package com.truekey.auth.fingerprint;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.Nullable;
import androidx.core.hardware.fingerprint.FingerprintManagerCompat;
import androidx.core.os.CancellationSignal;
import com.jakewharton.rxrelay.a;
import com.truekey.api.v0.crypto.CommonCryptoUtils;
import com.truekey.api.v0.modules.AccountState;
import com.truekey.core.IDVault;
import com.truekey.intel.Constants;
import com.truekey.intel.manager.storage.UserDataSource;
import com.truekey.intel.model.LocalError;
import com.truekey.intel.model.RemoteUser;
import com.truekey.intel.network.response.IdApiAuthenticationResponse;
import com.truekey.intel.tools.CrashlyticsHelper;
import com.truekey.intel.tools.SharedPreferencesHelper;
import com.truekey.utils.StringUtils;
import defpackage.d3;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.Callable;
import javax.security.auth.x500.X500Principal;
import rx.Observable;
import rx.Subscriber;
import rx.android.schedulers.AndroidSchedulers;
import rx.functions.Action0;
import rx.functions.Action1;
import rx.functions.Func1;
import rx.functions.Func2;
import rx.schedulers.Schedulers;

/* loaded from: classes.dex */
public class FingerprintEnrolManager {
    private AccountState accountState;
    private CancellationSignal cancellationSignal;
    private Context context;
    private Locale defaultLocale;
    private int errorCount = 0;
    private a<FingerprintFeedback> feedbackPublisher;
    private IDVault idVault;
    private SharedPreferencesHelper sharedPreferencesHelper;
    private UserDataSource userDataSource;

    /* renamed from: com.truekey.auth.fingerprint.FingerprintEnrolManager$4, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass4 implements Observable.OnSubscribe<Boolean> {
        public AnonymousClass4() {
        }

        @Override // rx.functions.Action1
        public void call(Subscriber<? super Boolean> subscriber) {
            TKFingerprintManager tKFingerprintManager = new TKFingerprintManager(FingerprintEnrolManager.this.context);
            int state = tKFingerprintManager.getState();
            StringBuilder sb = new StringBuilder();
            sb.append("fp state: ");
            sb.append(tKFingerprintManager.getStateAsString());
            FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(5, state));
            if (state != 2) {
                subscriber.onNext(Boolean.FALSE);
                subscriber.onCompleted();
                return;
            }
            try {
                tKFingerprintManager.startEnrolment(FingerprintEnrolManager.this.cancellationSignal, new FingerprintManagerCompat.AuthenticationCallback() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.4.1
                    @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
                    public void onAuthenticationError(int i, CharSequence charSequence) {
                        if (StringUtils.isEmpty(charSequence)) {
                            FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(4, LocalError.ERROR_PROGRAMMATIC_ERROR, i));
                        } else {
                            FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(4, charSequence.toString(), i));
                        }
                    }

                    @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
                    public void onAuthenticationFailed() {
                        int unused = FingerprintEnrolManager.this.errorCount;
                        if (FingerprintEnrolManager.this.errorCount >= 3) {
                            FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 7));
                        } else {
                            FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(2, null, 102));
                        }
                        FingerprintEnrolManager.access$004(FingerprintEnrolManager.this);
                    }

                    @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
                    public void onAuthenticationHelp(int i, CharSequence charSequence) {
                        FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(3, charSequence.toString(), i));
                    }

                    @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
                    public void onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationResult authenticationResult) {
                        FingerprintEnrolManager.this.feedbackPublisher.call(FingerprintFeedback.createFeedback(6));
                        FingerprintEnrolManager.this.cancellationSignal.cancel();
                        FingerprintEnrolManager fingerprintEnrolManager = FingerprintEnrolManager.this;
                        fingerprintEnrolManager.enrollFingerprint(fingerprintEnrolManager.accountState, FingerprintEnrolManager.this.sharedPreferencesHelper, FingerprintEnrolManager.this.userDataSource, FingerprintEnrolManager.this.idVault).observeOn(Schedulers.newThread()).subscribeOn(Schedulers.computation()).subscribe(new Action1<Boolean>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.4.1.1
                            @Override // rx.functions.Action1
                            public void call(Boolean bool) {
                                if (bool.booleanValue()) {
                                    FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(1, 1));
                                } else {
                                    FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(4, 104));
                                }
                            }
                        }, new Action1<Throwable>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.4.1.2
                            @Override // rx.functions.Action1
                            public void call(Throwable th) {
                                th.getMessage();
                                FingerprintEnrolManager.this.feedbackPublisher.call(new FingerprintFeedback(4, 101));
                                CrashlyticsHelper.logException(new IllegalStateException("Error on fp enroll", th));
                            }
                        });
                    }
                });
                subscriber.onNext(Boolean.TRUE);
                subscriber.onCompleted();
            } catch (Exception e) {
                CrashlyticsHelper.logException(e);
                FingerprintEnrolManager.this.feedbackPublisher.call(FingerprintFeedback.createErrorType(104));
            }
        }
    }

