package de.tk.tkapp.login.service;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import d.f.f.a.a;
import de.tk.common.transformer.CompletableTransformers;
import de.tk.common.transformer.SingleTransformers;
import de.tk.network.NetworkKoinModules;
import de.tk.tkapp.einstellungen.service.FingerprintManagerProvider;
import de.tk.tkapp.login.model.FingerprintUserAuthentifizierungResponse;
import io.reactivex.d0;
import io.reactivex.g0.j;
import io.reactivex.y;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.b.l;
import kotlin.jvm.internal.o;
import kotlin.jvm.internal.s;
import kotlin.jvm.internal.v;
import org.koin.core.parameter.DefinitionParameters;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000b\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\t\u0018\u0000 +2\u00020\u0001:\u0001+BI\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u000e\b\u0002\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005\u0012\u0014\b\u0002\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\n0\b\u0012\u0014\b\u0002\u0010\u000b\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\f0\b¢\u0006\u0002\u0010\rJ\b\u0010\u000e\u001a\u00020\u000fH\u0017J\b\u0010\u0010\u001a\u00020\u0011H\u0002J\u0016\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\t0\u00132\u0006\u0010\u0014\u001a\u00020\u000fH\u0017J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0014\u001a\u00020\u000fH\u0017J\u001e\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00180\u00132\u0006\u0010\u0019\u001a\u00020\t2\u0006\u0010\u001a\u001a\u00020\tH\u0016J\b\u0010\u001b\u001a\u00020\u0016H\u0016J\b\u0010\u001c\u001a\u00020\fH\u0007J\b\u0010\u001d\u001a\u00020\u000fH\u0016J\u0010\u0010\u001e\u001a\u00020\t2\u0006\u0010\u0014\u001a\u00020\u000fH\u0007J\b\u0010\u001f\u001a\u00020 H\u0016J\b\u0010!\u001a\u00020 H\u0002J\b\u0010\"\u001a\u00020#H\u0017J\b\u0010$\u001a\u00020#H\u0007J\u0010\u0010%\u001a\u00020#2\u0006\u0010&\u001a\u00020 H\u0016J\b\u0010'\u001a\u00020 H\u0016J\b\u0010(\u001a\u00020#H\u0016J\u0018\u0010)\u001a\u00020#2\u0006\u0010\u0014\u001a\u00020\u000f2\u0006\u0010\u0019\u001a\u00020\tH\u0007J\b\u0010*\u001a\u00020 H\u0016R\u001a\u0010\u000b\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\f0\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u001a\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\n0\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006,"}, d2 = {"Lde/tk/tkapp/login/service/FingerprintServiceImpl;", "Lde/tk/tkapp/login/service/FingerprintService;", "context", "Landroid/content/Context;", "keyStoreProvider", "Lkotlin/Function0;", "Ljava/security/KeyStore;", "keyGeneratorProvider", "Lkotlin/Function1;", "", "Ljavax/crypto/KeyGenerator;", "cipherProvider", "Ljavax/crypto/Cipher;", "(Landroid/content/Context;Lkotlin/jvm/functions/Function0;Lkotlin/jvm/functions/Function1;Lkotlin/jvm/functions/Function1;)V", "createNewCryptoObject", "Landroidx/core/hardware/fingerprint/FingerprintManagerCompat$CryptoObject;", "createNewSecretKey", "Ljavax/crypto/SecretKey;", "entschluesseleFingerprintToken", "Lio/reactivex/Single;", "cryptoObject", "fingerprintAktivieren", "Lio/reactivex/Completable;", "fingerprintAuthentifizierung", "Lde/tk/tkapp/login/model/FingerprintUserAuthentifizierungResponse;", "token", "userId", "fingerprintDeaktivieren", "getCipher", "getCryptoObject", "getLoginToken", "hatNutzerFingerprintEingerichtet", "", "hatNutzerFingerprintHinweisGesehen", "removeFingerprint", "", "removeKeyFromKeyStore", "setzeFingerprintSperre", "nutzerGesperrt", "sollFingerprintHinweisAngezeigtWerden", "speichereFingerprintHinweisGesehen", "storeTokenWithCipher", "unterstuetztGeraetFingerprint", "Companion", "app_externRelease"}, k = 1, mv = {1, 1, 15})
/* loaded from: classes2.dex */
public final class FingerprintServiceImpl implements de.tk.tkapp.login.service.d {

