package oracle.idm.mobile.auth.local;

import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.OMSecurityConstants;
import oracle.idm.mobile.crypto.OMInvalidKeyException;
import oracle.idm.mobile.crypto.OMKeyManagerException;
import oracle.idm.mobile.crypto.OMKeyStore;

/* loaded from: classes.dex */
public class OMPinAuthenticator implements f {

    /* renamed from: i, reason: collision with root package name */
    private static final String f6420i = "OMPinAuthenticator";

    /* renamed from: a, reason: collision with root package name */
    protected String f6421a;

    /* renamed from: b, reason: collision with root package name */
    protected e f6422b;

    /* renamed from: c, reason: collision with root package name */
    protected Context f6423c;

    /* renamed from: d, reason: collision with root package name */
    protected OMKeyStore f6424d;

    /* renamed from: e, reason: collision with root package name */
    protected boolean f6425e = false;

    /* renamed from: f, reason: collision with root package name */
    protected boolean f6426f = false;

    /* renamed from: g, reason: collision with root package name */
    private Key f6427g;

    /* renamed from: h, reason: collision with root package name */
    protected OMKeyStore f6428h;

    private void i(String str, byte[] bArr) {
        try {
            this.f6427g = j(str, bArr);
            if (OMSecurityConstants.f6087a) {
                k3.a.f(f6420i, "**** Inside doSetAuthData: kek = " + oracle.idm.mobile.crypto.a.d(this.f6427g.getEncoded()));
            }
            oracle.idm.mobile.crypto.e eVar = new oracle.idm.mobile.crypto.e(this.f6423c);
            try {
                this.f6424d = eVar.c(this.f6421a, this.f6427g.getEncoded());
            } catch (OMInvalidKeyException e4) {
                throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, "Invalid key. The given key is not valid to decrypt the encrypted data.", e4);
            } catch (OMKeyManagerException unused) {
            }
            if (this.f6424d == null) {
                OMKeyStore a4 = eVar.a(this.f6421a, this.f6427g.getEncoded());
                this.f6424d = a4;
                a4.d(this.f6421a, true);
            }
            OMKeyStore oMKeyStore = this.f6428h;
            if (oMKeyStore != null) {
                this.f6424d.a(oMKeyStore);
            }
            oracle.idm.mobile.crypto.f fVar = new oracle.idm.mobile.crypto.f(this.f6423c, this.f6424d, this.f6421a);
            String n3 = n();
            String k4 = k();
            fVar.d(n3, k4);
            m().edit().putString(n3, k4).putString(o(), oracle.idm.mobile.crypto.a.d(bArr)).commit();
        } catch (Exception e5) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e5.getMessage(), e5);
        }
    }

    private String k() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return oracle.idm.mobile.crypto.a.d(bArr);
    }

    private byte[] l() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void a(OMKeyStore oMKeyStore) {
        this.f6428h = oMKeyStore;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean b(d dVar) {
        if (!this.f6426f) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Authenticator not yet initialized.");
        }
        if (dVar == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "authData not set");
        }
        boolean z3 = dVar.a() instanceof String;
        Object a4 = dVar.a();
        if (!z3) {
            String name = a4.getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        }
        String str = (String) a4;
        byte[] c4 = oracle.idm.mobile.crypto.a.c(m().getString(o(), null));
        if (c4 == null) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "No salt.");
        }
        try {
            Key j4 = j(str, c4);
            if (OMSecurityConstants.f6087a) {
                k3.a.f(f6420i, "**** Inside authenticate: KEK = " + oracle.idm.mobile.crypto.a.d(j4.getEncoded()));
            }
            OMKeyStore c5 = new oracle.idm.mobile.crypto.e(this.f6423c).c(this.f6421a, j4.getEncoded());
            oracle.idm.mobile.crypto.f fVar = new oracle.idm.mobile.crypto.f(this.f6423c, c5, this.f6421a);
            String n3 = n();
            String string = m().getString(n3, null);
            String str2 = (String) fVar.b(n3);
            if (string == null || !string.equals(str2)) {
                return false;
            }
            this.f6425e = true;
            this.f6427g = j4;
            this.f6424d = c5;
            return true;
        } catch (Exception e4) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e4.getMessage(), e4);
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public OMKeyStore c() {
        return this.f6424d;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void d(d dVar) {
        Objects.requireNonNull(dVar, "authData");
        Objects.requireNonNull(dVar.a(), "authData.getData()");
        boolean z3 = dVar.a() instanceof String;
        Object a4 = dVar.a();
        if (z3) {
            String str = (String) a4;
            String string = m().getString(o(), null);
            i(str, string == null ? l() : oracle.idm.mobile.crypto.a.c(string));
        } else {
            String name = a4.getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        }
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean e() {
        if (this.f6423c == null) {
            return false;
        }
        return m().getString(n(), null) != null;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void f() {
        if (!this.f6425e) {
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_STATE, "Not authenticated");
        }
        new oracle.idm.mobile.crypto.e(this.f6423c).b(this.f6421a, this.f6427g.getEncoded());
        m().edit().remove(n()).remove(o()).commit();
        p();
    }

    @Override // oracle.idm.mobile.auth.local.f
    public boolean g() {
        return this.f6425e;
    }

    @Override // oracle.idm.mobile.auth.local.f
    public void h(Context context, String str, e eVar) {
        if (this.f6426f) {
            return;
        }
        if (TextUtils.isEmpty(str)) {
            throw new NullPointerException("authenticatorId");
        }
        this.f6421a = str;
        this.f6422b = eVar;
        this.f6423c = context;
        this.f6426f = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key j(String str, byte[] bArr) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 2000, 256));
            k3.a.a("getKeyFromPin", "getKeyFromPin took:  " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            return generateSecret;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e4) {
            throw new OMAuthenticationManagerException(OMErrorCode.INTERNAL_ERROR, e4.getMessage(), e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SharedPreferences m() {
        return this.f6423c.getSharedPreferences(OMPinAuthenticator.class.getSimpleName(), 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String n() {
        return this.f6421a + "_validation_data";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String o() {
        return this.f6421a + "_salt";
    }

    public void p() {
        this.f6426f = false;
        this.f6425e = false;
        this.f6424d = null;
        this.f6428h = null;
        this.f6427g = null;
    }

    public boolean q() {
        return this.f6426f;
    }

    public void r(d dVar, d dVar2) {
        try {
            if (!b(dVar)) {
                throw new OMAuthenticationManagerException(OMErrorCode.INCORRECT_CURRENT_AUTHDATA, "Cannot authenticate using currentAuthData");
            }
            Objects.requireNonNull(dVar2, "newAuthData");
            Objects.requireNonNull(dVar2.a(), "newAuthData.getData()");
            if (dVar2.a() instanceof String) {
                String str = (String) dVar2.a();
                byte[] l4 = l();
                new oracle.idm.mobile.crypto.e(this.f6423c).d(this.f6421a, this.f6427g.getEncoded(), j(str, l4).getEncoded());
                i(str, l4);
                return;
            }
            String name = dVar2.a().getClass().getName();
            throw new OMAuthenticationManagerException(OMErrorCode.INVALID_INPUT, "OMAuthData.getData() must return a String object not [" + name + "]");
        } catch (OMAuthenticationManagerException e4) {
            throw new OMAuthenticationManagerException(OMErrorCode.INCORRECT_CURRENT_AUTHDATA, "Cannot authenticate using currentAuthData", e4);
        }
    }
}
