package com.Slack.utils.secondaryauth;

import android.annotation.TargetApi;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.FragmentActivity;
import com.Slack.utils.configuration.AppBuildConfigImpl;
import com.Slack.utils.mdm.MdmConfiguration;
import com.Slack.utils.secondaryauth.SecondaryAuthHelper;
import com.Slack.utils.secondaryauth.providers.CipherProviderImpl;
import com.Slack.utils.secondaryauth.providers.KeyGeneratorProviderImpl;
import com.Slack.utils.secondaryauth.providers.KeyStoreProviderImpl;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.android.material.shape.MaterialShapeUtils;
import io.reactivex.Completable;
import io.reactivex.CompletableEmitter;
import io.reactivex.CompletableOnSubscribe;
import io.reactivex.internal.operators.completable.CompletableCreate;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.EmptySet;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.EventLoopKt;
import slack.commons.configuration.AppBuildConfig;
import slack.commons.security.Cryptographer;
import slack.commons.security.SlackCrypto;
import slack.corelib.accountmanager.AccountManager;
import slack.corelib.featureflag.FeatureFlagStore;
import slack.corelib.prefs.AppSharedPrefs;
import slack.corelib.prefs.PrefsManager;
import slack.corelib.prefs.TeamSharedPrefs;
import slack.featureflag.Feature;

/* compiled from: SecondaryAuthHelper.kt */
/* loaded from: classes.dex */
public final class SecondaryAuthHelperImpl implements SecondaryAuthHelper {
    public final AccountManager accountManager;
    public final AppBuildConfig appBuildConfig;
    public final AppSharedPrefs appPrefs;
    public final CipherProviderImpl cipherProvider;
    public final FeatureFlagStore featureFlagStore;
    public final KeyGeneratorProviderImpl keyGeneratorProvider;
    public final KeyStoreProviderImpl keyStoreProvider;
    public final MdmConfiguration mdmConfig;
    public final SlackCrypto slackCrypto;
    public final TeamSharedPrefs teamPrefs;
    public final Cryptographer tinkCrypto;

    public SecondaryAuthHelperImpl(PrefsManager prefsManager, SlackCrypto slackCrypto, Cryptographer cryptographer, MdmConfiguration mdmConfiguration, AccountManager accountManager, FeatureFlagStore featureFlagStore, AppBuildConfig appBuildConfig) {
        if (prefsManager == null) {
            Intrinsics.throwParameterIsNullException("prefsManager");
            throw null;
        }
        if (slackCrypto == null) {
            Intrinsics.throwParameterIsNullException("slackCrypto");
            throw null;
        }
        if (cryptographer == null) {
            Intrinsics.throwParameterIsNullException("tinkCrypto");
            throw null;
        }
        if (mdmConfiguration == null) {
            Intrinsics.throwParameterIsNullException("mdmConfig");
            throw null;
        }
        if (accountManager == null) {
            Intrinsics.throwParameterIsNullException("accountManager");
            throw null;
        }
        if (featureFlagStore == null) {
            Intrinsics.throwParameterIsNullException("featureFlagStore");
            throw null;
        }
        if (appBuildConfig == null) {
            Intrinsics.throwParameterIsNullException("appBuildConfig");
            throw null;
        }
        KeyStoreProviderImpl keyStoreProviderImpl = new KeyStoreProviderImpl();
        KeyGeneratorProviderImpl keyGeneratorProviderImpl = new KeyGeneratorProviderImpl();
        CipherProviderImpl cipherProviderImpl = new CipherProviderImpl();
        this.slackCrypto = slackCrypto;
        this.tinkCrypto = cryptographer;
        this.mdmConfig = mdmConfiguration;
        this.accountManager = accountManager;
        this.keyStoreProvider = keyStoreProviderImpl;
        this.keyGeneratorProvider = keyGeneratorProviderImpl;
        this.cipherProvider = cipherProviderImpl;
        this.featureFlagStore = featureFlagStore;
        this.appBuildConfig = appBuildConfig;
        this.appPrefs = prefsManager.getAppPrefs();
        this.teamPrefs = prefsManager.getTeamPrefs();
    }

    public void clearFailureCounter() {
        AppSharedPrefs appPrefs = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs, "appPrefs");
        GeneratedOutlineSupport.outline76(appPrefs.prefStorage, "secondary_auth_failures", "");
        AppSharedPrefs appPrefs2 = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs2, "appPrefs");
        GeneratedOutlineSupport.outline76(appPrefs2.prefStorage, "secondary_auth_tink_failures", "");
    }

