package com.oblador.keychain;

import android.os.Build;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Log;
import androidx.biometric.BiometricPrompt;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.AssertionException;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import com.oblador.keychain.KeychainModule;
import com.oblador.keychain.f;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import kc.a;
import kc.h;
import kc.i;
import kc.j;

/* loaded from: classes.dex */
public class KeychainModule extends ReactContextBaseJavaModule {
    public static final String EMPTY_STRING = "";
    public static final String FINGERPRINT_SUPPORTED_NAME = "Fingerprint";
    public static final String KEYCHAIN_MODULE = "RNKeychainManager";
    private static final String LOG_TAG = "KeychainModule";
    private final Map<String, kc.a> cipherStorageMap;
    private final f prefsStorage;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class a extends BiometricPrompt.b implements a.d {

        /* renamed from: a, reason: collision with root package name */
        private a.c f13357a;

        /* renamed from: b, reason: collision with root package name */
        private Throwable f13358b;

        /* renamed from: c, reason: collision with root package name */
        private final kc.c f13359c;

        /* renamed from: d, reason: collision with root package name */
        private final Executor f13360d;

        /* renamed from: e, reason: collision with root package name */
        private a.b f13361e;

        private a(kc.a aVar) {
            this.f13360d = Executors.newSingleThreadExecutor();
            this.f13359c = (kc.c) aVar;
        }

        @Override // kc.a.f
        public a.c a() {
            return this.f13357a;
        }

        @Override // kc.a.d
        public void b(a.b bVar) {
            this.f13361e = bVar;
            if (com.oblador.keychain.a.b(KeychainModule.this.getReactApplicationContext())) {
                h();
            } else {
                c(null, new lc.a("Could not start fingerprint Authentication. No permissions granted."));
            }
        }

        @Override // kc.a.d
        public void c(a.c cVar, Throwable th2) {
            this.f13357a = cVar;
            this.f13358b = th2;
            synchronized (this) {
                notifyAll();
            }
        }

        @Override // kc.a.f
        public Throwable d() {
            return this.f13358b;
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void e(int i10, CharSequence charSequence) {
            c(null, new lc.a("code: " + i10 + ", msg: " + ((Object) charSequence)));
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void f() {
            c(null, new lc.a("Authentication failed. User Not recognized."));
        }

        @Override // androidx.biometric.BiometricPrompt.b
        public void g(BiometricPrompt.c cVar) {
            try {
                a.b bVar = this.f13361e;
                if (bVar == null) {
                    throw new NullPointerException("Decrypt context is not assigned yet.");
                }
                String k10 = this.f13359c.k(bVar.f18615c, (byte[]) bVar.f18613a);
                kc.c cVar2 = this.f13359c;
                a.b bVar2 = this.f13361e;
                c(new a.c(k10, cVar2.k(bVar2.f18615c, (byte[]) bVar2.f18614b)), null);
            } catch (Throwable th2) {
                c(null, th2);
            }
        }

        public void h() {
            androidx.fragment.app.e eVar = (androidx.fragment.app.e) KeychainModule.this.getCurrentActivity();
            if (eVar == null) {
                throw new NullPointerException("Not assigned current activity");
            }
            if (Thread.currentThread() == Looper.getMainLooper().getThread()) {
                new BiometricPrompt(eVar, this.f13360d, this).s(new BiometricPrompt.e.a().d("Authentication required").b("Cancel").c("Please use biometric authentication to unlock the app").a());
            } else {
                eVar.runOnUiThread(new Runnable() { // from class: com.oblador.keychain.c
                    @Override // java.lang.Runnable
                    public final void run() {
                        KeychainModule.a.this.h();
                    }
                });
                i();
            }
        }

        public void i() {
            if (Thread.currentThread() == Looper.getMainLooper().getThread()) {
                throw new AssertionException("method should not be executed from MAIN thread");
            }
            Log.i(KeychainModule.KEYCHAIN_MODULE, "blocking thread. waiting for done UI operation.");
            try {
                synchronized (this) {
                    wait();
                }
            } catch (InterruptedException unused) {
            }
            Log.i(KeychainModule.KEYCHAIN_MODULE, "unblocking thread.");
        }
    }

    public KeychainModule(ReactApplicationContext reactApplicationContext) {
        super(reactApplicationContext);
        this.cipherStorageMap = new HashMap();
        this.prefsStorage = new f(reactApplicationContext);
        addCipherStorageToMap(new h(reactApplicationContext));
        addCipherStorageToMap(new i());
        addCipherStorageToMap(new j());
    }

