package com.remitly.biometric;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.FragmentActivity;
import com.salesforce.android.chat.core.model.PreChatField;
import com.salesforce.android.service.common.utilities.hashing.Hash;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: BiometricLib.kt */
/* loaded from: classes3.dex */
public final class a {
    private final Context a;
    private final SharedPreferences b;
    private final Lazy c;

    /* renamed from: d, reason: collision with root package name */
    private c f5407d;

    /* renamed from: f, reason: collision with root package name */
    @Deprecated
    public static final b f5406f = new b(null);

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f5405e = LoggerFactory.getLogger((Class<?>) a.class);

    /* compiled from: BiometricLib.kt */
    /* renamed from: com.remitly.biometric.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public enum EnumC0252a {
        ALREADY_REGISTERED,
        USER_CANCELED,
        USER_NOT_REGISTERED,
        SIGNING_ERROR,
        AUTHENTICATION_ERROR
    }

    /* compiled from: BiometricLib.kt */
    /* loaded from: classes3.dex */
    private static final class b {
        private b() {
        }

        public /* synthetic */ b(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final Logger a() {
            return a.f5405e;
        }
    }

    /* compiled from: BiometricLib.kt */
    /* loaded from: classes3.dex */
    public static final class c {
        private final String a;
        private final String b;

        public c(String userId, String email) {
            Intrinsics.checkParameterIsNotNull(userId, "userId");
            Intrinsics.checkParameterIsNotNull(email, "email");
            this.a = userId;
            this.b = email;
        }

        public final String a() {
            return this.b;
        }

        public final String b() {
            return this.a;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof c)) {
                return false;
            }
            c cVar = (c) obj;
            return Intrinsics.areEqual(this.a, cVar.a) && Intrinsics.areEqual(this.b, cVar.b);
        }

        public int hashCode() {
            String str = this.a;
            int hashCode = (str != null ? str.hashCode() : 0) * 31;
            String str2 = this.b;
            return hashCode + (str2 != null ? str2.hashCode() : 0);
        }

        public String toString() {
            return "UserIdentity(userId=" + this.a + ", email=" + this.b + ")";
        }
    }

    /* compiled from: BiometricLib.kt */
    /* loaded from: classes3.dex */
    static final class d extends Lambda implements Function0<androidx.biometric.b> {
        final /* synthetic */ Context a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        d(Context context) {
            super(0);
            this.a = context;
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final androidx.biometric.b invoke() {
            return androidx.biometric.b.b(this.a);
        }
    }

    /* compiled from: BiometricLib.kt */
    /* loaded from: classes3.dex */
    public static final class e extends BiometricPrompt.b {
        final /* synthetic */ c b;
        final /* synthetic */ Function1 c;

        /* renamed from: d, reason: collision with root package name */
        final /* synthetic */ String f5408d;

        /* renamed from: e, reason: collision with root package name */
        final /* synthetic */ Signature f5409e;

        /* renamed from: f, reason: collision with root package name */
        final /* synthetic */ Function1 f5410f;

        /* renamed from: g, reason: collision with root package name */
        final /* synthetic */ String f5411g;

