package us.mobilepassport.data;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.core.hardware.fingerprint.FingerprintManagerCompat;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import timber.log.Timber;
import us.mobilepassport.data.prefs.StringPreference;

/* loaded from: classes.dex */
public class FingerprintCryptographyHelperCompat implements FingerprintCryptographyHelper {

    /* renamed from: a, reason: collision with root package name */
    private boolean f3975a = false;
    private StringPreference b;
    private StringPreference c;
    private KeyStore d;
    private Cipher e;

    public FingerprintCryptographyHelperCompat(StringPreference stringPreference, StringPreference stringPreference2) {
        this.b = stringPreference;
        this.c = stringPreference2;
    }

    private boolean a(int i, String str) {
        try {
            Timber.b("Init cipher suite %s", str);
            this.e = Cipher.getInstance(str);
            try {
                this.d.load(null);
                SecretKey secretKey = (SecretKey) this.d.getKey("fingerprint_key", null);
                if (secretKey == null) {
                    Timber.b("Secret key is null", new Object[0]);
                    return false;
                }
                if (i == 2) {
                    byte[] decode = Base64.decode(this.c.a(), 0);
                    if (this.f3975a) {
                        this.e.init(2, secretKey, new IvParameterSpec(decode));
                    } else {
                        this.e.init(2, secretKey, new GCMParameterSpec(128, decode));
                    }
                } else {
                    this.e.init(1, secretKey);
                }
                return true;
            } catch (KeyPermanentlyInvalidatedException unused) {
                Timber.b("Secret key becomes invalid", new Object[0]);
                return false;
            } catch (InvalidAlgorithmParameterException unused2) {
                this.f3975a = true;
                return a(i, "AES/CBC/PKCS7Padding");
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new RuntimeException("Failed to get an instance of Cipher", e2);
        }
    }

    private void b(boolean z) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            try {
                this.d.load(null);
                if (this.d.containsAlias("fingerprint_key")) {
                    this.d.deleteEntry("fingerprint_key");
                }
                KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("fingerprint_key", 3).setBlockModes("GCM").setUserAuthenticationRequired(z).setEncryptionPaddings("NoPadding");
                encryptionPaddings.setInvalidatedByBiometricEnrollment(true);
                keyGenerator.init(encryptionPaddings.build());
                keyGenerator.generateKey();
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new RuntimeException("Failed to get an instance of KeyGenerator", e2);
        }
    }

    private void f() {
        try {
            this.d = KeyStore.getInstance("AndroidKeyStore");
        } catch (KeyStoreException e) {
            throw new RuntimeException("Failed to get an instance of KeyStore", e);
        }
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public void a() {
        this.b.c();
        this.c.c();
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public void a(String str) {
        try {
            String encodeToString = Base64.encodeToString(this.e.doFinal(str.getBytes("UTF-8")), 0);
            String encodeToString2 = Base64.encodeToString(this.e.getIV(), 0);
            Timber.b("Encrypted pin length = %s, encryptedBase64Pin = %s, cipher algorithm = %s, cipher blocksize = %s", Integer.valueOf(encodeToString.length()), encodeToString, this.e.getAlgorithm(), Integer.valueOf(this.e.getBlockSize()));
            this.b.a(encodeToString);
            this.c.a(encodeToString2);
            if (encodeToString.length() != 25) {
                Timber.d("Suspicious base64 encrypted pin length. length = %s, encryptedBase64Pin = %s, cipher algorithm = %s, cipher blocksize = %s", Integer.valueOf(encodeToString.length()), encodeToString, this.e.getAlgorithm(), Integer.valueOf(this.e.getBlockSize()));
            }
            this.f3975a = false;
        } catch (UnsupportedEncodingException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public boolean a(boolean z) {
        try {
            a();
            f();
            b(z);
            a(1, "AES/GCM/NoPadding");
            return true;
        } catch (Exception e) {
            Timber.a(e);
            return false;
        }
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public String b() {
        try {
            String a2 = this.b.a();
            byte[] decode = Base64.decode(a2, 0);
            Timber.b("encrypted pin length = %s, encryptedBase64Pin = %s, cipher algorithm = %s, cipher blocksize = %s", Integer.valueOf(a2.length()), a2, this.e.getAlgorithm(), Integer.valueOf(this.e.getBlockSize()));
            byte[] doFinal = this.e.doFinal(decode);
            if (a2.length() != 25) {
                Timber.d("Suspicious base64 encrypted pin length. length = %s, encryptedBase64Pin = %s, cipher algorithm = %s, cipher blocksize = %s", Integer.valueOf(a2.length()), a2, this.e.getAlgorithm(), Integer.valueOf(this.e.getBlockSize()));
            }
            return new String(doFinal, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e = e;
            throw new RuntimeException(e);
        } catch (BadPaddingException e2) {
            e = e2;
            throw new RuntimeException(e);
        } catch (IllegalBlockSizeException e3) {
            Timber.c(e3, "Argh, the cipher is most probably in a buggy state (Android issue https://issuetracker.google.com/issues/62877384 and https://issuetracker.google.com/issues/37127115). Resetting the used fingerprint to workaround this issue.", new Object[0]);
            a();
            throw e3;
        }
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public boolean c() {
        try {
            f();
            if (a(2, "AES/GCM/NoPadding")) {
                return true;
            }
            Timber.b("the key can no longer be used because it has been permanently invalidated", new Object[0]);
            a();
            return false;
        } catch (Exception e) {
            Timber.a(e);
            return false;
        }
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public boolean d() {
        return this.f3975a;
    }

    @Override // us.mobilepassport.data.FingerprintCryptographyHelper
    public FingerprintManagerCompat.CryptoObject e() {
        return new FingerprintManagerCompat.CryptoObject(this.e);
    }
}
