package com.ts.common.internal.core.external_authenticators.device.native_bio;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.DialogInterface;
import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.BiometricPrompt;
import android.os.Build;
import android.os.CancellationSignal;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Pair;
import androidx.annotation.NonNull;
import androidx.core.content.ContextCompat;
import com.ts.common.api.core.encryption.Encryptor;
import com.ts.common.internal.core.ErrorHandlerImpl;
import com.ts.common.internal.core.external_authenticators.device.fingerprint.FingerprintAuthenticateCallback;
import com.ts.common.internal.core.external_authenticators.device.native_bio.BiometricAuthenticator;
import com.ts.common.internal.core.logger.Log;
import com.ts.mobile.sdkhost.BiometricPromptInfo;
import java.util.Locale;

@TargetApi(29)
/* loaded from: classes.dex */
public class QBiometricPromptCryptographyProvider extends BiometricCryptographyProvider {
    private static final String TAG = Log.getLogTag(QBiometricPromptCryptographyProvider.class);
    private BiometricManager mBiometricManager;
    private BiometricPrompt mBiometricPrompt;
    private CancellationSignal mCancellationSignal;
    private Encryptor mEncryptor;
    private boolean mIsFeatureEnabled;
    private boolean mUseBioProtection;

    /* loaded from: classes.dex */
    protected abstract class BiometricCallback extends BiometricPrompt.AuthenticationCallback {
        byte[] mChallenge;
        FingerprintAuthenticateCallback mListener;
        private boolean mTriggered = false;
        private int mFailureCount = 0;

        public BiometricCallback(FingerprintAuthenticateCallback fingerprintAuthenticateCallback, byte[] bArr) {
            this.mListener = fingerprintAuthenticateCallback;
            this.mChallenge = bArr;
        }

        private void reportCancel(BiometricAuthenticator.CancelReason cancelReason) {
            this.mListener.authenticateCancelled(cancelReason);
        }

        private void reportError(BiometricAuthenticator.Error error) {
            this.mListener.authenticateError(error, this.mFailureCount);
        }

        @Override // android.hardware.biometrics.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationError(int i, CharSequence charSequence) {
            Log.e(QBiometricPromptCryptographyProvider.TAG, "onAuthenticationError(): " + ((Object) charSequence));
            if (this.mTriggered) {
                return;
            }
            this.mTriggered = true;
            if (i == 3) {
                reportCancel(BiometricAuthenticator.CancelReason.TIMEOUT);
                return;
            }
            if (i == 5) {
                Log.d(QBiometricPromptCryptographyProvider.TAG, "operation internally cancelled");
                if (QBiometricPromptCryptographyProvider.this.mCancellationSignal == null || !QBiometricPromptCryptographyProvider.this.mCancellationSignal.isCanceled()) {
                    reportCancel(BiometricAuthenticator.CancelReason.UNKNOWN);
                    return;
                }
                return;
            }
            if (i != 7) {
                switch (i) {
                    case 9:
                        break;
                    case 10:
                        reportCancel(BiometricAuthenticator.CancelReason.USER_INPUT);
                        return;
                    default:
                        Log.w(QBiometricPromptCryptographyProvider.TAG, String.format(Locale.US, "Unhandled error: %s (%d) ", charSequence, Integer.valueOf(i)));
                        reportError(BiometricAuthenticator.Error.GENERIC_ERROR);
                        return;
                }
            }
            this.mFailureCount++;
            reportError(7 == i ? BiometricAuthenticator.Error.OS_LOCK_TEMPORARY : BiometricAuthenticator.Error.OS_LOCK_PERMANENT);
        }

        @Override // android.hardware.biometrics.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationFailed() {
            Log.i(QBiometricPromptCryptographyProvider.TAG, "onAuthenticationFailed()");
            this.mFailureCount++;
        }

        @Override // android.hardware.biometrics.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationHelp(int i, CharSequence charSequence) {
            Log.i(QBiometricPromptCryptographyProvider.TAG, "onAuthenticationHelp(): " + ((Object) charSequence));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class DecryptionAuthenticateBiometricCallback extends BiometricCallback {
        public DecryptionAuthenticateBiometricCallback(FingerprintAuthenticateCallback fingerprintAuthenticateCallback, byte[] bArr) {
            super(fingerprintAuthenticateCallback, bArr);
        }

        @Override // android.hardware.biometrics.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult authenticationResult) {
            Log.d(QBiometricPromptCryptographyProvider.TAG, "onAuthenticationSucceeded()");
            try {
                this.mListener.authenticationSuccess(QBiometricPromptCryptographyProvider.this.mEncryptor.decryptRSA(authenticationResult.getCryptoObject().getCipher(), this.mChallenge), null);
            } catch (Throwable th) {
                Log.e(QBiometricPromptCryptographyProvider.TAG, "Failed to decrypt challenge, treat as key invalidation", th);
                this.mListener.authenticateError(BiometricAuthenticator.Error.KEY_INVALIDATED, 1);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class SignatureAuthenticateBiometricCallback extends BiometricCallback {
        public SignatureAuthenticateBiometricCallback(FingerprintAuthenticateCallback fingerprintAuthenticateCallback, byte[] bArr) {
            super(fingerprintAuthenticateCallback, bArr);
        }