    /* renamed from: a, reason: collision with root package name */
    private final Context f18675a;
    private final kotlin.jvm.b.a<KeyStore> b;

    /* renamed from: c, reason: collision with root package name */
    private final l<String, KeyGenerator> f18676c;

    /* renamed from: d, reason: collision with root package name */
    private final l<String, Cipher> f18677d;

    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(o oVar) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    static final class b<T, R> implements j<T, R> {

        /* renamed from: a, reason: collision with root package name */
        public static final b f18678a = new b();

        b() {
        }

        @Override // io.reactivex.g0.j
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String apply(de.tk.tkapp.login.model.e eVar) {
            s.b(eVar, "it");
            return eVar.getToken();
        }
    }

    /* loaded from: classes2.dex */
    static final class c<T, R> implements j<T, R> {
        final /* synthetic */ a.d b;

        c(a.d dVar) {
            this.b = dVar;
        }

        public final String a(String str) {
            s.b(str, "it");
            try {
                FingerprintServiceImpl.this.a(this.b, str);
                return str;
            } catch (FingerprintException e2) {
                io.reactivex.exceptions.a.a(e2);
                throw null;
            }
        }

        @Override // io.reactivex.g0.j
        public /* bridge */ /* synthetic */ Object apply(Object obj) {
            String str = (String) obj;
            a(str);
            return str;
        }
    }

    /* loaded from: classes2.dex */
    static final class d implements io.reactivex.d {
        d() {
        }

        @Override // io.reactivex.d
        public final void a(io.reactivex.b bVar) {
            s.b(bVar, "emitter");
            try {
                FingerprintServiceImpl.this.f();
                bVar.onComplete();
            } catch (FingerprintException e2) {
                bVar.onError(e2);
            }
        }
    }

    static {
        new a(null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public FingerprintServiceImpl(Context context, kotlin.jvm.b.a<? extends KeyStore> aVar, l<? super String, ? extends KeyGenerator> lVar, l<? super String, ? extends Cipher> lVar2) {
        s.b(context, "context");
        s.b(aVar, "keyStoreProvider");
        s.b(lVar, "keyGeneratorProvider");
        s.b(lVar2, "cipherProvider");
        this.f18675a = context;
        this.b = aVar;
        this.f18676c = lVar;
        this.f18677d = lVar2;
    }

    public /* synthetic */ FingerprintServiceImpl(Context context, kotlin.jvm.b.a aVar, l lVar, l lVar2, int i2, o oVar) {
        this(context, (i2 & 2) != 0 ? new kotlin.jvm.b.a<KeyStore>() { // from class: de.tk.tkapp.login.service.FingerprintServiceImpl.1
            @Override // kotlin.jvm.b.a
            public final KeyStore invoke() {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                s.a((Object) keyStore, "KeyStore.getInstance(ANDROID_KEY_STORE)");
                return keyStore;
            }
        } : aVar, (i2 & 4) != 0 ? new l<String, KeyGenerator>() { // from class: de.tk.tkapp.login.service.FingerprintServiceImpl.2
            @Override // kotlin.jvm.b.l
            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final KeyGenerator invoke2(String str) {
                s.b(str, "it");
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str, "AndroidKeyStore");
                s.a((Object) keyGenerator, "KeyGenerator.getInstance(it, ANDROID_KEY_STORE)");
                return keyGenerator;
            }
        } : lVar, (i2 & 8) != 0 ? new l<String, Cipher>() { // from class: de.tk.tkapp.login.service.FingerprintServiceImpl.3
            @Override // kotlin.jvm.b.l
            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final Cipher invoke2(String str) {
                s.b(str, "it");
                Cipher cipher = Cipher.getInstance(str);
                s.a((Object) cipher, "Cipher.getInstance(it)");
                return cipher;
            }
        } : lVar2);
    }