    public void clearSecondaryAuthEnrollment() {
        AppSharedPrefs appPrefs = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs, "appPrefs");
        EmptySet emptySet = EmptySet.INSTANCE;
        SharedPreferences.Editor edit = appPrefs.prefStorage.edit();
        edit.putStringSet("secondary_auth_methods", emptySet);
        edit.apply();
        clearFailureCounter();
        AppSharedPrefs appPrefs2 = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs2, "appPrefs");
        GeneratedOutlineSupport.outline76(appPrefs2.prefStorage, "secondary_auth_pin", "");
        AppSharedPrefs appPrefs3 = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs3, "appPrefs");
        appPrefs3.setIsUsingInsecureAuth(false);
        if (this.keyStoreProvider == null) {
            throw null;
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("secondary_auth");
    }

    public Set<SecondaryAuthHelper.AuthType> getAuthTypesEnrolled() {
        AppSharedPrefs appPrefs = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs, "appPrefs");
        Set<String> secondaryAuthMethods = appPrefs.getSecondaryAuthMethods();
        Intrinsics.checkExpressionValueIsNotNull(secondaryAuthMethods, "appPrefs.secondaryAuthMethods");
        ArrayList arrayList = new ArrayList(MaterialShapeUtils.collectionSizeOrDefault(secondaryAuthMethods, 10));
        for (String it : secondaryAuthMethods) {
            Intrinsics.checkExpressionValueIsNotNull(it, "it");
            arrayList.add(SecondaryAuthHelper.AuthType.valueOf(it));
        }
        return ArraysKt___ArraysKt.toSet(arrayList);
    }

    public final Cipher getCipher() {
        try {
            if (this.cipherProvider == null) {
                throw null;
            }
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            if (this.keyStoreProvider == null) {
                throw null;
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            cipher.init(1, keyStore.getKey("secondary_auth", null));
            return cipher;
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public int getFailureCount() {
        AppSharedPrefs appPrefs = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs, "appPrefs");
        String tinkEncryptedValue = appPrefs.prefStorage.getString("secondary_auth_tink_failures", "");
        Intrinsics.checkExpressionValueIsNotNull(tinkEncryptedValue, "tinkEncryptedValue");
        if (tinkEncryptedValue.length() > 0) {
            String clearText = EventLoopKt.getClearText(this.tinkCrypto.decrypt(tinkEncryptedValue));
            if (clearText != null) {
                return Integer.parseInt(clearText);
            }
            return 0;
        }
        AppSharedPrefs appPrefs2 = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs2, "appPrefs");
        String encryptedValue = appPrefs2.prefStorage.getString("secondary_auth_failures", "");
        Intrinsics.checkExpressionValueIsNotNull(encryptedValue, "encryptedValue");
        if (encryptedValue.length() == 0) {
            return 0;
        }
        String clearText2 = EventLoopKt.getClearText(this.slackCrypto.decrypt(encryptedValue));
        int parseInt = clearText2 != null ? Integer.parseInt(clearText2) : 0;
        AppSharedPrefs appPrefs3 = this.appPrefs;
        Intrinsics.checkExpressionValueIsNotNull(appPrefs3, "appPrefs");
        String encrypt = this.tinkCrypto.encrypt(String.valueOf(parseInt));
        GeneratedOutlineSupport.outline76(appPrefs3.prefStorage, "secondary_auth_tink_failures", encrypt != null ? encrypt : "");
        return parseInt;
    }

