package slack.app.utils.secondaryauth;

import android.annotation.TargetApi;
import android.app.KeyguardManager;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.media.session.MediaSessionCompat;
import android.util.Log;
import androidx.biometric.BiometricFragment;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.biometric.BiometricViewModel;
import androidx.biometric.R$string;
import androidx.fragment.app.BackStackRecord;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentActivity;
import androidx.fragment.app.FragmentManager;
import com.google.android.gms.common.util.zzc;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.CompletableEmitter;
import io.reactivex.rxjava3.core.CompletableOnSubscribe;
import io.reactivex.rxjava3.functions.Cancellable;
import io.reactivex.rxjava3.internal.disposables.CancellableDisposable;
import io.reactivex.rxjava3.internal.disposables.DisposableHelper;
import io.reactivex.rxjava3.internal.operators.completable.CompletableCreate;
import io.reactivex.rxjava3.internal.operators.completable.CompletableError;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.EmptySet;
import kotlin.jvm.internal.Intrinsics;
import slack.app.buildconfig.AppBuildConfigImpl;
import slack.app.ui.secondaryauth.SecondaryAuthFragment;
import slack.app.utils.secondaryauth.providers.CipherProviderImpl;
import slack.app.utils.secondaryauth.providers.KeyGeneratorProviderImpl;
import slack.app.utils.secondaryauth.providers.KeyStoreProviderImpl;
import slack.commons.configuration.AppBuildConfig;
import slack.corelib.accountmanager.AccountManager;
import slack.corelib.featureflag.FeatureFlagStore;
import slack.corelib.prefs.AppSharedPrefs;
import slack.corelib.prefs.PrefsManager;
import slack.corelib.prefs.PrefsManagerImpl;
import slack.crypto.security.Cryptographer;
import slack.featureflag.Feature;
import slack.model.enterprise.MdmConfiguration;
import slack.securitychecks.checks.SecondaryAuthSecurityCheck;
import slack.securitychecks.checks.SecondaryAuthSecurityCheckHelper;

/* compiled from: SecondaryAuthHelper.kt */
/* loaded from: classes2.dex */
public final class SecondaryAuthHelperImpl implements SecondaryAuthHelper {
    public final AccountManager accountManager;
    public final AppSharedPrefs appPrefs;
    public final CipherProviderImpl cipherProvider;
    public final FeatureFlagStore featureFlagStore;
    public final boolean isUnderTest;
    public final KeyGeneratorProviderImpl keyGeneratorProvider;
    public final KeyStoreProviderImpl keyStoreProvider;
    public final MdmConfiguration mdmConfig;
    public final SecondaryAuthSecurityCheckHelper secondaryAuthSecurityCheckHelper;
    public final Cryptographer tinkCrypto;

    /* compiled from: SecondaryAuthHelper.kt */
    /* loaded from: classes2.dex */
    public final class UnableToPeformTinkCryptoException extends RuntimeException {
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public UnableToPeformTinkCryptoException(Throwable cause) {
            super(cause);
            Intrinsics.checkNotNullParameter(cause, "cause");
        }
    }

