package com.truekey.auth.fingerprint;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.UserNotAuthenticatedException;
import androidx.core.hardware.fingerprint.FingerprintManagerCompat;
import androidx.core.os.CancellationSignal;
import com.google.gson.Gson;
import com.jakewharton.rxrelay.PublishRelay;
import com.jakewharton.rxrelay.a;
import com.truekey.api.v0.crypto.CommonCryptoUtils;
import com.truekey.auth.FactorManager;
import com.truekey.auth.fingerprint.FingerprintFactorResponse;
import com.truekey.intel.Constants;
import com.truekey.intel.analytics.Props;
import com.truekey.intel.analytics.StatHelper;
import com.truekey.intel.manager.IDAPIManager;
import com.truekey.intel.metrics.Events;
import com.truekey.intel.metrics.Properties;
import com.truekey.intel.model.AuthenticationData;
import com.truekey.intel.model.LocalError;
import com.truekey.intel.model.Operation;
import com.truekey.intel.network.response.AuthenticationResponse;
import com.truekey.intel.network.response.GeneralAuthenticationResponse;
import com.truekey.intel.network.response.IdApiAuthenticationResponse;
import com.truekey.intel.network.response.RemoteError;
import com.truekey.intel.network.response.SessionAuthResponse;
import com.truekey.intel.tools.CrashlyticsHelper;
import com.truekey.utils.StringUtils;
import defpackage.cm;
import defpackage.r30;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import rx.Observable;
import rx.Single;
import rx.SingleSubscriber;
import rx.Subscription;
import rx.functions.Action1;
import rx.functions.Func1;
import rx.schedulers.Schedulers;

/* loaded from: classes.dex */
public class FingerprintAuthenticationManager extends FactorManager<FingerprintFactorResponse> {
    public static final String CLAIM_AUDIENCE = "aud";
    public static final String CLAIM_CLIENT_ID_DATA = "cid";
    public static final String CLAIM_EMAIL = "email";
    public static final String CLAIM_EXP = "exp";
    public static final String CLAIM_ID = "jti";
    public static final String CLAIM_ISSUED_AT = "iat";
    public static final String CLAIM_ISSUER = "iss";
    public static final String CLAIM_NOT_BEFORE = "nbf";
    public static final String CLAIM_SUBJECT = "sub";
    public static final String CLAIM_TYPE = "typ";
    public static final String CLAIM_TYPE_VALUE = "application/fptruekeyclient";
    public static final String CLAIM_UNIQUE_NAME = "unique_name";
    public static final String CLAIM_VALUE_UNIQUE_NAME_PREFIX = "Intel_Security_TrueKey_Client_";
    private static final String DEBUG_FP_AUTH_FAILED = "Debug: fingerprint hw authentication failed";
    private static final String DEBUG_FP_AUTH_HELP = "Debug: fingerprint hw authentication prompted help";
    private static final String DEBUG_FP_AUTH_SUCCEEDED = "Debug: fingerprint hw authentication prompted succeeded";
    private static final String DEBUG_FP_AUTH_USER_ERROR = "Debug: user profile uid could not identify fp";
    private static final String DEBUG_FP_TIMEOUT = "Debug: fingerprint timed out";
    public static final String FP_CLAIM_VALUE_TK_AUDIENCE = "https://truekeyapi.intelsecurity.com";
    public static final String HEADER_ALGORITHM = "alg";
    public static final String HEADER_ALGORITHM_VALUE_RSA_SHA256 = "RS256";
    public static final String HEADER_TYPE = "typ";
    public static final String HEADER_TYPE_VALUE_JWT = "JWT";
    private static final String PROP_ATTEMPTS = "attempts";
    public static final String SIGNATURE_ALGORITHM_SHA_256_WITH_RSA = "SHA256withRSA";
    public static final String SOFTWARE_TIMEOUT = "software_timeout";
    public int attemptCount;
    private final AuthenticationData authenticationData;
    public a<AuthenticationResponse> authenticationResponsePublisher;
    public Operation currentOperation;
    private PublishRelay<FingerprintFeedback> feedbackPublisher;
    private final TKFingerprintManager fingerprintManager;
    private FingerprintManagerCompat.AuthenticationCallback fpAuthenticationCallback;
    private CancellationSignal fpCancellationSignal;
    public a<FingerprintFactorResponse> fpResultPublisher;
    private final IDAPIManager idapiManager;
    private String oAuthTransactionId;
    private final StatHelper statHelper;
    private Subscription timeoutTimerSubscription;

