package com.oblador.keychain;

import android.os.Build;
import android.text.TextUtils;
import android.util.Log;
import androidx.biometric.BiometricPrompt;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import com.oblador.keychain.e;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import om.a;
import om.j;
import om.r;
import om.w;
import pm.h;

/* loaded from: classes2.dex */
public class KeychainModule extends ReactContextBaseJavaModule {
    public static final String EMPTY_STRING = "";
    public static final String FACE_SUPPORTED_NAME = "Face";
    public static final String FINGERPRINT_SUPPORTED_NAME = "Fingerprint";
    public static final String IRIS_SUPPORTED_NAME = "Iris";
    public static final String KEYCHAIN_MODULE = "RNKeychainManager";
    private static final String LOG_TAG = "KeychainModule";
    public static final String WARMING_UP_ALIAS = "warmingUp";
    private final Map<String, om.a> cipherStorageMap;
    private final e prefsStorage;

    public KeychainModule(ReactApplicationContext reactApplicationContext) {
        super(reactApplicationContext);
        this.cipherStorageMap = new HashMap();
        this.prefsStorage = new e(reactApplicationContext);
        addCipherStorageToMap(new j(reactApplicationContext));
        addCipherStorageToMap(new r());
        if (Build.VERSION.SDK_INT >= 23) {
            addCipherStorageToMap(new w());
        }
    }

    private void addCipherStorageToMap(om.a aVar) {
        this.cipherStorageMap.put(aVar.b(), aVar);
    }

    private a.c decryptCredentials(String str, om.a aVar, e.a aVar2, String str2, BiometricPrompt.d dVar) throws qm.a, qm.c {
        String str3 = aVar2.f20730c;
        if (str3.equals(aVar.b())) {
            return decryptToResult(str, aVar, aVar2, dVar);
        }
        om.a cipherStorageByName = getCipherStorageByName(str3);
        if (cipherStorageByName != null) {
            a.c decryptToResult = decryptToResult(str, cipherStorageByName, aVar2, dVar);
            if ("automaticUpgradeToMoreSecuredStorage".equals(str2)) {
                try {
                    migrateCipherStorage(str, aVar, cipherStorageByName, decryptToResult);
                } catch (qm.a unused) {
                    Log.w(KEYCHAIN_MODULE, "Migrating to a less safe storage is not allowed. Keeping the old one");
                }
            }
            return decryptToResult;
        }
        throw new qm.c("Wrong cipher storage name '" + str3 + "' or cipher not available");
    }

    private a.c decryptToResult(String str, om.a aVar, e.a aVar2, BiometricPrompt.d dVar) throws qm.a {
        pm.a interactiveHandler = getInteractiveHandler(aVar, dVar);
        aVar.i(interactiveHandler, str, (byte[]) aVar2.f31861a, (byte[]) aVar2.f31862b, f.ANY);
        qm.a.a(interactiveHandler.a());
        if (interactiveHandler.b() != null) {
            return interactiveHandler.b();
        }
        throw new qm.a("No decryption results and no error. Something deeply wrong!");
    }

    private Collection<String> doGetAllGenericPasswordServices() throws qm.c {
        Set i10 = this.prefsStorage.i();
        ArrayList arrayList = new ArrayList(i10.size());
        Iterator it = i10.iterator();
        while (it.hasNext()) {
            arrayList.add(getCipherStorageByName((String) it.next()));
        }
        HashSet hashSet = new HashSet();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            for (String str : ((om.a) it2.next()).f()) {
                if (!str.equals(WARMING_UP_ALIAS)) {
                    hashSet.add(str);
                }
            }
        }
        return hashSet;
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap) {
        return getAccessControlOrDefault(readableMap, "None");
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("accessControl")) ? null : readableMap.getString("accessControl");
        return string == null ? str : string;
    }

    private static String getAliasOrDefault(String str) {
        return str == null ? EMPTY_STRING : str;
    }

    private static BiometricPrompt.d getPromptInfo(ReadableMap readableMap) {
        ReadableMap map = (readableMap == null || !readableMap.hasKey("authenticationPrompt")) ? null : readableMap.getMap("authenticationPrompt");
        BiometricPrompt.d.a aVar = new BiometricPrompt.d.a();
        if (map != null && map.hasKey("title")) {
            aVar.g(map.getString("title"));
        }
        if (map != null && map.hasKey("subtitle")) {
            aVar.f(map.getString("subtitle"));
        }
        if (map != null && map.hasKey("description")) {
            aVar.d(map.getString("description"));
        }
        if (map != null && map.hasKey("cancel")) {
            aVar.e(map.getString("cancel"));
        }
        aVar.b(15);
        aVar.c(false);
        return aVar.a();
    }

