package oracle.idm.mobile.auth.local;

import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.preference.PreferenceManager;
import android.text.TextUtils;
import android.util.Log;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.crypto.OMKeyManagerException;
import oracle.idm.mobile.crypto.OMKeyStore;
import oracle.idm.mobile.crypto.OMSecureStorageException;

/* loaded from: classes.dex */
public class OMFingerprintAuthenticator implements f {

    /* renamed from: a, reason: collision with root package name */
    private static final String f2559a = "OMFingerprintAuthenticator";

    /* renamed from: b, reason: collision with root package name */
    private String f2560b;
    private e c;
    private Context d;
    private boolean e;
    private OMPinAuthenticator f;
    private OMKeyStore g;
    private boolean h;
    private g i;

    public OMFingerprintAuthenticator() {
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("OMFingerprintAuthenticator does not work in android versions below Marshmallow");
        }
    }

    private void i(d dVar) {
        String str = (String) dVar.a();
        byte[] c = oracle.idm.mobile.crypto.a.c(this.f.m().getString(this.f.o(), null));
        if (c == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "No salt.");
        }
        try {
            PreferenceManager.getDefaultSharedPreferences(this.d).edit().putString("kek_fingerprint_authenticator", oracle.idm.mobile.crypto.a.d(l().d(new SecretKeySpec(this.f.j(str, c).getEncoded(), "AES")))).apply();
            Log.v(f2559a, "authData set successfully");
        } catch (GeneralSecurityException e) {
            Log.e(f2559a, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
        }
    }

    private void j() {
        if (!n()) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Authenticator is not initialized. Did you call initialize() method?");
        }
    }

    private g l() {
        if (this.i == null) {
            try {
                Log.v(f2559a, "Initializing SecretKeyWrapper");
                this.i = new g(this.d, "kek_fingerprint_authenticator", true);
            } catch (IOException e) {
                e = e;
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
            } catch (InvalidAlgorithmParameterException e2) {
                throw new OMAuthenticationManagerException(OMErrorCode.NO_FINGERPRINT_ENROLLED, e2.getMessage(), e2);
            } catch (GeneralSecurityException e3) {
                e = e3;
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
            }
        }
        return this.i;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void a(OMKeyStore oMKeyStore) {
    }

    @Override // oracle.idm.mobile.auth.local.f
    @TargetApi(23)
    public boolean b(d dVar) {
        j();
        if (dVar == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "authData not set");
        }
        if (!(dVar.a() instanceof FingerprintManager.CryptoObject) && !(dVar.a() instanceof String)) {
            String name = dVar.a().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a FingerprintManager.CryptoObject object or a String object, not [" + name + "]");
        }
        if (!(dVar.a() instanceof FingerprintManager.CryptoObject)) {
            boolean b2 = this.f.b(dVar);
            this.h = b2;
            return b2;
        }
        String string = PreferenceManager.getDefaultSharedPreferences(this.d).getString("kek_fingerprint_authenticator", null);
        if (string == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "KEK cannot be null here");
        }
        try {
            OMKeyStore c = new oracle.idm.mobile.crypto.e(this.d).c(this.f.f2562b, ((SecretKey) ((FingerprintManager.CryptoObject) dVar.a()).getCipher().unwrap(oracle.idm.mobile.crypto.a.c(string), "AES", 3)).getEncoded());
            this.g = c;
            oracle.idm.mobile.crypto.f fVar = new oracle.idm.mobile.crypto.f(this.d, c, this.f.f2562b);
            String n = this.f.n();
            String string2 = this.f.m().getString(n, null);
            String str = (String) fVar.b(n);
            if (string2 == null || !string2.equals(str)) {
                return false;
            }
            this.h = true;
            return true;
        } catch (InvalidKeyException e) {
            e = e;
            Log.e(f2559a, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.KEY_UNWRAP_FAILED, e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            Log.e(f2559a, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.KEY_UNWRAP_FAILED, e);
        } catch (OMKeyManagerException e3) {
            e = e3;
            Log.e(f2559a, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e);
        } catch (OMSecureStorageException e4) {
            e = e4;
            Log.e(f2559a, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e);
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public OMKeyStore c() {
        OMKeyStore oMKeyStore = this.g;
        if (oMKeyStore != null) {
            return oMKeyStore;
        }
        OMPinAuthenticator oMPinAuthenticator = this.f;
        if (oMPinAuthenticator != null) {
            return oMPinAuthenticator.c();
        }
        return null;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void d(d dVar) {
        j();
        Objects.requireNonNull(dVar, "authData");
        if (dVar.a() instanceof String) {
            i(dVar);
            return;
        }
        String name = dVar.a().getClass().getName();
        throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object, not [" + name + "]");
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean e() {
        return !TextUtils.isEmpty(PreferenceManager.getDefaultSharedPreferences(this.d).getString("kek_fingerprint_authenticator", ""));
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void f() {
        j();
        if (!this.h) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Not authenticated");
        }
        try {
            PreferenceManager.getDefaultSharedPreferences(this.d).edit().remove("kek_fingerprint_authenticator").commit();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry("kek_fingerprint_authenticator");
            m();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, "Cannot delete public-private keypair", e);
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean g() {
        return this.h;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void h(Context context, String str, e eVar) {
        if (this.e) {
            return;
        }
        if (context == null) {
            throw new IllegalArgumentException("context cannot be null");
        }
        if (TextUtils.isEmpty(str)) {
            throw new NullPointerException("authenticatorId");
        }
        this.f2560b = str;
        this.c = eVar;
        this.d = context;
        this.e = true;
    }

    @TargetApi(23)
    public FingerprintManager.CryptoObject k() {
        j();
        return new FingerprintManager.CryptoObject(l().b());
    }

    public void m() {
        this.e = false;
        this.h = false;
        this.g = null;
        this.i = null;
    }

    public boolean n() {
        return this.e;
    }

    public void o(OMPinAuthenticator oMPinAuthenticator) {
        this.f = oMPinAuthenticator;
    }

    public void p(d dVar, d dVar2) {
        j();
        this.f.r(dVar, dVar2);
        String str = f2559a;
        Log.v(str, "Updated authData for backup pin authenticator");
        if (!this.h) {
            b(dVar);
            if (!this.h) {
                throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Cannot authenticate using currentAuthData");
            }
        }
        Objects.requireNonNull(dVar2, "newAuthData");
        if (dVar2.a() instanceof String) {
            i(dVar2);
            Log.v(str, "Updated authData for fingerprint authenticator");
            return;
        }
        String name = dVar2.a().getClass().getName();
        throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
    }
}