    /* renamed from: com.truekey.auth.fingerprint.FingerprintAuthenticationManager$11, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass11 {
        public static final /* synthetic */ int[] $SwitchMap$com$truekey$auth$fingerprint$FingerprintAuthenticationManager$AuthenticationState;

        static {
            int[] iArr = new int[AuthenticationState.values().length];
            $SwitchMap$com$truekey$auth$fingerprint$FingerprintAuthenticationManager$AuthenticationState = iArr;
            try {
                iArr[AuthenticationState.VALID.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$truekey$auth$fingerprint$FingerprintAuthenticationManager$AuthenticationState[AuthenticationState.ERROR_KEY_STORE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$truekey$auth$fingerprint$FingerprintAuthenticationManager$AuthenticationState[AuthenticationState.ERROR_FINGERPRINT_REMOVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum AuthenticationState {
        ERROR_FINGERPRINT_REMOVED,
        ERROR_KEY_STORE,
        ERROR_SESSION_AUTH_FAILED,
        VALID
    }

    /* loaded from: classes.dex */
    public class FpAuthenticationCallback extends FingerprintManagerCompat.AuthenticationCallback {
        private FpAuthenticationCallback() {
        }

        @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
        public void onAuthenticationError(int i, CharSequence charSequence) {
            if (i != 5) {
                FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, charSequence.toString(), i));
            }
            FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_FAILED, new Props(Properties.PROP_ERROR_MESSAGE, charSequence, Properties.PROP_ERROR_CODE, Integer.valueOf(i)));
        }

        @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
        public void onAuthenticationFailed() {
            int i = FingerprintAuthenticationManager.this.attemptCount;
            FingerprintAuthenticationManager fingerprintAuthenticationManager = FingerprintAuthenticationManager.this;
            if (fingerprintAuthenticationManager.attemptCount >= 3) {
                fingerprintAuthenticationManager.cancelIfActive();
                FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_FAILED, new Props(Properties.PROP_ERROR_MESSAGE, "Fp authentication failed", Properties.PROP_ERROR_CODE, 7, FingerprintAuthenticationManager.PROP_ATTEMPTS, Integer.valueOf(FingerprintAuthenticationManager.this.attemptCount)));
                FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 7));
            } else {
                fingerprintAuthenticationManager.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_FAILED, new Props(Properties.PROP_ERROR_MESSAGE, "Fp authentication failed", Properties.PROP_ERROR_CODE, 102));
                FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(2, null, 102));
            }
            FingerprintAuthenticationManager.this.attemptCount++;
        }

        @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
        public void onAuthenticationHelp(int i, CharSequence charSequence) {
            FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(3, charSequence.toString(), i));
            FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_HELP, new Props(Properties.PROP_ERROR_MESSAGE, charSequence, Properties.PROP_ERROR_CODE, Integer.valueOf(i)));
        }

