package com.particle.auth.security;

import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import android.util.Log;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.core.content.ContextCompat;
import androidx.fragment.app.FragmentActivity;
import com.google.android.gms.stats.CodePackage;
import com.particle.auth.R;
import com.particle.base.data.ErrorInfo;
import com.walletconnect.android.internal.common.crypto.kmr.BouncyCastleKeyManagementRepository;
import expo.modules.securestore.encryptors.AESEncryptor;
import io.sentry.protocol.DebugImage;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import net.sqlcipher.database.SQLiteDatabase;
import network.blankj.utilcode.util.LogUtils;

/* compiled from: SecurityManager.kt */
@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0003\bÀ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001e\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u00072\u0006\u0010\u000e\u001a\u00020\u000fJ&\u0010\u0010\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u00072\u0006\u0010\u0011\u001a\u00020\u00072\u0006\u0010\u000e\u001a\u00020\u000fJ\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015J\u000e\u0010\u0016\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u0007J\u0018\u0010\u0017\u001a\u00020\u00072\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u0007H\u0002J$\u0010\u001b\u001a\u00020\u00072\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001c\u001a\u00020\u00072\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0002J\u0010\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020\u0007H\u0002J\b\u0010\"\u001a\u00020\u0019H\u0002J\u001a\u0010#\u001a\u00020$2\u0006\u0010!\u001a\u00020\u00072\b\b\u0002\u0010%\u001a\u00020&H\u0002J\u000e\u0010'\u001a\u00020&2\u0006\u0010\r\u001a\u00020\u0007J\u000e\u0010(\u001a\u00020\n2\u0006\u0010\u0014\u001a\u00020\u0015R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006)"}, d2 = {"Lcom/particle/auth/security/SecurityManager;", "", "()V", "ERROR_DECRYPT", "", "IV_LEN", "TAG", "", "T_LEN", "authenticateDecryptPaymentPassword", "", "activity", "Landroidx/fragment/app/FragmentActivity;", DebugImage.JsonKeys.UUID, "callback", "Lcom/particle/auth/security/AuthenticationCallback;", "authenticateEncryptPaymentPassword", "paymentPasswordHash", "canAuthenticate", "Lcom/particle/auth/security/BiometricState;", "context", "Landroid/content/Context;", "closeBiometricAuthentication", "decryptWithCipher", "cipher", "Ljavax/crypto/Cipher;", "cipherText", "encryptWithCipher", "plainText", AESEncryptor.IV_PROPERTY, "", "generateKeyGenParameter", "Landroid/security/keystore/KeyGenParameterSpec;", "alias", "getCipher", "getOrGenerateSecretKey", "Ljavax/crypto/SecretKey;", "generator", "", "isOpenBiometricAuthentication", "openBiometricSettings", "m-auth-core_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class SecurityManager {
    public static final int ERROR_DECRYPT = 101;
    public static final SecurityManager INSTANCE = new SecurityManager();
    private static final int IV_LEN = 12;
    private static final String TAG = "SecurityManager";
    private static final int T_LEN = 128;

    private SecurityManager() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String decryptWithCipher(Cipher cipher, String cipherText) {
        byte[] doFinal = cipher.doFinal(Base64.decode(cipherText, 2));
        Intrinsics.checkNotNull(doFinal);
        return new String(doFinal, Charsets.UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String encryptWithCipher(Cipher cipher, String plainText, byte[] iv) {
        byte[] bytes = plainText.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        byte[] doFinal = cipher.doFinal(bytes);
        if (iv != null) {
            byte[] bArr = new byte[doFinal.length + iv.length];
            System.arraycopy(iv, 0, bArr, 0, iv.length);
            System.arraycopy(doFinal, 0, bArr, iv.length, doFinal.length);
            doFinal = bArr;
        } else {
            Intrinsics.checkNotNull(doFinal);
        }
        String encodeToString = Base64.encodeToString(doFinal, 2);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
        return encodeToString;
    }

    static /* synthetic */ String encryptWithCipher$default(SecurityManager securityManager, Cipher cipher, String str, byte[] bArr, int i, Object obj) {
        if ((i & 4) != 0) {
            bArr = null;
        }
        return securityManager.encryptWithCipher(cipher, str, bArr);
    }

