package com.daon.sdk.authenticator.controller;

import android.os.Build;
import android.os.Bundle;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import android.util.Log;
import com.daon.sdk.authenticator.CommonExtensions;
import com.daon.sdk.authenticator.Extensions;
import com.daon.sdk.authenticator.GlobalAuthAttempts;
import com.daon.sdk.authenticator.R;
import com.daon.sdk.authenticator.VerificationAttemptParameters;
import com.daon.sdk.authenticator.authenticator.GlobalSettings;
import com.daon.sdk.authenticator.authenticator.a;
import com.daon.sdk.authenticator.controller.CaptureControllerProtocol;
import com.daon.sdk.crypto.SecureKeyStore;
import com.daon.sdk.crypto.SecureStorageFactory;
import com.daon.sdk.crypto.exception.SecurityFactoryException;
import com.daon.sdk.device.IXAFactor;
import com.daon.sdk.device.IXAFingerprintFactor;
import com.daon.sdk.device.util.DeviceInfo;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.Signature;
import java.security.UnrecoverableKeyException;

/* loaded from: classes.dex */
public class FingerprintCaptureController extends BaseCaptureController implements FingerprintCaptureControllerProtocol {
    private Boolean a = null;
    private boolean b;
    private boolean c;
    private boolean d;
    private boolean e;
    private String f;
    private Signature g;
    private IXAFactor h;
    private int i;

    @Override // com.daon.sdk.authenticator.controller.BaseCaptureController, com.daon.sdk.authenticator.controller.CaptureControllerProtocol
    public void cancelCapture() {
        checkIfStarted();
        deleteAuthKey();
        captureFailed(5, null);
    }

    protected boolean checkInitialReg() {
        try {
            setInitialReg((getKey() == null || isFingerprintAuthKeyPresent()) ? false : true);
        } catch (UnrecoverableKeyException unused) {
            Log.w("DAON", "Canary key corrupted. Continue processing.");
        } catch (Exception unused2) {
            captureFailed(2, "");
            return false;
        }
        return true;
    }

    protected boolean checkLegacyMode() {
        try {
            setLegacyMode(getKey() == null && !isFingerprintAuthKeyPresent());
            return true;
        } catch (UnrecoverableKeyException unused) {
            captureFailed(1007, getContext().getString(R.string.error_keys_invalidated));
            return false;
        } catch (Exception unused2) {
            captureFailed(2, "");
            return false;
        }
    }

    @Override // com.daon.sdk.authenticator.controller.BaseCaptureController, com.daon.sdk.authenticator.controller.CaptureControllerProtocol
    public void completeCapture() {
        checkIfStarted();
        if (isSilentRegistration() || signChallenge() != null) {
            completeCaptureAndRegisterKeys();
        } else {
            deleteAuthKey();
        }
    }

    @Override // com.daon.sdk.authenticator.controller.BaseCaptureController, com.daon.sdk.authenticator.controller.CaptureControllerProtocol
    public void completeCaptureWithError(AuthenticatorError authenticatorError) {
        checkIfStarted();
        deleteAuthKey();
        notifyVerificationAttemptFailed(true, authenticatorError.getCode());
        captureFailed(authenticatorError.getCode(), authenticatorError.getMessage());
    }

    protected void createLegacyModeKey() throws Exception {
        Log.d("DAON", "FLAM");
        if (!IXAFingerprintFactor.hasRegisteredFinger(getContext())) {
            captureFailed(1001, getContext().getString(R.string.error_no_prints));
            return;
        }
        int i = Build.VERSION.SDK_INT < 21 ? 17 : 16;
        setFingerAuthKeyName(getKey() == null ? "daon.fingerprint" : getKey());
        Bundle bundle = new Bundle();
        String extension = getExtension(CommonExtensions.KEY_ATTESTATION_CHALLENGE, null);
        if (extension != null) {
            bundle.putByteArray("key.property.attestation.challenge", Base64.decode(extension, 0));
        }
        String extension2 = getExtension(CommonExtensions.KEY_STORE_ORDER, null);
        if (extension2 != null) {
            bundle.putString(CommonExtensions.KEY_STORE_ORDER, extension2);
        }
        if (getBooleanExtension(Extensions.FINGER_PLATFORM_API_ONLY, false)) {
            i |= 32;
        }
        if (getBooleanExtension(Extensions.FINGER_INVALIDATE_BY_ENROLLMENT, false)) {
            i = i | 64 | 8;
            setUseCryptoObject(true);
        }
        if (isEnableBackupAuthenticator()) {
            i |= 128;
        }
        Boolean valueOf = Boolean.valueOf(GlobalSettings.getInstance().isForceFingerprintAPIUsage());
        if (DeviceInfo.isAPIVersionP() && !valueOf.booleanValue()) {
            i |= 256;
        }
        setFingerFactor(new IXAFactor(getContext(), getFingerAuthKeyName(), null, i | 4, bundle));
    }

