package com.pcloud.biometric;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.StrongBoxUnavailableException;
import com.pcloud.account.ExternalAuthOperation;
import com.pcloud.account.ExternalAuthenticationInvalidatedException;
import com.pcloud.biometric.BiometricAuthentication;
import com.pcloud.crypto.DefaultCryptoManager;
import com.pcloud.ui.DragAndDropTracking;
import defpackage.kx4;
import defpackage.na0;
import defpackage.nc5;
import defpackage.p52;
import defpackage.pe0;
import defpackage.ug0;
import defpackage.w54;
import defpackage.xa5;
import defpackage.xx8;
import defpackage.y54;
import java.security.Key;
import java.security.KeyStore;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.NoWhenBranchMatchedException;

/* loaded from: classes4.dex */
public final class BiometricAuthentication {
    public static final String AUTH_TYPE = "android_biometric";
    public static final BiometricAuthentication INSTANCE = new BiometricAuthentication();

    /* loaded from: classes4.dex */
    public static final class AuthOperation extends ExternalAuthOperation {
        private final Cipher cipher;
        private final xa5 cryptoObject$delegate;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public AuthOperation(ExternalAuthOperation.Mode mode, Cipher cipher) {
            super(BiometricAuthentication.AUTH_TYPE, mode);
            kx4.g(mode, DragAndDropTracking.Mode.ATTRIBUTE_KEY);
            kx4.g(cipher, "cipher");
            this.cipher = cipher;
            this.cryptoObject$delegate = nc5.a(new w54() { // from class: com.pcloud.biometric.a
                @Override // defpackage.w54
                public final Object invoke() {
                    na0.c cryptoObject_delegate$lambda$0;
                    cryptoObject_delegate$lambda$0 = BiometricAuthentication.AuthOperation.cryptoObject_delegate$lambda$0(BiometricAuthentication.AuthOperation.this);
                    return cryptoObject_delegate$lambda$0;
                }
            });
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final na0.c cryptoObject_delegate$lambda$0(AuthOperation authOperation) {
            return new na0.c(authOperation.cipher);
        }

        @Override // com.pcloud.account.ExternalAuthOperation
        public ug0 execute(ug0 ug0Var) {
            kx4.g(ug0Var, "input");
            ug0.a aVar = ug0.i;
            byte[] doFinal = this.cipher.doFinal(ug0Var.P());
            kx4.f(doFinal, "doFinal(...)");
            return ug0.a.g(aVar, doFinal, 0, 0, 3, null);
        }

        public final na0.c getCryptoObject() {
            return (na0.c) this.cryptoObject$delegate.getValue();
        }
    }

    /* loaded from: classes4.dex */
    public static final class OperationsFactory<T> implements ExternalAuthOperation.Factory<T> {
        private static final String CIPHER_MODE = "AES/GCM/NoPadding";
        public static final Companion Companion = new Companion(null);
        private static final String KEY_AUTH_TAG_SIZE = "biometric_unlock_auth_tag_size";
        private static final String KEY_IV = "biometric_unlock_iv";
        private static final int KEY_SIZE_BITS = 256;
        private final y54<T, String> keyAliasProvider;
        private final xa5 keyStore$delegate;

        /* loaded from: classes4.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(p52 p52Var) {
                this();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public final Key generateKey(String str) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(DefaultCryptoManager.Companion.ExternalAuthKeySpecs.KeyType, "AndroidKeyStore");
                KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setRandomizedEncryptionRequired(true).setKeySize(256).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true);
                int i = Build.VERSION.SDK_INT;
                if (i >= 30) {
                    userAuthenticationRequired.setUserAuthenticationParameters(0, 2);
                } else {
                    userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
                }
                KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment = userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
                kx4.f(invalidatedByBiometricEnrollment, "setInvalidatedByBiometricEnrollment(...)");
                if (i >= 28) {
                    try {
                        invalidatedByBiometricEnrollment.setIsStrongBoxBacked(true);
                        keyGenerator.init(invalidatedByBiometricEnrollment.build());
                        SecretKey generateKey = keyGenerator.generateKey();
                        kx4.f(generateKey, "generateKey(...)");
                        return generateKey;
                    } catch (StrongBoxUnavailableException unused) {
                        invalidatedByBiometricEnrollment.setIsStrongBoxBacked(false);
                    }
                }
                keyGenerator.init(invalidatedByBiometricEnrollment.build());
                SecretKey generateKey2 = keyGenerator.generateKey();
                kx4.f(generateKey2, "generateKey(...)");
                return generateKey2;
            }
        }

