package com.pingidentity.v2.pincode;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.compose.runtime.internal.StabilityInferred;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.i2;
import kotlin.jvm.internal.l0;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@StabilityInferred(parameters = 0)
/* loaded from: classes4.dex */
public final class p {

    /* renamed from: f, reason: collision with root package name */
    public static final int f27383f = 8;

    /* renamed from: a, reason: collision with root package name */
    @k7.m
    private Logger f27384a;

    /* renamed from: b, reason: collision with root package name */
    @k7.l
    private final String f27385b = "hash_key";

    /* renamed from: c, reason: collision with root package name */
    @k7.l
    private final String f27386c = "hash_key_salt";

    /* renamed from: d, reason: collision with root package name */
    @k7.l
    private final String f27387d = "hash_key_encryption_salt";

    /* renamed from: e, reason: collision with root package name */
    @k7.l
    private final String f27388e = "PingIDKeyPinAlias";

    private final String e(String str, byte[] bArr) {
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] hash pin code");
        }
        if (bArr == null) {
            bArr = c();
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        Charset UTF_8 = StandardCharsets.UTF_8;
        l0.o(UTF_8, "UTF_8");
        byte[] bytes = str.getBytes(UTF_8);
        l0.o(bytes, "getBytes(...)");
        byte[] digest = messageDigest.digest(bytes);
        c.f27349a.l(this.f27386c, Base64.encodeToString(bArr, 2));
        String encodeToString = Base64.encodeToString(digest, 0);
        l0.o(encodeToString, "encodeToString(...)");
        return encodeToString;
    }

    private final void p() {
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] removeSecretKeyFromKeyStore start");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(com.accells.access.e.f3173b);
            keyStore.load(null);
            keyStore.deleteEntry(this.f27388e);
            if (keyStore.containsAlias(this.f27388e)) {
                Logger k9 = k();
                if (k9 != null) {
                    k9.error("[PIN_CODE] Pin code key failed to be removed from key store");
                    return;
                }
                return;
            }
            Logger k10 = k();
            if (k10 != null) {
                k10.info("[PIN_CODE] Pin code key removed successfully from key store");
            }
        } catch (Exception e8) {
            Logger k11 = k();
            if (k11 != null) {
                k11.error("[PIN_CODE] removeSecretKeyFromKeyStore exception", (Throwable) e8);
            }
        }
    }

    private final String q() {
        SecretKey l8 = l();
        if (l8 != null) {
            return d(l8);
        }
        Logger k8 = k();
        if (k8 == null) {
            return null;
        }
        k8.error("[PIN_CODE] Cannot decrypt pin code hash - secret key is null");
        return null;
    }

    public final void a(@k7.l String newPinCode, @k7.l e iPinCodeCreateCallBack) {
        l0.p(newPinCode, "newPinCode");
        l0.p(iPinCodeCreateCallBack, "iPinCodeCreateCallBack");
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] changePinCode start");
        }
        n();
        b(newPinCode, iPinCodeCreateCallBack);
    }

    public final void b(@k7.l String pinCode, @k7.l e iPinCodeCreateCallBack) {
        l0.p(pinCode, "pinCode");
        l0.p(iPinCodeCreateCallBack, "iPinCodeCreateCallBack");
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] createAndSavePinCode start");
        }
        i2 i2Var = null;
        String e8 = e(pinCode, null);
        SecretKey l8 = l();
        if (l8 != null) {
            String f8 = f(l8, e8);
            if (f8 != null) {
                c.f27349a.l(this.f27385b, f8);
                new k().w(pinCode.length());
                iPinCodeCreateCallBack.a();
                Logger k9 = k();
                if (k9 != null) {
                    k9.info("[PIN_CODE] Created and saved pin code successfully");
                    i2Var = i2.f39420a;
                }
            }
            if (i2Var != null) {
                return;
            }
        }
        Logger k10 = k();
        if (k10 != null) {
            k10.error("[PIN_CODE] Cannot encrypt pin code hash - secret key is null");
        }
        iPinCodeCreateCallBack.b();
    }

    @k7.l
    public final byte[] c() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @k7.m
    public final String d(@k7.l SecretKey secretKey) {
        l0.p(secretKey, "secretKey");
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] decode = Base64.decode(i(), 2);
            if (decode == null) {
                Logger k8 = k();
                if (k8 != null) {
                    k8.error("[PIN_CODE] Has NO decryption salt in prefs");
                }
                return null;
            }
            cipher.init(2, secretKey, new GCMParameterSpec(128, decode));
            byte[] doFinal = cipher.doFinal(Base64.decode(h(), 2));
            l0.o(doFinal, "doFinal(...)");
            Logger k9 = k();
            if (k9 != null) {
                k9.info("[PIN_CODE] pin code hash decrypted successfully");
            }
            Charset UTF_8 = StandardCharsets.UTF_8;
            l0.o(UTF_8, "UTF_8");
            String str = new String(doFinal, UTF_8);
            Logger k10 = k();
            if (k10 != null) {
                k10.debug("[PIN_CODE] decoded - " + str);
            }
            return str;
        } catch (Exception e8) {
            Logger k11 = k();
            if (k11 != null) {
                k11.error("[PIN_CODE] Failed to decrypt pin code hash", (Throwable) e8);
            }
            return null;
        }
    }