    private void addCipherStorageToMap(kc.a aVar) {
        this.cipherStorageMap.put(aVar.b(), aVar);
    }

    private a.c decryptCredentials(String str, kc.a aVar, f.a aVar2, String str2) {
        String str3 = aVar2.f13366c;
        if (str3.equals(aVar.b())) {
            return decryptToResult(str, aVar, aVar2);
        }
        kc.a cipherStorageByName = getCipherStorageByName(str3);
        if (cipherStorageByName != null) {
            a.c decryptToResult = decryptToResult(str, cipherStorageByName, aVar2);
            if ("automaticUpgradeToMoreSecuredStorage".equals(str2)) {
                try {
                    migrateCipherStorage(str, aVar, cipherStorageByName, decryptToResult);
                } catch (lc.a unused) {
                    Log.w(KEYCHAIN_MODULE, "Migrating to a less safe storage is not allowed. Keeping the old one");
                }
            }
            return decryptToResult;
        }
        throw new lc.c("Wrong cipher storage name '" + str3 + "' or cipher not available");
    }

    private a.c decryptToResult(String str, kc.a aVar, f.a aVar2) {
        a.d interactiveHandler = getInteractiveHandler(aVar);
        aVar.i(interactiveHandler, str, (byte[]) aVar2.f18613a, (byte[]) aVar2.f18614b, g.ANY);
        lc.a.a(interactiveHandler.d());
        if (interactiveHandler.a() != null) {
            return interactiveHandler.a();
        }
        throw new lc.a("No decryption results and no error. Something deeply wrong!");
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap) {
        return getAccessControlOrDefault(readableMap, "BiometryAny");
    }

    private static String getAccessControlOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("accessControl")) ? null : readableMap.getString("accessControl");
        return string == null ? str : string;
    }

    private static String getAliasOrDefault(String str) {
        return str == null ? EMPTY_STRING : str;
    }

    private g getSecurityLevel(boolean z10) {
        try {
            kc.a cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel(z10);
            g a10 = cipherStorageForCurrentAPILevel.a();
            g gVar = g.SECURE_SOFTWARE;
            return !a10.j(gVar) ? g.ANY : cipherStorageForCurrentAPILevel.h() ? g.SECURE_HARDWARE : gVar;
        } catch (lc.a e10) {
            Log.w(KEYCHAIN_MODULE, "Security Level Exception: " + e10.getMessage(), e10);
            return g.ANY;
        }
    }

    private static g getSecurityLevelOrDefault(ReadableMap readableMap) {
        return getSecurityLevelOrDefault(readableMap, g.ANY.name());
    }

    private static g getSecurityLevelOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("securityLevel")) ? null : readableMap.getString("securityLevel");
        if (string != null) {
            str = string;
        }
        return g.valueOf(str);
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap) {
        return getSecurityRulesOrDefault(readableMap, "automaticUpgradeToMoreSecuredStorage");
    }

    private static String getSecurityRulesOrDefault(ReadableMap readableMap, String str) {
        String string = (readableMap == null || !readableMap.hasKey("rules")) ? null : readableMap.getString("accessControl");
        return string == null ? str : string;
    }

    private kc.a getSelectedStorage(ReadableMap readableMap) {
        boolean useBiometry = getUseBiometry(getAccessControlOrDefault(readableMap));
        String specificStorageOrDefault = getSpecificStorageOrDefault(readableMap);
        kc.a cipherStorageByName = specificStorageOrDefault != null ? getCipherStorageByName(specificStorageOrDefault) : null;
        return cipherStorageByName == null ? getCipherStorageForCurrentAPILevel(useBiometry) : cipherStorageByName;
    }

    private static String getServiceOrDefault(ReadableMap readableMap) {
        return getAliasOrDefault((readableMap == null || !readableMap.hasKey("service")) ? null : readableMap.getString("service"));
    }

    private static String getSpecificStorageOrDefault(ReadableMap readableMap) {
        if (readableMap == null || !readableMap.hasKey("storage")) {
            return null;
        }
        return readableMap.getString("storage");
    }

    public static boolean getUseBiometry(String str) {
        return "BiometryAny".equals(str) || "BiometryCurrentSet".equals(str) || "BiometryAnyOrDevicePasscode".equals(str) || "BiometryCurrentSetOrDevicePasscode".equals(str) || str == null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void internalWarmingBestCipher() {
        try {
            long nanoTime = System.nanoTime();
            Log.v(KEYCHAIN_MODULE, "warming up started at " + nanoTime);
            kc.c cVar = (kc.c) getCipherStorageForCurrentAPILevel();
            cVar.s();
            cVar.r("warmingUp", cVar.h() ? g.SECURE_HARDWARE : g.SECURE_SOFTWARE);
            cVar.y();
            Log.v(KEYCHAIN_MODULE, "warming up takes: " + TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime) + " ms");
        } catch (Throwable th2) {
            Log.e(KEYCHAIN_MODULE, "warming up failed!", th2);
        }
    }