    private final SecretKey k() {
        try {
            KeyGenerator invoke2 = this.f18676c.invoke2("AES");
            KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds = new KeyGenParameterSpec.Builder("token", 3).setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1);
            s.a((Object) userAuthenticationValidityDurationSeconds, "KeyGenParameterSpec.Buil…lidityDurationSeconds(-1)");
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationValidityDurationSeconds.setInvalidatedByBiometricEnrollment(true);
            }
            invoke2.init(userAuthenticationValidityDurationSeconds.build());
            SecretKey generateKey = invoke2.generateKey();
            s.a((Object) generateKey, "keyGenerator.generateKey()");
            return generateKey;
        } catch (InvalidAlgorithmParameterException e2) {
            throw new FingerprintException("Fehler bei der Erstellung eines neuen Keys", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new FingerprintException("Fehler bei der Erstellung eines neuen Keys", e3);
        } catch (NoSuchProviderException e4) {
            throw new FingerprintException("Fehler bei der Erstellung eines neuen Keys", e4);
        }
    }

    private final boolean l() {
        return h.a.a.a.a.a().getBoolean("hat_fingerprint_hinweis_gesehen", false);
    }

    @Override // de.tk.tkapp.login.service.d
    public io.reactivex.a a() {
        io.reactivex.a a2 = io.reactivex.a.a((io.reactivex.d) new d());
        s.a((Object) a2, "Completable.create { emi…itter.onError(e)\n\t\t\t}\n\t\t}");
        NetworkKoinModules networkKoinModules = NetworkKoinModules.f17732a;
        io.reactivex.a a3 = ((de.tk.tkapp.login.service.b) org.koin.core.c.a.a().getF24403a().b().a(v.a(de.tk.tkapp.login.service.b.class), (org.koin.core.g.a) null, (kotlin.jvm.b.a<DefinitionParameters>) null)).a().c(a2).a(CompletableTransformers.b.a());
        s.a((Object) a3, "getFromKoinContext<Finge….runOnBackgroundThread())");
        return a3;
    }

    @Override // de.tk.tkapp.login.service.d
    @SuppressLint({"VisibleForTests"})
    public io.reactivex.a a(a.d dVar) {
        s.b(dVar, "cryptoObject");
        NetworkKoinModules networkKoinModules = NetworkKoinModules.f17732a;
        io.reactivex.a e2 = ((de.tk.tkapp.login.service.b) org.koin.core.c.a.a().getF24403a().b().a(v.a(de.tk.tkapp.login.service.b.class), (org.koin.core.g.a) null, (kotlin.jvm.b.a<DefinitionParameters>) null)).b().f(b.f18678a).a((d0<? super R, ? extends R>) SingleTransformers.b.a()).f(new c(dVar)).e();
        s.a((Object) e2, "getFromKoinContext<Finge…\t\t\t}\n\t\t\t\t.ignoreElement()");
        return e2;
    }

    @Override // de.tk.tkapp.login.service.d
    public y<FingerprintUserAuthentifizierungResponse> a(String str, String str2) {
        s.b(str, "token");
        s.b(str2, "userId");
        NetworkKoinModules networkKoinModules = NetworkKoinModules.f17732a;
        f fVar = (f) org.koin.core.c.a.a().getF24403a().b().a(v.a(f.class), (org.koin.core.g.a) null, (kotlin.jvm.b.a<DefinitionParameters>) null);
        String c2 = h.a.a.a.a.a().contains("geraete_uid") ? fVar.c() : fVar.b();
        NetworkKoinModules networkKoinModules2 = NetworkKoinModules.f17732a;
        y a2 = ((de.tk.tkapp.login.service.c) org.koin.core.c.a.a().getF24403a().b().a(v.a(de.tk.tkapp.login.service.c.class), (org.koin.core.g.a) null, (kotlin.jvm.b.a<DefinitionParameters>) null)).a(new de.tk.tkapp.login.model.f(null, null, null, null, null, 31, null).clientId("tk-app-android").clientSecret("861ea53cf8e12dca74090c847adc35d62ac3c834").geraeteUid(c2).userId(str2).token(str)).a(SingleTransformers.b.a());
        s.a((Object) a2, "getFromKoinContext<Finge….runOnBackgroundThread())");
        return a2;
    }

