package oracle.idm.mobile.auth.local;

import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.sql.Types;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.OMSecurityConstants;
import oracle.idm.mobile.crypto.Base64;
import oracle.idm.mobile.crypto.OMInvalidKeyException;
import oracle.idm.mobile.crypto.OMKeyManager;
import oracle.idm.mobile.crypto.OMKeyManagerException;
import oracle.idm.mobile.crypto.OMKeyStore;
import oracle.idm.mobile.crypto.OMSecureStorageService;
import oracle.idm.mobile.logging.OMLog;

/* loaded from: classes.dex */
public class OMPinAuthenticator implements OMAuthenticator {
    private static final String TAG = "OMPinAuthenticator";
    protected OMAuthenticationPolicy authenticationPolicy;
    protected String authenticatorId;
    protected Context context;
    private Key kek;
    protected OMKeyStore keyStore;
    protected OMKeyStore oldKeyStore;
    protected boolean authenticated = false;
    protected boolean initialized = false;

    private void doSetAuthData(String str, byte[] bArr) throws OMAuthenticationManagerException {
        try {
            this.kek = getKeyFromPin(str, bArr);
            if (OMSecurityConstants.DEBUG) {
                OMLog.trace(TAG, "**** Inside doSetAuthData: kek = " + Base64.encode(this.kek.getEncoded()));
            }
            OMKeyManager oMKeyManager = new OMKeyManager(this.context);
            try {
                this.keyStore = oMKeyManager.getKeyStore(this.authenticatorId, this.kek.getEncoded());
            } catch (OMInvalidKeyException e) {
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, "Invalid key. The given key is not valid to decrypt the encrypted data.", e);
            } catch (OMKeyManagerException unused) {
            }
            if (this.keyStore == null) {
                this.keyStore = oMKeyManager.createKeyStore(this.authenticatorId, this.kek.getEncoded());
                this.keyStore.createKey(this.authenticatorId, true);
            }
            if (this.oldKeyStore != null) {
                this.keyStore.copyKeysFrom(this.oldKeyStore);
            }
            OMSecureStorageService oMSecureStorageService = new OMSecureStorageService(this.context, this.keyStore, this.authenticatorId);
            String sharedPreferencesKeyForPinValidationData = getSharedPreferencesKeyForPinValidationData();
            String randomString = getRandomString();
            oMSecureStorageService.store(sharedPreferencesKeyForPinValidationData, randomString);
            getSharedPreferences().edit().putString(sharedPreferencesKeyForPinValidationData, randomString).putString(getSharedPreferencesKeyForSalt(), Base64.encode(bArr)).commit();
        } catch (Exception e2) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e2.getMessage(), e2);
        }
    }

    private void ensureInitialized() throws OMAuthenticationManagerException {
        if (!isInitialized()) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Authenticator is not initialized. Did you call initialize() method?");
        }
    }

    private String getRandomString() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return Base64.encode(bArr);
    }