        @Override // androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
        public void onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationResult authenticationResult) {
            FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_SUCCEEDED);
            if (FingerprintAuthenticationManager.this.timeoutTimerSubscription == null || FingerprintAuthenticationManager.this.fpCancellationSignal == null) {
                return;
            }
            FingerprintAuthenticationManager.this.triggerIdApiAuthentication(authenticationResult);
        }
    }

    public FingerprintAuthenticationManager(Context context, AuthenticationData authenticationData, StatHelper statHelper, IDAPIManager iDAPIManager) {
        this.serverErrorPublisher = a.a();
        a<FingerprintFactorResponse> a = a.a();
        this.fpResultPublisher = a;
        a.onBackpressureLatest();
        this.authenticationData = authenticationData;
        this.statHelper = statHelper;
        this.idapiManager = iDAPIManager;
        this.authenticationResponsePublisher = a.a();
        this.feedbackPublisher = PublishRelay.create();
        this.fpAuthenticationCallback = new FpAuthenticationCallback();
        this.fingerprintManager = new TKFingerprintManager(context);
        this.currentOperation = StringUtils.isEmpty(authenticationData.getOauthTransId()) ? Operation.OPERATION_MATCH : Operation.OPERATION_2ND_FACTOR_MATCH;
        this.attemptCount = 1;
    }

    private Action1<? super AuthenticationState> authenticationStateHandler() {
        return new Action1<AuthenticationState>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.7
            @Override // rx.functions.Action1
            public void call(AuthenticationState authenticationState) {
                int i = AnonymousClass11.$SwitchMap$com$truekey$auth$fingerprint$FingerprintAuthenticationManager$AuthenticationState[authenticationState.ordinal()];
                if (i == 1) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.HW_LAUNCHED));
                } else if (i == 2 || i == 3) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
                    FingerprintAuthenticationManager.this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                }
            }
        };
    }

    private void confirmFingerprintAuthentication(String str) {
        this.idapiManager.authenticateWithFingerprint(this.authenticationData.getEmail(), str, this.authenticationData).observeOn(Schedulers.newThread()).subscribeOn(Schedulers.computation()).subscribe(new Action1<IdApiAuthenticationResponse>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.8
            @Override // rx.functions.Action1
            public void call(IdApiAuthenticationResponse idApiAuthenticationResponse) {
                if (idApiAuthenticationResponse == null) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
                    CrashlyticsHelper.logException(new IllegalStateException("Null response from backend, unable to proceed"));
                    FingerprintAuthenticationManager.this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.ERROR_DURING_REQUEST, "No valid response from backend");
                    FingerprintAuthenticationManager.this.publishErrorResult(new GeneralAuthenticationResponse(LocalError.ERROR_DURING_REQUEST));
                    return;
                }
                idApiAuthenticationResponse.getErrorCode();
                idApiAuthenticationResponse.succeeded();
                if (idApiAuthenticationResponse.succeeded()) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.SUCCESS));
                    FingerprintAuthenticationManager.this.publishSuccessResult(idApiAuthenticationResponse);
                    return;
                }
                if (RemoteError.INVALID_PROFILE_CREDENTIALS_PASSWORD.equals(idApiAuthenticationResponse.getErrorCode())) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
                    FingerprintAuthenticationManager.this.statHelper.postAttemptedLoginStepFailed("fingerprint", idApiAuthenticationResponse.getErrorCode());
                    CrashlyticsHelper.logException(new IllegalStateException("Fp removed, unable to confirm(E3002)"));
                    return;
                }
                FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
                CrashlyticsHelper.logException(new IllegalStateException("Fp removed, unable to confirm (" + idApiAuthenticationResponse.getErrorCode() + ", " + idApiAuthenticationResponse.getErrorDescription() + ")"));
                FingerprintAuthenticationManager.this.statHelper.postAttemptedLoginStepFailed("fingerprint", idApiAuthenticationResponse.getErrorCode(), idApiAuthenticationResponse.getErrorDescription());
                FingerprintAuthenticationManager.this.publishErrorResult(new GeneralAuthenticationResponse(idApiAuthenticationResponse.getErrorCode()));
            }
        }, new Action1<Throwable>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.9
            @Override // rx.functions.Action1
            public void call(Throwable th) {
            }
        });
    }

