package minkasu2fa;

import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.widget.Toast;
import androidx.core.app.ActivityCompat;
import com.facebook.internal.security.OidcSecurityUtil;
import com.google.android.gms.stats.CodePackage;
import com.minkasu.android.twofa.R;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import minkasu2fa.core.data.MKCryptoException;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.jose4j.jwe.SimpleAeadCipher;
import org.jose4j.keys.AesKey;

/* loaded from: classes6.dex */
public class s0 {
    public static final String a = "s0-Minkasu";

    public static String a(Context context) {
        if (context == null) {
            return "Context Missing";
        }
        if (!w0.d()) {
            return context.getResources().getString(R.string.minkasu2fa_fp_un_avail);
        }
        KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KeyguardManager.class);
        FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FingerprintManager.class);
        if (fingerprintManager == null || keyguardManager == null) {
            return context.getResources().getString(R.string.minkasu2fa_fp_api_missing);
        }
        if (!fingerprintManager.isHardwareDetected()) {
            return context.getResources().getString(R.string.minkasu2fa_fp_hardware_un_avail);
        }
        if (!keyguardManager.isKeyguardSecure()) {
            return context.getResources().getString(R.string.minkasu2fa_keyguard_fp_not_enrolled);
        }
        if (d(context)) {
            return context.getResources().getString(R.string.minkasu2fa_fp_permission_missing);
        }
        if (fingerprintManager.hasEnrolledFingerprints()) {
            return null;
        }
        return context.getResources().getString(R.string.minkasu2fa_keyguard_fp_not_enrolled);
    }

    public static Signature a(String str, p pVar) {
        try {
            c(str);
            f(str);
            Signature h = h(str);
            if (h == null) {
                throw new MKCryptoException(a, "Failed to create signature");
            }
            if (pVar != null) {
                pVar.b("minkasu2fa_new_biometric_signature", true);
            }
            return h;
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e) {
            throw new MKCryptoException(a, e);
        }
    }

    public static Cipher a() {
        try {
            return Cipher.getInstance("AES/CBC/PKCS7Padding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new MKCryptoException(a, "Failed to get an instance of Cipher", e);
        }
    }

    public static w a(p pVar) {
        return pVar.a("minkasu2fa_use_fingerprint", false) ? w.ENABLED : w.DISABLED;
    }

    public static void a(KeyGenParameterSpec keyGenParameterSpec) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM, "AndroidKeyStore");
            keyGenerator.init(keyGenParameterSpec);
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            w0.a(a, "Failed to generate key using KeyGenerator", e);
            throw e;
        }
    }

    public static void a(p pVar, int i, boolean z) {
        if ((i & 2) > 0) {
            try {
                pVar.c("minkasu2fa_iv");
                c("mk_fingerPrint_key");
            } catch (MKCryptoException e) {
                if (z) {
                    throw e;
                }
                return;
            }
        }
        if ((i & 4) > 0) {
            pVar.c("minkasu2fa_bm_iv");
            c("mk_biometric_key");
        }
    }

    public static boolean a(Context context, boolean z) {
        if (w0.d()) {
            KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KeyguardManager.class);
            FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FingerprintManager.class);
            if (keyguardManager == null || fingerprintManager == null || !fingerprintManager.isHardwareDetected()) {
                return false;
            }
            if (!keyguardManager.isKeyguardSecure()) {
                if (z) {
                    Toast.makeText(context, context.getResources().getString(R.string.minkasu2fa_fp_toast_message), 1).show();
                }
                return false;
            }
            if (d(context)) {
                if (z) {
                    Toast.makeText(context, "Fingerprint authentication permission not enabled", 1).show();
                }
                return false;
            }
            if (fingerprintManager.hasEnrolledFingerprints()) {
                return true;
            }
            if (z) {
                Toast.makeText(context, context.getResources().getString(R.string.minkasu2fa_fp_toast_message), 1).show();
            }
            return false;
        }
        return false;
    }

    public static boolean a(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.containsAlias(str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new MKCryptoException(a, e);
        }
    }

    public static boolean a(String str, String str2) {
        return c(str, str2) == null;
    }

    public static boolean a(Cipher cipher, String str, String str2) {
        try {
            SecretKey j = j(str);
            if (w0.c(str2)) {
                cipher.init(2, j, new IvParameterSpec(e0.a(str2)));
                return true;
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new MKCryptoException(a, "Failed to init cipher in decrypt mode", e);
        } catch (InvalidKeyException unused) {
        }
        return false;
    }

