package com.ts.common.internal.core.external_authenticators.fingerprint;

import android.annotation.TargetApi;
import android.app.AlertDialog;
import android.content.Context;
import android.content.DialogInterface;
import android.hardware.fingerprint.FingerprintManager;
import android.os.CancellationSignal;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.content.c;
import android.util.Base64;
import com.ts.common.api.core.external_authenticators.UserAuthenticator;
import com.ts.common.api.core.storage.UserStorageService;
import com.ts.common.internal.core.logger.Log;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.inject.Inject;

@TargetApi(23)
/* loaded from: classes2.dex */
public class MarshmallowFingerprintAuthenticator extends FingerprintAuthenticatorBase implements UserAuthenticator {
    private static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
    private static final String FINGER_AUTH_KEY_ID = ".auth.finger.key_id";
    private static final String IV_DELIMITER = "]";
    private static final String NAME = "Fingerprint";
    private static final String TAG = "com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator";
    private Context mContext;
    private AlertDialog mDialog;
    private FingerprintManager mFingerManager;
    private boolean mIsFeatureEnabled;
    private UserStorageService mStorageService;

    @Inject
    public MarshmallowFingerprintAuthenticator(Context context, UserStorageService userStorageService) {
        this.mContext = context;
        this.mStorageService = userStorageService;
        this.mFingerManager = (FingerprintManager) this.mContext.getSystemService("fingerprint");
        if (this.mFingerManager == null) {
            Log.e(TAG, "Fingerprint detection is not supported");
            this.mIsFeatureEnabled = false;
        } else if (c.a(this.mContext, "android.permission.USE_FINGERPRINT") == 0) {
            this.mIsFeatureEnabled = this.mFingerManager.isHardwareDetected();
        } else {
            Log.e(TAG, "Fingerprint permission is denied");
            this.mIsFeatureEnabled = false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0046  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private javax.crypto.Cipher createCipherForDecryption(java.lang.String r6, com.ts.common.api.core.external_authenticators.UserAuthenticator.AuthenticationCallback r7) {
        /*
            r5 = this;
            javax.crypto.SecretKey r0 = r5.getEncryptionKey()
            r1 = 0
            if (r0 != 0) goto Lf
            java.lang.String r6 = com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.TAG
            java.lang.String r7 = "Failed to get encryption key"
            com.ts.common.internal.core.logger.Log.e(r6, r7)
            return r1
        Lf:
            java.lang.String r2 = "AES/CBC/PKCS7Padding"
            javax.crypto.Cipher r2 = javax.crypto.Cipher.getInstance(r2)     // Catch: java.security.InvalidAlgorithmParameterException -> L23 java.security.InvalidKeyException -> L25 javax.crypto.NoSuchPaddingException -> L27 java.security.NoSuchAlgorithmException -> L29 android.security.keystore.KeyPermanentlyInvalidatedException -> L4c
            r3 = 2
            byte[] r6 = android.util.Base64.decode(r6, r3)     // Catch: java.security.InvalidAlgorithmParameterException -> L23 java.security.InvalidKeyException -> L25 javax.crypto.NoSuchPaddingException -> L27 java.security.NoSuchAlgorithmException -> L29 android.security.keystore.KeyPermanentlyInvalidatedException -> L4c
            javax.crypto.spec.IvParameterSpec r4 = new javax.crypto.spec.IvParameterSpec     // Catch: java.security.InvalidAlgorithmParameterException -> L23 java.security.InvalidKeyException -> L25 javax.crypto.NoSuchPaddingException -> L27 java.security.NoSuchAlgorithmException -> L29 android.security.keystore.KeyPermanentlyInvalidatedException -> L4c
            r4.<init>(r6)     // Catch: java.security.InvalidAlgorithmParameterException -> L23 java.security.InvalidKeyException -> L25 javax.crypto.NoSuchPaddingException -> L27 java.security.NoSuchAlgorithmException -> L29 android.security.keystore.KeyPermanentlyInvalidatedException -> L4c
            r2.init(r3, r0, r4)     // Catch: java.security.InvalidAlgorithmParameterException -> L23 java.security.InvalidKeyException -> L25 javax.crypto.NoSuchPaddingException -> L27 java.security.NoSuchAlgorithmException -> L29 android.security.keystore.KeyPermanentlyInvalidatedException -> L4c
            return r2
        L23:
            r6 = move-exception
            goto L2a
        L25:
            r6 = move-exception
            goto L2a
        L27:
            r6 = move-exception
            goto L2a
        L29:
            r6 = move-exception
        L2a:
            java.lang.String r0 = com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.TAG
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            java.lang.String r3 = "Failed to init decryption Cipher: "
            r2.append(r3)
            java.lang.String r6 = r6.getMessage()
            r2.append(r6)
            java.lang.String r6 = r2.toString()
            com.ts.common.internal.core.logger.Log.e(r0, r6)
            if (r7 == 0) goto L5b
            com.ts.common.api.core.external_authenticators.UserAuthenticator$Error r6 = com.ts.common.api.core.external_authenticators.UserAuthenticator.Error.INIT_FAILED
            r7.authenticationFailed(r6)
            goto L5b
        L4c:
            java.lang.String r6 = com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.TAG
            java.lang.String r0 = "Failed to init decryption Cipher (key was invalidated)"
            com.ts.common.internal.core.logger.Log.e(r6, r0)
            if (r7 == 0) goto L5b
            com.ts.common.api.core.external_authenticators.UserAuthenticator$Error r6 = com.ts.common.api.core.external_authenticators.UserAuthenticator.Error.BAD_ENROLLED_DATA
            r7.authenticationFailed(r6)
        L5b:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.createCipherForDecryption(java.lang.String, com.ts.common.api.core.external_authenticators.UserAuthenticator$AuthenticationCallback):javax.crypto.Cipher");
    }