    public static String generateUnsignedJwt(String str, String str2, String str3, String str4) {
        HashMap hashMap = new HashMap();
        hashMap.put(HEADER_ALGORITHM, HEADER_ALGORITHM_VALUE_RSA_SHA256);
        hashMap.put("typ", HEADER_TYPE_VALUE_JWT);
        HashMap hashMap2 = new HashMap();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(12, 15);
        hashMap2.put(CLAIM_ISSUED_AT, Long.valueOf(calendar.getTimeInMillis() / 1000));
        hashMap2.put(CLAIM_AUDIENCE, FP_CLAIM_VALUE_TK_AUDIENCE);
        hashMap2.put(CLAIM_EXP, Long.valueOf(calendar2.getTimeInMillis() / 1000));
        hashMap2.put(CLAIM_NOT_BEFORE, Long.valueOf(calendar.getTimeInMillis() / 1000));
        hashMap2.put(CLAIM_ID, str2);
        hashMap2.put(CLAIM_SUBJECT, str4);
        hashMap2.put(CLAIM_ISSUER, CLAIM_VALUE_UNIQUE_NAME_PREFIX + str3);
        hashMap2.put("typ", CLAIM_TYPE_VALUE);
        hashMap2.put("email", str);
        hashMap2.put(CLAIM_CLIENT_ID_DATA, str3);
        hashMap2.put(CLAIM_UNIQUE_NAME, CLAIM_VALUE_UNIQUE_NAME_PREFIX + str3);
        StringBuilder sb = new StringBuilder();
        r30 r30Var = r30.b;
        Gson gson = cm.d;
        sb.append(r30Var.a(CommonCryptoUtils.getBytesFromString(gson.toJson(hashMap))));
        sb.append(".");
        sb.append(r30Var.a(CommonCryptoUtils.getBytesFromString(gson.toJson(hashMap2))));
        return sb.toString();
    }

    private Action1<Long> handleAuthenticationTimeout() {
        return new Action1<Long>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.6
            @Override // rx.functions.Action1
            public void call(Long l) {
                FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_TIMEOUT, new Props(FingerprintAuthenticationManager.PROP_ATTEMPTS, Integer.valueOf(FingerprintAuthenticationManager.this.attemptCount - 1)));
                FingerprintAuthenticationManager fingerprintAuthenticationManager = FingerprintAuthenticationManager.this;
                if (fingerprintAuthenticationManager.attemptCount >= 3) {
                    fingerprintAuthenticationManager.cancelIfActive();
                    FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 7));
                    FingerprintAuthenticationManager.this.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_FAILED, new Props(Properties.PROP_ERROR_MESSAGE, "Fp authentication timed out max", Properties.PROP_ERROR_CODE, 7, FingerprintAuthenticationManager.PROP_ATTEMPTS, Integer.valueOf(FingerprintAuthenticationManager.this.attemptCount)));
                } else {
                    fingerprintAuthenticationManager.statHelper.postSimpleSignal(FingerprintAuthenticationManager.DEBUG_FP_AUTH_FAILED, new Props(Properties.PROP_ERROR_MESSAGE, "Fp authentication timed out", Properties.PROP_ERROR_CODE, 3, FingerprintAuthenticationManager.PROP_ATTEMPTS, Integer.valueOf(FingerprintAuthenticationManager.this.attemptCount)));
                    FingerprintAuthenticationManager.this.fpAuthenticationCallback.onAuthenticationError(3, FingerprintAuthenticationManager.SOFTWARE_TIMEOUT);
                    FingerprintAuthenticationManager.this.cancelIfActive();
                }
                FingerprintAuthenticationManager.this.attemptCount++;
            }
        };
    }