    public boolean getShouldShowEnrollment() {
        return !this.mdmConfig.inMdmContext && isSecondaryAuthEnabled() && getAuthTypesEnrolled().isEmpty();
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0071  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x0077  */
    /* JADX WARN: Removed duplicated region for block: B:21:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean getShouldShowPrompt() {
        /*
            r11 = this;
            boolean r0 = r11.isSecondaryAuthEnabled()
            r1 = 1
            r2 = 0
            if (r0 == 0) goto L7d
            slack.corelib.prefs.AppSharedPrefs r0 = r11.appPrefs
            java.lang.String r3 = "appPrefs"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r0, r3)
            android.content.SharedPreferences r0 = r0.prefStorage
            java.lang.String r4 = "secondary_auth_auth_mode"
            boolean r0 = r0.getBoolean(r4, r2)
            if (r0 != 0) goto L79
            slack.corelib.prefs.AppSharedPrefs r0 = r11.appPrefs
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r0, r3)
            r4 = 0
            java.lang.String r6 = "last_secondary_auth"
            long r6 = r0.getLong(r6, r4)
            slack.corelib.prefs.AppSharedPrefs r0 = r11.appPrefs
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r0, r3)
            java.lang.String r8 = "last_backgrounded"
            long r9 = r0.getLong(r8, r4)
            int r0 = (r6 > r9 ? 1 : (r6 == r9 ? 0 : -1))
            if (r0 <= 0) goto L38
            r0 = 1
            goto L39
        L38:
            r0 = 0
        L39:
            if (r0 != 0) goto L73
            boolean r0 = r11.isEnabledForDogfood()
            if (r0 == 0) goto L48
            r6 = 5000(0x1388, double:2.4703E-320)
            java.lang.Long r0 = java.lang.Long.valueOf(r6)
            goto L54
        L48:
            slack.corelib.prefs.TeamSharedPrefs r0 = r11.teamPrefs
            java.lang.String r6 = "teamPrefs"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r0, r6)
            java.lang.Long r0 = r0.getSecondaryAuthTimeoutMillis()
        L54:
            if (r0 == 0) goto L6e
            long r6 = r0.longValue()
            long r9 = java.lang.System.currentTimeMillis()
            slack.corelib.prefs.AppSharedPrefs r0 = r11.appPrefs
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r0, r3)
            long r3 = r0.getLong(r8, r4)
            long r9 = r9 - r3
            int r0 = (r9 > r6 ? 1 : (r9 == r6 ? 0 : -1))
            if (r0 <= 0) goto L6e
            r0 = 1
            goto L6f
        L6e:
            r0 = 0
        L6f:
            if (r0 == 0) goto L73
            r0 = 1
            goto L74
        L73:
            r0 = 0
        L74:
            if (r0 == 0) goto L77
            goto L79
        L77:
            r0 = 0
            goto L7a
        L79:
            r0 = 1
        L7a:
            if (r0 == 0) goto L7d
            goto L7e
        L7d:
            r1 = 0
        L7e:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.Slack.utils.secondaryauth.SecondaryAuthHelperImpl.getShouldShowPrompt():boolean");
    }

    public boolean isDeviceSupported(Context context) {
        if (Build.VERSION.SDK_INT >= 23) {
            Object systemService = context.getSystemService("keyguard");
            if (systemService == null) {
                throw new TypeCastException("null cannot be cast to non-null type android.app.KeyguardManager");
            }
            if (((KeyguardManager) systemService).isDeviceSecure()) {
                return true;
            }
        }
        return false;
    }

    public final boolean isEnabledForDogfood() {
        return this.featureFlagStore.isEnabled(Feature.SECONDARY_AUTH_DOGFOOD) && ((AppBuildConfigImpl) this.appBuildConfig).isDogfood();
    }

    public boolean isFaceUnlockEnabled() {
        return this.featureFlagStore.isEnabled(Feature.SECONDARY_AUTH_FACE);
    }

    @TargetApi(29)
    public boolean isFaceUnlockSupported(Context context) {
        return Build.VERSION.SDK_INT >= 23 && context.getPackageManager().hasSystemFeature("android.hardware.biometrics.face");
    }

    public boolean isKeystoreValid() {
        return Build.VERSION.SDK_INT <= 23 || getAuthTypesEnrolled().isEmpty() || getCipher() != null;
    }

    public boolean isSecondaryAuthEnabled() {
        TeamSharedPrefs teamPrefs = this.teamPrefs;
        Intrinsics.checkExpressionValueIsNotNull(teamPrefs, "teamPrefs");
        return ((teamPrefs.getSecondaryAuthTimeoutMillis() != null) && !this.mdmConfig.inMdmContext) || isEnabledForDogfood();
    }