        /* loaded from: classes4.dex */
        public /* synthetic */ class WhenMappings {
            public static final /* synthetic */ int[] $EnumSwitchMapping$0;

            static {
                int[] iArr = new int[ExternalAuthOperation.Mode.values().length];
                try {
                    iArr[ExternalAuthOperation.Mode.Encrypt.ordinal()] = 1;
                } catch (NoSuchFieldError unused) {
                }
                try {
                    iArr[ExternalAuthOperation.Mode.Decrypt.ordinal()] = 2;
                } catch (NoSuchFieldError unused2) {
                }
                $EnumSwitchMapping$0 = iArr;
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        public OperationsFactory(y54<? super T, String> y54Var) {
            kx4.g(y54Var, "keyAliasProvider");
            this.keyAliasProvider = y54Var;
            this.keyStore$delegate = nc5.a(new w54() { // from class: w90
                @Override // defpackage.w54
                public final Object invoke() {
                    KeyStore keyStore_delegate$lambda$1;
                    keyStore_delegate$lambda$1 = BiometricAuthentication.OperationsFactory.keyStore_delegate$lambda$1();
                    return keyStore_delegate$lambda$1;
                }
            });
        }

        private final KeyStore getKeyStore() {
            return (KeyStore) this.keyStore$delegate.getValue();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final KeyStore keyStore_delegate$lambda$1() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }

        @Override // com.pcloud.account.ExternalAuthOperation.Factory
        public ExternalAuthOperation create(T t, String str, ExternalAuthOperation.Mode mode, Map<String, ug0> map) {
            Cipher cipher;
            byte[] P;
            kx4.g(str, "type");
            kx4.g(mode, DragAndDropTracking.Mode.ATTRIBUTE_KEY);
            kx4.g(map, "state");
            if (!kx4.b(str, BiometricAuthentication.AUTH_TYPE)) {
                return null;
            }
            String invoke = this.keyAliasProvider.invoke(t);
            int i = WhenMappings.$EnumSwitchMapping$0[mode.ordinal()];
            if (i == 1) {
                getKeyStore().deleteEntry(invoke);
                Key generateKey = Companion.generateKey(invoke);
                Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
                cipher2.init(1, generateKey);
                GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) cipher2.getParameters().getParameterSpec(GCMParameterSpec.class);
                ug0.a aVar = ug0.i;
                byte[] iv = gCMParameterSpec.getIV();
                kx4.f(iv, "getIV(...)");
                map.put(KEY_IV, ug0.a.g(aVar, iv, 0, 0, 3, null));
                int tLen = gCMParameterSpec.getTLen();
                pe0 pe0Var = new pe0();
                pe0Var.w(tLen);
                map.put(KEY_AUTH_TAG_SIZE, pe0Var.b0());
                cipher = cipher2;
            } else {
                if (i != 2) {
                    throw new NoWhenBranchMatchedException();
                }
                Key key = getKeyStore().getKey(invoke, null);
                if (key == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key found for target: " + t, null, 2, null);
                }
                ug0 ug0Var = map.get(KEY_IV);
                if (ug0Var == null || (P = ug0Var.P()) == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key IV stored for target: " + t, null, 2, null);
                }
                ug0 ug0Var2 = map.get(KEY_AUTH_TAG_SIZE);
                if (ug0Var2 == null) {
                    throw new ExternalAuthenticationInvalidatedException("No biometric key auth tag size stored for target: " + t, null, 2, null);
                }
                pe0 pe0Var2 = new pe0();
                pe0Var2.H(ug0Var2);
                GCMParameterSpec gCMParameterSpec2 = new GCMParameterSpec(pe0Var2.readInt(), P);
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
                try {
                    cipher.init(2, key, gCMParameterSpec2);
                } catch (KeyPermanentlyInvalidatedException e) {
                    getKeyStore().deleteEntry(invoke);
                    throw new ExternalAuthenticationInvalidatedException(e.getMessage(), e);
                }
            }
            kx4.d(cipher);
            return new AuthOperation(mode, cipher);
        }
    }

    private BiometricAuthentication() {
    }

    public final na0.c getAuthOperationObject(ExternalAuthOperation externalAuthOperation) {
        kx4.g(externalAuthOperation, "operation");
        if (externalAuthOperation instanceof AuthOperation) {
            return ((AuthOperation) externalAuthOperation).getCryptoObject();
        }
        throw new IllegalArgumentException(("Invalid operation type, expected " + xx8.b(AuthOperation.class) + ", but was " + xx8.b(externalAuthOperation.getClass())).toString());
    }
}