    private boolean launchFingerprintAuthentication() {
        String oauthTransId = this.authenticationData.getOauthTransId();
        if (StringUtils.isEmpty(oauthTransId)) {
            oauthTransId = this.oAuthTransactionId;
        }
        if (this.fingerprintManager.getState() != 2) {
            this.fingerprintManager.getStateAsString();
            this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
            this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            return false;
        }
        this.timeoutTimerSubscription = Observable.timer(Constants.AUTH_FACTOR_TIMEOUT, TimeUnit.MILLISECONDS).observeOn(Schedulers.newThread()).subscribe(handleAuthenticationTimeout(), new Action1<Throwable>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.1
            @Override // rx.functions.Action1
            public void call(Throwable th) {
            }
        });
        if (StringUtils.isEmpty(oauthTransId)) {
            this.idapiManager.startSessionAuth(this.authenticationData.getEmail(), this.authenticationData.getAffId(), this.authenticationData.isTablet(), this.authenticationData.getClientId(), this.authenticationData.getCulture()).flatMap(new Func1<SessionAuthResponse, Single<AuthenticationState>>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.4
                @Override // rx.functions.Func1
                public Single<AuthenticationState> call(SessionAuthResponse sessionAuthResponse) {
                    sessionAuthResponse.succeeded();
                    if (sessionAuthResponse.succeeded()) {
                        FingerprintAuthenticationManager.this.authenticationData.setOauthTransId(sessionAuthResponse.getOAuthTransId());
                        FingerprintAuthenticationManager fingerprintAuthenticationManager = FingerprintAuthenticationManager.this;
                        return fingerprintAuthenticationManager.startListeningForAuthentication(fingerprintAuthenticationManager.fpAuthenticationCallback);
                    }
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
                    FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 101));
                    FingerprintAuthenticationManager.this.publishErrorResult(new GeneralAuthenticationResponse(sessionAuthResponse.getErrorCode()));
                    return Single.just(AuthenticationState.ERROR_SESSION_AUTH_FAILED);
                }
            }).observeOn(Schedulers.newThread()).subscribeOn(Schedulers.io()).subscribe(new Action1<AuthenticationState>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.2
                @Override // rx.functions.Action1
                public void call(AuthenticationState authenticationState) {
                    if (authenticationState == AuthenticationState.VALID) {
                        FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.HW_LAUNCHED));
                    } else {
                        FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
                        FingerprintAuthenticationManager.this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                    }
                }
            }, new Action1<Throwable>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.3
                @Override // rx.functions.Action1
                public void call(Throwable th) {
                    FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
                    FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 101));
                    FingerprintAuthenticationManager.this.publishErrorResult(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
                }
            });
            return true;
        }
        startListeningForAuthentication(this.fpAuthenticationCallback).subscribe(authenticationStateHandler(), new Action1<Throwable>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.5
            @Override // rx.functions.Action1
            public void call(Throwable th) {
                FingerprintAuthenticationManager.this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
                FingerprintAuthenticationManager.this.feedbackPublisher.call(new FingerprintFeedback(4, null, 101));
                FingerprintAuthenticationManager.this.publishErrorResult(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
            }
        });
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void triggerIdApiAuthentication(FingerprintManagerCompat.AuthenticationResult authenticationResult) {
        try {
            this.authenticationData.getProfileUid();
            String fetchTkDeviceId = this.idapiManager.fetchTkDeviceId();
            String extractUserId = TKFingerprintManager.extractUserId(this.authenticationData.getProfileUid());
            if (StringUtils.isEmpty(extractUserId)) {
                this.statHelper.postSimpleSignal(DEBUG_FP_AUTH_USER_ERROR);
                this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
                this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            } else {
                String str = Constants.FP_ALIAS_PUBLIC_KEY + extractUserId;
                String generateUnsignedJwt = generateUnsignedJwt(this.authenticationData.getEmail(), this.authenticationData.getOauthTransId(), fetchTkDeviceId, this.authenticationData.getProfileUid());
                Signature signature = authenticationResult.getCryptoObject().getSignature();
                byte[] bytesFromString = CommonCryptoUtils.getBytesFromString(generateUnsignedJwt);
                signature.update(bytesFromString);
                byte[] sign = signature.sign();
                String a = r30.b.a(sign);
                KeyStore keyStore = KeyStore.getInstance(Constants.KEY_STORE);
                keyStore.load(null);
                Certificate certificate = keyStore.getCertificate(str);
                Signature signature2 = Signature.getInstance(SIGNATURE_ALGORITHM_SHA_256_WITH_RSA);
                signature2.initVerify(certificate);
                signature2.update(bytesFromString);
                if (signature2.verify(sign)) {
                    confirmFingerprintAuthentication(generateUnsignedJwt + "." + a);
                } else {
                    this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
                    this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                    CrashlyticsHelper.logException(new IllegalStateException("Signature not validated before fp authentication request"));
                }
            }
        } catch (KeyStoreException e) {
            e = e;
            this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
            this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            CrashlyticsHelper.logException(new IllegalStateException("Signature not validated before fp authentication request", e));
        } catch (SignatureException e2) {
            e = e2;
            this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.FP_REMOVED));
            this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            CrashlyticsHelper.logException(new IllegalStateException("Signature not validated before fp authentication request", e));
        } catch (Exception e3) {
            this.fpResultPublisher.call(FingerprintFactorResponse.create(FingerprintFactorResponse.Type.ERROR));
            this.statHelper.postAttemptedLoginStepFailed("fingerprint", LocalError.ERROR_PROGRAMMATIC_ERROR);
            CrashlyticsHelper.logException(new IllegalStateException("Unable to create jwt based on the provided cert", e3));
            publishErrorResult(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
        }
    }