    public SecondaryAuthHelperImpl(AppBuildConfig appBuildConfig, PrefsManager prefsManager, Cryptographer tinkCrypto, MdmConfiguration mdmConfig, AccountManager accountManager, FeatureFlagStore featureFlagStore, SecondaryAuthSecurityCheckHelper secondaryAuthSecurityCheckHelper) {
        Intrinsics.checkNotNullParameter(appBuildConfig, "appBuildConfig");
        Intrinsics.checkNotNullParameter(prefsManager, "prefsManager");
        Intrinsics.checkNotNullParameter(tinkCrypto, "tinkCrypto");
        Intrinsics.checkNotNullParameter(mdmConfig, "mdmConfig");
        Intrinsics.checkNotNullParameter(accountManager, "accountManager");
        Intrinsics.checkNotNullParameter(featureFlagStore, "featureFlagStore");
        Intrinsics.checkNotNullParameter(secondaryAuthSecurityCheckHelper, "secondaryAuthSecurityCheckHelper");
        KeyStoreProviderImpl keyStoreProvider = new KeyStoreProviderImpl();
        KeyGeneratorProviderImpl keyGeneratorProvider = new KeyGeneratorProviderImpl();
        CipherProviderImpl cipherProvider = new CipherProviderImpl();
        Intrinsics.checkNotNullParameter(prefsManager, "prefsManager");
        Intrinsics.checkNotNullParameter(appBuildConfig, "appBuildConfig");
        Intrinsics.checkNotNullParameter(tinkCrypto, "tinkCrypto");
        Intrinsics.checkNotNullParameter(mdmConfig, "mdmConfig");
        Intrinsics.checkNotNullParameter(accountManager, "accountManager");
        Intrinsics.checkNotNullParameter(keyStoreProvider, "keyStoreProvider");
        Intrinsics.checkNotNullParameter(keyGeneratorProvider, "keyGeneratorProvider");
        Intrinsics.checkNotNullParameter(cipherProvider, "cipherProvider");
        Intrinsics.checkNotNullParameter(featureFlagStore, "featureFlagStore");
        Intrinsics.checkNotNullParameter(secondaryAuthSecurityCheckHelper, "secondaryAuthSecurityCheckHelper");
        this.tinkCrypto = tinkCrypto;
        this.mdmConfig = mdmConfig;
        this.accountManager = accountManager;
        this.keyStoreProvider = keyStoreProvider;
        this.keyGeneratorProvider = keyGeneratorProvider;
        this.cipherProvider = cipherProvider;
        this.featureFlagStore = featureFlagStore;
        this.secondaryAuthSecurityCheckHelper = secondaryAuthSecurityCheckHelper;
        this.appPrefs = ((PrefsManagerImpl) prefsManager).getAppPrefs();
        this.isUnderTest = ((AppBuildConfigImpl) appBuildConfig).isStaging();
    }

    public void clearFailureCounter() {
        this.appPrefs.putString("secondary_auth_tink_failures", "");
    }

    public final void clearKey() {
        Objects.requireNonNull(this.keyStoreProvider);
        Intrinsics.checkNotNullParameter("AndroidKeyStore", "type");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("secondary_auth");
    }

    public void clearSecondaryAuthEnrollment() {
        this.appPrefs.putStringSet("secondary_auth_methods", EmptySet.INSTANCE);
        clearFailureCounter();
        this.appPrefs.putString("secondary_auth_tink_pin", "");
        this.appPrefs.putBoolean("secondary_auth_insecure", false);
        clearKey();
    }

    public Set<SecondaryAuthSecurityCheck.AuthType> getAuthTypesEnrolled() {
        Set<String> secondaryAuthMethods = this.secondaryAuthSecurityCheckHelper.appSharedPrefs.getSecondaryAuthMethods();
        Intrinsics.checkNotNullExpressionValue(secondaryAuthMethods, "appSharedPrefs.secondaryAuthMethods");
        ArrayList arrayList = new ArrayList(zzc.collectionSizeOrDefault(secondaryAuthMethods, 10));
        for (String it : secondaryAuthMethods) {
            Intrinsics.checkNotNullExpressionValue(it, "it");
            arrayList.add(SecondaryAuthSecurityCheck.AuthType.valueOf(it));
        }
        return ArraysKt___ArraysKt.toSet(arrayList);
    }

    public final Cipher getCipher() {
        try {
            Objects.requireNonNull(this.cipherProvider);
            Intrinsics.checkNotNullParameter("AES/GCM/NoPadding", "transformation");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Objects.requireNonNull(this.keyStoreProvider);
            Intrinsics.checkNotNullParameter("AndroidKeyStore", "type");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            cipher.init(1, keyStore.getKey("secondary_auth", null));
            return cipher;
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public boolean getShouldShowEnrollment() {
        return !this.mdmConfig.getInMdmContext() && isSecondaryAuthEnabled() && getAuthTypesEnrolled().isEmpty();
    }

    public boolean getShouldShowPrompt() {
        return isSecondaryAuthEnabled() && this.secondaryAuthSecurityCheckHelper.isAuthRequired();
    }

    public boolean isDeviceSupported(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        Object systemService = context.getSystemService("keyguard");
        Objects.requireNonNull(systemService, "null cannot be cast to non-null type android.app.KeyguardManager");
        return ((KeyguardManager) systemService).isDeviceSecure() || this.isUnderTest;
    }

    public boolean isFaceUnlockEnabled() {
        return this.featureFlagStore.isEnabled(Feature.SECONDARY_AUTH_FACE);
    }