    private final KeyGenParameterSpec generateKeyGenParameter(String alias) {
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(alias, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true).setKeySize(256);
        Intrinsics.checkNotNullExpressionValue(keySize, "setKeySize(...)");
        if (Build.VERSION.SDK_INT >= 28) {
            keySize.setUserConfirmationRequired(false);
        }
        if (Build.VERSION.SDK_INT >= 30) {
            keySize.setUserAuthenticationParameters(0, 2);
        }
        KeyGenParameterSpec build = keySize.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    private final Cipher getCipher() {
        Cipher cipher = Cipher.getInstance(AESEncryptor.AES_CIPHER);
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
        return cipher;
    }

    private final SecretKey getOrGenerateSecretKey(String alias, boolean generator) {
        if (!generator) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                Key key = keyStore.getKey(alias, null);
                if (key != null) {
                    return (SecretKey) key;
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        KeyGenParameterSpec generateKeyGenParameter = generateKeyGenParameter(alias);
        KeyGenerator keyGenerator = KeyGenerator.getInstance(BouncyCastleKeyManagementRepository.AES, "AndroidKeyStore");
        keyGenerator.init(generateKeyGenParameter);
        Log.d(TAG, "generate SecretKey");
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        return generateKey;
    }

    static /* synthetic */ SecretKey getOrGenerateSecretKey$default(SecurityManager securityManager, String str, boolean z, int i, Object obj) {
        if ((i & 2) != 0) {
            z = false;
        }
        return securityManager.getOrGenerateSecretKey(str, z);
    }

    public final void authenticateDecryptPaymentPassword(FragmentActivity activity, String uuid, final AuthenticationCallback callback) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        Intrinsics.checkNotNullParameter(uuid, "uuid");
        Intrinsics.checkNotNullParameter(callback, "callback");
        try {
            byte[] decode = Base64.decode(EncryptedSharedManager.getString$default(EncryptedSharedManager.INSTANCE, uuid + "_payment_password_sha256", null, 2, null), 2);
            byte[] bArr = new byte[12];
            int length = decode.length - 12;
            byte[] bArr2 = new byte[length];
            System.arraycopy(decode, 0, bArr, 0, 12);
            System.arraycopy(decode, 12, bArr2, 0, length);
            final String encodeToString = Base64.encodeToString(bArr2, 2);
            Cipher cipher = getCipher();
            cipher.init(2, getOrGenerateSecretKey$default(this, "_particle_auth_payment_", false, 2, null), new GCMParameterSpec(128, bArr));
            BiometricPrompt.PromptInfo build = new BiometricPrompt.PromptInfo.Builder().setTitle(activity.getString(R.string.ac_auth_pay_title)).setSubtitle(activity.getString(R.string.ac_auth_pay_subtitle)).setAllowedAuthenticators(15).setConfirmationRequired(false).setNegativeButtonText(activity.getString(R.string.ac_auth_use_payment_password)).build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            new BiometricPrompt(activity, ContextCompat.getMainExecutor(activity), new BiometricPrompt.AuthenticationCallback() { // from class: com.particle.auth.security.SecurityManager$authenticateDecryptPaymentPassword$biometricPrompt$1
                @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                public void onAuthenticationError(int errorCode, CharSequence errString) {
                    Intrinsics.checkNotNullParameter(errString, "errString");
                    super.onAuthenticationError(errorCode, errString);
                    LogUtils.e("Biometric Authentication Error: " + errorCode + ", " + ((Object) errString));
                    if (13 == errorCode || 10 == errorCode) {
                        AuthenticationCallback.this.onCancel();
                    } else {
                        AuthenticationCallback.this.onError(errorCode, errString);
                    }
                }

                @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
                    String str;
                    Intrinsics.checkNotNullParameter(result, "result");
                    super.onAuthenticationSucceeded(result);
                    try {
                        SecurityManager securityManager = SecurityManager.INSTANCE;
                        BiometricPrompt.CryptoObject cryptoObject = result.getCryptoObject();
                        Cipher cipher2 = cryptoObject != null ? cryptoObject.getCipher() : null;
                        Intrinsics.checkNotNull(cipher2);
                        String cipherText = encodeToString;
                        Intrinsics.checkNotNullExpressionValue(cipherText, "$cipherText");
                        str = securityManager.decryptWithCipher(cipher2, cipherText);
                    } catch (Exception e) {
                        e.printStackTrace();
                        AuthenticationCallback.this.onError(101, e.getMessage());
                        str = "";
                    }
                    if (str.length() > 0) {
                        AuthenticationCallback.this.onSuccess(str);
                    }
                }
            }).authenticate(build, new BiometricPrompt.CryptoObject(cipher));
        } catch (Exception unused) {
            callback.onError(ErrorInfo.INSTANCE.getBoimetricDecryptFailed().getCode(), ErrorInfo.INSTANCE.getBoimetricDecryptFailed().getMessage());
        }
    }