    protected void createNonLegacyModeKey() throws Exception {
        Log.d("DAON", "noFLAM");
        if (!IXAFingerprintFactor.hasRegisteredFinger(getContext())) {
            captureFailed(1001, getContext().getString(R.string.error_no_prints));
            return;
        }
        if (checkInitialReg()) {
            setUseCryptoObject(true);
            int i = getKey() == null ? 26 : 24;
            if (Build.VERSION.SDK_INT < 21) {
                i |= 1;
            }
            if (getBooleanExtension(Extensions.FINGER_PLATFORM_API_ONLY, false)) {
                i |= 32;
            }
            if (getBooleanExtension(Extensions.FINGER_INVALIDATE_BY_ENROLLMENT, true)) {
                i |= 64;
            }
            if (this.c) {
                i |= 128;
            }
            Boolean valueOf = Boolean.valueOf(GlobalSettings.getInstance().isForceFingerprintAPIUsage());
            if (DeviceInfo.isAPIVersionP() && !valueOf.booleanValue()) {
                i |= 256;
            }
            int i2 = i | 4;
            try {
                setFingerAuthKeyName(a.b(getContext()));
                setFingerFactor(new IXAFactor(getContext(), getFingerAuthKeyName(), null, i2, null));
            } catch (UnrecoverableKeyException unused) {
                a.c(getContext());
                setFingerAuthKeyName(a.b(getContext()));
                setFingerFactor(new IXAFactor(getContext(), getFingerAuthKeyName(), null, i2, null));
            }
        }
    }

    protected void deleteAuthKey() {
        if (isInitialReg()) {
            try {
                getAuthKeyStore().removeKey(a.b(getContext()));
            } catch (KeyStoreException unused) {
                Log.w("DAON", "Failed to remove " + a.b(getContext()) + " probably because it has been invalidated by the OS");
            } catch (Exception e) {
                Log.e("DAON", "Failed to remove " + a.b(getContext()) + ".", e);
            }
        }
    }

    protected SecureKeyStore getAuthKeyStore() throws SecurityFactoryException {
        Bundle bundle = new Bundle();
        bundle.putString("key.property.algorithm", "EC");
        return SecureStorageFactory.getKeyStoreInstance(getContext(), bundle);
    }

    @Override // com.daon.sdk.authenticator.controller.BaseCaptureController, com.daon.sdk.authenticator.controller.CaptureControllerProtocol
    public int getCurrentAttempt() {
        return isFingerSdkLocking() ? super.getCurrentAttempt() : this.i + 1;
    }

    protected int getFingerAttempts() {
        return this.i;
    }

    protected String getFingerAuthKeyName() {
        return this.f;
    }

    protected IXAFactor getFingerFactor() {
        return this.h;
    }

    protected Boolean getFingerprintAuthKeyPresent() {
        return this.a;
    }

    @Override // com.daon.sdk.authenticator.controller.FingerprintCaptureControllerProtocol
    public Signature getSignature() {
        checkIfStarted();
        try {
            if (isUseCryptoObject()) {
                this.g = getAuthKeyStore().getSignature(getFingerAuthKeyName());
            }
            return this.g;
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate signature on key with alias " + getFingerAuthKeyName() + ".", e);
        }
    }

    protected boolean isEnableBackupAuthenticator() {
        return this.c;
    }

    protected boolean isFingerSdkLocking() {
        return getBooleanExtension(Extensions.FINGER_SDK_LOCKING, false);
    }

    protected boolean isFingerprintAuthKeyPresent() throws Exception {
        if (getFingerprintAuthKeyPresent() == null) {
            setFingerprintAuthKeyPresent(Boolean.valueOf(getAuthKeyStore().hasKey(a.b(getContext()))));
        }
        return getFingerprintAuthKeyPresent().booleanValue();
    }