    public static void throwIfEmptyLoginPassword(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new lc.b("you passed empty or null username/password");
        }
    }

    public static void throwIfInsufficientLevel(kc.a aVar, g gVar) {
        if (!aVar.a().j(gVar)) {
            throw new lc.a(String.format("Cipher Storage is too weak. Required security level is: %s, but only %s is provided", gVar.name(), aVar.a().name()));
        }
    }

    public static KeychainModule withWarming(ReactApplicationContext reactApplicationContext) {
        final KeychainModule keychainModule = new KeychainModule(reactApplicationContext);
        Thread thread = new Thread(new Runnable() { // from class: com.oblador.keychain.b
            @Override // java.lang.Runnable
            public final void run() {
                KeychainModule.this.internalWarmingBestCipher();
            }
        }, "keychain-warming-up");
        thread.setDaemon(true);
        thread.start();
        return keychainModule;
    }

    kc.a getCipherStorageByName(String str) {
        return this.cipherStorageMap.get(str);
    }

    kc.a getCipherStorageForCurrentAPILevel() {
        return getCipherStorageForCurrentAPILevel(true);
    }

    kc.a getCipherStorageForCurrentAPILevel(boolean z10) {
        int i10 = Build.VERSION.SDK_INT;
        boolean z11 = isFingerprintAuthAvailable() && z10;
        kc.a aVar = null;
        for (kc.a aVar2 : this.cipherStorageMap.values()) {
            Log.d(KEYCHAIN_MODULE, "Probe cipher storage: " + aVar2.getClass().getSimpleName());
            int e10 = aVar2.e();
            int d10 = aVar2.d();
            if (e10 <= i10 && (aVar == null || d10 >= aVar.d())) {
                if (!aVar2.f() || z11) {
                    aVar = aVar2;
                }
            }
        }
        if (aVar == null) {
            throw new lc.a("Unsupported Android SDK " + Build.VERSION.SDK_INT);
        }
        Log.d(KEYCHAIN_MODULE, "Selected storage: " + aVar.getClass().getSimpleName());
        return aVar;
    }

    @Override // com.facebook.react.bridge.BaseJavaModule
    public Map<String, Object> getConstants() {
        HashMap hashMap = new HashMap();
        g gVar = g.ANY;
        hashMap.put(gVar.h(), gVar.name());
        g gVar2 = g.SECURE_SOFTWARE;
        hashMap.put(gVar2.h(), gVar2.name());
        g gVar3 = g.SECURE_HARDWARE;
        hashMap.put(gVar3.h(), gVar3.name());
        return hashMap;
    }

    protected void getGenericPassword(String str, ReadableMap readableMap, Promise promise) {
        String str2;
        try {
            f.a e10 = this.prefsStorage.e(str);
            if (e10 == null) {
                Log.e(KEYCHAIN_MODULE, "No entry found for service: " + str);
                promise.resolve(Boolean.FALSE);
                return;
            }
            kc.a cipherStorageForCurrentAPILevel = getCipherStorageForCurrentAPILevel(getUseBiometry(getAccessControlOrDefault(readableMap)));
            a.c decryptCredentials = decryptCredentials(str, cipherStorageForCurrentAPILevel, e10, getSecurityRulesOrDefault(readableMap));
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("username", (String) decryptCredentials.f18613a);
            createMap.putString("password", (String) decryptCredentials.f18614b);
            createMap.putString("storage", cipherStorageForCurrentAPILevel.b());
            promise.resolve(createMap);
        } catch (lc.a e11) {
            e = e11;
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            str2 = "E_CRYPTO_FAILED";
            promise.reject(str2, e);
        } catch (lc.c e12) {
            e = e12;
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            str2 = "E_KEYSTORE_ACCESS_ERROR";
            promise.reject(str2, e);
        } catch (Throwable th2) {
            e = th2;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str2 = "E_UNKNOWN_ERROR";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void getGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        getGenericPassword(getServiceOrDefault(readableMap), readableMap, promise);
    }

    protected a.d getInteractiveHandler(kc.a aVar) {
        return aVar.f() ? new a(aVar) : new j.a();
    }

    @ReactMethod
    public void getInternetCredentialsForServer(String str, ReadableMap readableMap, Promise promise) {
        getGenericPassword(str, readableMap, promise);
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return KEYCHAIN_MODULE;
    }

