package com.citi.mobile.framework.devicecapability.impl;

import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import androidx.core.content.ContextCompat;
import com.citi.mobile.framework.common.utils.logger.Logger;
import com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager;
import com.citi.mobile.framework.devicecapability.base.FingerPrintEvents;
import com.citi.mobile.framework.e2e.constants.E2EConstant;
import com.citi.mobile.framework.session.base.ISessionManager;
import com.citi.mobile.framework.storage.room.base.IRoomKeyValueStore;
import com.citibank.mobile.domain_common.common.Constants;
import com.citibank.mobile.domain_common.common.plugin.RSAPlugin;
import io.reactivex.disposables.CompositeDisposable;
import io.reactivex.functions.Consumer;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.inject.Inject;
import runtime.Strings.StringIndexer;

/* loaded from: classes3.dex */
public class DeviceCapabilityManagerImpl implements DeviceCapabilityManager {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    public static final String DEMOFP_ENCRYPTED_TOKEN = "DemoFP_Encrypted_token";
    public static final String DEMO_AES_KEY = "DemoFP_AES_Key";
    public static final String DEMO_FINGERPRINT_KEY = "DemoFP_ECC_Keypair";
    private static FingerprintManager fingerprintManager;
    protected static final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    private static KeyguardManager keyguardManager;
    private Cipher cipher;
    private FingerPrintEvents fingerPrintEvents;
    private KeyStore keyStore;
    private CompositeDisposable mCompositeDisposable;
    FingerprintManager.CryptoObject mCryptoObject;

    @Inject
    IRoomKeyValueStore mRoomKeyValueStore;

    @Inject
    ISessionManager mSessionManager;
    String mToken;
    String primaryKey;
    private String timeStamp = null;
    FingerprintHandler fpHandler = null;

    public DeviceCapabilityManagerImpl(FingerPrintEvents fingerPrintEvents) {
        this.fingerPrintEvents = fingerPrintEvents;
    }

    public DeviceCapabilityManagerImpl(IRoomKeyValueStore iRoomKeyValueStore, ISessionManager iSessionManager) {
        this.mRoomKeyValueStore = iRoomKeyValueStore;
        this.mSessionManager = iSessionManager;
    }

    private String createPublicKey() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(DEMO_FINGERPRINT_KEY, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setUserAuthenticationRequired(true).build());
            this.primaryKey = byteArrayToHexString(encodeECPublicKey((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()));
            Logger.d("Created", new Object[0]);
        } catch (Exception e) {
            e.printStackTrace();
            Logger.d(e.getMessage(), new Object[0]);
        }
        return this.primaryKey;
    }

    private static byte[] encodeECPublicKey(ECPublicKey eCPublicKey) {
        int bitLength = eCPublicKey.getParams().getOrder().bitLength() / 8;
        byte[] bArr = new byte[bitLength * 2];
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        int i = bitLength + 1;
        if (byteArray.length > i || (byteArray.length == i && byteArray[0] != 0)) {
            throw new IllegalStateException("X coordinate of EC public key has wrong size");
        }
        if (byteArray.length == i) {
            System.arraycopy(byteArray, 1, bArr, 0, bitLength);
        } else {
            System.arraycopy(byteArray, 0, bArr, (0 + bitLength) - byteArray.length, byteArray.length);
        }
        int i2 = bitLength + 0;
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        if (byteArray2.length > i || (byteArray2.length == i && byteArray2[0] != 0)) {
            throw new IllegalStateException("Y coordinate of EC public key has wrong size");
        }
        if (byteArray2.length == i) {
            System.arraycopy(byteArray2, 1, bArr, i2, bitLength);
        } else {
            System.arraycopy(byteArray2, 0, bArr, (i2 + bitLength) - byteArray2.length, byteArray2.length);
        }
        return bArr;
    }