    private f getSecurityLevel(boolean z10) {
        try {
            om.a cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel(z10);
            f a10 = cipherStorageForCurrentAPILevel.a();
            f fVar = f.SECURE_SOFTWARE;
            return !a10.j(fVar) ? f.ANY : cipherStorageForCurrentAPILevel.j() ? f.SECURE_HARDWARE : fVar;
        } catch (qm.a e10) {
            Log.w(KEYCHAIN_MODULE, "Security Level Exception: " + e10.getMessage(), e10);
            return f.ANY;
        }
    }

    private static f getSecurityLevelOrDefault(ReadableMap readableMap) {
        return getSecurityLevelOrDefault(readableMap, f.ANY.name());
    }

    private static f getSecurityLevelOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("securityLevel")) ? null : readableMap.getString("securityLevel");
        if (string != null) {
            str = string;
        }
        return f.valueOf(str);
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap) {
        return getSecurityRulesOrDefault(readableMap, "none");
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("rules")) ? null : readableMap.getString("rules");
        return string == null ? str : string;
    }

    private om.a getSelectedStorage(ReadableMap readableMap) throws qm.a {
        boolean useBiometry = getUseBiometry(getAccessControlOrDefault(readableMap));
        String specificStorageOrDefault = getSpecificStorageOrDefault(readableMap);
        om.a cipherStorageByName = specificStorageOrDefault != null ? getCipherStorageByName(specificStorageOrDefault) : null;
        return cipherStorageByName == null ? getCipherStorageForCurrentAPILevel(useBiometry) : cipherStorageByName;
    }

    private static String getServiceOrDefault(ReadableMap readableMap) {
        return getAliasOrDefault((readableMap == null || !readableMap.hasKey("service")) ? null : readableMap.getString("service"));
    }

    private static String getSpecificStorageOrDefault(ReadableMap readableMap) {
        if (readableMap == null || !readableMap.hasKey("storage")) {
            return null;
        }
        return readableMap.getString("storage");
    }

    public static boolean getUseBiometry(String str) {
        return "BiometryAny".equals(str) || "BiometryCurrentSet".equals(str) || "BiometryAnyOrDevicePasscode".equals(str) || "BiometryCurrentSetOrDevicePasscode".equals(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void internalWarmingBestCipher() {
        try {
            long nanoTime = System.nanoTime();
            Log.v(KEYCHAIN_MODULE, "warming up started at " + nanoTime);
            om.e eVar = (om.e) getCipherStorageForCurrentAPILevel();
            eVar.t();
            eVar.s(WARMING_UP_ALIAS, eVar.j() ? f.SECURE_HARDWARE : f.SECURE_SOFTWARE);
            eVar.z();
            Log.v(KEYCHAIN_MODULE, "warming up takes: " + TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime) + " ms");
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, "warming up failed!", th2);
        }
    }

    public static void throwIfEmptyLoginPassword(String str, String str2) throws qm.b {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new qm.b("you passed empty or null username/password");
        }
    }

    public static void throwIfInsufficientLevel(om.a aVar, f fVar) throws qm.a {
        if (!aVar.a().j(fVar)) {
            throw new qm.a(String.format("Cipher Storage is too weak. Required security level is: %s, but only %s is provided", fVar.name(), aVar.a().name()));
        }
    }

    public static KeychainModule withWarming(ReactApplicationContext reactApplicationContext) {
        final KeychainModule keychainModule = new KeychainModule(reactApplicationContext);
        Thread thread = new Thread(new Runnable() { // from class: com.oblador.keychain.b
            @Override // java.lang.Runnable
            public final void run() {
                KeychainModule.this.internalWarmingBestCipher();
            }
        }, "keychain-warming-up");
        thread.setDaemon(true);
        thread.start();
        return keychainModule;
    }