    public FingerprintEnrolManager(Context context, IDVault iDVault, AccountState accountState, SharedPreferencesHelper sharedPreferencesHelper, UserDataSource userDataSource) {
        this.idVault = iDVault;
        this.context = context;
        this.userDataSource = userDataSource;
        this.sharedPreferencesHelper = sharedPreferencesHelper;
        this.accountState = accountState;
    }

    public static /* synthetic */ int access$004(FingerprintEnrolManager fingerprintEnrolManager) {
        int i = fingerprintEnrolManager.errorCount + 1;
        fingerprintEnrolManager.errorCount = i;
        return i;
    }

    @TargetApi(23)
    private Observable<String> generateCertificate() {
        this.defaultLocale = Locale.getDefault();
        return Observable.fromCallable(new Callable<String>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.7
            @Override // java.util.concurrent.Callable
            public String call() throws Exception {
                Calendar calendar = Calendar.getInstance(Locale.US);
                Calendar calendar2 = (Calendar) calendar.clone();
                calendar2.add(1, 5);
                String extractUserId = TKFingerprintManager.extractUserId(FingerprintEnrolManager.this.getProfileUid());
                if (StringUtils.isEmpty(extractUserId)) {
                    return null;
                }
                String str = Constants.FP_ALIAS_KEY + extractUserId;
                String str2 = Constants.FP_ALIAS_PUBLIC_KEY + extractUserId;
                X500Principal x500Principal = new X500Principal("CN=localhost, O=Intel Security Inc., C=CA");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", Constants.KEY_STORE);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256").setUserAuthenticationRequired(true).setSignaturePaddings("PKCS1").setKeySize(2048).setCertificateSerialNumber(new BigInteger(Integer.toString(CommonCryptoUtils.getDefaultSecureRandom().nextInt()), 10)).setCertificateSubject(x500Principal).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).build());
                keyPairGenerator.generateKeyPair();
                KeyStore keyStore = KeyStore.getInstance(Constants.KEY_STORE);
                keyStore.load(null);
                Certificate certificate = keyStore.getCertificate(str);
                keyStore.setCertificateEntry(str2, certificate);
                String e = d3.e(certificate.getEncoded());
                StringBuilder sb = new StringBuilder();
                sb.append("Certificate:");
                sb.append(e);
                return e;
            }
        }).retry(new Func2<Integer, Throwable, Boolean>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.6
            @Override // rx.functions.Func2
            public Boolean call(Integer num, Throwable th) {
                if ((th instanceof ProviderException) && (((ProviderException) th).getCause() instanceof IllegalArgumentException) && num.intValue() < 2) {
                    Locale.setDefault(Locale.US);
                    return Boolean.TRUE;
                }
                CrashlyticsHelper.logException(new IllegalStateException("Certificate generation failed", th));
                return Boolean.FALSE;
            }
        }).doOnTerminate(new Action0() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.5
            @Override // rx.functions.Action0
            public void call() {
                Locale.setDefault(FingerprintEnrolManager.this.defaultLocale);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public String getProfileUid() {
        String g = this.accountState.getDashboardInformation().g();
        if (StringUtils.isEmpty(g)) {
            if (this.accountState.getDashboardInformation().i() == null) {
                CrashlyticsHelper.log("ProfileUID not found for certificate, 0");
            } else {
                CrashlyticsHelper.log("ProfileUID not found for certificate: " + this.accountState.getDashboardInformation().i().size());
            }
            RemoteUser findByEmail = this.userDataSource.findByEmail(this.accountState.getCustomerEmail());
            if (findByEmail != null) {
                g = findByEmail.getProfileId();
            } else {
                CrashlyticsHelper.log("ProfileUID not found for certificate, no RU");
            }
        }
        if (StringUtils.isEmpty(g)) {
            CrashlyticsHelper.logException(new IllegalStateException("Unable track user id, no PUID"));
        }
        return g;
    }

