package com.content.biometric;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.StrongBoxUnavailableException;
import com.content.account.ExternalAuthOperation;
import com.content.account.ExternalAuthenticationInvalidatedException;
import com.content.biometric.BiometricAuthentication;
import defpackage.a23;
import defpackage.a77;
import defpackage.c75;
import defpackage.cm2;
import defpackage.d75;
import defpackage.de0;
import defpackage.dh3;
import defpackage.eh1;
import defpackage.k6;
import defpackage.ma0;
import defpackage.nm2;
import java.security.Key;
import java.security.KeyStore;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import okio.ByteString;

@Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\bÆ\u0002\u0018\u00002\u00020\u0001:\u0002\f\rB\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0015\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0005\u001a\u00020\u0004¢\u0006\u0004\b\u0007\u0010\bR\u0014\u0010\n\u001a\u00020\t8\u0006X\u0086T¢\u0006\u0006\n\u0004\b\n\u0010\u000b¨\u0006\u000e"}, d2 = {"Lcom/pcloud/biometric/BiometricAuthentication;", "", "<init>", "()V", "Lcom/pcloud/account/ExternalAuthOperation;", "operation", "Lma0$c;", "getAuthOperationObject", "(Lcom/pcloud/account/ExternalAuthOperation;)Lma0$c;", "", "AUTH_TYPE", "Ljava/lang/String;", "OperationsFactory", "AuthOperation", "biometric_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes.dex */
public final class BiometricAuthentication {
    public static final String AUTH_TYPE = "android_biometric";
    public static final BiometricAuthentication INSTANCE = new BiometricAuthentication();

    @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0002\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\u0003\u001a\u00020\u0002\u0012\u0006\u0010\u0005\u001a\u00020\u0004¢\u0006\u0004\b\u0006\u0010\u0007J\u0017\u0010\n\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bH\u0016¢\u0006\u0004\b\n\u0010\u000bR\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010\fR\u001b\u0010\u0012\u001a\u00020\r8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u000e\u0010\u000f\u001a\u0004\b\u0010\u0010\u0011¨\u0006\u0013"}, d2 = {"Lcom/pcloud/biometric/BiometricAuthentication$AuthOperation;", "Lcom/pcloud/account/ExternalAuthOperation;", "Lcom/pcloud/account/ExternalAuthOperation$Mode;", "mode", "Ljavax/crypto/Cipher;", "cipher", "<init>", "(Lcom/pcloud/account/ExternalAuthOperation$Mode;Ljavax/crypto/Cipher;)V", "Lokio/ByteString;", "input", "execute", "(Lokio/ByteString;)Lokio/ByteString;", "Ljavax/crypto/Cipher;", "Lma0$c;", "cryptoObject$delegate", "Ldh3;", "getCryptoObject", "()Lma0$c;", "cryptoObject", "biometric_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class AuthOperation extends ExternalAuthOperation {
        private final Cipher cipher;

        /* renamed from: cryptoObject$delegate, reason: from kotlin metadata */
        private final dh3 cryptoObject;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public AuthOperation(ExternalAuthOperation.Mode mode, Cipher cipher) {
            super(BiometricAuthentication.AUTH_TYPE, mode);
            a23.g(mode, "mode");
            a23.g(cipher, "cipher");
            this.cipher = cipher;
            this.cryptoObject = a77.l(new cm2() { // from class: com.pcloud.biometric.a
                @Override // defpackage.cm2
                public final Object invoke() {
                    ma0.c cryptoObject_delegate$lambda$0;
                    cryptoObject_delegate$lambda$0 = BiometricAuthentication.AuthOperation.cryptoObject_delegate$lambda$0(BiometricAuthentication.AuthOperation.this);
                    return cryptoObject_delegate$lambda$0;
                }
            });
        }

        public static final ma0.c cryptoObject_delegate$lambda$0(AuthOperation authOperation) {
            return new ma0.c(authOperation.cipher);
        }

        @Override // com.content.account.ExternalAuthOperation
        public ByteString execute(ByteString input) {
            a23.g(input, "input");
            ByteString.Companion companion = ByteString.INSTANCE;
            byte[] doFinal = this.cipher.doFinal(input.toByteArray());
            a23.f(doFinal, "doFinal(...)");
            companion.getClass();
            return ByteString.Companion.d(doFinal, 0, -1234567890);
        }

        public final ma0.c getCryptoObject() {
            return (ma0.c) this.cryptoObject.getValue();
        }
    }

