package com.walmart.core.auth.authenticator.fingerprint;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import walmartlabs.electrode.util.logging.ELog;

/* loaded from: classes6.dex */
public class FingerprintCryptoManager {
    private static final String ANDROID_KEYSTORE_NAME = "AndroidKeyStore";
    private static final AlgorithmParameterSpec CIPHER_PARAMETER_SPEC = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
    private static final String KEY_NAME = "wm_auth_key_pair";
    private static final String RSA_CIPHER_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static volatile FingerprintCryptoManager sInstance;
    private Cipher mCipher;
    private boolean mInitialized;
    private KeyPairGenerator mKeyGenerator;
    private KeyStore mKeyStore;

    private FingerprintCryptoManager() {
    }

    private void deleteKey() {
        ELog.d(this, "deleteKey()");
        try {
            this.mKeyStore.deleteEntry(KEY_NAME);
        } catch (KeyStoreException e) {
            logException("deleteKey()", e);
        }
    }

    public static FingerprintCryptoManager get() {
        if (sInstance == null) {
            sInstance = new FingerprintCryptoManager();
            if (!sInstance.init()) {
                ELog.e(FingerprintCryptoManager.class, "Initialization failed");
            }
        }
        return sInstance;
    }

    private PublicKey getPublicKey() {
        if (!this.mInitialized) {
            return null;
        }
        try {
            if (!this.mKeyStore.containsAlias(KEY_NAME)) {
                return null;
            }
            if (this.mKeyStore.getCertificate(KEY_NAME) != null) {
                PublicKey publicKey = this.mKeyStore.getCertificate(KEY_NAME).getPublicKey();
                return KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
            }
            ELog.e(this, "getPublicKey(): certificate is null: " + this.mKeyStore.isCertificateEntry(KEY_NAME) + FingerprintContext.get().fingerprintAvailable(), new Throwable("getCertificate() returned null"));
            return null;
        } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            logException("getPublicKey()", e);
            return null;
        }
    }

    private boolean init() {
        boolean z = setupKeyStore() && setupKeyGenerator() && setupCipher();
        this.mInitialized = z;
        return z;
    }

    private void logException(String str, Throwable th) {
        ELog.e(this, str + ": [Exception] " + th.getMessage(), th);
    }

    private void resetFingerprintEnrollState() {
        ELog.d(this, "resetFingerprintEnrollState()");
        FingerprintContext.get().setUserHasBeenOffered(false);
        FingerprintContext.get().setUserHasOptedIn(false);
    }

    @TargetApi(23)
    private boolean setupCipher() {
        ELog.d(this, "setupCipher()");
        if (!FingerprintContext.get().fingerprintAvailable()) {
            return false;
        }
        try {
            this.mCipher = Cipher.getInstance(RSA_CIPHER_TRANSFORMATION);
            return true;
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            logException("setupCipher()", e);
            return false;
        }
    }

    @TargetApi(23)
    private boolean setupKeyGenerator() {
        ELog.d(this, "setupKeyGenerator()");
        if (!FingerprintContext.get().fingerprintAvailable()) {
            return false;
        }
        try {
            this.mKeyGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE_NAME);
            return true;
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            logException("setupKeyGenerator()", e);
            return false;
        }
    }

    private boolean setupKeyStore() {
        ELog.d(this, "setupKeyStore()");
        try {
            this.mKeyStore = KeyStore.getInstance(ANDROID_KEYSTORE_NAME);
            return true;
        } catch (KeyStoreException e) {
            logException("setupKeyStore()", e);
            return false;
        }
    }

    @TargetApi(23)
    public boolean createKey() {
        ELog.d(this, "createKey()");
        if (!this.mInitialized || !FingerprintContext.get().fingerprintAvailable()) {
            return false;
        }
        try {
            this.mKeyStore.load(null);
            if (this.mKeyStore.containsAlias(KEY_NAME)) {
                ELog.d(this, "createKey(): Already exists, skipping");
                return true;
            }
            this.mKeyGenerator.initialize(new KeyGenParameterSpec.Builder(KEY_NAME, 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").setUserAuthenticationRequired(true).build());
            this.mKeyGenerator.generateKeyPair();
            return true;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | ProviderException | CertificateException e) {
            logException("createKey()", e);
            return false;
        }
    }

    public Cipher getCipher() {
        ELog.d(this, "getCipher()");
        return this.mCipher;
    }

    @TargetApi(23)
    public boolean initCipher() {
        ELog.d(this, "initCipher()");
        if (this.mInitialized && FingerprintContext.get().fingerprintAvailable()) {
            try {
                this.mKeyStore.load(null);
                PrivateKey privateKey = (PrivateKey) this.mKeyStore.getKey(KEY_NAME, null);
                if (privateKey == null) {
                    ELog.d(this, "initCipher(): [Failure] Key does not exist");
                    return false;
                }
                this.mCipher.init(4, privateKey);
                ELog.d(this, "initCipher(): [Success]");
                return true;
            } catch (KeyPermanentlyInvalidatedException e) {
                ELog.w(this, "initCipher(): [Key permanently invalidated] " + e.getMessage());
                resetFingerprintEnrollState();
                deleteKey();
            } catch (IOException e2) {
                e = e2;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            } catch (InvalidKeyException e3) {
                e = e3;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            } catch (KeyStoreException e4) {
                e = e4;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            } catch (NoSuchAlgorithmException e5) {
                e = e5;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            } catch (UnrecoverableKeyException e6) {
                e = e6;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            } catch (CertificateException e7) {
                e = e7;
                resetFingerprintEnrollState();
                deleteKey();
                logException("initCipher()", e);
                ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
                return false;
            }
        }
        ELog.d(this, "initCipher(): [Failure] Not initialized or fingerprint is not supported");
        return false;
    }

    @Nullable
    @TargetApi(23)
    public Key unwrapKey(@NonNull String str) {
        try {
            return this.mCipher.unwrap(Base64.decode(str, 2), "AES", 3);
        } catch (GeneralSecurityException e) {
            logException("unwrapKey()", e);
            return null;
        }
    }

    @Nullable
    public String wrapKey(@NonNull Key key) {
        try {
            PublicKey publicKey = getPublicKey();
            if (publicKey == null) {
                return null;
            }
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_TRANSFORMATION);
            cipher.init(3, publicKey, CIPHER_PARAMETER_SPEC);
            return Base64.encodeToString(cipher.wrap(key), 2);
        } catch (GeneralSecurityException e) {
            logException("wrapKey()", e);
            return null;
        }
    }
}