    public final void authenticateEncryptPaymentPassword(FragmentActivity activity, final String uuid, final String paymentPasswordHash, final AuthenticationCallback callback) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        Intrinsics.checkNotNullParameter(uuid, "uuid");
        Intrinsics.checkNotNullParameter(paymentPasswordHash, "paymentPasswordHash");
        Intrinsics.checkNotNullParameter(callback, "callback");
        Cipher cipher = getCipher();
        try {
            cipher.init(1, getOrGenerateSecretKey$default(this, "_particle_auth_payment_", false, 2, null));
        } catch (KeyPermanentlyInvalidatedException unused) {
            cipher.init(1, getOrGenerateSecretKey("_particle_auth_payment_", true));
        }
        final byte[] iv = cipher.getIV();
        BiometricPrompt.PromptInfo build = new BiometricPrompt.PromptInfo.Builder().setTitle(activity.getString(R.string.ac_auth_open_biometric_title)).setSubtitle(activity.getString(R.string.ac_auth_open_biometric_subtitle)).setAllowedAuthenticators(15).setConfirmationRequired(true).setNegativeButtonText(activity.getString(R.string.ac_auth_cancel)).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        new BiometricPrompt(activity, ContextCompat.getMainExecutor(activity), new BiometricPrompt.AuthenticationCallback() { // from class: com.particle.auth.security.SecurityManager$authenticateEncryptPaymentPassword$biometricPrompt$1
            @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
            public void onAuthenticationError(int errorCode, CharSequence errString) {
                Intrinsics.checkNotNullParameter(errString, "errString");
                super.onAuthenticationError(errorCode, errString);
                LogUtils.e("Biometric Authentication Error: " + errorCode + ", " + ((Object) errString));
                if (13 == errorCode || 10 == errorCode) {
                    AuthenticationCallback.this.onCancel();
                } else {
                    AuthenticationCallback.this.onError(errorCode, errString);
                }
            }

            @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
            public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
                String encryptWithCipher;
                Intrinsics.checkNotNullParameter(result, "result");
                super.onAuthenticationSucceeded(result);
                SecurityManager securityManager = SecurityManager.INSTANCE;
                BiometricPrompt.CryptoObject cryptoObject = result.getCryptoObject();
                Cipher cipher2 = cryptoObject != null ? cryptoObject.getCipher() : null;
                Intrinsics.checkNotNull(cipher2);
                encryptWithCipher = securityManager.encryptWithCipher(cipher2, paymentPasswordHash, iv);
                EncryptedSharedManager.INSTANCE.putString(uuid + "_payment_password_sha256", encryptWithCipher);
                AuthenticationCallback.this.onSuccess(encryptWithCipher);
            }
        }).authenticate(build, new BiometricPrompt.CryptoObject(cipher));
    }

    public final BiometricState canAuthenticate(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        BiometricManager from = BiometricManager.from(context);
        Intrinsics.checkNotNullExpressionValue(from, "from(...)");
        int canAuthenticate = from.canAuthenticate(15);
        return canAuthenticate != 0 ? canAuthenticate != 11 ? BiometricState.UNSUPPORTED : BiometricState.NONE_ENROLLED : BiometricState.READY;
    }

    public final void closeBiometricAuthentication(String uuid) {
        Intrinsics.checkNotNullParameter(uuid, "uuid");
        EncryptedSharedManager.INSTANCE.remove(uuid + "_payment_password_sha256");
    }

    public final boolean isOpenBiometricAuthentication(String uuid) {
        Intrinsics.checkNotNullParameter(uuid, "uuid");
        String string$default = EncryptedSharedManager.getString$default(EncryptedSharedManager.INSTANCE, uuid + "_payment_password_sha256", null, 2, null);
        return !(string$default == null || string$default.length() == 0);
    }

    public final void openBiometricSettings(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        if (Build.VERSION.SDK_INT < 30) {
            Intent intent = new Intent("android.settings.SETTINGS");
            intent.addFlags(SQLiteDatabase.CREATE_IF_NECESSARY);
            context.startActivity(intent);
        } else {
            Intent intent2 = new Intent("android.settings.BIOMETRIC_ENROLL");
            intent2.putExtra("android.provider.extra.BIOMETRIC_AUTHENTICATORS_ALLOWED", 15);
            intent2.addFlags(SQLiteDatabase.CREATE_IF_NECESSARY);
            context.startActivity(intent2);
        }
    }
}