        @Override // android.hardware.biometrics.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult authenticationResult) {
            Log.d(QBiometricPromptCryptographyProvider.TAG, "onAuthenticationSucceeded()");
            try {
                this.mListener.authenticationSuccess(QBiometricPromptCryptographyProvider.this.mEncryptor.signWithSignature(authenticationResult.getCryptoObject().getSignature(), this.mChallenge), null);
            } catch (Throwable th) {
                Log.e(QBiometricPromptCryptographyProvider.TAG, "Failed to sign challenge, treat as key invalidation", th);
                this.mListener.authenticateError(BiometricAuthenticator.Error.KEY_INVALIDATED, 1);
            }
        }
    }

    public QBiometricPromptCryptographyProvider(Context context, boolean z, Encryptor encryptor) {
        super(context);
        this.mEncryptor = encryptor;
        this.mUseBioProtection = z;
        this.mBiometricManager = (BiometricManager) this.mContext.getSystemService("biometric");
        if (this.mBiometricManager != null) {
            this.mIsFeatureEnabled = true;
        } else {
            Log.e(TAG, "Biometric authentication is not supported");
            this.mIsFeatureEnabled = false;
        }
    }

    private void checkFeatureEnabledAndAvailable() throws BiometricAuthenticator.BiometricAuthenticatorException {
        if (isSupported()) {
            return;
        }
        Log.e(TAG, "Biometrics is not supported or permission is denied");
        throw new BiometricAuthenticator.BiometricAuthenticatorException(BiometricAuthenticator.Error.NO_PERMISSION_TO_USE_SENSOR);
    }

    private void createBiometricPrompt(final BiometricPrompt.AuthenticationCallback authenticationCallback) {
        BiometricPromptInfo initPromptInfo = getInitPromptInfo();
        String localizedSubtitle = initPromptInfo.getLocalizedSubtitle();
        String localizedPrompt = initPromptInfo.getLocalizedPrompt();
        BiometricPrompt.Builder builder = new BiometricPrompt.Builder(this.mContext);
        builder.setConfirmationRequired(true);
        if (Build.VERSION.SDK_INT >= 30) {
            builder.setAllowedAuthenticators(15);
        } else {
            builder.setDeviceCredentialAllowed(false);
        }
        if (localizedSubtitle != null) {
            builder.setSubtitle(localizedSubtitle);
        }
        if (localizedPrompt != null) {
            builder.setDescription(localizedPrompt);
        }
        builder.setTitle(initPromptInfo.getLocalizedTitle());
        builder.setNegativeButton(initPromptInfo.getCancelButtonTitle(), this.mContext.getMainExecutor(), new DialogInterface.OnClickListener() { // from class: com.ts.common.internal.core.external_authenticators.device.native_bio.QBiometricPromptCryptographyProvider.1
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                authenticationCallback.onAuthenticationError(10, "Cancel button clicked");
            }
        }).setConfirmationRequired(true);
        this.mBiometricPrompt = builder.build();
    }

    private Pair<BiometricPrompt.CryptoObject, BiometricPrompt.AuthenticationCallback> createCipherAndAuthCallback(String str, byte[] bArr, FingerprintAuthenticateCallback fingerprintAuthenticateCallback) {
        Log.d(TAG, "Using decryption based authentication");
        return new Pair<>(new BiometricPrompt.CryptoObject(this.mEncryptor.getRSADecryptCipher(str)), new DecryptionAuthenticateBiometricCallback(fingerprintAuthenticateCallback, bArr));
    }