    public final void a(a.d dVar, String str) {
        s.b(dVar, "cryptoObject");
        s.b(str, "token");
        try {
            Cipher a2 = dVar.a();
            if (a2 == null) {
                s.b();
                throw null;
            }
            byte[] bytes = str.getBytes(kotlin.text.d.f23144a);
            s.a((Object) bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = a2.doFinal(bytes);
            AlgorithmParameterSpec parameterSpec = a2.getParameters().getParameterSpec(IvParameterSpec.class);
            s.a((Object) parameterSpec, "secureCipher.parameters.…arameterSpec::class.java)");
            byte[] iv = ((IvParameterSpec) parameterSpec).getIV();
            SharedPreferences.Editor edit = h.a.a.a.a.a().edit();
            s.a((Object) edit, "editor");
            edit.putString("token", Base64.encodeToString(doFinal, 0));
            edit.putString("iv", Base64.encodeToString(iv, 0));
            edit.apply();
        } catch (InvalidParameterSpecException e2) {
            throw new FingerprintException(e2);
        } catch (BadPaddingException e3) {
            throw new FingerprintException(e3);
        } catch (IllegalBlockSizeException e4) {
            throw new FingerprintException(e4);
        }
    }

    @Override // de.tk.tkapp.login.service.d
    public void a(boolean z) {
        SharedPreferences.Editor edit = h.a.a.a.a.a().edit();
        s.a((Object) edit, "editor");
        edit.putBoolean("fingerprint_gesperrt", z);
        edit.apply();
    }

    @Override // de.tk.tkapp.login.service.d
    public a.d b() {
        try {
            KeyStore invoke = this.b.invoke();
            invoke.load(null);
            Cipher i2 = i();
            i2.init(2, invoke.getKey("token", null), new IvParameterSpec(Base64.decode(h.a.a.a.a.a().getString("iv", null), 0)));
            return new a.d(i2);
        } catch (IOException e2) {
            throw new FingerprintException(e2);
        } catch (InvalidAlgorithmParameterException e3) {
            throw new FingerprintException(e3);
        } catch (InvalidKeyException e4) {
            f();
            throw new FingerprintInvalidKeyException(e4);
        } catch (KeyStoreException e5) {
            throw new FingerprintException(e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new FingerprintException(e6);
        } catch (UnrecoverableKeyException e7) {
            throw new FingerprintException(e7);
        } catch (CertificateException e8) {
            throw new FingerprintException(e8);
        }
    }

    @Override // de.tk.tkapp.login.service.d
    @SuppressLint({"VisibleForTests"})
    public y<String> b(a.d dVar) {
        s.b(dVar, "cryptoObject");
        try {
            y<String> b2 = y.b(c(dVar));
            s.a((Object) b2, "Single.just(getLoginToken(cryptoObject))");
            return b2;
        } catch (FingerprintException e2) {
            y<String> a2 = y.a((Throwable) new FingerprintException(e2));
            s.a((Object) a2, "Single.error(FingerprintException(e))");
            return a2;
        }
    }