    private Cipher createCipherForEncryption() {
        SecretKey createEncryptionKey = createEncryptionKey();
        if (createEncryptionKey == null) {
            Log.e(TAG, "Failed to create key");
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(1, createEncryptionKey);
            return cipher;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            Log.e(TAG, "Failed to init encryption Cipher: " + e.getMessage());
            return null;
        }
    }

    private SecretKey createEncryptionKey() {
        try {
            KeyStore.getInstance("AndroidKeyStore").load(null);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(getKeyAlias(), 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).build());
                return keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                Log.e(TAG, "Failed to init KeyGenerator: " + e.getMessage());
                return null;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            Log.e(TAG, "Failed to load KeyStore: " + e2.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String decryptSecret(Cipher cipher, String str) {
        try {
            String str2 = new String(cipher.doFinal(Base64.decode(str, 2)), StandardCharsets.UTF_8);
            Log.d(TAG, "decrypted secret: " + str2);
            return str2;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            Log.e(TAG, "Decryption failed: " + e.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String encryptAndStoreSecret(Cipher cipher, String str) {
        try {
            Log.d(TAG, "encrypting secret: " + str);
            byte[] iv = cipher.getIV();
            this.mStorageService.setFingerprintSecret(Base64.encodeToString(iv, 2) + IV_DELIMITER + Base64.encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), 2));
            return str;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            Log.e(TAG, "Encryption failed: " + e.getMessage());
            return null;
        }
    }

    private SecretKey getEncryptionKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(getKeyAlias(), null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            e.printStackTrace();
            Log.e(TAG, "Failed to get key: " + e.getMessage());
            return null;
        }
    }

    private String getKeyAlias() {
        return this.mStorageService.getUser() + FINGER_AUTH_KEY_ID;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public void authenticateUser(String str, Object obj, final UserAuthenticator.AuthenticationCallback authenticationCallback) {
        Log.d(TAG, "Starting fingerprint authentication");
        if (!this.mIsFeatureEnabled) {
            Log.e(TAG, "Not enabled feature invoked!");
            authenticationCallback.authenticationFailed(UserAuthenticator.Error.NOT_ACTIVE_AUTHENTICATOR);
            return;
        }
        if (c.a(this.mContext, "android.permission.USE_FINGERPRINT") != 0) {
            Log.e(TAG, "Fingerprint permission is denied");
            authenticationCallback.authenticationFailed(UserAuthenticator.Error.NOT_ACTIVE_AUTHENTICATOR);
            return;
        }
        if (!this.mFingerManager.hasEnrolledFingerprints()) {
            Log.e(TAG, "No registered fingerprint!");
            authenticationCallback.authenticationFailed(UserAuthenticator.Error.NO_ENROLLMENT_DATA);
            return;
        }
        String fingerprintSecret = this.mStorageService.getFingerprintSecret();
        if (fingerprintSecret == null) {
            authenticationCallback.authenticationFailed(UserAuthenticator.Error.BAD_ENROLLED_DATA);
            return;
        }
        final String[] split = fingerprintSecret.split(IV_DELIMITER);
        if (split.length != 2) {
            throw new IllegalArgumentException("Invalid encrypted text format");
        }
        final Cipher createCipherForDecryption = createCipherForDecryption(split[0], authenticationCallback);
        if (createCipherForDecryption == null) {
            Log.e(TAG, "Failed to create cipher for decryption");
            return;
        }
        FingerprintManager.CryptoObject cryptoObject = new FingerprintManager.CryptoObject(createCipherForDecryption);
        final CancellationSignal cancellationSignal = new CancellationSignal();
        this.mDialog = showFingerprintDialog(new DialogInterface.OnClickListener() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.4
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                Log.d(MarshmallowFingerprintAuthenticator.TAG, "User clicked cancel");
                cancellationSignal.cancel();
            }
        }, new DialogInterface.OnCancelListener() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.5
            @Override // android.content.DialogInterface.OnCancelListener
            public void onCancel(DialogInterface dialogInterface) {
                Log.d(MarshmallowFingerprintAuthenticator.TAG, "Dialog cancelled");
                if (cancellationSignal.isCanceled()) {
                    return;
                }
                cancellationSignal.cancel();
            }
        });
        this.mFingerManager.authenticate(cryptoObject, cancellationSignal, 0, new FingerprintManager.AuthenticationCallback() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.6
            @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
            public void onAuthenticationError(int i, CharSequence charSequence) {
                Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationError(): " + ((Object) charSequence));
                if (MarshmallowFingerprintAuthenticator.this.mDialog == null) {
                    return;
                }
                MarshmallowFingerprintAuthenticator.this.mDialog.cancel();
                if (i == 3 || i == 5) {
                    authenticationCallback.authenticationCancelled(-100);
                    return;
                }
                if (i == 7) {
                    MarshmallowFingerprintAuthenticator.this.showTooManyAttemptsDialog();
                    return;
                }
                Log.w(MarshmallowFingerprintAuthenticator.TAG, "Unhandled error code: " + i);
                authenticationCallback.authenticationFailed(UserAuthenticator.Error.OP_FAILED);
            }

