package com.microsoft.intune.mam.client.util;

import android.hardware.biometrics.BiometricPrompt;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import com.microsoft.intune.mam.client.telemetry.events.MAMInternalError;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import kotlin.zzavw;

/* loaded from: classes4.dex */
public final class BiometricsUtils {
    static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String ENCRYPTION_ALGORITHM = "AES";
    private static final String ENCRYPTION_BLOCK_MODE = "CBC";
    private static final String ENCRYPTION_PADDING = "PKCS7Padding";
    static final String KEY_NAME = "AndroidMAMBiometricUtilsKey";
    private static final int KEY_SIZE = 256;
    private static final Logger LOGGER = Logger.getLogger(BiometricsUtils.class.getSimpleName());
    static final String TRANSFORMATION = "AES/CBC/PKCS7Padding";

    private BiometricsUtils() {
    }

    public static boolean canSecretKeyBeCreatedAndInitialized() {
        try {
            return getOrCreateSecretKey() != null;
        } catch (Exception e) {
            zzavw.INotificationSideChannelDefault(LOGGER, MAMInternalError.BIOMETRICS_GET_KEY_FAILED, "An unexpected exception occurred while trying to get/generate a secret key. Exception: " + e, e);
            return false;
        }
    }

    public static BiometricPrompt.CryptoObject getBiometricCryptoObject() throws NoSuchAlgorithmException, NoSuchPaddingException, CertificateException, IOException, KeyStoreException, UnrecoverableKeyException, NoSuchProviderException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        try {
            cipher.init(1, getOrCreateSecretKey());
            BiometricsUtils$$ExternalSyntheticApiModelOutline1.m();
            return BiometricsUtils$$ExternalSyntheticApiModelOutline0.m(cipher);
        } catch (KeyPermanentlyInvalidatedException unused) {
            LOGGER.info("KeyPermanentlyInvalidatedException thrown during Cipher init, indicating that a change in biometricshas taken place.");
            return null;
        }
    }

    private static SecretKey getOrCreateSecretKey() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, NoSuchProviderException {
        SecretKey retrieveSecretKey = retrieveSecretKey();
        if (retrieveSecretKey != null) {
            return retrieveSecretKey;
        }
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(KEY_NAME, 1);
        builder.setBlockModes(ENCRYPTION_BLOCK_MODE);
        builder.setEncryptionPaddings(ENCRYPTION_PADDING);
        builder.setKeySize(256);
        builder.setUserAuthenticationRequired(true);
        KeyGenParameterSpec build = builder.build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        try {
            keyGenerator.init(build);
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException unused) {
            LOGGER.info("InvalidAlgorithmParameterException thrown indicating that the device does not support or is not set up for class 3 biometrics");
            return null;
        }
    }

    public static boolean hasChangeInBiometricsOccurred() {
        try {
            if (!hasSecretKeyBeenAdded()) {
                return getBiometricCryptoObject() == null;
            }
            LOGGER.info("Secret key has not been made, indicating this is the first biometric added.");
            getBiometricCryptoObject();
            return true;
        } catch (Exception e) {
            zzavw.INotificationSideChannelDefault(LOGGER, MAMInternalError.BIOMETRICS_DETECT_CHANGE_FAILED, "An unexpected exception occurred while checking whether a change in biometrics has been made. Exception: " + e, e);
            return true;
        }
    }

    private static boolean hasSecretKeyBeenAdded() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return retrieveSecretKey() == null;
    }

    public static void resetKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(KEY_NAME)) {
                keyStore.deleteEntry(KEY_NAME);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            zzavw.INotificationSideChannelDefault(LOGGER, MAMInternalError.BIOMETRICS_RESET_KEY_FAILED, "An unexpected exception occurred while attempting to delete key from the Android keystore. Exception: " + e, e);
        }
    }

    private static SecretKey retrieveSecretKey() throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey(KEY_NAME, null);
        if (key != null) {
            return (SecretKey) key;
        }
        return null;
    }
}