    @TargetApi(29)
    public boolean isFaceUnlockSupported(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        return context.getPackageManager().hasSystemFeature("android.hardware.biometrics.face");
    }

    public boolean isKeystoreValid() {
        return getAuthTypesEnrolled().isEmpty() || this.appPrefs.prefStorage.getBoolean("secondary_auth_insecure", false) || getCipher() != null;
    }

    public boolean isSecondaryAuthEnabled() {
        return this.secondaryAuthSecurityCheckHelper.isSecondaryAuthEnabled();
    }

    public final boolean performKeyGeneration(boolean z) {
        Objects.requireNonNull(this.keyGeneratorProvider);
        Intrinsics.checkNotNullParameter("AES", "algorithm");
        Intrinsics.checkNotNullParameter("AndroidKeyStore", "provider");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("secondary_auth", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "KeyGenParameterSpec.Buil….ENCRYPTION_PADDING_NONE)");
        if (z) {
            encryptionPaddings.setUserAuthenticationValidityDurationSeconds((int) TimeUnit.MINUTES.toSeconds(1440L)).setUserAuthenticationRequired(true);
            this.appPrefs.putBoolean("secondary_auth_insecure", false);
        } else {
            this.appPrefs.putBoolean("secondary_auth_insecure", true);
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            keyGenerator.generateKey();
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | ProviderException unused) {
            return false;
        }
    }

    public Completable validateBiometricPrompt(FragmentActivity activity, final BiometricPrompt.PromptInfo prompt) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        Intrinsics.checkNotNullParameter(prompt, "prompt");
        final Fragment findFragmentByTag = activity.getSupportFragmentManager().findFragmentByTag(SecondaryAuthFragment.class.getName());
        final Cipher cipher = getCipher();
        if (cipher != null) {
            CompletableCreate completableCreate = new CompletableCreate(new CompletableOnSubscribe() { // from class: slack.app.utils.secondaryauth.SecondaryAuthHelperImpl$validateBiometricPrompt$$inlined$let$lambda$1
                @Override // io.reactivex.rxjava3.core.CompletableOnSubscribe
                public final void subscribe(final CompletableEmitter completableEmitter) {
                    Fragment fragment = findFragmentByTag;
                    Intrinsics.checkNotNull(fragment);
                    final BiometricPrompt biometricPrompt = new BiometricPrompt(fragment, Executors.newSingleThreadExecutor(), new BiometricPrompt.AuthenticationCallback() { // from class: slack.app.utils.secondaryauth.SecondaryAuthHelperImpl$validateBiometricPrompt$$inlined$let$lambda$1.1
                        @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                        public void onAuthenticationError(int i, CharSequence text) {
                            Throwable hardwareUnavailableException;
                            Intrinsics.checkNotNullParameter(text, "errString");
                            CompletableEmitter completableEmitter2 = CompletableEmitter.this;
                            Intrinsics.checkNotNullParameter(text, "text");
                            switch (i) {
                                case 1:
                                    hardwareUnavailableException = new HardwareUnavailableException(text);
                                    break;
                                case 2:
                                    hardwareUnavailableException = new ProcessingException(text);
                                    break;
                                case 3:
                                    hardwareUnavailableException = new TimeoutException(text);
                                    break;
                                case 4:
                                    hardwareUnavailableException = new NoSpaceException(text);
                                    break;
                                case 5:
                                    hardwareUnavailableException = new CancelledException(text);
                                    break;
                                case 6:
                                default:
                                    hardwareUnavailableException = new UnknownException(text);
                                    break;
                                case 7:
                                case 9:
                                    hardwareUnavailableException = new LockoutException(text);
                                    break;
                                case 8:
                                    hardwareUnavailableException = new UnknownException(text);
                                    break;
                                case 10:
                                case 13:
                                    hardwareUnavailableException = new UserCancelledException(text);
                                    break;
                                case 11:
                                case 12:
                                    hardwareUnavailableException = new HardwareNotPresentException(text);
                                    break;
                            }
                            if (((CompletableCreate.Emitter) completableEmitter2).tryOnError(hardwareUnavailableException)) {
                                return;
                            }
                            zzc.onError(hardwareUnavailableException);
                        }