            @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
            public void onAuthenticationFailed() {
                Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationFailed()");
                authenticationCallback.authenticationSuccessful(false, null);
                MarshmallowFingerprintAuthenticator marshmallowFingerprintAuthenticator = MarshmallowFingerprintAuthenticator.this;
                marshmallowFingerprintAuthenticator.hintBadFingerprint(marshmallowFingerprintAuthenticator.mDialog);
            }

            @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
            public void onAuthenticationHelp(int i, CharSequence charSequence) {
                Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationHelp(): " + ((Object) charSequence));
                MarshmallowFingerprintAuthenticator marshmallowFingerprintAuthenticator = MarshmallowFingerprintAuthenticator.this;
                marshmallowFingerprintAuthenticator.updateHintText(marshmallowFingerprintAuthenticator.mDialog, charSequence);
            }

            @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
            public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult authenticationResult) {
                Log.d(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationSucceeded()");
                MarshmallowFingerprintAuthenticator.this.mDialog.cancel();
                String decryptSecret = MarshmallowFingerprintAuthenticator.this.decryptSecret(createCipherForDecryption, split[1]);
                if (decryptSecret != null) {
                    authenticationCallback.authenticationSuccessful(true, decryptSecret);
                } else {
                    Log.e(MarshmallowFingerprintAuthenticator.TAG, "Failed to decrypt secret");
                    authenticationCallback.authenticationFailed(UserAuthenticator.Error.OP_FAILED);
                }
            }
        }, null);
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public void cancel(boolean z) {
        AlertDialog alertDialog = this.mDialog;
        if (alertDialog != null) {
            alertDialog.cancel();
            if (z) {
                this.mDialog = null;
            }
        }
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public void clear() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(getKeyAlias());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.e(TAG, "Failed to clear key: " + e.getMessage());
        }
    }

    @Override // com.ts.common.internal.core.external_authenticators.fingerprint.FingerprintAuthenticatorBase
    protected Context getContext() {
        return this.mContext;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public String getName() {
        return NAME;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public boolean isInvalidated() {
        String fingerprintSecret = this.mStorageService.getFingerprintSecret();
        if (fingerprintSecret == null) {
            return true;
        }
        String[] split = fingerprintSecret.split(IV_DELIMITER);
        if (split.length != 2) {
            throw new IllegalArgumentException("Invalid encrypted text format");
        }
        if (createCipherForDecryption(split[0], null) != null) {
            return false;
        }
        Log.e(TAG, "Failed to create cipher for decryption");
        return true;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public boolean isSupported() {
        return this.mIsFeatureEnabled;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public boolean isSystemEnrolled() {
        if (c.a(this.mContext, "android.permission.USE_FINGERPRINT") == 0) {
            return this.mFingerManager.hasEnrolledFingerprints();
        }
        Log.e(TAG, "Fingerprint permission is denied");
        return false;
    }

