package com.azure.authenticator.authentication.mfa;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.support.v4.hardware.fingerprint.FingerprintManagerCompat;
import android.support.v4.os.CancellationSignal;
import android.text.TextUtils;
import android.util.Base64;
import com.azure.authenticator.PhoneFactorApplication;
import com.azure.authenticator.authentication.mfa.IFingerprintAuthentication;
import com.azure.authenticator.storage.Storage;
import com.azure.authenticator.storage.database.LocalAccounts;
import com.azure.authenticator.telemetry.TelemetryConstants;
import com.microsoft.authenticator.core.common.Assertion;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.onlineid.sts.Cryptography;
import java.security.KeyStore;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public class FingerprintAuthentication implements IFingerprintAuthentication {
    private static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    private static final String KEY_ALIAS_FORMAT = "MS_Authenticator_MFA_%s_%s";
    private Context _applicationContext;
    private AuthRequestDetails _authRequestDetails;
    private CancellationSignal _cancellationSignal;
    private Cipher _cipher;
    private FingerprintManagerCompat _fingerprintManager;
    private String _keyAlias;
    private Storage _storage;

    public FingerprintAuthentication(Context context, AuthRequestDetails authRequestDetails) {
        this._applicationContext = context;
        this._fingerprintManager = FingerprintManagerCompat.from(context);
        this._authRequestDetails = authRequestDetails;
        this._storage = new Storage(context);
        this._keyAlias = String.format(Locale.US, KEY_ALIAS_FORMAT, authRequestDetails.getGroupKey(), authRequestDetails.getUsername());
    }

    @TargetApi(23)
    private boolean createKey() {
        try {
            KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME).load(null);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(Cryptography.AesAlgorithm, ANDROID_KEY_STORE_PROVIDER_NAME);
            keyGenerator.init(new KeyGenParameterSpec.Builder(this._keyAlias, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding").build());
            keyGenerator.generateKey();
            return true;
        } catch (Exception e) {
            PhoneFactorApplication.logger.e("Failed to create key.", e);
            PhoneFactorApplication.telemetry.trackException(e, TelemetryConstants.Scenarios.FingerprintAuthentication);
            return false;
        }
    }

    private String decrypt(Cipher cipher, String str) {
        try {
            return new String(cipher.doFinal(Base64.decode(str, 2)), Strings.Utf8Charset);
        } catch (Exception e) {
            PhoneFactorApplication.logger.e("Failed to decrypt the data with the generated key.", e);
            PhoneFactorApplication.telemetry.trackException(e, TelemetryConstants.Scenarios.FingerprintAuthentication);
            return null;
        }
    }

    @TargetApi(23)
    private void deleteKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            keyStore.deleteEntry(this._keyAlias);
        } catch (Exception e) {
            PhoneFactorApplication.logger.e("Failed to delete key.", e);
            PhoneFactorApplication.telemetry.trackException(e, TelemetryConstants.Scenarios.FingerprintAuthentication);
        }
    }

    private String encrypt(Cipher cipher, String str) {
        try {
            return Base64.encodeToString(cipher.doFinal(str.getBytes(Strings.Utf8Charset)), 2);
        } catch (Exception e) {
            PhoneFactorApplication.logger.e("Failed to encrypt the data with the generated key.", e);
            PhoneFactorApplication.telemetry.trackException(e, TelemetryConstants.Scenarios.FingerprintAuthentication);
            return null;
        }
    }

    @TargetApi(23)
    private Cipher initCipherForDecryption() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, secretKey, new IvParameterSpec(Base64.decode(this._storage.readCipherIv(this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername()), 2)));
            return cipher;
        } catch (KeyPermanentlyInvalidatedException e) {
            LocalAccounts.removeMfaAccountCachedPin(this._applicationContext, this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername());
            return null;
        } catch (Exception e2) {
            PhoneFactorApplication.logger.e("Failed to initialize cipher for decryption.", e2);
            PhoneFactorApplication.telemetry.trackException(e2, TelemetryConstants.Scenarios.FingerprintAuthentication);
            return null;
        }
    }

    @TargetApi(23)
    private Cipher initCipherForEncryption() {
        if (createKey()) {
            try {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
                keyStore.load(null);
                SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                cipher.init(1, secretKey);
                this._storage.writeCipherIv(this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername(), Base64.encodeToString(((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 2));
                return cipher;
            } catch (Exception e) {
                PhoneFactorApplication.logger.e("Failed to initialize cipher for encryption.", e);
                PhoneFactorApplication.telemetry.trackException(e, TelemetryConstants.Scenarios.FingerprintAuthentication);
            }
        }
        return null;
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public IFingerprintAuthentication.STATUS checkStatus() {
        boolean z = this._fingerprintManager.isHardwareDetected() && this._fingerprintManager.hasEnrolledFingerprints();
        boolean z2 = !TextUtils.isEmpty(LocalAccounts.getMfaAccountCachedPin(this._applicationContext, this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername()));
        boolean z3 = !TextUtils.isEmpty(this._storage.readCipherIv(this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername()));
        if (!z) {
            if (z2 || z3) {
                disable();
            }
            return IFingerprintAuthentication.STATUS.UNAVAILABLE;
        }
        if (z2 && z3) {
            return IFingerprintAuthentication.STATUS.ACTIVE;
        }
        if (!z2 && z3) {
            return IFingerprintAuthentication.STATUS.INACTIVE;
        }
        Assertion.assertTrue(z2 ? false : true);
        return IFingerprintAuthentication.STATUS.NOT_SET_UP;
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public String decryptCachedPin() {
        Assertion.assertTrue(this._cipher != null);
        return decrypt(this._cipher, LocalAccounts.getMfaAccountCachedPin(this._applicationContext, this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername()));
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public void disable() {
        LocalAccounts.removeMfaAccountCachedPin(this._applicationContext, this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername());
        this._storage.removeCipherIv(this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername());
        deleteKey();
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public boolean encryptAndCachePin(String str) {
        Assertion.assertTrue(this._cipher != null);
        return LocalAccounts.cacheMfaAccountPin(this._applicationContext, this._authRequestDetails.getGroupKey(), this._authRequestDetails.getUsername(), encrypt(this._cipher, str));
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public boolean prepareToDecryptPin() {
        this._cipher = initCipherForDecryption();
        return this._cipher != null;
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public boolean prepareToEncryptPin() {
        this._cipher = initCipherForEncryption();
        return this._cipher != null;
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public void startListening(FingerprintManagerCompat.AuthenticationCallback authenticationCallback) {
        Assertion.assertTrue(this._cipher != null);
        this._cancellationSignal = new CancellationSignal();
        this._fingerprintManager.authenticate(new FingerprintManagerCompat.CryptoObject(this._cipher), 0, this._cancellationSignal, authenticationCallback, null);
    }

    @Override // com.azure.authenticator.authentication.mfa.IFingerprintAuthentication
    public void stopListening() {
        if (this._cancellationSignal != null) {
            this._cancellationSignal.cancel();
            this._cancellationSignal = null;
        }
    }
}