        e(c cVar, Function1 function1, String str, Signature signature, Function1 function12, String str2) {
            this.b = cVar;
            this.c = function1;
            this.f5408d = str;
            this.f5409e = signature;
            this.f5410f = function12;
            this.f5411g = str2;
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void a(int i2, CharSequence errString) {
            List listOf;
            Intrinsics.checkParameterIsNotNull(errString, "errString");
            a.this.t(this.b.b());
            listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new Integer[]{10, 13});
            if (listOf.contains(Integer.valueOf(i2))) {
                a.f5406f.a().debug("User dismissed the biometric enrollment dialog");
                this.c.invoke(EnumC0252a.USER_CANCELED);
                return;
            }
            a.f5406f.a().error("Biometric enrollment authentication failed, errorCode=" + i2 + ", msg=" + errString);
            this.c.invoke(EnumC0252a.AUTHENTICATION_ERROR);
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void b() {
            a.f5406f.a().warn("Biometric auth temporarily failed - user provided incorrect credential?");
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void c(BiometricPrompt.c result) {
            Intrinsics.checkParameterIsNotNull(result, "result");
            Certificate j2 = a.this.j(this.f5408d);
            if (!(j2 instanceof X509Certificate)) {
                j2 = null;
            }
            X509Certificate x509Certificate = (X509Certificate) j2;
            if (x509Certificate == null) {
                a.f5406f.a().error("Failed to obtain a signing certificate while enrolling fingerprints for user " + this.b.b());
                a.this.t(this.b.b());
                this.c.invoke(EnumC0252a.SIGNING_ERROR);
                return;
            }
            try {
                byte[] d2 = a.this.d();
                a.f5406f.a().warn("Test-signing random nonce: " + Base64.encodeToString(d2, 0));
                this.f5409e.update(d2);
                byte[] sign = this.f5409e.sign();
                a.f5406f.a().warn("Got signature: " + Base64.encodeToString(d2, 0));
                a aVar = a.this;
                String algorithm = this.f5409e.getAlgorithm();
                Intrinsics.checkExpressionValueIsNotNull(algorithm, "signingSignature.algorithm");
                Signature g2 = aVar.g(x509Certificate, algorithm);
                g2.update(d2);
                if (!g2.verify(sign)) {
                    a.f5406f.a().error("Failed to verify test signature for user " + this.b.b());
                    a.this.t(this.b.b());
                    this.c.invoke(EnumC0252a.SIGNING_ERROR);
                    return;
                }
                PublicKey publicKey = x509Certificate.getPublicKey();
                Intrinsics.checkExpressionValueIsNotNull(publicKey, "certificate.publicKey");
                String publicKeyEncoded = Base64.encodeToString(publicKey.getEncoded(), 0);
                a.f5406f.a().debug("Test string verified ok, submitting public key to service: " + publicKeyEncoded);
                Function1 function1 = this.f5410f;
                Intrinsics.checkExpressionValueIsNotNull(publicKeyEncoded, "publicKeyEncoded");
                String algorithm2 = this.f5409e.getAlgorithm();
                Intrinsics.checkExpressionValueIsNotNull(algorithm2, "signingSignature.algorithm");
                function1.invoke(new com.remitly.biometric.f(publicKeyEncoded, algorithm2, this.f5411g));
            } catch (SignatureException e2) {
                a.f5406f.a().error("Failed to test-sign or verify the signature while enrolling fingerprints for user " + this.b.b(), (Throwable) e2);
                a.this.t(this.b.b());
                this.c.invoke(EnumC0252a.SIGNING_ERROR);
            }
        }
    }

    /* compiled from: BiometricLib.kt */
    /* loaded from: classes3.dex */
    public static final class f extends BiometricPrompt.b {
        final /* synthetic */ Function1 b;
        final /* synthetic */ c c;

        /* renamed from: d, reason: collision with root package name */
        final /* synthetic */ String f5412d;

        /* renamed from: e, reason: collision with root package name */
        final /* synthetic */ PublicKey f5413e;

        /* renamed from: f, reason: collision with root package name */
        final /* synthetic */ Signature f5414f;

        /* renamed from: g, reason: collision with root package name */
        final /* synthetic */ Function1 f5415g;