    protected boolean isInitialReg() {
        return this.d;
    }

    protected boolean isLegacyMode() {
        return this.b;
    }

    public boolean isSilentRegistration() {
        return (getBooleanExtension(Extensions.SILENT_REGISTRATION, false) || getBooleanExtension("silent", false)) && getKey() != null;
    }

    protected boolean isUseCryptoObject() {
        return this.e;
    }

    @Override // com.daon.sdk.authenticator.controller.FingerprintCaptureControllerProtocol
    public CaptureControllerProtocol.LockInfo notifyFingerVerificationAttemptFailed() {
        return notifyVerificationAttemptFailed(false, 0);
    }

    protected CaptureControllerProtocol.LockInfo notifyVerificationAttemptFailed(boolean z, int i) {
        if (!z) {
            this.i++;
        }
        boolean isFingerSdkLocking = isFingerSdkLocking();
        if (!z && !isFingerSdkLocking) {
            GlobalAuthAttempts.getInstance().increment();
        }
        getInfoExtensions().putInt(CommonExtensions.INFO_ATTEMPTS, this.i);
        Bundle bundle = new Bundle();
        if (z) {
            bundle.putInt(VerificationAttemptParameters.PARAM_ERROR_CODE, i);
        }
        bundle.putInt(VerificationAttemptParameters.PARAM_ATTEMPT, this.i);
        bundle.putInt(VerificationAttemptParameters.PARAM_GLOBAL_ATTEMPT, GlobalAuthAttempts.getInstance().getValue());
        if (getKey() == null && !z && isFingerSdkLocking) {
            return notifyFailedAttempt(bundle);
        }
        if (getCallback() != null) {
            getCallback().onVerificationAttemptFailed(getAuthenticator(), bundle);
        }
        return null;
    }

    protected void setEnableBackupAuthenticator(boolean z) {
        this.c = z;
    }

    protected void setFingerAttempts(int i) {
        this.i = i;
    }

    protected void setFingerAuthKeyName(String str) {
        this.f = str;
    }

    protected void setFingerFactor(IXAFactor iXAFactor) {
        this.h = iXAFactor;
    }

    protected void setFingerprintAuthKeyPresent(Boolean bool) {
        this.a = bool;
    }

    protected void setInitialReg(boolean z) {
        this.d = z;
    }

    protected void setLegacyMode(boolean z) {
        this.b = z;
    }

    protected void setUseCryptoObject(boolean z) {
        this.e = z;
    }

    protected byte[] signChallenge() {
        byte[] bytes = "challenge".getBytes();
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                return getFingerFactor().sign(this.g, bytes);
            } catch (Exception e) {
                if (e instanceof KeyPermanentlyInvalidatedException) {
                    captureFailed(1007, getContext().getString(R.string.error_keys_invalidated));
                } else if (e instanceof UserNotAuthenticatedException) {
                    captureFailed(1008, getContext().getString(R.string.error_user_not_authenticated));
                } else if (e.getMessage().contains("user not authenticated")) {
                    captureFailed(1007, getContext().getString(R.string.error_keys_invalidated));
                } else {
                    captureFailed(1006, getContext().getString(R.string.error_sign));
                }
            }
        } else {
            try {
                return getAuthKeyStore().sign(this.f, bytes);
            } catch (Exception unused) {
                captureFailed(1006, getContext().getString(R.string.error_sign));
            }
        }
        return null;
    }

    @Override // com.daon.sdk.authenticator.controller.BaseCaptureController, com.daon.sdk.authenticator.controller.CaptureControllerProtocol
    public void startCapture() {
        super.startCapture();
        if (checkLegacyMode()) {
            try {
                if (isLegacyMode()) {
                    createLegacyModeKey();
                } else {
                    createNonLegacyModeKey();
                }
            } catch (IllegalStateException | InvalidAlgorithmParameterException unused) {
                captureFailed(1002, getContext().getString(R.string.error_device_lock_disabled));
            } catch (Exception e) {
                Log.e("DAON", "Finger authenticate exception: " + e.getMessage(), e);
                captureFailed(2, "");
            }
        }
    }
}