    @ReactMethod
    public void getSecurityLevel(ReadableMap readableMap, Promise promise) {
        promise.resolve(getSecurityLevel(getUseBiometry(getAccessControlOrDefault(readableMap))).name());
    }

    @ReactMethod
    public void getSupportedBiometryType(Promise promise) {
        String str;
        try {
            promise.resolve(isFingerprintAuthAvailable() ? FINGERPRINT_SUPPORTED_NAME : null);
        } catch (Exception e10) {
            e = e10;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str = "E_SUPPORTED_BIOMETRY_ERROR";
            promise.reject(str, e);
        } catch (Throwable th2) {
            e = th2;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str = "E_UNKNOWN_ERROR";
            promise.reject(str, e);
        }
    }

    @ReactMethod
    public void hasInternetCredentialsForServer(String str, Promise promise) {
        String aliasOrDefault = getAliasOrDefault(str);
        f.a e10 = this.prefsStorage.e(aliasOrDefault);
        if (e10 != null) {
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", aliasOrDefault);
            createMap.putString("storage", e10.f13366c);
            promise.resolve(createMap);
            return;
        }
        Log.e(KEYCHAIN_MODULE, "No entry found for service: " + aliasOrDefault);
        promise.resolve(Boolean.FALSE);
    }

    boolean isFingerprintAuthAvailable() {
        return com.oblador.keychain.a.a(getReactApplicationContext());
    }

    boolean isSecureHardwareAvailable() {
        try {
            return getCipherStorageForCurrentAPILevel().h();
        } catch (lc.a unused) {
            return false;
        }
    }

    void migrateCipherStorage(String str, kc.a aVar, kc.a aVar2, a.c cVar) {
        this.prefsStorage.j(str, aVar.c(str, (String) cVar.f18613a, (String) cVar.f18614b, cVar.a()));
        aVar2.g(str);
    }

    protected void resetGenericPassword(String str, Promise promise) {
        String str2;
        kc.a cipherStorageByName;
        try {
            f.a e10 = this.prefsStorage.e(str);
            if (e10 != null && (cipherStorageByName = getCipherStorageByName(e10.f13366c)) != null) {
                cipherStorageByName.g(str);
            }
            this.prefsStorage.i(str);
            promise.resolve(Boolean.TRUE);
        } catch (lc.c e11) {
            e = e11;
            Log.e(KEYCHAIN_MODULE, e.getMessage());
            str2 = "E_KEYSTORE_ACCESS_ERROR";
            promise.reject(str2, e);
        } catch (Throwable th2) {
            e = th2;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str2 = "E_UNKNOWN_ERROR";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void resetGenericPasswordForOptions(ReadableMap readableMap, Promise promise) {
        resetGenericPassword(getServiceOrDefault(readableMap), promise);
    }

    @ReactMethod
    public void resetInternetCredentialsForServer(String str, Promise promise) {
        resetGenericPassword(str, promise);
    }

    protected void setGenericPassword(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        String str4;
        try {
            throwIfEmptyLoginPassword(str2, str3);
            g securityLevelOrDefault = getSecurityLevelOrDefault(readableMap);
            kc.a selectedStorage = getSelectedStorage(readableMap);
            throwIfInsufficientLevel(selectedStorage, securityLevelOrDefault);
            this.prefsStorage.j(str, selectedStorage.c(str, str2, str3, securityLevelOrDefault));
            WritableMap createMap = Arguments.createMap();
            createMap.putString("service", str);
            createMap.putString("storage", selectedStorage.b());
            promise.resolve(createMap);
        } catch (lc.a e10) {
            e = e10;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str4 = "E_CRYPTO_FAILED";
            promise.reject(str4, e);
        } catch (lc.b e11) {
            e = e11;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str4 = "E_EMPTY_PARAMETERS";
            promise.reject(str4, e);
        } catch (Throwable th2) {
            e = th2;
            Log.e(KEYCHAIN_MODULE, e.getMessage(), e);
            str4 = "E_UNKNOWN_ERROR";
            promise.reject(str4, e);
        }
    }

    @ReactMethod
    public void setGenericPasswordForOptions(ReadableMap readableMap, String str, String str2, Promise promise) {
        setGenericPassword(getServiceOrDefault(readableMap), str, str2, readableMap, promise);
    }

    @ReactMethod
    public void setInternetCredentialsForServer(String str, String str2, String str3, ReadableMap readableMap, Promise promise) {
        setGenericPassword(str, str2, str3, readableMap, promise);
    }
}