        f(Function1 function1, c cVar, String str, PublicKey publicKey, Signature signature, Function1 function12) {
            this.b = function1;
            this.c = cVar;
            this.f5412d = str;
            this.f5413e = publicKey;
            this.f5414f = signature;
            this.f5415g = function12;
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void a(int i2, CharSequence errString) {
            List listOf;
            Intrinsics.checkParameterIsNotNull(errString, "errString");
            listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new Integer[]{10, 13});
            if (listOf.contains(Integer.valueOf(i2))) {
                a.f5406f.a().debug("Biometric login dialog dismissed/skipped by user");
                this.b.invoke(EnumC0252a.USER_CANCELED);
                return;
            }
            a.f5406f.a().error("Biometric login authentication failed, errorCode=" + i2 + ", msg=" + errString);
            this.b.invoke(EnumC0252a.AUTHENTICATION_ERROR);
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void b() {
            a.f5406f.a().warn("Biometric auth temporarily failed - user provided incorrect credential?");
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void c(BiometricPrompt.c result) {
            Intrinsics.checkParameterIsNotNull(result, "result");
            a.f5406f.a().debug("Biometrics verified, generating validation data");
            String encodeToString = Base64.encodeToString(a.this.d(), 0);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString, "Base64.encodeToString(_g…eNonce(), Base64.DEFAULT)");
            long l2 = a.this.l(this.c.b());
            String b = this.c.b();
            String str = this.f5412d;
            String encodeToString2 = Base64.encodeToString(this.f5413e.getEncoded(), 0);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString2, "Base64.encodeToString(pu….encoded, Base64.DEFAULT)");
            com.remitly.biometric.e eVar = new com.remitly.biometric.e(encodeToString, l2, b, str, encodeToString2, null, 32, null);
            try {
                this.f5414f.update(eVar.d());
                String encodeToString3 = Base64.encodeToString(this.f5414f.sign(), 0);
                Intrinsics.checkExpressionValueIsNotNull(encodeToString3, "Base64.encodeToString(si…e.sign(), Base64.DEFAULT)");
                eVar.h(encodeToString3);
                this.f5415g.invoke(eVar);
            } catch (SignatureException e2) {
                a.f5406f.a().error("Failed to sign the auth payload while signing in for user " + this.c.b(), (Throwable) e2);
                a.this.t(this.c.b());
                this.b.invoke(EnumC0252a.SIGNING_ERROR);
            }
        }
    }

    public a(Context context) {
        Lazy lazy;
        Intrinsics.checkParameterIsNotNull(context, "context");
        this.a = context;
        this.b = context.getSharedPreferences("com.remitly.chloe", 0);
        lazy = LazyKt__LazyJVMKt.lazy(new d(context));
        this.c = lazy;
        this.f5407d = i();
    }

    private final void a(String str) {
        String e2 = e(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(e2)) {
                keyStore.deleteEntry(e2);
            }
        } catch (KeyStoreException e3) {
            f5405e.error("Got an exception while deleting crypto key for user " + str, (Throwable) e3);
        }
    }

    private final void b() {
        if (!s()) {
            throw new IllegalStateException("Fingerprint dialog may not be shown if no fingerprints are registered or fingerprint hardware is not available");
        }
    }

    @TargetApi(23)
    private final PrivateKey c(String str) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests(Hash.ALGORITHM_SHA256).setUserAuthenticationRequired(true).build());
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(keyPair, "keyPair");
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        return privateKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] d() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[32];
        for (int i2 = 0; i2 < 32; i2++) {
            bArr[i2] = 0;
        }
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    private final String e(String str) {
        return "com.remitly.chloe:user:" + str;
    }

    @TargetApi(23)
    private final Signature f(PrivateKey privateKey) {
        boolean contains;
        boolean contains2;
        String joinToString$default;
        String str;
        KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
        Intrinsics.checkExpressionValueIsNotNull(keyInfo, "keyInfo");
        String[] digests = keyInfo.getDigests();
        Intrinsics.checkExpressionValueIsNotNull(digests, "keyInfo.digests");
        contains = ArraysKt___ArraysKt.contains(digests, Hash.ALGORITHM_SHA256);
        if (contains) {
            str = "SHA256withECDSA";
        } else {
            contains2 = ArraysKt___ArraysKt.contains(digests, "SHA-384");
            if (!contains2) {
                StringBuilder sb = new StringBuilder();
                sb.append("Invalid signing key - expected either SHA256 or SHA384 digest, got ");
                String[] digests2 = keyInfo.getDigests();
                Intrinsics.checkExpressionValueIsNotNull(digests2, "keyInfo.digests");
                joinToString$default = ArraysKt___ArraysKt.joinToString$default(digests2, ", ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null);
                sb.append(joinToString$default);
                throw new RuntimeException(sb.toString());
            }
            str = "SHA384withECDSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        Intrinsics.checkExpressionValueIsNotNull(signature, "signature");
        return signature;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Signature g(Certificate certificate, String str) {
        Signature signature = Signature.getInstance(str);
        signature.initVerify(certificate);
        Intrinsics.checkExpressionValueIsNotNull(signature, "signature");
        return signature;
    }

