00Var.j() ? wp4.SECURE_HARDWARE : wp4.SECURE_SOFTWARE);
            t00Var.z();
            Log.v(KEYCHAIN_MODULE, "warming up takes: " + TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime) + " ms");
        } catch (Throwable th) {
            Log.e(KEYCHAIN_MODULE, "warming up failed!", th);
        }
    }

    public static void throwIfEmptyLoginPassword(String str, String str2) throws hy0 {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new hy0("you passed empty or null username/password");
        }
    }

    public static void throwIfInsufficientLevel(s00 s00Var, wp4 wp4Var) throws uf0 {
        if (!s00Var.a().c(wp4Var)) {
            throw new uf0(String.format("Cipher Storage is too weak. Required security level is: %s, but only %s is provided", wp4Var.name(), s00Var.a().name()));
        }
    }

    public static KeychainModule withWarming(ReactApplicationContext reactApplicationContext) {
        final KeychainModule keychainModule = new KeychainModule(reactApplicationContext);
        Thread thread = new Thread(new Runnable() { // from class: ch.datatrans.payment.d72
            @Override // java.lang.Runnable
            public final void run() {
                KeychainModule.this.internalWarmingBestCipher();
            }
        }, "keychain-warming-up");
        thread.setDaemon(true);
        thread.start();
        return keychainModule;
    }

    @ReactMethod
    public void getAllGenericPasswordServices(Promise promise) {
        try {
            promise.resolve(Arguments.makeNativeArray(doGetAllGenericPasswordServices().toArray()));
        } catch (o62 e) {
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e);
        }
    }

    s00 getCipherStorageByName(String str) {
        return this.cipherStorageMap.get(str);
    }

    s00 getCipherStorageForCurrentAPILevel() throws uf0 {
        return getCipherStorageForCurrentAPILevel(true);
    }

    s00 getCipherStorageForCurrentAPILevel(boolean z) throws uf0 {
        int i = Build.VERSION.SDK_INT;
        boolean z2 = z && (isFingerprintAuthAvailable() || isFaceAuthAvailable() || isIrisAuthAvailable());
        s00 s00Var = null;
        for (s00 s00Var2 : this.cipherStorageMap.values()) {
            Log.d(KEYCHAIN_MODULE, "Probe cipher storage: " + s00Var2.getClass().getSimpleName());
            int d = s00Var2.d();
            int c = s00Var2.c();
            if (d <= i && (s00Var == null || c >= s00Var.c())) {
                if (!s00Var2.h() || z2) {
                    s00Var = s00Var2;
                }
            }
        }
        if (s00Var == null) {
            throw new uf0("Unsupported Android SDK " + Build.VERSION.SDK_INT);
        }
        Log.d(KEYCHAIN_MODULE, "Selected storage: " + s00Var.getClass().getSimpleName());
        return s00Var;
    }

    @Override // com.facebook.react.bridge.BaseJavaModule
    public Map<String, Object> getConstants() {
        HashMap hashMap = new HashMap();
        wp4 wp4Var = wp4.ANY;
        hashMap.put(wp4Var.b(), wp4Var.name());
        wp4 wp4Var2 = wp4.SECURE_SOFTWARE;
        hashMap.put(wp4Var2.b(), wp4Var2.name());
        wp4 wp4Var3 = wp4.SECURE_HARDWARE;
        hashMap.put(wp4Var3.b(), wp4Var3.name());
        return hashMap;
    }

    protected void getGenericPassword(String str, ReadableMap readableMap, Promise promise) {
        try {
            a.C0329a e = this.prefsStorage.e(str);
            if (e == null) {
                Log.e(KEYCHAIN_MODULE, "No entry found for service: " + str);
                promise.resolve(Boolean.FALSE);
                return;
            }
            String str2 = e.c;
            String securityRulesOrDefault = getSecurityRulesOrDefault(readableMap);
            uq.d promptInfo = getPromptInfo(readableMap);
            s00 cipherStorageForCurrentAPILevel = (securityRulesOrDefault.equals("automaticUpgradeToMoreSecuredStorage") && str2.equals("FacebookConceal")) ? getCipherStorageForCurrentAPILevel(getUseBiometry(getAccessControlOrDefault(readableMap))) : getCipherStorageByName(str2);
            s00.c decryptCredentials = decryptCredentials(str, cipherStorageForCurrentAPILevel, e, securityRulesOrDefault, promptInfo);
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("username", (String) decryptCredentials.a);
            createMap.putString("password", (String) decryptCredentials.b);
            createMap.putString("storage", cipherStorageForCurrentAPILevel.b());
            promise.resolve(createMap);
        } catch (o62 e2) {
            Log.e(KEYCHAIN_MODULE, e2.getMessage());
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e2);
        } catch (uf0 e3) {
            Log.e(KEYCHAIN_MODULE, e3.getMessage());
            promise.reject("E_CRYPTO_FAILED", e3);
        } catch (Throwable th) {
            Log.e(KEYCHAIN_MODULE, th.getMessage(), th);
            promise.reject("E_UNKNOWN_ERROR", th);
        }
    }