    @Override // de.tk.tkapp.login.service.d
    @SuppressLint({"VisibleForTests"})
    public a.d c() {
        try {
            j();
            Cipher i2 = i();
            i2.init(1, k());
            return new a.d(i2);
        } catch (InvalidKeyException e2) {
            throw new FingerprintException("Fehler bei der Erzeugung eines neuen Crypto-Objekts", e2);
        }
    }

    public final String c(a.d dVar) {
        s.b(dVar, "cryptoObject");
        try {
            String string = h.a.a.a.a.a().getString("token", null);
            Cipher a2 = dVar.a();
            if (a2 == null) {
                s.b();
                throw null;
            }
            if (string == null) {
                s.b();
                throw null;
            }
            Charset charset = kotlin.text.d.f23144a;
            if (string == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = string.getBytes(charset);
            s.a((Object) bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = a2.doFinal(Base64.decode(bytes, 0));
            s.a((Object) doFinal, "cryptoObject.cipher!!.do…oken!!.toByteArray(), 0))");
            return new String(doFinal, kotlin.text.d.f23144a);
        } catch (BadPaddingException e2) {
            throw new FingerprintException("Fehler beim Entschlüsseln des Login-Tokens", e2);
        } catch (IllegalBlockSizeException e3) {
            throw new FingerprintException("Fehler beim Entschlüsseln des Login-Tokens", e3);
        }
    }

    @Override // de.tk.tkapp.login.service.d
    public boolean d() {
        try {
            KeyStore invoke = this.b.invoke();
            invoke.load(null);
            SharedPreferences a2 = h.a.a.a.a.a();
            boolean z = a2.contains("token") && a2.contains("iv");
            if (h() && z && invoke.containsAlias("token")) {
                if (!a2.getBoolean("fingerprint_gesperrt", false)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e2) {
            throw new FingerprintException(e2);
        } catch (KeyStoreException e3) {
            throw new FingerprintException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new FingerprintException(e4);
        } catch (CertificateException e5) {
            throw new FingerprintException(e5);
        }
    }

    @Override // de.tk.tkapp.login.service.d
    public void e() {
        SharedPreferences.Editor edit = h.a.a.a.a.a().edit();
        s.a((Object) edit, "editor");
        edit.putBoolean("hat_fingerprint_hinweis_gesehen", true);
        edit.apply();
    }

    @Override // de.tk.tkapp.login.service.d
    @SuppressLint({"VisibleForTests"})
    public void f() {
        j();
        SharedPreferences.Editor edit = h.a.a.a.a.a().edit();
        s.a((Object) edit, "editor");
        edit.remove("token");
        edit.remove("iv");
        edit.remove("fingerprint_gesperrt");
        edit.apply();
    }

    @Override // de.tk.tkapp.login.service.d
    public boolean g() {
        try {
            if (!h() || d()) {
                return false;
            }
            return !l();
        } catch (FingerprintException e2) {
            o.a.a.b(e2);
            return false;
        }
    }

    @Override // de.tk.tkapp.login.service.d
    public boolean h() {
        FingerprintManagerProvider.a a2 = FingerprintManagerProvider.b.a(this.f18675a);
        return a2.a() && a2.b();
    }

    public final Cipher i() {
        try {
            return this.f18677d.invoke2("AES/CBC/PKCS7Padding");
        } catch (NoSuchAlgorithmException e2) {
            throw new FingerprintException("Fehler beim Holen der Cipher-Instanz", e2);
        } catch (NoSuchPaddingException e3) {
            throw new FingerprintException("Fehler beim Holen der Cipher-Instanz", e3);
        }
    }

    public final void j() {
        try {
            KeyStore invoke = this.b.invoke();
            invoke.load(null);
            if (invoke.containsAlias("token")) {
                invoke.deleteEntry("token");
            }
        } catch (IOException e2) {
            throw new FingerprintException("Fehler beim Löschen des Keys aus dem Keystore", e2);
        } catch (KeyStoreException e3) {
            throw new FingerprintException("Fehler beim Löschen des Keys aus dem Keystore", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new FingerprintException("Fehler beim Löschen des Keys aus dem Keystore", e4);
        } catch (CertificateException e5) {
            throw new FingerprintException("Fehler beim Löschen des Keys aus dem Keystore", e5);
        }
    }
}