    @TargetApi(23)
    public final boolean performKeyGeneration(boolean z) {
        if (this.keyGeneratorProvider == null) {
            throw null;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("secondary_auth", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkExpressionValueIsNotNull(encryptionPaddings, "KeyGenParameterSpec.Buil….ENCRYPTION_PADDING_NONE)");
        if (z) {
            encryptionPaddings.setUserAuthenticationValidityDurationSeconds((int) TimeUnit.MINUTES.toSeconds(1440L)).setUserAuthenticationRequired(true);
            AppSharedPrefs appPrefs = this.appPrefs;
            Intrinsics.checkExpressionValueIsNotNull(appPrefs, "appPrefs");
            appPrefs.setIsUsingInsecureAuth(false);
        } else {
            AppSharedPrefs appPrefs2 = this.appPrefs;
            Intrinsics.checkExpressionValueIsNotNull(appPrefs2, "appPrefs");
            appPrefs2.setIsUsingInsecureAuth(true);
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            keyGenerator.generateKey();
            return true;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public Completable validateBiometricPrompt(final FragmentActivity fragmentActivity, final BiometricPrompt.PromptInfo promptInfo) {
        if (fragmentActivity == null) {
            Intrinsics.throwParameterIsNullException("activity");
            throw null;
        }
        final Cipher cipher = getCipher();
        if (cipher != null) {
            Completable create = Completable.create(new CompletableOnSubscribe() { // from class: com.Slack.utils.secondaryauth.SecondaryAuthHelperImpl$validateBiometricPrompt$$inlined$let$lambda$1

                /* compiled from: SecondaryAuthHelper.kt */
                /* renamed from: com.Slack.utils.secondaryauth.SecondaryAuthHelperImpl$validateBiometricPrompt$$inlined$let$lambda$1$1, reason: invalid class name */
                /* loaded from: classes.dex */
                public final class AnonymousClass1 extends BiometricPrompt.AuthenticationCallback {
                    public final /* synthetic */ CompletableEmitter $emitter;

                    public AnonymousClass1(CompletableEmitter completableEmitter) {
                        this.$emitter = completableEmitter;
                    }

                    @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                    public void onAuthenticationError(int i, CharSequence charSequence) {
                        Throwable hardwareUnavailableException;
                        if (charSequence == null) {
                            Intrinsics.throwParameterIsNullException("errString");
                            throw null;
                        }
                        CompletableEmitter completableEmitter = this.$emitter;
                        switch (i) {
                            case 1:
                                hardwareUnavailableException = new HardwareUnavailableException(charSequence);
                                break;
                            case 2:
                                hardwareUnavailableException = new ProcessingException(charSequence);
                                break;
                            case 3:
                                hardwareUnavailableException = new TimeoutException(charSequence);
                                break;
                            case 4:
                                hardwareUnavailableException = new NoSpaceException(charSequence);
                                break;
                            case 5:
                                hardwareUnavailableException = new CancelledException(charSequence);
                                break;
                            case 6:
                            default:
                                hardwareUnavailableException = new UnknownException(charSequence);
                                break;
                            case 7:
                            case 9:
                                hardwareUnavailableException = new LockoutException(charSequence);
                                break;
                            case 8:
                                hardwareUnavailableException = new UnknownException(charSequence);
                                break;
                            case 10:
                            case 13:
                                hardwareUnavailableException = new UserCancelledException(charSequence);
                                break;
                            case 11:
                            case 12:
                                hardwareUnavailableException = new HardwareNotPresentException(charSequence);
                                break;
                        }
                        if (((CompletableCreate.Emitter) completableEmitter).tryOnError(hardwareUnavailableException)) {
                            return;
                        }
                        MaterialShapeUtils.onError(hardwareUnavailableException);
                    }

                    @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                    public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult authenticationResult) {
                        if (authenticationResult != null) {
                            ((CompletableCreate.Emitter) this.$emitter).onComplete();
                        } else {
                            Intrinsics.throwParameterIsNullException("result");
                            throw null;
                        }
                    }
                }

                @Override // io.reactivex.CompletableOnSubscribe
                public final void subscribe(CompletableEmitter completableEmitter) {
                    BiometricPrompt biometricPrompt = new BiometricPrompt(fragmentActivity, Executors.newSingleThreadExecutor(), new AnonymousClass1(completableEmitter));
                    BiometricPrompt.PromptInfo promptInfo2 = promptInfo;
                    BiometricPrompt.CryptoObject cryptoObject = new BiometricPrompt.CryptoObject(cipher);
                    if (promptInfo2 == null) {
                        throw new IllegalArgumentException("PromptInfo can not be null");
                    }
                    if (promptInfo2.mBundle.getBoolean("allow_device_credential")) {
                        throw new IllegalArgumentException("Device credential not supported with crypto");
                    }
                    biometricPrompt.authenticateInternal(promptInfo2, cryptoObject);
                }
            });
            Intrinsics.checkExpressionValueIsNotNull(create, "Completable.create { emi…ect(cipherValue))\n      }");
            return create;
        }
        Completable error = Completable.error(new KeystoreException(null, 1));
        Intrinsics.checkExpressionValueIsNotNull(error, "Completable.error(KeystoreException())");
        return error;
    }
}