    private final boolean h(String str) {
        String e2 = e(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.containsAlias(e2);
        } catch (KeyStoreException e3) {
            f5405e.error("Got an exception while checking if user " + str + " has a crypto key", (Throwable) e3);
            return false;
        }
    }

    private final c i() {
        c cVar;
        SharedPreferences _preferences = this.b;
        Intrinsics.checkExpressionValueIsNotNull(_preferences, "_preferences");
        synchronized (_preferences) {
            cVar = null;
            String string = this.b.getString("userId", null);
            String string2 = this.b.getString(PreChatField.EMAIL, null);
            if (string != null && string2 != null && h(string)) {
                cVar = new c(string, string2);
            }
        }
        return cVar;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Certificate j(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            entry = null;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getCertificate();
        }
        return null;
    }

    private final PrivateKey k(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            entry = null;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getPrivateKey();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final long l(String str) {
        long j2;
        SharedPreferences _preferences = this.b;
        Intrinsics.checkExpressionValueIsNotNull(_preferences, "_preferences");
        synchronized (_preferences) {
            j2 = this.b.getLong("timestamp", 0L);
            this.b.edit().putLong("timestamp", 1 + j2).apply();
        }
        return j2;
    }

    private final androidx.biometric.b v() {
        return (androidx.biometric.b) this.c.getValue();
    }

    private final void x(c cVar) {
        SharedPreferences _preferences = this.b;
        Intrinsics.checkExpressionValueIsNotNull(_preferences, "_preferences");
        synchronized (_preferences) {
            if (cVar != null) {
                this.b.edit().putString("userId", cVar.b()).putString(PreChatField.EMAIL, cVar.a()).apply();
            } else {
                this.b.edit().clear().apply();
                c cVar2 = this.f5407d;
                if (cVar2 != null) {
                    a(cVar2.b());
                }
            }
            this.f5407d = cVar;
            Unit unit = Unit.INSTANCE;
        }
    }

    public final boolean s() {
        return v().a() == 0;
    }

    public final void t(String userId) {
        Intrinsics.checkParameterIsNotNull(userId, "userId");
        SharedPreferences _preferences = this.b;
        Intrinsics.checkExpressionValueIsNotNull(_preferences, "_preferences");
        synchronized (_preferences) {
            c cVar = this.f5407d;
            if (Intrinsics.areEqual(cVar != null ? cVar.b() : null, userId)) {
                x(null);
            }
            Unit unit = Unit.INSTANCE;
        }
    }

    public final c u() {
        return this.f5407d;
    }

    public final boolean w() {
        List listOf;
        listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new Integer[]{0, 11});
        return listOf.contains(Integer.valueOf(v().a()));
    }

    public final void y(FragmentActivity activity, c identity, String deviceId, Function1<? super com.remitly.biometric.f, Unit> successCallback, Function1<? super EnumC0252a, Unit> cancelCallback) {
        Intrinsics.checkParameterIsNotNull(activity, "activity");
        Intrinsics.checkParameterIsNotNull(identity, "identity");
        Intrinsics.checkParameterIsNotNull(deviceId, "deviceId");
        Intrinsics.checkParameterIsNotNull(successCallback, "successCallback");
        Intrinsics.checkParameterIsNotNull(cancelCallback, "cancelCallback");
        b();
        c cVar = this.f5407d;
        if (Intrinsics.areEqual(cVar != null ? cVar.b() : null, identity.b())) {
            cancelCallback.invoke(EnumC0252a.ALREADY_REGISTERED);
            return;
        }
        x(identity);
        String e2 = e(identity.b());
        try {
            Signature f2 = f(c(e2));
            BiometricPrompt biometricPrompt = new BiometricPrompt(activity, d.g.j.b.i(this.a), new e(identity, cancelCallback, e2, f2, successCallback, deviceId));
            BiometricPrompt.e.a aVar = new BiometricPrompt.e.a();
            aVar.d(this.a.getString(com.remitly.biometric.d.biometric_login_dialog_title, identity.a()));
            aVar.c(this.a.getString(com.remitly.biometric.d.biometric_login_dialog_subtitle));
            aVar.b(this.a.getString(com.remitly.biometric.d.biometric_login_negative_button));
            BiometricPrompt.e a = aVar.a();
            Intrinsics.checkExpressionValueIsNotNull(a, "BiometricPrompt.PromptIn…\n                .build()");
            biometricPrompt.t(a, new BiometricPrompt.d(f2));
        } catch (Exception e3) {
            f5405e.error("Got an exception while generating a new crypto key tfor user " + identity.b(), (Throwable) e3);
            t(identity.b());
            cancelCallback.invoke(EnumC0252a.SIGNING_ERROR);
        }
    }