    private Pair<BiometricPrompt.CryptoObject, BiometricPrompt.AuthenticationCallback> createSignatureAndAuthCallback(String str, byte[] bArr, FingerprintAuthenticateCallback fingerprintAuthenticateCallback) {
        Log.d(TAG, "Using signature based authentication");
        return new Pair<>(new BiometricPrompt.CryptoObject(this.mEncryptor.loadSignature(str)), new SignatureAuthenticateBiometricCallback(fingerprintAuthenticateCallback, bArr));
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.DeviceAuthenticator
    public void cancel(boolean z) {
        Log.d(TAG, "cancellation is requested");
        CancellationSignal cancellationSignal = this.mCancellationSignal;
        if (cancellationSignal == null || cancellationSignal.isCanceled()) {
            return;
        }
        this.mCancellationSignal.cancel();
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.native_bio.BiometricCryptographyProvider
    protected void decrypt(@NonNull String str, @NonNull byte[] bArr, @NonNull FingerprintAuthenticateCallback fingerprintAuthenticateCallback) {
        try {
            checkFeatureEnabledAndAvailable();
            Pair<BiometricPrompt.CryptoObject, BiometricPrompt.AuthenticationCallback> createCipherAndAuthCallback = createCipherAndAuthCallback(str, bArr, fingerprintAuthenticateCallback);
            this.mCancellationSignal = new CancellationSignal();
            createBiometricPrompt((BiometricPrompt.AuthenticationCallback) createCipherAndAuthCallback.second);
            this.mBiometricPrompt.authenticate((BiometricPrompt.CryptoObject) createCipherAndAuthCallback.first, this.mCancellationSignal, this.mContext.getMainExecutor(), (BiometricPrompt.AuthenticationCallback) createCipherAndAuthCallback.second);
        } catch (BiometricAuthenticator.BiometricAuthenticatorException e) {
            fingerprintAuthenticateCallback.authenticateError(e.getError(), 1);
        } catch (SecurityException e2) {
            Log.e(TAG, "Caught security exception", e2);
            fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.NO_PERMISSION_TO_USE_SENSOR, 1);
        } catch (RuntimeException e3) {
            Log.e(TAG, "Caught runtime exception", e3);
            if (e3.getCause() != null && (e3.getCause() instanceof KeyPermanentlyInvalidatedException)) {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.KEY_INVALIDATED, 1);
            } else if (e3 instanceof IllegalArgumentException) {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.ILLEGAL_ARGUMENT, 0);
            } else {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.GENERIC_ERROR, 1);
            }
        }
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.native_bio.BiometricCryptographyProvider
    protected String encrypt(@NonNull String str, @NonNull byte[] bArr) {
        return this.mEncryptor.encryptWithReEncodedPublicKey(str, bArr);
    }

    @Override // com.ts.common.api.core.encryption.CryptographyProvider
    public void generateKeys(@NonNull String str, @NonNull Encryptor.GenerateKeysListener generateKeysListener, boolean z, boolean z2) {
        if (isSystemEnrolled()) {
            this.mEncryptor.generateKeys(str, generateKeysListener, this.mUseBioProtection && z, z2);
        } else {
            Log.e(TAG, "No registered biometrics!");
            generateKeysListener.onKeyGenerationFailure(new ErrorHandlerImpl(80, "biometrics not enrolled on device", null));
        }
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.DeviceAuthenticator
    public boolean isSupported() {
        if (!this.mIsFeatureEnabled || ContextCompat.checkSelfPermission(this.mContext, "android.permission.USE_BIOMETRIC") != 0) {
            return false;
        }
        int canAuthenticate = Build.VERSION.SDK_INT >= 30 ? this.mBiometricManager.canAuthenticate(15) : this.mBiometricManager.canAuthenticate();
        return (1 == canAuthenticate || 12 == canAuthenticate) ? false : true;
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.native_bio.BiometricAuthenticator
    public boolean isSystemEnrolled() {
        if (ContextCompat.checkSelfPermission(this.mContext, "android.permission.USE_BIOMETRIC") != 0) {
            Log.e(TAG, "Biometrics permission is denied");
            return false;
        }
        int canAuthenticate = Build.VERSION.SDK_INT >= 30 ? this.mBiometricManager.canAuthenticate(15) : this.mBiometricManager.canAuthenticate();
        boolean z = (11 == canAuthenticate || 12 == canAuthenticate || 1 == canAuthenticate) ? false : true;
        return Build.VERSION.SDK_INT >= 30 ? z && 15 != canAuthenticate : z;
    }

    @Override // com.ts.common.internal.core.external_authenticators.device.native_bio.BiometricCryptographyProvider
    protected void sign(@NonNull String str, @NonNull byte[] bArr, @NonNull FingerprintAuthenticateCallback fingerprintAuthenticateCallback) {
        try {
            checkFeatureEnabledAndAvailable();
            Pair<BiometricPrompt.CryptoObject, BiometricPrompt.AuthenticationCallback> createSignatureAndAuthCallback = createSignatureAndAuthCallback(str, bArr, fingerprintAuthenticateCallback);
            this.mCancellationSignal = new CancellationSignal();
            createBiometricPrompt((BiometricPrompt.AuthenticationCallback) createSignatureAndAuthCallback.second);
            this.mBiometricPrompt.authenticate((BiometricPrompt.CryptoObject) createSignatureAndAuthCallback.first, this.mCancellationSignal, this.mContext.getMainExecutor(), (BiometricPrompt.AuthenticationCallback) createSignatureAndAuthCallback.second);
        } catch (BiometricAuthenticator.BiometricAuthenticatorException e) {
            fingerprintAuthenticateCallback.authenticateError(e.getError(), 1);
        } catch (SecurityException e2) {
            Log.e(TAG, "Caught security exception", e2);
            fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.NO_PERMISSION_TO_USE_SENSOR, 1);
        } catch (RuntimeException e3) {
            Log.e(TAG, "Caught runtime exception", e3);
            if (e3.getCause() != null && (e3.getCause() instanceof KeyPermanentlyInvalidatedException)) {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.KEY_INVALIDATED, 1);
            } else if (e3 instanceof IllegalArgumentException) {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.ILLEGAL_ARGUMENT, 0);
            } else {
                fingerprintAuthenticateCallback.authenticateError(BiometricAuthenticator.Error.GENERIC_ERROR, 1);
            }
        }
    }
}
