package dev.skomlach.biometric.compat.crypto;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.google.android.gms.internal.p002firebaseauthapi.e;
import com.google.android.gms.internal.p002firebaseauthapi.f;
import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface;
import dev.skomlach.biometric.compat.utils.logging.BiometricLoggerImpl;
import dev.skomlach.common.contextprovider.AndroidContext;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@RequiresApi(23)
@Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u0004H\u0016J\b\u0010\r\u001a\u00020\u000eH\u0002J\"\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u00112\b\u0010\u0012\u001a\u0004\u0018\u00010\u0013H\u0016J\u0018\u0010\u0014\u001a\u00020\u000e2\u0006\u0010\f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0018\u0010\u0015\u001a\u00020\u00162\u0006\u0010\f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\b\u0010\u0017\u001a\u00020\u0011H\u0002R\u0014\u0010\u0003\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0005\u0010\u0006R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0018"}, d2 = {"Ldev/skomlach/biometric/compat/crypto/CryptographyManagerInterfaceMarshmallowImpl;", "Ldev/skomlach/biometric/compat/crypto/CryptographyManagerInterface;", "()V", "ANDROID_KEYSTORE_PROVIDER_TYPE", "", "getANDROID_KEYSTORE_PROVIDER_TYPE", "()Ljava/lang/String;", "KEY_NAME", "context", "Landroid/content/Context;", "deleteKey", "", "keyName", "getCipher", "Ljavax/crypto/Cipher;", "getInitializedCipherForDecryption", "isUserAuthRequired", "", "initializationVector", "", "getInitializedCipherForEncryption", "getOrCreateSecretKey", "Ljavax/crypto/SecretKey;", "hasStrongBox", "biometric_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
@SourceDebugExtension({"SMAP\nCryptographyManagerInterfaceMarshmallowImpl.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CryptographyManagerInterfaceMarshmallowImpl.kt\ndev/skomlach/biometric/compat/crypto/CryptographyManagerInterfaceMarshmallowImpl\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,149:1\n1#2:150\n*E\n"})
/* loaded from: classes7.dex */
public final class CryptographyManagerInterfaceMarshmallowImpl implements CryptographyManagerInterface {

    @NotNull
    private final String KEY_NAME = "CryptographyManagerInterfaceMarshmallowImpl-" + getVersion();

    @NotNull
    private final Context context = AndroidContext.INSTANCE.getAppContext();

    private final String getANDROID_KEYSTORE_PROVIDER_TYPE() {
        return "AndroidKeyStore";
    }

    private final Cipher getCipher() {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
        return cipher;
    }

    private final SecretKey getOrCreateSecretKey(String keyName, boolean isUserAuthRequired) {
        KeyGenParameterSpec build;
        KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
        keyStore.load(null);
        Key key = keyStore.getKey(keyName, null);
        if (key != null) {
            return (SecretKey) key;
        }
        f.a();
        KeyGenParameterSpec.Builder a6 = e.a(keyName, 3);
        a6.setBlockModes(KeyPropertiesCompact.BLOCK_MODE_CBC);
        a6.setEncryptionPaddings(KeyPropertiesCompact.ENCRYPTION_PADDING_PKCS7);
        a6.setRandomizedEncryptionRequired(false);
        a6.setUserAuthenticationRequired(isUserAuthRequired);
        int i6 = Build.VERSION.SDK_INT;
        if (i6 >= 24) {
            a6.setInvalidatedByBiometricEnrollment(isUserAuthRequired);
        }
        if (i6 >= 28) {
            a6.setUserPresenceRequired(false);
            a6.setUserConfirmationRequired(false);
            a6.setIsStrongBoxBacked(hasStrongBox());
        }
        if (i6 >= 30) {
            a6.setUserAuthenticationParameters(Integer.MAX_VALUE, 3);
        } else {
            a6.setUserAuthenticationValidityDurationSeconds(Integer.MAX_VALUE);
        }
        build = a6.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyPropertiesCompact.KEY_ALGORITHM_AES, getANDROID_KEYSTORE_PROVIDER_TYPE());
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        return generateKey;
    }

    private final boolean hasStrongBox() {
        return Build.VERSION.SDK_INT >= 28 ? this.context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore") : false;
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    public void deleteKey(@NotNull String keyName) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
        keyStore.load(null);
        keyStore.deleteEntry(this.KEY_NAME + "." + keyName);
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public Cipher getInitializedCipherForDecryption(@NotNull String keyName, boolean isUserAuthRequired, @Nullable byte[] initializationVector) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        try {
            Cipher cipher = getCipher();
            cipher.init(2, getOrCreateSecretKey(this.KEY_NAME + "." + keyName, isUserAuthRequired), new IvParameterSpec(initializationVector));
            return cipher;
        } catch (Throwable th) {
            BiometricLoggerImpl.INSTANCE.e(th, "KeyName=" + this.KEY_NAME + "." + keyName + "; isUserAuthRequired=" + isUserAuthRequired);
            throw th;
        }
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public Cipher getInitializedCipherForEncryption(@NotNull String keyName, boolean isUserAuthRequired) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        try {
            Cipher cipher = getCipher();
            cipher.init(1, getOrCreateSecretKey(this.KEY_NAME + "." + keyName, isUserAuthRequired));
            return cipher;
        } catch (Throwable th) {
            BiometricLoggerImpl.INSTANCE.e(th, "KeyName=" + this.KEY_NAME + "." + keyName + "; isUserAuthRequired=" + isUserAuthRequired);
            throw th;
        }
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public String getVersion() {
        return CryptographyManagerInterface.DefaultImpls.getVersion(this);
    }
}