    public static w[] a(Context context, p pVar) {
        w wVar = w.UNKNOWN;
        w[] wVarArr = {wVar, wVar, wVar};
        if (context != null) {
            wVarArr[0] = c(context);
            wVarArr[1] = b(context);
            wVarArr[2] = a(pVar);
        }
        return wVarArr;
    }

    public static Signature b(String str, p pVar) {
        try {
            Signature h = h(str);
            if (h != null) {
                return h;
            }
            throw new MKCryptoException(a, "Failed to create signature");
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new MKCryptoException(a, e);
        }
    }

    public static Cipher b() {
        try {
            return Cipher.getInstance(SimpleAeadCipher.GCM_TRANSFORMATION_NAME);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new MKCryptoException(a, "Failed to get an instance of Cipher", e);
        }
    }

    public static w b(Context context) {
        if (w0.d()) {
            KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KeyguardManager.class);
            FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FingerprintManager.class);
            if (keyguardManager != null && fingerprintManager != null) {
                return !keyguardManager.isKeyguardSecure() ? w.DISABLED : d(context) ? w.NO_PERMISSION : (fingerprintManager.isHardwareDetected() && fingerprintManager.hasEnrolledFingerprints()) ? w.ENABLED : w.DISABLED;
            }
        }
        return w.UNKNOWN;
    }

    public static boolean b(String str) {
        try {
            return h(str) == null;
        } catch (KeyPermanentlyInvalidatedException unused) {
            return true;
        } catch (IOException e) {
            e = e;
            throw new MKCryptoException(a, e);
        } catch (InvalidKeyException e2) {
            e = e2;
            throw new MKCryptoException(a, e);
        } catch (KeyStoreException e3) {
            e = e3;
            throw new MKCryptoException(a, e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            throw new MKCryptoException(a, e);
        } catch (UnrecoverableKeyException e5) {
            e = e5;
            throw new MKCryptoException(a, e);
        } catch (CertificateException e6) {
            e = e6;
            throw new MKCryptoException(a, e);
        }
    }

    public static boolean b(String str, String str2) {
        return d(str, str2) == null;
    }

    public static boolean b(Cipher cipher, String str, String str2) {
        try {
            SecretKey j = j(str);
            if (!w0.c(str2)) {
                return false;
            }
            cipher.init(2, j, new GCMParameterSpec(128, e0.a(str2)));
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new MKCryptoException(a, "Failed to init cipher in decrypt mode", e);
        } catch (InvalidKeyException unused) {
            return false;
        }
    }

    public static Cipher c(String str, String str2) {
        Cipher a2 = a();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                a(d(str));
            }
            if (a(a2, str, str2)) {
                return a2;
            }
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new MKCryptoException(a, "Failed to get instance of Keystore", e);
        }
    }

    public static w c(Context context) {
        if (w0.d()) {
            if (d(context)) {
                return w.NO_PERMISSION;
            }
            FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FingerprintManager.class);
            if (fingerprintManager != null) {
                return fingerprintManager.isHardwareDetected() ? w.ENABLED : w.DISABLED;
            }
        }
        return w.UNKNOWN;
    }

    public static void c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new MKCryptoException(a, "Failed to get an instance of KeyStore", e);
        }
    }

    public static KeyGenParameterSpec d(String str) {
        KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        return userAuthenticationRequired.build();
    }

    public static Cipher d(String str, String str2) {
        Cipher b = b();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                a(e(str));
            }
            if (b(b, str, str2)) {
                return b;
            }
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new MKCryptoException(a, "Failed to get instance of Keystore", e);
        }
    }

    public static boolean d(Context context) {
        return ActivityCompat.checkSelfPermission(context, "android.permission.USE_FINGERPRINT") != 0;
    }

    public static KeyGenParameterSpec e(String str) {
        KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        return userAuthenticationRequired.build();
    }

    public static void f(String str) {
        try {
            KeyGenParameterSpec g = g(str);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(g);
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            w0.a(a, "Failed to generate keypair using KeyGenerator", e);
            throw e;
        }
    }

    public static KeyGenParameterSpec g(String str) {
        KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA512).setSignaturePaddings("PKCS1").setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 30) {
            userAuthenticationRequired.setUserAuthenticationParameters(0, 2);
        }
        if (Build.VERSION.SDK_INT >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        return userAuthenticationRequired.build();
    }

    public static Signature h(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            return null;
        }
        Signature signature = Signature.getInstance(OidcSecurityUtil.SIGNATURE_ALGORITHM_SHA256);
        signature.initSign(privateKey);
        return signature;
    }

    public static PublicKey i(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificate(str).getPublicKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new MKCryptoException(a, e);
        }
    }

    public static SecretKey j(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(str, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new MKCryptoException(a, "Failed to get key from keystore", e);
        }
    }
}
