package com.oblador.keychain;

import android.os.Build;
import android.util.Log;
import androidx.autofill.HintConstants;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import com.oblador.keychain.PrefsStorage;
import com.oblador.keychain.cipherStorage.CipherStorage;
import com.oblador.keychain.cipherStorage.CipherStorageFacebookConceal;
import com.oblador.keychain.cipherStorage.CipherStorageKeystoreAESCBC;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.EmptyParameterException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nullable;

/* loaded from: classes2.dex */
public class KeychainModule extends ReactContextBaseJavaModule {
    public static final String EMPTY_STRING = "";
    public static final String E_CRYPTO_FAILED = "E_CRYPTO_FAILED";
    public static final String E_EMPTY_PARAMETERS = "E_EMPTY_PARAMETERS";
    public static final String E_KEYSTORE_ACCESS_ERROR = "E_KEYSTORE_ACCESS_ERROR";
    public static final String E_SUPPORTED_BIOMETRY_ERROR = "E_SUPPORTED_BIOMETRY_ERROR";
    public static final String FINGERPRINT_SUPPORTED_NAME = "Fingerprint";
    public static final String KEYCHAIN_MODULE = "RNKeychainManager";
    private final Map<String, CipherStorage> cipherStorageMap;
    private final PrefsStorage prefsStorage;

    public KeychainModule(ReactApplicationContext reactApplicationContext) {
        super(reactApplicationContext);
        this.cipherStorageMap = new HashMap();
        this.prefsStorage = new PrefsStorage(reactApplicationContext);
        addCipherStorageToMap(new CipherStorageFacebookConceal(reactApplicationContext));
        addCipherStorageToMap(new CipherStorageKeystoreAESCBC());
    }

    private void addCipherStorageToMap(CipherStorage cipherStorage) {
        this.cipherStorageMap.put(cipherStorage.getCipherStorageName(), cipherStorage);
    }

    private CipherStorage.DecryptionResult decryptCredentials(String str, CipherStorage cipherStorage, PrefsStorage.ResultSet resultSet) throws CryptoFailedException, KeyStoreAccessException {
        if (resultSet.cipherStorageName.equals(cipherStorage.getCipherStorageName())) {
            return cipherStorage.decrypt(str, resultSet.usernameBytes, resultSet.passwordBytes);
        }
        CipherStorage cipherStorageByName = getCipherStorageByName(resultSet.cipherStorageName);
        CipherStorage.DecryptionResult decrypt = cipherStorageByName.decrypt(str, resultSet.usernameBytes, resultSet.passwordBytes);
        try {
            migrateCipherStorage(str, cipherStorage, cipherStorageByName, decrypt);
        } catch (CryptoFailedException unused) {
            Log.e(KEYCHAIN_MODULE, "Migrating to a less safe storage is not allowed. Keeping the old one");
        }
        return decrypt;
    }

    private CipherStorage getCipherStorageByName(String str) {
        return this.cipherStorageMap.get(str);
    }

    private CipherStorage getCipherStorageForCurrentAPILevel() throws CryptoFailedException {
        int i = Build.VERSION.SDK_INT;
        CipherStorage cipherStorage = null;
        for (CipherStorage cipherStorage2 : this.cipherStorageMap.values()) {
            int minSupportedApiLevel = cipherStorage2.getMinSupportedApiLevel();
            if ((minSupportedApiLevel <= i) && (cipherStorage == null || minSupportedApiLevel > cipherStorage.getMinSupportedApiLevel())) {
                cipherStorage = cipherStorage2;
            }
        }
        if (cipherStorage != null) {
            return cipherStorage;
        }
        throw new CryptoFailedException("Unsupported Android SDK " + Build.VERSION.SDK_INT);
    }

    private String getDefaultServiceIfNull(String str) {
        return str == null ? "" : str;
    }

    private SecurityLevel getSecurityLevel() {
        try {
            return !getCipherStorageForCurrentAPILevel().securityLevel().satisfiesSafetyThreshold(SecurityLevel.SECURE_SOFTWARE) ? SecurityLevel.ANY : isSecureHardwareAvailable() ? SecurityLevel.SECURE_HARDWARE : SecurityLevel.SECURE_SOFTWARE;
        } catch (CryptoFailedException unused) {
            return SecurityLevel.ANY;
        }
    }

    private boolean isFingerprintAuthAvailable() {
        return DeviceAvailability.isFingerprintAuthAvailable(getReactApplicationContext());
    }

    private boolean isSecureHardwareAvailable() {
        try {
            return getCipherStorageForCurrentAPILevel().supportsSecureHardware();
        } catch (CryptoFailedException unused) {
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void migrateCipherStorage(String str, CipherStorage cipherStorage, CipherStorage cipherStorage2, CipherStorage.DecryptionResult decryptionResult) throws KeyStoreAccessException, CryptoFailedException {
        this.prefsStorage.storeEncryptedEntry(str, cipherStorage.encrypt(str, (String) decryptionResult.username, (String) decryptionResult.password, decryptionResult.getSecurityLevel()));
        cipherStorage2.removeKey(str);
    }

    private void validateCipherStorageSecurityLevel(CipherStorage cipherStorage, SecurityLevel securityLevel) throws CryptoFailedException {
        if (!cipherStorage.securityLevel().satisfiesSafetyThreshold(securityLevel)) {
            throw new CryptoFailedException(String.format("Cipher Storage is too weak. Required security level is: %s, but only %s is provided", securityLevel.name(), cipherStorage.securityLevel().name()));
        }
    }