    @Override // com.ts.common.api.core.external_authenticators.UserAuthenticator
    public void registerUser(String str, final Object obj, final UserAuthenticator.EnrollmentCallback enrollmentCallback, String str2) {
        if (!(obj instanceof String)) {
            throw new InvalidParameterException("_secret class must be String");
        }
        Log.d(TAG, "Starting fingerprint authentication");
        if (!this.mIsFeatureEnabled) {
            Log.e(TAG, "Not enabled feature invoked!");
            enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.NOT_ACTIVE_AUTHENTICATOR);
            return;
        }
        if (c.a(this.mContext, "android.permission.USE_FINGERPRINT") != 0) {
            Log.e(TAG, "Fingerprint permission is denied");
            enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.NOT_ACTIVE_AUTHENTICATOR);
            return;
        }
        if (!this.mFingerManager.hasEnrolledFingerprints()) {
            Log.e(TAG, "No registered fingerprint!");
            enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.NO_ENROLLMENT_DATA);
            return;
        }
        final Cipher createCipherForEncryption = createCipherForEncryption();
        if (createCipherForEncryption == null) {
            Log.e(TAG, "Failed to create cipher for encryption");
            enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.INIT_FAILED);
        } else {
            FingerprintManager.CryptoObject cryptoObject = new FingerprintManager.CryptoObject(createCipherForEncryption);
            final CancellationSignal cancellationSignal = new CancellationSignal();
            this.mDialog = showFingerprintDialog(new DialogInterface.OnClickListener() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.1
                @Override // android.content.DialogInterface.OnClickListener
                public void onClick(DialogInterface dialogInterface, int i) {
                    Log.d(MarshmallowFingerprintAuthenticator.TAG, "User clicked cancel");
                    cancellationSignal.cancel();
                }
            }, new DialogInterface.OnCancelListener() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.2
                @Override // android.content.DialogInterface.OnCancelListener
                public void onCancel(DialogInterface dialogInterface) {
                    Log.d(MarshmallowFingerprintAuthenticator.TAG, "Dialog cancelled");
                    if (cancellationSignal.isCanceled()) {
                        return;
                    }
                    cancellationSignal.cancel();
                }
            });
            this.mFingerManager.authenticate(cryptoObject, cancellationSignal, 0, new FingerprintManager.AuthenticationCallback() { // from class: com.ts.common.internal.core.external_authenticators.fingerprint.MarshmallowFingerprintAuthenticator.3
                @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
                public void onAuthenticationError(int i, CharSequence charSequence) {
                    Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationError(): " + ((Object) charSequence));
                    if (MarshmallowFingerprintAuthenticator.this.mDialog == null) {
                        return;
                    }
                    MarshmallowFingerprintAuthenticator.this.mDialog.cancel();
                    if (i == 3 || i == 5) {
                        enrollmentCallback.enrollmentCancelled(-100);
                        return;
                    }
                    if (i == 7) {
                        MarshmallowFingerprintAuthenticator.this.showTooManyAttemptsDialog();
                        enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.ILLEGAL_STATE);
                        return;
                    }
                    Log.w(MarshmallowFingerprintAuthenticator.TAG, "Unhandled error code: " + i);
                    enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.OP_FAILED);
                }

                @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
                public void onAuthenticationFailed() {
                    Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationFailed()");
                    enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.BAD_ENROLLMENT_DATA);
                    MarshmallowFingerprintAuthenticator marshmallowFingerprintAuthenticator = MarshmallowFingerprintAuthenticator.this;
                    marshmallowFingerprintAuthenticator.hintBadFingerprint(marshmallowFingerprintAuthenticator.mDialog);
                }

                @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
                public void onAuthenticationHelp(int i, CharSequence charSequence) {
                    Log.e(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationHelp(): " + ((Object) charSequence));
                    MarshmallowFingerprintAuthenticator marshmallowFingerprintAuthenticator = MarshmallowFingerprintAuthenticator.this;
                    marshmallowFingerprintAuthenticator.updateHintText(marshmallowFingerprintAuthenticator.mDialog, charSequence);
                }

                @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
                public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult authenticationResult) {
                    Log.d(MarshmallowFingerprintAuthenticator.TAG, "onAuthenticationSucceeded()");
                    MarshmallowFingerprintAuthenticator.this.mDialog.cancel();
                    if (MarshmallowFingerprintAuthenticator.this.encryptAndStoreSecret(createCipherForEncryption, (String) obj) != null) {
                        enrollmentCallback.enrollmentSuccessfull((String) obj);
                    } else {
                        Log.e(MarshmallowFingerprintAuthenticator.TAG, "Failed to encrypt secret");
                        enrollmentCallback.enrollmentFailed(UserAuthenticator.Error.OP_FAILED);
                    }
                }
            }, null);
        }
    }
}
