package com.hktv.android.hktvmall.ui.utils;

import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.hktv.android.hktvlib.bg.utils.appbase.Base64Utils;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public class FingerprintAuthenticationUtils {
    private static final int KEY_EXPIRE_YEAR = 70;
    private static final int KEY_IV_LENGTH = 12;
    private static final int KEY_IV_TAG_LENGTH = 128;
    private static final String KEY_STORE_KEY_NAME = "FingerprintCryptoKey";
    private static final String PROVIDER_KEY_STORE = "AndroidKeyStore";

    public static String decrypt(Cipher cipher, String str) {
        byte[] decode = Base64Utils.decode(str);
        return new String(cipher.doFinal(Arrays.copyOfRange(decode, 12, decode.length)), StandardCharsets.UTF_8);
    }

    public static String encrypt(Cipher cipher, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(cipher.getIV());
        byteArrayOutputStream.write(cipher.doFinal(str.getBytes()));
        return Base64Utils.encodeBytes(byteArrayOutputStream.toByteArray());
    }

    private static byte[] extractIvFromData(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 0, 12);
    }

    private static byte[] generateIv() {
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static void generateSecretKey() {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 70);
        KeyGenParameterSpec.Builder certificateNotAfter = new KeyGenParameterSpec.Builder(KEY_STORE_KEY_NAME, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).setUserAuthenticationRequired(true).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime());
        if (Build.VERSION.SDK_INT >= 24) {
            certificateNotAfter.setInvalidatedByBiometricEnrollment(true);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", PROVIDER_KEY_STORE);
        keyGenerator.init(certificateNotAfter.build());
        keyGenerator.generateKey();
    }

    private static Cipher getCipher() {
        return Cipher.getInstance("AES/GCM/NoPadding");
    }

    private static FingerprintManager.CryptoObject getCryptoObject(boolean z, byte[] bArr) {
        Cipher cipher = getCipher();
        SecretKey secretKey = getSecretKey();
        if (secretKey == null) {
            generateSecretKey();
            secretKey = getSecretKey();
        }
        if (z) {
            cipher.init(1, secretKey, new GCMParameterSpec(128, generateIv()));
        } else {
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr));
        }
        return new FingerprintManager.CryptoObject(cipher);
    }

    public static FingerprintManager.CryptoObject getDecryptCryptoObject(String str) {
        return getCryptoObject(false, extractIvFromData(Base64Utils.decode(str)));
    }

    public static FingerprintManager.CryptoObject getEncryptCryptoObject() {
        return getCryptoObject(true, null);
    }

    private static SecretKey getSecretKey() {
        KeyStore keyStore = KeyStore.getInstance(PROVIDER_KEY_STORE);
        keyStore.load(null);
        return (SecretKey) keyStore.getKey(KEY_STORE_KEY_NAME, null);
    }

    private static void removeSecretKey() {
        KeyStore keyStore = KeyStore.getInstance(PROVIDER_KEY_STORE);
        keyStore.load(null);
        keyStore.deleteEntry(KEY_STORE_KEY_NAME);
    }

    public static void renewInvalidedKey() {
        generateSecretKey();
    }
}
