package minkasu2fa;

import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.widget.Toast;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import androidx.core.content.ContextCompat;
import com.google.android.gms.stats.CodePackage;
import com.minkasu.android.twofa.R;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import minkasu2fa.core.data.MKCryptoException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes4.dex */
public class s0 {

    /* renamed from: a, reason: collision with root package name */
    public static final String f41171a = s0.class.getSimpleName() + "-Minkasu";

    public static String a(Context context) {
        Object systemService;
        Object systemService2;
        boolean isHardwareDetected;
        boolean hasEnrolledFingerprints;
        if (context == null) {
            return "Context Missing";
        }
        if (!w0.d()) {
            return context.getResources().getString(R.string.minkasu2fa_fp_un_avail);
        }
        systemService = context.getSystemService((Class<Object>) KeyguardManager.class);
        KeyguardManager keyguardManager = (KeyguardManager) systemService;
        systemService2 = context.getSystemService((Class<Object>) FingerprintManager.class);
        FingerprintManager a2 = androidx.core.hardware.fingerprint.j.a(systemService2);
        if (a2 == null || keyguardManager == null) {
            return context.getResources().getString(R.string.minkasu2fa_fp_api_missing);
        }
        isHardwareDetected = a2.isHardwareDetected();
        if (!isHardwareDetected) {
            return context.getResources().getString(R.string.minkasu2fa_fp_hardware_un_avail);
        }
        if (!keyguardManager.isKeyguardSecure()) {
            return context.getResources().getString(R.string.minkasu2fa_keyguard_fp_not_enrolled);
        }
        if (d(context)) {
            return context.getResources().getString(R.string.minkasu2fa_fp_permission_missing);
        }
        hasEnrolledFingerprints = a2.hasEnrolledFingerprints();
        if (hasEnrolledFingerprints) {
            return null;
        }
        return context.getResources().getString(R.string.minkasu2fa_keyguard_fp_not_enrolled);
    }

    public static Signature a(String str, p pVar) {
        try {
            c(str);
            f(str);
            Signature h2 = h(str);
            if (h2 == null) {
                throw new MKCryptoException(f41171a, "Failed to create signature");
            }
            if (pVar != null) {
                pVar.b("minkasu2fa_new_biometric_signature", true);
            }
            return h2;
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e2) {
            throw new MKCryptoException(f41171a, e2);
        }
    }

    @RequiresApi(api = 23)
    public static Cipher a() {
        try {
            return Cipher.getInstance("AES/CBC/PKCS7Padding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new MKCryptoException(f41171a, "Failed to get an instance of Cipher", e2);
        }
    }

    public static w a(p pVar) {
        return pVar.a("minkasu2fa_use_fingerprint", false) ? w.ENABLED : w.DISABLED;
    }

    public static void a(KeyGenParameterSpec keyGenParameterSpec) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(keyGenParameterSpec);
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            w0.a(f41171a, "Failed to generate key using KeyGenerator", e2);
            throw e2;
        }
    }

    public static void a(p pVar, int i2, boolean z) {
        if ((i2 & 2) > 0) {
            try {
                pVar.c("minkasu2fa_iv");
                c("mk_fingerPrint_key");
            } catch (MKCryptoException e2) {
                if (z) {
                    throw e2;
                }
                return;
            }
        }
        if ((i2 & 4) > 0) {
            pVar.c("minkasu2fa_bm_iv");
            c("mk_biometric_key");
        }
    }