    private void generateKey() {
        try {
            this.keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        } catch (Exception unused) {
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(E2EConstant.Value.ALGO_AES, ANDROID_KEYSTORE);
            try {
                this.keyStore.load(null);
                KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(DEMO_AES_KEY, 3).setBlockModes(StringIndexer._getString("3680")).setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding");
                if (Build.VERSION.SDK_INT >= 24) {
                    encryptionPaddings.setInvalidatedByBiometricEnrollment(true);
                }
                keyGenerator.init(encryptionPaddings.build());
                keyGenerator.generateKey();
            } catch (IOException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertificateException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new RuntimeException("Failed to get KeyGenerator instance", e2);
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String byteArrayToHexString(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            int i3 = i * 2;
            char[] cArr2 = hexArray;
            cArr[i3] = cArr2[i2 >>> 4];
            cArr[i3 + 1] = cArr2[i2 & 15];
        }
        return new String(cArr);
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public void cancelFP() {
        FingerprintHandler fingerprintHandler = this.fpHandler;
        if (fingerprintHandler == null || fingerprintHandler.cancellationSignal == null) {
            return;
        }
        try {
            this.fpHandler.cancellationSignal.cancel();
        } catch (NullPointerException e) {
            Logger.e("NullPointerException in cancelFP() = " + e.toString(), new Object[0]);
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public boolean cipherInit() {
        try {
            this.cipher = Cipher.getInstance(RSAPlugin.E2EENCRYPTION_PADDING);
            try {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
                this.keyStore = keyStore;
                keyStore.load(null);
                this.cipher.init(1, (SecretKey) this.keyStore.getKey(DEMO_AES_KEY, null));
                return true;
            } catch (KeyPermanentlyInvalidatedException e) {
                e.printStackTrace();
                return false;
            } catch (IOException e2) {
                e = e2;
                throw new RuntimeException("Failed to init Cipher", e);
            } catch (InvalidKeyException e3) {
                e = e3;
                throw new RuntimeException("Failed to init Cipher", e);
            } catch (KeyStoreException e4) {
                e = e4;
                throw new RuntimeException("Failed to init Cipher", e);
            } catch (NoSuchAlgorithmException e5) {
                e = e5;
                throw new RuntimeException("Failed to init Cipher", e);
            } catch (UnrecoverableKeyException e6) {
                e = e6;
                throw new RuntimeException("Failed to init Cipher", e);
            } catch (CertificateException e7) {
                e = e7;
                throw new RuntimeException("Failed to init Cipher", e);
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e8) {
            throw new RuntimeException("Failed to get Cipher", e8);
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public void createAESKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(E2EConstant.Value.ALGO_AES, ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(DEMO_AES_KEY, 3).setBlockModes("CBC").setKeySize(128).setEncryptionPaddings("PKCS7Padding").build());
            keyGenerator.generateKey();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public void enableTouchID(Context context) {
        FingerprintManager fingerprintManager2;
        KeyguardManager keyguardManager2 = (KeyguardManager) context.getSystemService("keyguard");
        keyguardManager = keyguardManager2;
        if (keyguardManager2.isKeyguardSecure()) {
            generateKey();
            if (cipherInit()) {
                this.mCryptoObject = new FingerprintManager.CryptoObject(this.cipher);
                FingerprintHandler fingerprintHandler = new FingerprintHandler(context, this.fingerPrintEvents);
                this.fpHandler = fingerprintHandler;
                FingerprintManager.CryptoObject cryptoObject = this.mCryptoObject;
                if (cryptoObject == null || (fingerprintManager2 = fingerprintManager) == null) {
                    return;
                }
                fingerprintHandler.startAuth(fingerprintManager2, cryptoObject);
            }
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public void enhancedTouchIdLogin(Context context) {
        PublicKey publicKey;
        FingerprintManager.CryptoObject cryptoObject;
        KeyStore keyStore;
        Logger.d("(-) Starting auth\n", new Object[0]);
        if (!initSignature()) {
            Logger.d("(-) Cannot authenticate as lock screen is disabled or new FP is added or no FPs present\n", new Object[0]);
            return;
        }
        Logger.d("(+) Private key avaialable for signing after FP", new Object[0]);
        SecretKey secretKey = null;
        try {
            keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            publicKey = keyStore.getCertificate(DEMO_FINGERPRINT_KEY).getPublicKey();
        } catch (Exception e) {
            e = e;
            publicKey = null;
        }
        try {
            secretKey = (SecretKey) keyStore.getKey(StringIndexer._getString("3681"), null);
        } catch (Exception e2) {
            e = e2;
            e.printStackTrace();
            Logger.d("(+) Please auth via TouchID now\n", new Object[0]);
            FingerprintManager fingerprintManager2 = (FingerprintManager) context.getSystemService(FingerprintManager.class);
            FingerprintHandler fingerprintHandler = new FingerprintHandler(context, this.fingerPrintEvents, publicKey, secretKey);
            this.fpHandler = fingerprintHandler;
            cryptoObject = this.mCryptoObject;
            if (cryptoObject != null) {
                return;
            } else {
                return;
            }
        }
        Logger.d("(+) Please auth via TouchID now\n", new Object[0]);
        FingerprintManager fingerprintManager22 = (FingerprintManager) context.getSystemService(FingerprintManager.class);
        FingerprintHandler fingerprintHandler2 = new FingerprintHandler(context, this.fingerPrintEvents, publicKey, secretKey);
        this.fpHandler = fingerprintHandler2;
        cryptoObject = this.mCryptoObject;
        if (cryptoObject != null || fingerprintManager22 == null) {
            return;
        }
        fingerprintHandler2.startAuth(fingerprintManager22, cryptoObject);
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String enrollForEnhancedTouchID() {
        String createPublicKey = createPublicKey();
        createAESKey();
        return createPublicKey;
    }