                        @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
                        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
                            Intrinsics.checkNotNullParameter(result, "result");
                            ((CompletableCreate.Emitter) CompletableEmitter.this).onComplete();
                        }
                    });
                    BiometricPrompt.PromptInfo promptInfo = prompt;
                    BiometricPrompt.CryptoObject cryptoObject = new BiometricPrompt.CryptoObject(cipher);
                    if (promptInfo == null) {
                        throw new IllegalArgumentException("PromptInfo cannot be null.");
                    }
                    if (Build.VERSION.SDK_INT < 30 && MediaSessionCompat.isDeviceCredentialAllowed(15)) {
                        throw new IllegalArgumentException("Crypto-based authentication is not supported for device credential prior to API 30.");
                    }
                    FragmentManager fragmentManager = biometricPrompt.mClientFragmentManager;
                    if (fragmentManager == null) {
                        Log.e("BiometricPromptCompat", "Unable to start authentication. Client fragment manager was null.");
                    } else if (fragmentManager.isStateSaved()) {
                        Log.e("BiometricPromptCompat", "Unable to start authentication. Called after onSaveInstanceState().");
                    } else {
                        FragmentManager fragmentManager2 = biometricPrompt.mClientFragmentManager;
                        BiometricFragment biometricFragment = (BiometricFragment) fragmentManager2.findFragmentByTag("androidx.biometric.BiometricFragment");
                        if (biometricFragment == null) {
                            biometricFragment = new BiometricFragment();
                            BackStackRecord backStackRecord = new BackStackRecord(fragmentManager2);
                            backStackRecord.doAddOp(0, biometricFragment, "androidx.biometric.BiometricFragment", 1);
                            backStackRecord.commitAllowingStateLoss();
                            fragmentManager2.execPendingActions(true);
                            fragmentManager2.forcePostponedTransactions();
                        }
                        FragmentActivity activity2 = biometricFragment.getActivity();
                        if (activity2 == null) {
                            Log.e("BiometricFragment", "Not launching prompt. Client activity was null.");
                        } else {
                            BiometricViewModel biometricViewModel = biometricFragment.mViewModel;
                            biometricViewModel.mPromptInfo = promptInfo;
                            biometricViewModel.mCryptoObject = cryptoObject;
                            if (biometricFragment.isManagingDeviceCredentialButton()) {
                                biometricFragment.mViewModel.mNegativeButtonTextOverride = biometricFragment.getString(R$string.confirm_device_credential_password);
                            } else {
                                biometricFragment.mViewModel.mNegativeButtonTextOverride = null;
                            }
                            if (biometricFragment.isManagingDeviceCredentialButton() && new BiometricManager(new BiometricManager.DefaultInjector(activity2)).canAuthenticate(255) != 0) {
                                biometricFragment.mViewModel.mIsAwaitingResult = true;
                                biometricFragment.launchConfirmCredentialActivity();
                            } else if (biometricFragment.mViewModel.mIsDelayingPrompt) {
                                biometricFragment.mHandler.postDelayed(new BiometricFragment.ShowPromptForAuthenticationRunnable(biometricFragment), 600L);
                            } else {
                                biometricFragment.showPromptForAuthentication();
                            }
                        }
                    }
                    DisposableHelper.set((CompletableCreate.Emitter) completableEmitter, new CancellableDisposable(new Cancellable() { // from class: slack.app.utils.secondaryauth.SecondaryAuthHelperImpl$validateBiometricPrompt$$inlined$let$lambda$1.2
                        @Override // io.reactivex.rxjava3.functions.Cancellable
                        public final void cancel() {
                            FragmentManager fragmentManager3 = BiometricPrompt.this.mClientFragmentManager;
                            if (fragmentManager3 == null) {
                                Log.e("BiometricPromptCompat", "Unable to start authentication. Client fragment manager was null.");
                                return;
                            }
                            BiometricFragment biometricFragment2 = (BiometricFragment) fragmentManager3.findFragmentByTag("androidx.biometric.BiometricFragment");
                            if (biometricFragment2 == null) {
                                Log.e("BiometricPromptCompat", "Unable to cancel authentication. BiometricFragment not found.");
                            } else {
                                biometricFragment2.cancelAuthentication(3);
                            }
                        }
                    }));
                }
            });
            Intrinsics.checkNotNullExpressionValue(completableCreate, "Completable.create { emi…uthentication() }\n      }");
            return completableCreate;
        }
        CompletableError completableError = new CompletableError(new KeystoreException(null, 1));
        Intrinsics.checkNotNullExpressionValue(completableError, "Completable.error(KeystoreException())");
        return completableError;
    }
}