    public void cancelIfActive() {
        CancellationSignal cancellationSignal = this.fpCancellationSignal;
        if (cancellationSignal != null) {
            cancellationSignal.isCanceled();
        }
        CancellationSignal cancellationSignal2 = this.fpCancellationSignal;
        if (cancellationSignal2 == null || cancellationSignal2.isCanceled()) {
            return;
        }
        this.fpCancellationSignal.cancel();
        Subscription subscription = this.timeoutTimerSubscription;
        if (subscription == null || !subscription.isUnsubscribed()) {
            return;
        }
        this.timeoutTimerSubscription.unsubscribe();
        this.timeoutTimerSubscription = null;
    }

    public Operation getCurrentOperation() {
        return this.currentOperation;
    }

    public boolean isCanceled() {
        CancellationSignal cancellationSignal = this.fpCancellationSignal;
        return cancellationSignal != null && cancellationSignal.isCanceled();
    }

    @Override // com.truekey.auth.FactorManager
    public a<FingerprintFactorResponse> provideFactorManagerResponsePublisher() {
        return this.fpResultPublisher;
    }

    public PublishRelay<FingerprintFeedback> provideFingerprintFeedback() {
        return this.feedbackPublisher;
    }

    @Override // com.truekey.auth.FactorManager
    public void publishErrorResult(AuthenticationResponse authenticationResponse) {
        Subscription subscription = this.timeoutTimerSubscription;
        if (subscription != null && !subscription.isUnsubscribed()) {
            this.timeoutTimerSubscription.unsubscribe();
            this.timeoutTimerSubscription = null;
        }
        this.authenticationResponsePublisher.call(authenticationResponse);
    }

    @Override // com.truekey.auth.FactorManager
    public void publishSuccessResult(AuthenticationResponse authenticationResponse) {
        Subscription subscription = this.timeoutTimerSubscription;
        if (subscription != null && !subscription.isUnsubscribed()) {
            this.timeoutTimerSubscription.unsubscribe();
            this.timeoutTimerSubscription = null;
        }
        this.statHelper.postAttemptedLoginStepSuccess("fingerprint");
        this.authenticationResponsePublisher.call(authenticationResponse);
    }

    public a<FingerprintFactorResponse> restartFlow() {
        a<FingerprintFactorResponse> a = a.a();
        this.fpResultPublisher = a;
        a.onBackpressureLatest();
        launchFingerprintAuthentication();
        return this.fpResultPublisher;
    }