    @Metadata(d1 = {"\u00006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010%\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u0000 \u001a*\u0004\b\u0000\u0010\u00012\b\u0012\u0004\u0012\u00028\u00000\u0002:\u0001\u001aB\u001b\u0012\u0012\u0010\u0005\u001a\u000e\u0012\u0004\u0012\u00028\u0000\u0012\u0004\u0012\u00020\u00040\u0003¢\u0006\u0004\b\u0006\u0010\u0007J=\u0010\u0010\u001a\u0004\u0018\u00010\u000f2\u0006\u0010\b\u001a\u00028\u00002\u0006\u0010\t\u001a\u00020\u00042\u0006\u0010\u000b\u001a\u00020\n2\u0012\u0010\u000e\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\r0\fH\u0016¢\u0006\u0004\b\u0010\u0010\u0011R \u0010\u0005\u001a\u000e\u0012\u0004\u0012\u00028\u0000\u0012\u0004\u0012\u00020\u00040\u00038\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010\u0012R#\u0010\u0019\u001a\n \u0014*\u0004\u0018\u00010\u00130\u00138BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0015\u0010\u0016\u001a\u0004\b\u0017\u0010\u0018¨\u0006\u001b"}, d2 = {"Lcom/pcloud/biometric/BiometricAuthentication$OperationsFactory;", "T", "Lcom/pcloud/account/ExternalAuthOperation$Factory;", "Lkotlin/Function1;", "", "keyAliasProvider", "<init>", "(Lnm2;)V", "target", "type", "Lcom/pcloud/account/ExternalAuthOperation$Mode;", "mode", "", "Lokio/ByteString;", "state", "Lcom/pcloud/account/ExternalAuthOperation;", "create", "(Ljava/lang/Object;Ljava/lang/String;Lcom/pcloud/account/ExternalAuthOperation$Mode;Ljava/util/Map;)Lcom/pcloud/account/ExternalAuthOperation;", "Lnm2;", "Ljava/security/KeyStore;", "kotlin.jvm.PlatformType", "keyStore$delegate", "Ldh3;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore", "Companion", "biometric_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class OperationsFactory<T> implements ExternalAuthOperation.Factory<T> {
        private static final String CIPHER_MODE = "AES/GCM/NoPadding";

        /* renamed from: Companion, reason: from kotlin metadata */
        public static final Companion INSTANCE = new Companion(null);
        private static final String KEY_AUTH_TAG_SIZE = "biometric_unlock_auth_tag_size";
        private static final String KEY_IV = "biometric_unlock_iv";
        private static final int KEY_SIZE_BITS = 256;
        private final nm2<T, String> keyAliasProvider;

        /* renamed from: keyStore$delegate, reason: from kotlin metadata */
        private final dh3 keyStore;

        @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u0005H\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0005X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0005X\u0082T¢\u0006\u0002\n\u0000¨\u0006\r"}, d2 = {"Lcom/pcloud/biometric/BiometricAuthentication$OperationsFactory$Companion;", "", "<init>", "()V", "CIPHER_MODE", "", "KEY_SIZE_BITS", "", "KEY_IV", "KEY_AUTH_TAG_SIZE", "generateKey", "Ljava/security/Key;", "keyAlias", "biometric_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
        /* loaded from: classes.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(eh1 eh1Var) {
                this();
            }

            public final Key generateKey(String keyAlias) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(keyAlias, 3).setBlockModes("GCM").setRandomizedEncryptionRequired(true).setKeySize(256).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true);
                int i = Build.VERSION.SDK_INT;
                if (i >= 30) {
                    userAuthenticationRequired.setUserAuthenticationParameters(0, 2);
                } else {
                    userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
                }
                KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment = userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
                a23.f(invalidatedByBiometricEnrollment, "setInvalidatedByBiometricEnrollment(...)");
                if (i >= 28) {
                    try {
                        invalidatedByBiometricEnrollment.setIsStrongBoxBacked(true);
                        keyGenerator.init(invalidatedByBiometricEnrollment.build());
                        SecretKey generateKey = keyGenerator.generateKey();
                        a23.f(generateKey, "generateKey(...)");
                        return generateKey;
                    } catch (StrongBoxUnavailableException unused) {
                        invalidatedByBiometricEnrollment.setIsStrongBoxBacked(false);
                    }
                }
                keyGenerator.init(invalidatedByBiometricEnrollment.build());
                SecretKey generateKey2 = keyGenerator.generateKey();
                a23.f(generateKey2, "generateKey(...)");
                return generateKey2;
            }
        }