    public final void z(FragmentActivity activity, c identity, String deviceId, Function1<? super com.remitly.biometric.e, Unit> successCallback, Function1<? super EnumC0252a, Unit> cancelCallback) {
        Intrinsics.checkParameterIsNotNull(activity, "activity");
        Intrinsics.checkParameterIsNotNull(identity, "identity");
        Intrinsics.checkParameterIsNotNull(deviceId, "deviceId");
        Intrinsics.checkParameterIsNotNull(successCallback, "successCallback");
        Intrinsics.checkParameterIsNotNull(cancelCallback, "cancelCallback");
        b();
        if (Build.VERSION.SDK_INT < 23) {
            return;
        }
        if (!Intrinsics.areEqual(this.f5407d != null ? r1.b() : null, identity.b())) {
            cancelCallback.invoke(EnumC0252a.USER_NOT_REGISTERED);
            return;
        }
        x(identity);
        String e2 = e(identity.b());
        try {
            PrivateKey k2 = k(e2);
            if (k2 == null) {
                Intrinsics.throwNpe();
            }
            Signature f2 = f(k2);
            Certificate j2 = j(e2);
            if (!(j2 instanceof X509Certificate)) {
                j2 = null;
            }
            X509Certificate x509Certificate = (X509Certificate) j2;
            PublicKey publicKey = x509Certificate != null ? x509Certificate.getPublicKey() : null;
            if (publicKey == null) {
                f5405e.error("Failed to retrieve public key for registered user " + identity.b() + " with keyAlias " + e2);
                cancelCallback.invoke(EnumC0252a.SIGNING_ERROR);
                return;
            }
            BiometricPrompt biometricPrompt = new BiometricPrompt(activity, d.g.j.b.i(this.a), new f(cancelCallback, identity, deviceId, publicKey, f2, successCallback));
            BiometricPrompt.e.a aVar = new BiometricPrompt.e.a();
            aVar.d(this.a.getString(com.remitly.biometric.d.biometric_login_dialog_title, identity.a()));
            aVar.c(this.a.getString(com.remitly.biometric.d.biometric_login_dialog_subtitle));
            aVar.b(this.a.getString(com.remitly.biometric.d.biometric_login_negative_button));
            BiometricPrompt.e a = aVar.a();
            Intrinsics.checkExpressionValueIsNotNull(a, "BiometricPrompt.PromptIn…\n                .build()");
            biometricPrompt.t(a, new BiometricPrompt.d(f2));
        } catch (Exception e3) {
            if ((e3 instanceof KeyPermanentlyInvalidatedException) || (e3 instanceof UnrecoverableKeyException)) {
                f5405e.warn("Our private key got invalidated (biometric credentials changed?) or is unrecoverable - dropping user to password screen");
            } else {
                f5405e.error("Got an exception while obtaining signature for user's crypto key (userId=" + identity.b() + " - dropping user to password screen", (Throwable) e3);
            }
            t(identity.b());
            cancelCallback.invoke(EnumC0252a.SIGNING_ERROR);
        }
    }
}