    @ReactMethod
    public void getAllGenericPasswordServices(Promise promise) {
        try {
            promise.resolve(Arguments.makeNativeArray(doGetAllGenericPasswordServices().toArray()));
        } catch (qm.c e10) {
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e10);
        }
    }

    om.a getCipherStorageByName(String str) {
        return this.cipherStorageMap.get(str);
    }

    om.a getCipherStorageForCurrentAPILevel() throws qm.a {
        return getCipherStorageForCurrentAPILevel(true);
    }

    om.a getCipherStorageForCurrentAPILevel(boolean z10) throws qm.a {
        int i10 = Build.VERSION.SDK_INT;
        boolean z11 = z10 && (isFingerprintAuthAvailable() || isFaceAuthAvailable() || isIrisAuthAvailable());
        om.a aVar = null;
        for (om.a aVar2 : this.cipherStorageMap.values()) {
            Log.d(KEYCHAIN_MODULE, "Probe cipher storage: " + aVar2.getClass().getSimpleName());
            int e10 = aVar2.e();
            int d10 = aVar2.d();
            if ((e10 <= i10) && (aVar == null || d10 >= aVar.d())) {
                if (!aVar2.g() || z11) {
                    aVar = aVar2;
                }
            }
        }
        if (aVar == null) {
            throw new qm.a("Unsupported Android SDK " + Build.VERSION.SDK_INT);
        }
        Log.d(KEYCHAIN_MODULE, "Selected storage: " + aVar.getClass().getSimpleName());
        return aVar;
    }

    @Override // com.facebook.react.bridge.BaseJavaModule
    public Map<String, Object> getConstants() {
        HashMap hashMap = new HashMap();
        f fVar = f.ANY;
        hashMap.put(fVar.i(), fVar.name());
        f fVar2 = f.SECURE_SOFTWARE;
        hashMap.put(fVar2.i(), fVar2.name());
        f fVar3 = f.SECURE_HARDWARE;
        hashMap.put(fVar3.i(), fVar3.name());
        return hashMap;
    }

    protected void getGenericPassword(String str, ReadableMap readableMap, Promise promise) {
        try {
            e.a e10 = this.prefsStorage.e(str);
            if (e10 == null) {
                Log.e(KEYCHAIN_MODULE, "No entry found for service: " + str);
                promise.resolve(Boolean.FALSE);
                return;
            }
            String str2 = e10.f20730c;
            String securityRulesOrDefault = getSecurityRulesOrDefault(readableMap);
            BiometricPrompt.d promptInfo = getPromptInfo(readableMap);
            om.a cipherStorageForCurrentAPILevel = (securityRulesOrDefault.equals("automaticUpgradeToMoreSecuredStorage") && str2.equals("FacebookConceal")) ? getCipherStorageForCurrentAPILevel(getUseBiometry(getAccessControlOrDefault(readableMap))) : getCipherStorageByName(str2);
            a.c decryptCredentials = decryptCredentials(str, cipherStorageForCurrentAPILevel, e10, securityRulesOrDefault, promptInfo);
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("username", (String) decryptCredentials.f31861a);
            createMap.putString("password", (String) decryptCredentials.f31862b);
            createMap.putString("storage", cipherStorageForCurrentAPILevel.b());
            promise.resolve(createMap);
        } catch (qm.a e11) {
            Log.e(KEYCHAIN_MODULE, e11.getMessage());
            promise.reject("E_CRYPTO_FAILED", e11);
        } catch (qm.c e12) {
            Log.e(KEYCHAIN_MODULE, e12.getMessage());
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e12);
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, th2.getMessage(), th2);
            promise.reject("E_UNKNOWN_ERROR", th2);
        }
    }

    @ReactMethod
    public void getGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        getGenericPassword(getServiceOrDefault(readableMap), readableMap, promise);
    }

    protected pm.a getInteractiveHandler(om.a aVar, BiometricPrompt.d dVar) {
        return h.a(getReactApplicationContext(), aVar, dVar);
    }

    @ReactMethod
    public void getInternetCredentialsForServer(String str, ReadableMap readableMap, Promise promise) {
        getGenericPassword(str, readableMap, promise);
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return KEYCHAIN_MODULE;
    }

    @ReactMethod
    public void getSecurityLevel(ReadableMap readableMap, Promise promise) {
        promise.resolve(getSecurityLevel(getUseBiometry(getAccessControlOrDefault(readableMap))).name());
    }