        @Metadata(k = 3, mv = {2, 1, 0}, xi = 48)
        /* loaded from: classes.dex */
        public /* synthetic */ class WhenMappings {
            public static final /* synthetic */ int[] $EnumSwitchMapping$0;

            static {
                int[] iArr = new int[ExternalAuthOperation.Mode.values().length];
                try {
                    iArr[ExternalAuthOperation.Mode.Encrypt.ordinal()] = 1;
                } catch (NoSuchFieldError unused) {
                }
                try {
                    iArr[ExternalAuthOperation.Mode.Decrypt.ordinal()] = 2;
                } catch (NoSuchFieldError unused2) {
                }
                $EnumSwitchMapping$0 = iArr;
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        public OperationsFactory(nm2<? super T, String> nm2Var) {
            a23.g(nm2Var, "keyAliasProvider");
            this.keyAliasProvider = nm2Var;
            this.keyStore = a77.l(new k6(3));
        }

        private final KeyStore getKeyStore() {
            return (KeyStore) this.keyStore.getValue();
        }

        public static final KeyStore keyStore_delegate$lambda$1() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }

        @Override // com.pcloud.account.ExternalAuthOperation.Factory
        public ExternalAuthOperation create(T target, String type, ExternalAuthOperation.Mode mode, Map<String, ByteString> state) {
            Cipher cipher;
            byte[] byteArray;
            a23.g(type, "type");
            a23.g(mode, "mode");
            a23.g(state, "state");
            if (!type.equals(BiometricAuthentication.AUTH_TYPE)) {
                return null;
            }
            String invoke = this.keyAliasProvider.invoke(target);
            int i = WhenMappings.$EnumSwitchMapping$0[mode.ordinal()];
            if (i == 1) {
                getKeyStore().deleteEntry(invoke);
                Key generateKey = INSTANCE.generateKey(invoke);
                Cipher cipher2 = Cipher.getInstance(CIPHER_MODE);
                cipher2.init(1, generateKey);
                GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) cipher2.getParameters().getParameterSpec(GCMParameterSpec.class);
                ByteString.Companion companion = ByteString.INSTANCE;
                byte[] iv = gCMParameterSpec.getIV();
                a23.f(iv, "getIV(...)");
                companion.getClass();
                state.put(KEY_IV, ByteString.Companion.d(iv, 0, -1234567890));
                int tLen = gCMParameterSpec.getTLen();
                de0 de0Var = new de0();
                de0Var.y0(tLen);
                state.put(KEY_AUTH_TAG_SIZE, de0Var.k(de0Var.c));
                cipher = cipher2;
            } else {
                if (i != 2) {
                    throw new NoWhenBranchMatchedException();
                }
                Key key = getKeyStore().getKey(invoke, null);
                if (key == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key found for target: " + target, null, 2, null);
                }
                ByteString byteString = state.get(KEY_IV);
                if (byteString == null || (byteArray = byteString.toByteArray()) == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key IV stored for target: " + target, null, 2, null);
                }
                ByteString byteString2 = state.get(KEY_AUTH_TAG_SIZE);
                if (byteString2 == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key auth tag size stored for target: " + target, null, 2, null);
                }
                de0 de0Var2 = new de0();
                de0Var2.l0(byteString2);
                GCMParameterSpec gCMParameterSpec2 = new GCMParameterSpec(de0Var2.T(), byteArray);
                cipher = Cipher.getInstance(CIPHER_MODE);
                try {
                    cipher.init(2, key, gCMParameterSpec2);
                } catch (KeyPermanentlyInvalidatedException e) {
                    getKeyStore().deleteEntry(invoke);
                    throw new ExternalAuthenticationInvalidatedException(e.getMessage(), e);
                }
            }
            return new AuthOperation(mode, cipher);
        }
    }

    private BiometricAuthentication() {
    }

    public final ma0.c getAuthOperationObject(ExternalAuthOperation operation) {
        a23.g(operation, "operation");
        if (operation instanceof AuthOperation) {
            return ((AuthOperation) operation).getCryptoObject();
        }
        d75 d75Var = c75.a;
        throw new IllegalArgumentException(("Invalid operation type, expected " + d75Var.b(AuthOperation.class) + ", but was " + d75Var.b(operation.getClass())).toString());
    }
}