    public void getFPToken() {
        this.mCompositeDisposable = new CompositeDisposable();
        this.mCompositeDisposable.add(this.mRoomKeyValueStore.retrieveString("FPTOKEN").subscribe(new Consumer() { // from class: com.citi.mobile.framework.devicecapability.impl.-$$Lambda$DeviceCapabilityManagerImpl$PpQSkl0k7O-4DgkjD1fKXCfUtJg
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                DeviceCapabilityManagerImpl.this.lambda$getFPToken$0$DeviceCapabilityManagerImpl((String) obj);
            }
        }, new Consumer() { // from class: com.citi.mobile.framework.devicecapability.impl.-$$Lambda$DeviceCapabilityManagerImpl$3U3ibvGW6DkpAPDYRhPhKB-7NeU
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                Logger.e("Error in storing App Version", new Object[0]);
            }
        }));
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String getHardwareBackedStatus() {
        if (Build.VERSION.SDK_INT < 23) {
            return "NOT_APPLICABLE";
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(E2EConstant.Value.ALGO_AES, ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder("hardware_backed_key", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            SecretKey generateKey = keyGenerator.generateKey();
            return ((KeyInfo) SecretKeyFactory.getInstance(generateKey.getAlgorithm()).getKeySpec(generateKey, KeyInfo.class)).isInsideSecureHardware() ? Constants.Value.YES_LOWER_CASE : "No";
        } catch (Exception unused) {
            return "No";
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String getSignature(String str, String str2) {
        this.timeStamp = String.valueOf(System.currentTimeMillis());
        Signature signature = this.mCryptoObject.getSignature();
        try {
            String str3 = str + str2 + getTimeStamp();
            Logger.d("jsonObject", str2 + "--" + this.mToken);
            signature.update(str3.getBytes());
            return byteArrayToHexString(signature.sign());
        } catch (Exception e) {
            e.printStackTrace();
            return "";
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String getTimeStamp() {
        return this.timeStamp;
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public boolean initSignature() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign((PrivateKey) keyStore.getKey(DEMO_FINGERPRINT_KEY, null));
            FingerprintManager.CryptoObject cryptoObject = new FingerprintManager.CryptoObject(signature);
            this.mCryptoObject = cryptoObject;
            Logger.d(cryptoObject.getSignature().getAlgorithm(), new Object[0]);
            return true;
        } catch (KeyPermanentlyInvalidatedException | Exception unused) {
            return false;
        }
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public String isDeviceSupportTouchID(Context context) {
        if (context != null) {
            if (ContextCompat.checkSelfPermission(context, "android.permission.USE_FINGERPRINT") != 0) {
                return "Not Available";
            }
            keyguardManager = (KeyguardManager) context.getSystemService(StringIndexer._getString("3682"));
            fingerprintManager = (FingerprintManager) context.getSystemService("fingerprint");
        }
        try {
            return (fingerprintManager.isHardwareDetected() && !getHardwareBackedStatus().equalsIgnoreCase("No")) ? (keyguardManager.isKeyguardSecure() || !fingerprintManager.hasEnrolledFingerprints()) ? !keyguardManager.isKeyguardSecure() ? "Not Available" : !fingerprintManager.hasEnrolledFingerprints() ? Constants.Value.NOT_ENROLLED : Constants.DefaultValues.YES : "No Passcode" : "Not Available";
        } catch (Exception unused) {
            return "Not Available";
        }
    }

    public /* synthetic */ void lambda$getFPToken$0$DeviceCapabilityManagerImpl(String str) throws Exception {
        this.mToken = str;
        Logger.d("fpToken stored = " + this.mToken, new Object[0]);
    }

    @Override // com.citi.mobile.framework.devicecapability.base.DeviceCapabilityManager
    public void registerFingerPrintEvents(FingerPrintEvents fingerPrintEvents) {
        this.fingerPrintEvents = fingerPrintEvents;
    }
}