    public static boolean a(Context context, boolean z) {
        Object systemService;
        Object systemService2;
        boolean isHardwareDetected;
        boolean hasEnrolledFingerprints;
        if (w0.d()) {
            systemService = context.getSystemService((Class<Object>) KeyguardManager.class);
            KeyguardManager keyguardManager = (KeyguardManager) systemService;
            systemService2 = context.getSystemService((Class<Object>) FingerprintManager.class);
            FingerprintManager a2 = androidx.core.hardware.fingerprint.j.a(systemService2);
            if (keyguardManager != null && a2 != null) {
                isHardwareDetected = a2.isHardwareDetected();
                if (!isHardwareDetected) {
                    return false;
                }
                if (!keyguardManager.isKeyguardSecure()) {
                    if (z) {
                        Toast.makeText(context, context.getResources().getString(R.string.minkasu2fa_fp_toast_message), 1).show();
                    }
                    return false;
                }
                if (d(context)) {
                    if (z) {
                        Toast.makeText(context, "Fingerprint authentication permission not enabled", 1).show();
                    }
                    return false;
                }
                hasEnrolledFingerprints = a2.hasEnrolledFingerprints();
                if (hasEnrolledFingerprints) {
                    return true;
                }
                if (z) {
                    Toast.makeText(context, context.getResources().getString(R.string.minkasu2fa_fp_toast_message), 1).show();
                }
                return false;
            }
        }
        return false;
    }

    public static boolean a(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.containsAlias(str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new MKCryptoException(f41171a, e2);
        }
    }

    @RequiresApi(api = 23)
    public static boolean a(String str, String str2) {
        return c(str, str2) == null;
    }

    public static boolean a(Cipher cipher, String str, String str2) {
        try {
            SecretKey j2 = j(str);
            if (w0.c(str2)) {
                cipher.init(2, j2, new IvParameterSpec(e0.a(str2)));
                return true;
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new MKCryptoException(f41171a, "Failed to init cipher in decrypt mode", e2);
        } catch (InvalidKeyException unused) {
        }
        return false;
    }

    public static w[] a(Context context, p pVar) {
        w wVar = w.UNKNOWN;
        w[] wVarArr = {wVar, wVar, wVar};
        if (context != null) {
            wVarArr[0] = c(context);
            wVarArr[1] = b(context);
            wVarArr[2] = a(pVar);
        }
        return wVarArr;
    }

    public static Signature b(String str, p pVar) {
        try {
            Signature h2 = h(str);
            if (h2 != null) {
                return h2;
            }
            throw new MKCryptoException(f41171a, "Failed to create signature");
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new MKCryptoException(f41171a, e2);
        }
    }

    @RequiresApi(api = 23)
    public static Cipher b() {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new MKCryptoException(f41171a, "Failed to get an instance of Cipher", e2);
        }
    }

    public static w b(Context context) {
        Object systemService;
        Object systemService2;
        boolean isHardwareDetected;
        boolean hasEnrolledFingerprints;
        if (w0.d()) {
            systemService = context.getSystemService((Class<Object>) KeyguardManager.class);
            KeyguardManager keyguardManager = (KeyguardManager) systemService;
            systemService2 = context.getSystemService((Class<Object>) FingerprintManager.class);
            FingerprintManager a2 = androidx.core.hardware.fingerprint.j.a(systemService2);
            if (keyguardManager != null && a2 != null) {
                if (!keyguardManager.isKeyguardSecure()) {
                    return w.DISABLED;
                }
                if (d(context)) {
                    return w.NO_PERMISSION;
                }
                isHardwareDetected = a2.isHardwareDetected();
                if (isHardwareDetected) {
                    hasEnrolledFingerprints = a2.hasEnrolledFingerprints();
                    if (hasEnrolledFingerprints) {
                        return w.ENABLED;
                    }
                }
                return w.DISABLED;
            }
        }
        return w.UNKNOWN;
    }

    public static boolean b(String str) {
        try {
            return h(str) == null;
        } catch (KeyPermanentlyInvalidatedException unused) {
            return true;
        } catch (IOException e2) {
            e = e2;
            throw new MKCryptoException(f41171a, e);
        } catch (InvalidKeyException e3) {
            e = e3;
            throw new MKCryptoException(f41171a, e);
        } catch (KeyStoreException e4) {
            e = e4;
            throw new MKCryptoException(f41171a, e);
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            throw new MKCryptoException(f41171a, e);
        } catch (UnrecoverableKeyException e6) {
            e = e6;
            throw new MKCryptoException(f41171a, e);
        } catch (CertificateException e7) {
            e = e7;
            throw new MKCryptoException(f41171a, e);
        }
    }

