package oracle.idm.mobile.auth.local;

import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.preference.PreferenceManager;
import android.text.TextUtils;
import android.util.Log;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.crypto.OMKeyManagerException;
import oracle.idm.mobile.crypto.OMKeyStore;
import oracle.idm.mobile.crypto.OMSecureStorageException;

/* loaded from: classes.dex */
public class OMFingerprintAuthenticator implements f {
    private static final String g = "OMFingerprintAuthenticator";

    /* renamed from: a, reason: collision with root package name */
    private Context f3117a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f3118b;

    /* renamed from: c, reason: collision with root package name */
    private OMPinAuthenticator f3119c;

    /* renamed from: d, reason: collision with root package name */
    private OMKeyStore f3120d;

    /* renamed from: e, reason: collision with root package name */
    private boolean f3121e;

    /* renamed from: f, reason: collision with root package name */
    private g f3122f;

    public OMFingerprintAuthenticator() {
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("OMFingerprintAuthenticator does not work in android versions below Marshmallow");
        }
    }

    private void i(d dVar) {
        String str = (String) dVar.a();
        byte[] c2 = oracle.idm.mobile.crypto.a.c(this.f3119c.m().getString(this.f3119c.o(), null));
        if (c2 == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "No salt.");
        }
        try {
            PreferenceManager.getDefaultSharedPreferences(this.f3117a).edit().putString("kek_fingerprint_authenticator", oracle.idm.mobile.crypto.a.d(l().d(new SecretKeySpec(this.f3119c.j(str, c2).getEncoded(), "AES")))).apply();
            Log.v(g, "authData set successfully");
        } catch (GeneralSecurityException e2) {
            Log.e(g, e2.getMessage(), e2);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e2.getMessage(), e2);
        }
    }

    private void j() {
        if (!isInitialized()) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Authenticator is not initialized. Did you call initialize() method?");
        }
    }

    private g l() {
        if (this.f3122f == null) {
            try {
                Log.v(g, "Initializing SecretKeyWrapper");
                this.f3122f = new g(this.f3117a, "kek_fingerprint_authenticator", true);
            } catch (IOException e2) {
                e = e2;
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
            } catch (InvalidAlgorithmParameterException e3) {
                throw new OMAuthenticationManagerException(OMErrorCode.NO_FINGERPRINT_ENROLLED, e3.getMessage(), e3);
            } catch (GeneralSecurityException e4) {
                e = e4;
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e.getMessage(), e);
            }
        }
        return this.f3122f;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void a(OMKeyStore oMKeyStore) {
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void b() {
        j();
        if (!this.f3121e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Not authenticated");
        }
        try {
            PreferenceManager.getDefaultSharedPreferences(this.f3117a).edit().remove("kek_fingerprint_authenticator").commit();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry("kek_fingerprint_authenticator");
            m();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, "Cannot delete public-private keypair", e2);
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean c() {
        return this.f3121e;
    }

    @Override // oracle.idm.mobile.auth.local.f
    @TargetApi(23)
    public boolean d(d dVar) {
        j();
        if (dVar == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "authData not set");
        }
        if (!(dVar.a() instanceof FingerprintManager.CryptoObject) && !(dVar.a() instanceof String)) {
            String name = dVar.a().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a FingerprintManager.CryptoObject object or a String object, not [" + name + "]");
        }
        if (!(dVar.a() instanceof FingerprintManager.CryptoObject)) {
            boolean d2 = this.f3119c.d(dVar);
            this.f3121e = d2;
            return d2;
        }
        String string = PreferenceManager.getDefaultSharedPreferences(this.f3117a).getString("kek_fingerprint_authenticator", null);
        if (string == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "KEK cannot be null here");
        }
        try {
            OMKeyStore c2 = new oracle.idm.mobile.crypto.e(this.f3117a).c(this.f3119c.f3123a, ((SecretKey) ((FingerprintManager.CryptoObject) dVar.a()).getCipher().unwrap(oracle.idm.mobile.crypto.a.c(string), "AES", 3)).getEncoded());
            this.f3120d = c2;
            oracle.idm.mobile.crypto.f fVar = new oracle.idm.mobile.crypto.f(this.f3117a, c2, this.f3119c.f3123a);
            String n = this.f3119c.n();
            String string2 = this.f3119c.m().getString(n, null);
            String str = (String) fVar.b(n);
            if (string2 == null || !string2.equals(str)) {
                return false;
            }
            this.f3121e = true;
            return true;
        } catch (InvalidKeyException e2) {
            e = e2;
            Log.e(g, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.KEY_UNWRAP_FAILED, e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            Log.e(g, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.KEY_UNWRAP_FAILED, e);
        } catch (OMKeyManagerException e4) {
            e = e4;
            Log.e(g, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e);
        } catch (OMSecureStorageException e5) {
            e = e5;
            Log.e(g, e.getMessage(), e);
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e);
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public OMKeyStore e() {
        OMKeyStore oMKeyStore = this.f3120d;
        if (oMKeyStore != null) {
            return oMKeyStore;
        }
        OMPinAuthenticator oMPinAuthenticator = this.f3119c;
        if (oMPinAuthenticator != null) {
            return oMPinAuthenticator.e();
        }
        return null;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void f(Context context, String str, e eVar) {
        if (this.f3118b) {
            return;
        }
        if (context == null) {
            throw new IllegalArgumentException("context cannot be null");
        }
        if (TextUtils.isEmpty(str)) {
            throw new NullPointerException("authenticatorId");
        }
        this.f3117a = context;
        this.f3118b = true;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void g(d dVar) {
        j();
        if (dVar == null) {
            throw new NullPointerException("authData");
        }
        if (dVar.a() instanceof String) {
            i(dVar);
            return;
        }
        String name = dVar.a().getClass().getName();
        throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object, not [" + name + "]");
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void h(d dVar, d dVar2) {
        j();
        this.f3119c.h(dVar, dVar2);
        Log.v(g, "Updated authData for backup pin authenticator");
        if (!this.f3121e) {
            d(dVar);
            if (!this.f3121e) {
                throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Cannot authenticate using currentAuthData");
            }
        }
        if (dVar2 == null) {
            throw new NullPointerException("newAuthData");
        }
        if (dVar2.a() instanceof String) {
            i(dVar2);
            Log.v(g, "Updated authData for fingerprint authenticator");
            return;
        }
        String name = dVar2.a().getClass().getName();
        throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean isInitialized() {
        return this.f3118b;
    }

    @TargetApi(23)
    public FingerprintManager.CryptoObject k() {
        j();
        return new FingerprintManager.CryptoObject(l().b());
    }

    public void m() {
        this.f3118b = false;
        this.f3121e = false;
        this.f3120d = null;
        this.f3122f = null;
    }

    public void n(OMPinAuthenticator oMPinAuthenticator) {
        this.f3119c = oMPinAuthenticator;
    }
}