    @Override // com.truekey.auth.FactorManager
    public Observable<AuthenticationResponse> startFlow() {
        this.attemptCount = 1;
        this.statHelper.postInitiatedLoginStep("fingerprint");
        this.oAuthTransactionId = this.authenticationData.getOauthTransId();
        launchFingerprintAuthentication();
        return this.authenticationResponsePublisher;
    }

    public Single<AuthenticationState> startListeningForAuthentication(final FingerprintManagerCompat.AuthenticationCallback authenticationCallback) {
        this.authenticationData.getProfileUid();
        return Single.create(new Single.OnSubscribe<AuthenticationState>() { // from class: com.truekey.auth.fingerprint.FingerprintAuthenticationManager.10
            @Override // rx.functions.Action1
            @TargetApi(23)
            public void call(SingleSubscriber<? super AuthenticationState> singleSubscriber) {
                try {
                    FingerprintAuthenticationManager.this.fpCancellationSignal = new CancellationSignal();
                    KeyStore keyStore = KeyStore.getInstance(Constants.KEY_STORE);
                    keyStore.load(null);
                    StringBuilder sb = new StringBuilder();
                    sb.append("Profile UID: ");
                    sb.append(FingerprintAuthenticationManager.this.authenticationData.getProfileUid());
                    String extractUserId = TKFingerprintManager.extractUserId(FingerprintAuthenticationManager.this.authenticationData.getProfileUid());
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("User id: ");
                    sb2.append(extractUserId);
                    if (StringUtils.isEmpty(extractUserId)) {
                        FingerprintAuthenticationManager.this.authenticationData.getProfileUid();
                        singleSubscriber.onSuccess(AuthenticationState.ERROR_FINGERPRINT_REMOVED);
                    } else {
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey(Constants.FP_ALIAS_KEY + extractUserId, null);
                        Signature signature = Signature.getInstance(FingerprintAuthenticationManager.SIGNATURE_ALGORITHM_SHA_256_WITH_RSA);
                        signature.initSign(privateKey);
                        FingerprintAuthenticationManager.this.fingerprintManager.startAuthentication(new FingerprintManagerCompat.CryptoObject(signature), FingerprintAuthenticationManager.this.fpCancellationSignal, authenticationCallback);
                        singleSubscriber.onSuccess(AuthenticationState.VALID);
                    }
                } catch (UserNotAuthenticatedException e) {
                    e = e;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_FINGERPRINT_REMOVED);
                } catch (IOException e2) {
                    e = e2;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_KEY_STORE);
                } catch (NullPointerException e3) {
                    e = e3;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_FINGERPRINT_REMOVED);
                } catch (InvalidKeyException e4) {
                    e = e4;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_KEY_STORE);
                } catch (KeyStoreException e5) {
                    e = e5;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_FINGERPRINT_REMOVED);
                } catch (NoSuchAlgorithmException e6) {
                    e = e6;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_KEY_STORE);
                } catch (UnrecoverableKeyException e7) {
                    e = e7;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_FINGERPRINT_REMOVED);
                } catch (CertificateException e8) {
                    e = e8;
                    CrashlyticsHelper.logException(e);
                    singleSubscriber.onSuccess(AuthenticationState.ERROR_KEY_STORE);
                }
            }
        });
    }

    public void trackUseMasterPassword(boolean z) {
        this.statHelper.postAuthSignal(Events.EVENT_CHANGED_LOGIN_FACTOR, new Props(Properties.PROP_FROM_FACTOR_TYPE, "fingerprint", Properties.PROP_TO_FACTOR_TYPE, "master_password"));
    }
}