    @RequiresApi(api = 23)
    public static boolean b(String str, String str2) {
        return d(str, str2) == null;
    }

    public static boolean b(Cipher cipher, String str, String str2) {
        try {
            SecretKey j2 = j(str);
            if (!w0.c(str2)) {
                return false;
            }
            cipher.init(2, j2, new GCMParameterSpec(128, e0.a(str2)));
            return true;
        } catch (InvalidAlgorithmParameterException e2) {
            throw new MKCryptoException(f41171a, "Failed to init cipher in decrypt mode", e2);
        } catch (InvalidKeyException unused) {
            return false;
        }
    }

    @RequiresApi(api = 23)
    public static Cipher c(String str, String str2) {
        Cipher a2 = a();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                a(d(str));
            }
            if (a(a2, str, str2)) {
                return a2;
            }
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e2) {
            throw new MKCryptoException(f41171a, "Failed to get instance of Keystore", e2);
        }
    }

    public static w c(Context context) {
        Object systemService;
        boolean isHardwareDetected;
        if (w0.d()) {
            if (d(context)) {
                return w.NO_PERMISSION;
            }
            systemService = context.getSystemService((Class<Object>) FingerprintManager.class);
            FingerprintManager a2 = androidx.core.hardware.fingerprint.j.a(systemService);
            if (a2 != null) {
                isHardwareDetected = a2.isHardwareDetected();
                return isHardwareDetected ? w.ENABLED : w.DISABLED;
            }
        }
        return w.UNKNOWN;
    }

    public static void c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new MKCryptoException(f41171a, "Failed to get an instance of KeyStore", e2);
        }
    }

    public static KeyGenParameterSpec d(String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec build;
        androidx.security.crypto.n.a();
        blockModes = androidx.security.crypto.m.a(str, 3).setBlockModes("CBC");
        encryptionPaddings = blockModes.setEncryptionPaddings("PKCS7Padding");
        userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        build = userAuthenticationRequired.build();
        return build;
    }

    @RequiresApi(api = 23)
    public static Cipher d(String str, String str2) {
        Cipher b2 = b();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                a(e(str));
            }
            if (b(b2, str, str2)) {
                return b2;
            }
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e2) {
            throw new MKCryptoException(f41171a, "Failed to get instance of Keystore", e2);
        }
    }

    @RequiresApi(api = 23)
    public static boolean d(Context context) {
        return ContextCompat.checkSelfPermission(context, "android.permission.USE_FINGERPRINT") != 0;
    }

    public static KeyGenParameterSpec e(String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec build;
        androidx.security.crypto.n.a();
        blockModes = androidx.security.crypto.m.a(str, 3).setBlockModes(CodePackage.GCM);
        encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
        userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        build = userAuthenticationRequired.build();
        return build;
    }

    @RequiresApi(api = 23)
    public static void f(String str) {
        try {
            KeyGenParameterSpec g2 = g(str);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(g2);
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            w0.a(f41171a, "Failed to generate keypair using KeyGenerator", e2);
            throw e2;
        }
    }

    public static KeyGenParameterSpec g(String str) {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec build;
        androidx.security.crypto.n.a();
        digests = androidx.security.crypto.m.a(str, 12).setDigests("SHA-256", MessageDigestAlgorithms.SHA_512);
        signaturePaddings = digests.setSignaturePaddings("PKCS1");
        userAuthenticationRequired = signaturePaddings.setUserAuthenticationRequired(true);
        int i2 = Build.VERSION.SDK_INT;
        if (i2 >= 30) {
            userAuthenticationRequired.setUserAuthenticationParameters(0, 2);
        }
        if (i2 >= 24) {
            userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
        }
        build = userAuthenticationRequired.build();
        return build;
    }

    public static Signature h(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            return null;
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        return signature;
    }

    @NonNull
    public static PublicKey i(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificate(str).getPublicKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new MKCryptoException(f41171a, e2);
        }
    }

    public static SecretKey j(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(str, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new MKCryptoException(f41171a, "Failed to get key from keystore", e2);
        }
    }
}