    @ReactMethod
    public void getSupportedBiometryType(Promise promise) {
        try {
            String str = null;
            if (a.e(getReactApplicationContext())) {
                if (isFingerprintAuthAvailable()) {
                    str = FINGERPRINT_SUPPORTED_NAME;
                } else if (isFaceAuthAvailable()) {
                    str = FACE_SUPPORTED_NAME;
                } else if (isIrisAuthAvailable()) {
                    str = IRIS_SUPPORTED_NAME;
                }
            }
            promise.resolve(str);
        } catch (Exception e10) {
            Log.e(KEYCHAIN_MODULE, e10.getMessage(), e10);
            promise.reject("E_SUPPORTED_BIOMETRY_ERROR", e10);
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, th2.getMessage(), th2);
            promise.reject("E_UNKNOWN_ERROR", th2);
        }
    }

    @ReactMethod
    public void hasInternetCredentialsForServer(String str, Promise promise) {
        String aliasOrDefault = getAliasOrDefault(str);
        e.a e10 = this.prefsStorage.e(aliasOrDefault);
        if (e10 != null) {
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", aliasOrDefault);
            createMap.putString("storage", e10.f20730c);
            promise.resolve(createMap);
            return;
        }
        Log.e(KEYCHAIN_MODULE, "No entry found for service: " + aliasOrDefault);
        promise.resolve(Boolean.FALSE);
    }

    boolean isFaceAuthAvailable() {
        return a.e(getReactApplicationContext()) && a.a(getReactApplicationContext());
    }

    boolean isFingerprintAuthAvailable() {
        return a.e(getReactApplicationContext()) && a.b(getReactApplicationContext());
    }

    boolean isIrisAuthAvailable() {
        return a.e(getReactApplicationContext()) && a.c(getReactApplicationContext());
    }

    boolean isSecureHardwareAvailable() {
        try {
            return getCipherStorageForCurrentAPILevel().j();
        } catch (qm.a unused) {
            return false;
        }
    }

    void migrateCipherStorage(String str, om.a aVar, om.a aVar2, a.c cVar) throws qm.c, qm.a {
        this.prefsStorage.l(str, aVar.c(str, (String) cVar.f31861a, (String) cVar.f31862b, cVar.a()));
        aVar2.h(str);
    }

    protected void resetGenericPassword(String str, Promise promise) {
        om.a cipherStorageByName;
        try {
            e.a e10 = this.prefsStorage.e(str);
            if (e10 != null && (cipherStorageByName = getCipherStorageByName(e10.f20730c)) != null) {
                cipherStorageByName.h(str);
            }
            this.prefsStorage.k(str);
            promise.resolve(Boolean.TRUE);
        } catch (qm.c e11) {
            Log.e(KEYCHAIN_MODULE, e11.getMessage());
            promise.reject("E_KEYSTORE_ACCESS_ERROR", e11);
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, th2.getMessage(), th2);
            promise.reject("E_UNKNOWN_ERROR", th2);
        }
    }

    @ReactMethod
    public void resetGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        resetGenericPassword(getServiceOrDefault(readableMap), promise);
    }

    @ReactMethod
    public void resetInternetCredentialsForServer(String str, Promise promise) {
        resetGenericPassword(str, promise);
    }

    protected void setGenericPassword(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        try {
            throwIfEmptyLoginPassword(str2, str3);
            f securityLevelOrDefault = getSecurityLevelOrDefault(readableMap);
            om.a selectedStorage = getSelectedStorage(readableMap);
            throwIfInsufficientLevel(selectedStorage, securityLevelOrDefault);
            this.prefsStorage.l(str, selectedStorage.c(str, str2, str3, securityLevelOrDefault));
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("storage", selectedStorage.b());
            promise.resolve(createMap);
        } catch (qm.a e10) {
            Log.e(KEYCHAIN_MODULE, e10.getMessage(), e10);
            promise.reject("E_CRYPTO_FAILED", e10);
        } catch (qm.b e11) {
            Log.e(KEYCHAIN_MODULE, e11.getMessage(), e11);
            promise.reject("E_EMPTY_PARAMETERS", e11);
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, th2.getMessage(), th2);
            promise.reject("E_UNKNOWN_ERROR", th2);
        }
    }

    @ReactMethod
    public void setGenericPasswordForOptions(ReadableMap readableMap, String str, String str2, Promise promise) {
        setGenericPassword(getServiceOrDefault(readableMap), str, str2, readableMap, promise);
    }

    @ReactMethod
    public void setInternetCredentialsForServer(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        setGenericPassword(str, str2, str3, readableMap, promise);
    }
}