    @ReactMethod
    public void getGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        getGenericPassword(getServiceOrDefault(readableMap), readableMap, promise);
    }

    protected fk0 getInteractiveHandler(s00 s00Var, uq.d dVar) {
        return mk0.a(getReactApplicationContext(), s00Var, dVar);
    }

    @ReactMethod
    public void getInternetCredentialsForServer(String str, ReadableMap readableMap, Promise promise) {
        getGenericPassword(str, readableMap, promise);
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return KEYCHAIN_MODULE;
    }

    @ReactMethod
    public void getSecurityLevel(ReadableMap readableMap, Promise promise) {
        promise.resolve(getSecurityLevel(getUseBiometry(getAccessControlOrDefault(readableMap))).name());
    }

    @ReactMethod
    public void getSupportedBiometryType(Promise promise) {
        try {
            String str = null;
            if (lp0.e(getReactApplicationContext())) {
                if (isFingerprintAuthAvailable()) {
                    str = FINGERPRINT_SUPPORTED_NAME;
                } else if (isFaceAuthAvailable()) {
                    str = FACE_SUPPORTED_NAME;
                } else if (isIrisAuthAvailable()) {
                    str = IRIS_SUPPORTED_NAME;
                }
            }
            promise.resolve(str);
        } catch (Exception e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            promise.reject("E_SUPPORTED_BIOMETRY_ERROR", e);
        } catch (Throwable th) {
            Log.e(KEYCHAIN_MODULE, th.getMessage(), th);
            promise.reject("E_UNKNOWN_ERROR", th);
        }
    }

    @ReactMethod
    public void hasInternetCredentialsForServer(String str, Promise promise) {
        String aliasOrDefault = getAliasOrDefault(str);
        a.C0329a e = this.prefsStorage.e(aliasOrDefault);
        if (e != null) {
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", aliasOrDefault);
            createMap.putString("storage", e.c);
            promise.resolve(createMap);
            return;
        }
        Log.e(KEYCHAIN_MODULE, "No entry found for service: " + aliasOrDefault);
        promise.resolve(Boolean.FALSE);
    }

    boolean isFaceAuthAvailable() {
        return lp0.e(getReactApplicationContext()) && lp0.a(getReactApplicationContext());
    }

    boolean isFingerprintAuthAvailable() {
        return lp0.e(getReactApplicationContext()) && lp0.b(getReactApplicationContext());
    }

    boolean isIrisAuthAvailable() {
        return lp0.e(getReactApplicationContext()) && lp0.c(getReactApplicationContext());
    }

    boolean isSecureHardwareAvailable() {
        try {
            return getCipherStorageForCurrentAPILevel().j();
        } catch (uf0 unused) {
            return false;
        }
    }

    void migrateCipherStorage(String str, s00 s00Var, s00 s00Var2, s00.c cVar) throws o62, uf0 {
        this.prefsStorage.l(str, s00Var.g(str, (String) cVar.a, (String) cVar.b, cVar.a()));
        s00Var2.i(str);
    }

    protected void resetGenericPassword(String str, Promise promise) {
        s00 cipherStorageByName;
        try {
            a.C0329a e = this.prefsStorage.e(str);
            if (e != null && (cipherStorageByName = getCipherStorageByName(e.c)) != null) {
                cipherStorageByName.i(str);
            }
            this.prefsStorage.k(str);
            promise.resolve(Boolean.TRUE);
        } catch (o62 e2) {
            Log.e(KEYCHAIN_MODULE, e2.getMessage());
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e2);
        } catch (Throwable th) {
            Log.e(KEYCHAIN_MODULE, th.getMessage(), th);
            promise.reject("E_UNKNOWN_ERROR", th);
        }
    }

    @ReactMethod
    public void resetGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        resetGenericPassword(getServiceOrDefault(readableMap), promise);
    }

    @ReactMethod
    public void resetInternetCredentialsForServer(String str, Promise promise) {
        resetGenericPassword(str, promise);
    }

    protected void setGenericPassword(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        try {
            throwIfEmptyLoginPassword(str2, str3);
            wp4 securityLevelOrDefault = getSecurityLevelOrDefault(readableMap);
            s00 selectedStorage = getSelectedStorage(readableMap);
            throwIfInsufficientLevel(selectedStorage, securityLevelOrDefault);
            this.prefsStorage.l(str, selectedStorage.g(str, str2, str3, securityLevelOrDefault));
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("storage", selectedStorage.b());
            promise.resolve(createMap);
        } catch (hy0 e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            promise.reject("E_EMPTY_PARAMETERS", e);
        } catch (uf0 e2) {
            Log.e(KEYCHAIN_MODULE, e2.getMessage(), e2);
            promise.reject("E_CRYPTO_FAILED", e2);
        } catch (Throwable th) {
            Log.e(KEYCHAIN_MODULE, th.getMessage(), th);
            promise.reject("E_UNKNOWN_ERROR", th);
        }
    }

    @ReactMethod
    public void setGenericPasswordForOptions(ReadableMap readableMap, String str, String str2, Promise promise) {
        setGenericPassword(getServiceOrDefault(readableMap), str, str2, readableMap, promise);
    }

    @ReactMethod
    public void setInternetCredentialsForServer(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        setGenericPassword(str, str2, str3, readableMap, promise);
    }
}