    private byte[] getSalt() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public boolean authenticate(OMAuthData oMAuthData) throws OMAuthenticationManagerException {
        if (!this.initialized) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Authenticator not yet initialized.");
        }
        if (oMAuthData == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "authData not set");
        }
        if (!(oMAuthData.getData() instanceof String)) {
            String name = oMAuthData.getData().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        }
        String str = (String) oMAuthData.getData();
        byte[] decode = Base64.decode(getSharedPreferences().getString(getSharedPreferencesKeyForSalt(), null));
        if (decode == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "No salt.");
        }
        try {
            Key keyFromPin = getKeyFromPin(str, decode);
            if (OMSecurityConstants.DEBUG) {
                OMLog.trace(TAG, "**** Inside authenticate: KEK = " + Base64.encode(keyFromPin.getEncoded()));
            }
            OMKeyStore keyStore = new OMKeyManager(this.context).getKeyStore(this.authenticatorId, keyFromPin.getEncoded());
            OMSecureStorageService oMSecureStorageService = new OMSecureStorageService(this.context, keyStore, this.authenticatorId);
            String sharedPreferencesKeyForPinValidationData = getSharedPreferencesKeyForPinValidationData();
            String string = getSharedPreferences().getString(sharedPreferencesKeyForPinValidationData, null);
            String str2 = (String) oMSecureStorageService.get(sharedPreferencesKeyForPinValidationData);
            if (string == null || !string.equals(str2)) {
                return false;
            }
            this.authenticated = true;
            this.kek = keyFromPin;
            this.keyStore = keyStore;
            return true;
        } catch (Exception e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
        }
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void copyKeysFrom(OMKeyStore oMKeyStore) {
        this.oldKeyStore = oMKeyStore;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void deleteAuthData() throws OMKeyManagerException, OMAuthenticationManagerException {
        if (!this.authenticated) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Not authenticated");
        }
        new OMKeyManager(this.context).deleteKeyStore(this.authenticatorId, this.kek.getEncoded());
        getSharedPreferences().edit().remove(getSharedPreferencesKeyForPinValidationData()).remove(getSharedPreferencesKeyForSalt()).commit();
        invalidate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key getKeyFromPin(String str, byte[] bArr) throws OMAuthenticationManagerException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, Types.JAVA_OBJECT, 256));
            OMLog.debug("getKeyFromPin", "getKeyFromPin took:  " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            return generateSecret;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
        }
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public OMKeyStore getKeyStore() {
        return this.keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SharedPreferences getSharedPreferences() {
        return this.context.getSharedPreferences(OMPinAuthenticator.class.getSimpleName(), 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSharedPreferencesKeyForPinValidationData() {
        return this.authenticatorId + "_validation_data";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSharedPreferencesKeyForSalt() {
        return this.authenticatorId + "_salt";
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void initialize(Context context, String str, OMAuthenticationPolicy oMAuthenticationPolicy) throws OMAuthenticationManagerException {
        if (this.initialized) {
            return;
        }
        if (TextUtils.isEmpty(str)) {
            throw new NullPointerException("authenticatorId");
        }
        this.authenticatorId = str;
        this.authenticationPolicy = oMAuthenticationPolicy;
        this.context = context;
        this.initialized = true;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void invalidate() {
        this.initialized = false;
        this.authenticated = false;
        this.keyStore = null;
        this.oldKeyStore = null;
        this.kek = null;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public boolean isAuthDataSet() {
        if (this.context == null) {
            return false;
        }
        return getSharedPreferences().getString(getSharedPreferencesKeyForPinValidationData(), null) != null;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public boolean isAuthenticated() {
        return this.authenticated;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public boolean isInitialized() {
        return this.initialized;
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void setAuthData(OMAuthData oMAuthData) throws OMAuthenticationManagerException {
        if (oMAuthData == null) {
            throw new NullPointerException("authData");
        }
        if (oMAuthData.getData() == null) {
            throw new NullPointerException("authData.getData()");
        }
        if (oMAuthData.getData() instanceof String) {
            String str = (String) oMAuthData.getData();
            String string = getSharedPreferences().getString(getSharedPreferencesKeyForSalt(), null);
            doSetAuthData(str, string == null ? getSalt() : Base64.decode(string));
        } else {
            String name = oMAuthData.getData().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        }
    }

    @Override // oracle.idm.mobile.auth.local.OMAuthenticator
    public void updateAuthData(OMAuthData oMAuthData, OMAuthData oMAuthData2) throws OMKeyManagerException, OMAuthenticationManagerException {
        try {
            if (!authenticate(oMAuthData)) {
                throw new OMAuthenticationManagerException(OMErrorCode.INCORRECT_CURRENT_AUTHDATA, "Cannot authenticate using currentAuthData");
            }
            if (oMAuthData2 == null) {
                throw new NullPointerException("newAuthData");
            }
            if (oMAuthData2.getData() == null) {
                throw new NullPointerException("newAuthData.getData()");
            }
            if (oMAuthData2.getData() instanceof String) {
                String str = (String) oMAuthData2.getData();
                byte[] salt = getSalt();
                new OMKeyManager(this.context).updateEncryptionKey(this.authenticatorId, this.kek.getEncoded(), getKeyFromPin(str, salt).getEncoded());
                doSetAuthData(str, salt);
                return;
            }
            String name = oMAuthData2.getData().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        } catch (OMAuthenticationManagerException e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INCORRECT_CURRENT_AUTHDATA, "Cannot authenticate using currentAuthData", e);
        }
    }
}