    public Observable<Boolean> enrollFingerprint(final AccountState accountState, final SharedPreferencesHelper sharedPreferencesHelper, final UserDataSource userDataSource, final IDVault iDVault) {
        return generateCertificate().flatMap(new Func1<String, Observable<? extends Boolean>>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.1
            @Override // rx.functions.Func1
            public Observable<Boolean> call(String str) {
                if (str != null) {
                    return iDVault.enrollFingerprint(accountState.getCustomerEmail(), sharedPreferencesHelper.getAttributionProperties().getAffiliateId(), accountState.getJwt(), str).observeOn(AndroidSchedulers.mainThread()).subscribeOn(Schedulers.computation()).map(new Func1<IdApiAuthenticationResponse, Boolean>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.1.1
                        @Override // rx.functions.Func1
                        public Boolean call(IdApiAuthenticationResponse idApiAuthenticationResponse) {
                            idApiAuthenticationResponse.getErrorCode();
                            idApiAuthenticationResponse.getErrorDescription();
                            if (idApiAuthenticationResponse.succeeded()) {
                                accountState.getDashboardInformation().p(true);
                                AnonymousClass1 anonymousClass1 = AnonymousClass1.this;
                                RemoteUser findByEmail = userDataSource.findByEmail(accountState.getCustomerEmail());
                                StringBuilder sb = new StringBuilder();
                                sb.append("Succeeded for ");
                                sb.append(findByEmail == null ? "untrusted" : "trusted");
                                sb.append(" user");
                                CrashlyticsHelper.log(sb.toString());
                                if (findByEmail != null) {
                                    findByEmail.setFpAvailable(true);
                                    findByEmail.setFpEnabled(true);
                                    userDataSource.insertOrUpdate(findByEmail);
                                }
                            } else {
                                CrashlyticsHelper.logException(new IllegalStateException("Error while enrolling fp: " + idApiAuthenticationResponse.succeeded() + org.apache.commons.lang3.StringUtils.SPACE + idApiAuthenticationResponse.getErrorCode() + org.apache.commons.lang3.StringUtils.SPACE + idApiAuthenticationResponse.getErrorDescription()));
                            }
                            iDVault.reloadDashboard(true);
                            return Boolean.valueOf(idApiAuthenticationResponse.succeeded());
                        }
                    });
                }
                CrashlyticsHelper.logException(new IllegalStateException("Unable to enroll fingerprint, certificate creation failed"));
                return Observable.just(Boolean.FALSE);
            }
        });
    }

    @TargetApi(23)
    public Observable<FingerprintFeedback> startListeningForEnrollment() {
        this.feedbackPublisher = a.a();
        this.cancellationSignal = new CancellationSignal();
        Observable.create(new AnonymousClass4()).onErrorReturn(new Func1<Throwable, Boolean>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.3
            @Override // rx.functions.Func1
            public Boolean call(Throwable th) {
                int unused = FingerprintEnrolManager.this.errorCount;
                FingerprintEnrolManager.this.feedbackPublisher.call(FingerprintFeedback.createErrorType(103));
                CrashlyticsHelper.logException(th);
                return Boolean.FALSE;
            }
        }).subscribeOn(Schedulers.computation()).subscribe(new Action1<Boolean>() { // from class: com.truekey.auth.fingerprint.FingerprintEnrolManager.2
            @Override // rx.functions.Action1
            public void call(Boolean bool) {
            }
        });
        return this.feedbackPublisher;
    }

    public void stopListening() {
        CancellationSignal cancellationSignal = this.cancellationSignal;
        if (cancellationSignal == null || cancellationSignal.isCanceled()) {
            return;
        }
        this.cancellationSignal.cancel();
    }
}
