package com.squareup.whorlwind;

import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Process;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Log;
import io.reactivex.Completable;
import io.reactivex.Observable;
import io.reactivex.functions.Action;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.Cipher;
import okio.ByteString;

@TargetApi(23)
/* loaded from: classes.dex */
public final class RealWhorlwind extends Whorlwind {
    public final Context context;
    public final FingerprintManager fingerprintManager;
    public final String keyAlias;
    public final KeyFactory keyFactory;
    public final KeyPairGenerator keyGenerator;
    public final KeyStore keyStore;
    public final Storage storage;
    public final Object dataLock = new Object();
    public final AtomicBoolean readerScanning = new AtomicBoolean();

    public RealWhorlwind(Context context, FingerprintManager fingerprintManager, Storage storage, String str, KeyStore keyStore, KeyPairGenerator keyPairGenerator, KeyFactory keyFactory) {
        this.context = context;
        this.fingerprintManager = fingerprintManager;
        this.storage = storage;
        this.keyAlias = str;
        this.keyStore = keyStore;
        this.keyGenerator = keyPairGenerator;
        this.keyFactory = keyFactory;
    }

    public static Cipher createCipher() {
        return Cipher.getInstance("RSA/ECB/PKCS1Padding");
    }

    @Override // com.squareup.whorlwind.Whorlwind
    public boolean canStoreSecurely() {
        boolean z;
        boolean z2;
        if (this.context.checkPermission("android.permission.USE_FINGERPRINT", Process.myPid(), Process.myUid()) != 0) {
            return false;
        }
        try {
            z = this.fingerprintManager.isHardwareDetected();
        } catch (SecurityException e) {
            Log.w("Whorlwind", "Failed detecting hardware", e);
            z = false;
        }
        if (!z) {
            return false;
        }
        try {
            z2 = this.fingerprintManager.hasEnrolledFingerprints();
        } catch (IllegalStateException e2) {
            Log.w("Whorlwind", "Cannot know if device has enrolled fingerprints", e2);
            z2 = false;
        }
        return z2;
    }

    public void checkCanStoreSecurely() {
        boolean z;
        boolean z2 = false;
        if (this.context.checkPermission("android.permission.USE_FINGERPRINT", Process.myPid(), Process.myUid()) == 0 && Whorlwind.isHardwareDetected(this.fingerprintManager)) {
            try {
                z = this.fingerprintManager.hasEnrolledFingerprints();
            } catch (IllegalStateException e) {
                Log.w("Whorlwind", "Cannot know if device has enrolled fingerprints", e);
                z = false;
            }
            if (z) {
                z2 = true;
            }
        }
        if (!z2) {
            throw new IllegalStateException("Can't store securely. Check canStoreSecurely() before attempting to read/write.");
        }
    }

    public void prepareKeyStore() {
        try {
            Key key = this.keyStore.getKey(this.keyAlias, null);
            Certificate certificate = this.keyStore.getCertificate(this.keyAlias);
            if (key != null && certificate != null) {
                try {
                    createCipher().init(2, key);
                    return;
                } catch (KeyPermanentlyInvalidatedException unused) {
                    Log.d("Whorlwind", "Key invalidated.");
                }
            }
            ((SharedPreferencesStorage) this.storage).prefs().edit().clear().apply();
            this.keyGenerator.initialize(new KeyGenParameterSpec.Builder(this.keyAlias, 3).setBlockModes("ECB").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS1Padding").build());
            this.keyGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.squareup.whorlwind.Whorlwind
    public Observable<ReadResult> read(String str) {
        return Observable.create(new FingerprintAuthOnSubscribe(this.fingerprintManager, this.storage, str, this.readerScanning, this.dataLock, this));
    }

    public void removeKey() {
        try {
            this.keyStore.deleteEntry(this.keyAlias);
        } catch (Exception e) {
            Log.d("Whorlwind", "Remove key failed", e);
        }
    }

    @Override // com.squareup.whorlwind.Whorlwind
    public Completable write(final String str, final ByteString byteString) {
        return Completable.fromAction(new Action() { // from class: com.squareup.whorlwind.RealWhorlwind.1
            @Override // io.reactivex.functions.Action
            public void run() {
                RealWhorlwind.this.checkCanStoreSecurely();
                synchronized (RealWhorlwind.this.dataLock) {
                    if (byteString == null) {
                        ((SharedPreferencesStorage) RealWhorlwind.this.storage).remove(str);
                        return;
                    }
                    RealWhorlwind.this.prepareKeyStore();
                    Cipher createCipher = RealWhorlwind.createCipher();
                    RealWhorlwind realWhorlwind = RealWhorlwind.this;
                    createCipher.init(1, realWhorlwind.keyFactory.generatePublic(new X509EncodedKeySpec(realWhorlwind.keyStore.getCertificate(realWhorlwind.keyAlias).getPublicKey().getEncoded())));
                    Storage storage = RealWhorlwind.this.storage;
                    ((SharedPreferencesStorage) storage).prefs().edit().putString(str, ByteString.of(createCipher.doFinal(byteString.toByteArray())).base64()).apply();
                }
            }
        });
    }
}