    @k7.m
    public final String f(@k7.l SecretKey secretKey, @k7.l String pinCodeHashEncoded) {
        l0.p(secretKey, "secretKey");
        l0.p(pinCodeHashEncoded, "pinCodeHashEncoded");
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            Charset UTF_8 = StandardCharsets.UTF_8;
            l0.o(UTF_8, "UTF_8");
            byte[] bytes = pinCodeHashEncoded.getBytes(UTF_8);
            l0.o(bytes, "getBytes(...)");
            byte[] doFinal = cipher.doFinal(bytes);
            l0.o(doFinal, "doFinal(...)");
            c.f27349a.l(this.f27387d, Base64.encodeToString(cipher.getIV(), 2));
            Logger k8 = k();
            if (k8 != null) {
                k8.info("[PIN_CODE] pin code hash encrypted successfully");
            }
            return Base64.encodeToString(doFinal, 2);
        } catch (Exception e8) {
            Logger k9 = k();
            if (k9 != null) {
                k9.error("[PIN_CODE] Failed to encrypt pin code hash", (Throwable) e8);
            }
            return null;
        }
    }

    @k7.m
    public final synchronized SecretKey g() {
        SecretKey generateKey;
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] generate encryption key for pin code hash - started");
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.accells.access.e.f3173b);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.f27388e, 3);
            builder.setBlockModes(com.google.android.gms.stats.a.f16157w0);
            builder.setEncryptionPaddings("NoPadding");
            builder.setKeySize(256);
            KeyGenParameterSpec build = builder.build();
            l0.o(build, "build(...)");
            try {
                keyGenerator.init(build);
                generateKey = keyGenerator.generateKey();
                Logger k9 = k();
                if (k9 != null) {
                    k9.info("[PIN_CODE] AES secret key generated");
                }
            } catch (InvalidAlgorithmParameterException e8) {
                Logger k10 = k();
                if (k10 != null) {
                    k10.error("[PIN_CODE] Error generating secret key", (Throwable) e8);
                }
                return null;
            }
        } catch (GeneralSecurityException e9) {
            Logger k11 = k();
            if (k11 != null) {
                k11.error("[PIN_CODE] Error generating secret key", (Throwable) e9);
            }
            return null;
        }
        return generateKey;
    }

    @k7.m
    public final String h() {
        return c.i(this.f27385b, null);
    }

    @k7.m
    public final String i() {
        return c.i(this.f27387d, null);
    }

    @k7.m
    public final String j() {
        return c.i(this.f27386c, null);
    }

    @k7.m
    public final Logger k() {
        if (this.f27384a == null) {
            this.f27384a = LoggerFactory.getLogger((Class<?>) p.class);
        }
        return this.f27384a;
    }

    @k7.m
    public final SecretKey l() {
        try {
            Logger k8 = k();
            if (k8 != null) {
                k8.info("[PIN_CODE] getOrGenerateEncryptionKeyForPinCodeHash start");
            }
            KeyStore keyStore = KeyStore.getInstance(com.accells.access.e.f3173b);
            keyStore.load(null);
            if (!keyStore.containsAlias(this.f27388e)) {
                return g();
            }
            KeyStore.Entry entry = keyStore.getEntry(this.f27388e, null);
            l0.n(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        } catch (Exception e8) {
            Logger k9 = k();
            if (k9 == null) {
                return null;
            }
            k9.error("[PIN_CODE] getPinCodeHashEncryptionKey exception", (Throwable) e8);
            return null;
        }
    }

    public final boolean m() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.accells.access.e.f3173b);
            keyStore.load(null);
            boolean containsAlias = keyStore.containsAlias(this.f27388e);
            Logger k8 = k();
            if (k8 == null) {
                return containsAlias;
            }
            k8.info("[PIN_CODE] hasEncryptionKeyForPinCodeHash " + containsAlias);
            return containsAlias;
        } catch (Exception e8) {
            Logger k9 = k();
            if (k9 != null) {
                k9.error("[PIN_CODE] hasEncryptionKeyForPinCodeHash exception", (Throwable) e8);
            }
            return false;
        }
    }

    public final void n() {
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] removePinCode start");
        }
        p();
        c.f27349a.b();
    }

    public final void o(int i8) {
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] removePinCodeForDataCenter " + i8 + " start");
        }
        c.f27349a.f(i8);
    }

    public final boolean r(@k7.l String enteredPin) {
        l0.p(enteredPin, "enteredPin");
        Logger k8 = k();
        if (k8 != null) {
            k8.info("[PIN_CODE] Validating entered pin code");
        }
        String q8 = q();
        if (q8 == null) {
            return false;
        }
        Logger k9 = k();
        if (k9 != null) {
            k9.debug("[PIN_CODE] Validating entered pin code - got savedPinCodeHash");
        }
        return l0.g(q8, e(enteredPin, Base64.decode(j(), 2)));
    }
}