    @Override // com.facebook.react.bridge.BaseJavaModule
    @Nullable
    public Map<String, Object> getConstants() {
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityLevel.ANY.jsName(), SecurityLevel.ANY.name());
        hashMap.put(SecurityLevel.SECURE_SOFTWARE.jsName(), SecurityLevel.SECURE_SOFTWARE.name());
        hashMap.put(SecurityLevel.SECURE_HARDWARE.jsName(), SecurityLevel.SECURE_HARDWARE.name());
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @ReactMethod
    public void getGenericPasswordForOptions(String str, Promise promise) {
        try {
            String defaultServiceIfNull = getDefaultServiceIfNull(str);
            CipherStorage cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel();
            PrefsStorage.ResultSet encryptedEntry = this.prefsStorage.getEncryptedEntry(defaultServiceIfNull);
            if (encryptedEntry == null) {
                Log.e(KEYCHAIN_MODULE, "No entry found for service: " + defaultServiceIfNull);
                promise.resolve(false);
                return;
            }
            CipherStorage.DecryptionResult decryptCredentials = decryptCredentials(defaultServiceIfNull, cipherStorageForCurrentAPILevel, encryptedEntry);
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", defaultServiceIfNull);
            createMap.putString("username", (String) decryptCredentials.username);
            createMap.putString(HintConstants.AUTOFILL_HINT_PASSWORD, (String) decryptCredentials.password);
            promise.resolve(createMap);
        } catch (CryptoFailedException e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            promise.reject(E_CRYPTO_FAILED, e);
        } catch (KeyStoreAccessException e2) {
            Log.e(KEYCHAIN_MODULE, e2.getMessage());
            promise.reject(E_KEYSTORE_ACCESS_ERROR, e2);
        }
    }

    @ReactMethod
    public void getInternetCredentialsForServer(String str, ReadableMap readableMap, Promise promise) {
        getGenericPasswordForOptions(str, promise);
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return KEYCHAIN_MODULE;
    }

    @ReactMethod
    public void getSecurityLevel(Promise promise) {
        promise.resolve(getSecurityLevel().name());
    }

    @ReactMethod
    public void getSupportedBiometryType(Promise promise) {
        try {
            if (isFingerprintAuthAvailable()) {
                promise.resolve(FINGERPRINT_SUPPORTED_NAME);
            } else {
                promise.resolve(null);
            }
        } catch (Exception e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            promise.reject(E_SUPPORTED_BIOMETRY_ERROR, e);
        }
    }

    @ReactMethod
    public void hasInternetCredentialsForServer(String str, Promise promise) {
        String defaultServiceIfNull = getDefaultServiceIfNull(str);
        if (this.prefsStorage.getEncryptedEntry(defaultServiceIfNull) != null) {
            promise.resolve(true);
            return;
        }
        Log.e(KEYCHAIN_MODULE, "No entry found for service: " + defaultServiceIfNull);
        promise.resolve(false);
    }

    @ReactMethod
    public void resetGenericPasswordForOptions(String str, Promise promise) {
        CipherStorage cipherStorageByName;
        try {
            String defaultServiceIfNull = getDefaultServiceIfNull(str);
            PrefsStorage.ResultSet encryptedEntry = this.prefsStorage.getEncryptedEntry(defaultServiceIfNull);
            if (encryptedEntry != null && (cipherStorageByName = getCipherStorageByName(encryptedEntry.cipherStorageName)) != null) {
                cipherStorageByName.removeKey(defaultServiceIfNull);
            }
            this.prefsStorage.removeEntry(defaultServiceIfNull);
            promise.resolve(true);
        } catch (KeyStoreAccessException e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            promise.reject(E_KEYSTORE_ACCESS_ERROR, e);
        }
    }

    @ReactMethod
    public void resetInternetCredentialsForServer(String str, ReadableMap readableMap, Promise promise) {
        resetGenericPasswordForOptions(str, promise);
    }

    @ReactMethod
    public void setGenericPasswordForOptions(String str, String str2, String str3, String str4, Promise promise) {
        try {
            SecurityLevel valueOf = SecurityLevel.valueOf(str4);
            if (str2 == null || str2.isEmpty() || str3 == null || str3.isEmpty()) {
                throw new EmptyParameterException("you passed empty or null username/password");
            }
            String defaultServiceIfNull = getDefaultServiceIfNull(str);
            CipherStorage cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel();
            validateCipherStorageSecurityLevel(cipherStorageForCurrentAPILevel, valueOf);
            this.prefsStorage.storeEncryptedEntry(defaultServiceIfNull, cipherStorageForCurrentAPILevel.encrypt(defaultServiceIfNull, str2, str3, valueOf));
            promise.resolve(true);
        } catch (CryptoFailedException e) {
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            promise.reject(E_CRYPTO_FAILED, e);
        } catch (EmptyParameterException e2) {
            Log.e(KEYCHAIN_MODULE, e2.getMessage());
            promise.reject(E_EMPTY_PARAMETERS, e2);
        }
    }

    @ReactMethod
    public void setInternetCredentialsForServer(String str, String str2, String str3, String str4, ReadableMap readableMap, Promise promise) {
        setGenericPasswordForOptions(str, str2, str3, str4, promise);
    }
}
