package com.paloaltonetworks.globalprotect.bg;

import android.annotation.TargetApi;
import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.os.Bundle;
import android.os.CancellationSignal;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import com.google.android.gcm.GCMConstants;
import com.paloaltonetworks.globalprotect.G;
import com.paloaltonetworks.globalprotect.util.Log;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

@TargetApi(23)
/* loaded from: classes.dex */
public class GPBioAuth extends FingerprintManager.AuthenticationCallback {
    public static final int BioAuthStatus_Error = 3;
    public static final int BioAuthStatus_Failed = 1;
    public static final int BioAuthStatus_Help = 2;
    public static final int BioAuthStatus_Succeeded = 0;
    private static final String n = "globalprotect_bio_key";
    private static long o;

    /* renamed from: b, reason: collision with root package name */
    private KeyStore f1776b;
    private KeyGenerator c;
    private SecretKey d;
    private String e;
    private FingerprintManager.CryptoObject g;
    private FingerprintManager h;
    private CancellationSignal i;
    private b j;
    private boolean k;

    /* renamed from: a, reason: collision with root package name */
    private String f1775a = n;
    private boolean f = false;
    private boolean l = false;
    private Handler m = new a(Looper.getMainLooper());

    /* loaded from: classes.dex */
    class a extends Handler {
        a(Looper looper) {
            super(looper);
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            super.handleMessage(message);
            ((b) message.obj).e(message.what, message.getData() != null ? message.getData().getString(GCMConstants.EXTRA_ERROR) : null);
        }
    }

    /* loaded from: classes.dex */
    public interface b {
        void e(int i, String str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String a() {
        return G.confAgent.s0() ? isFingerprintSensorAvailable() : "password is not protected by bio now";
    }

    private void c(String str, boolean z) throws InvalidAlgorithmParameterException, RuntimeException {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding");
        if (Build.VERSION.SDK_INT >= 24) {
            encryptionPaddings.setInvalidatedByBiometricEnrollment(z);
        }
        this.c.init(encryptionPaddings.build());
        this.c.generateKey();
    }

    private SecretKey f(String str) throws KeyStoreException {
        if (this.f1776b.containsAlias(str)) {
            this.f1776b.deleteEntry(str);
        }
        try {
            c(str, true);
            try {
                return (SecretKey) this.f1776b.getKey(str, null);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new RuntimeException("Failed to query key", e);
            }
        } catch (RuntimeException | InvalidAlgorithmParameterException e2) {
            throw new RuntimeException("Failed to create key", e2);
        }
    }

    private SecretKey h(String str) throws KeyStoreException {
        if (!this.f1776b.containsAlias(str)) {
            throw new RuntimeException("Failed to load key");
        }
        try {
            return (SecretKey) this.f1776b.getKey(str, null);
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            this.f1776b.deleteEntry(str);
            throw new RuntimeException("Failed to get key", e);
        }
    }

    private void i(int i, String str) {
        b bVar;
        if (this.k || (bVar = this.j) == null) {
            return;
        }
        Message obtainMessage = this.m.obtainMessage(i, bVar);
        if (str != null) {
            Bundle bundle = new Bundle();
            bundle.putString(GCMConstants.EXTRA_ERROR, str);
            obtainMessage.setData(bundle);
        }
        obtainMessage.sendToTarget();
    }

    public static String isFingerprintAvailable() {
        Context context = G.appContext;
        if (Build.VERSION.SDK_INT < 23) {
            return "fingerprints is officially supported from Android 6.0.";
        }
        if (!((KeyguardManager) context.getSystemService("keyguard")).isKeyguardSecure()) {
            return "keyguard is not enable in Android OS settings";
        }
        FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService("fingerprint");
        return fingerprintManager == null ? "failed to get FingerprintManager" : !fingerprintManager.isHardwareDetected() ? "fingerprint hardware is not detected." : !fingerprintManager.hasEnrolledFingerprints() ? "no fingerprint enrolled." : "ok";
    }

    public static String isFingerprintSensorAvailable() {
        if (o > 0) {
            if (System.currentTimeMillis() < o) {
                return "fingerprint is lockout";
            }
            o = 0L;
        }
        return isFingerprintAvailable();
    }

    public void b() {
    }

    public String d() {
        return this.e;
    }

    public void e(Context context, boolean z) throws RuntimeException {
        int i = z ? 1 : 2;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f1776b = keyStore;
            try {
                keyStore.load(null);
                try {
                    this.c = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    try {
                        this.d = z ? f(this.f1775a) : h(this.f1775a);
                        try {
                            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                            if (z) {
                                cipher.init(i, this.d, cipher.getParameters());
                            } else {
                                cipher.init(i, this.d, new IvParameterSpec(Base64.decode(G.confAgent.O(), 0)));
                            }
                            this.g = new FingerprintManager.CryptoObject(cipher);
                            this.h = (FingerprintManager) context.getSystemService("fingerprint");
                            this.f = true;
                        } catch (KeyPermanentlyInvalidatedException e) {
                            throw new RuntimeException("KeyPermanentlyInvalidatedException", e);
                        } catch (InvalidAlgorithmParameterException e2) {
                            e = e2;
                            throw new RuntimeException("Failed to init cipher", e);
                        } catch (InvalidKeyException e3) {
                            e = e3;
                            throw new RuntimeException("Failed to init cipher", e);
                        } catch (NoSuchAlgorithmException e4) {
                            e = e4;
                            throw new RuntimeException("Failed to get an instance of Cipher", e);
                        } catch (NoSuchPaddingException e5) {
                            e = e5;
                            throw new RuntimeException("Failed to get an instance of Cipher", e);
                        }
                    } catch (KeyStoreException e6) {
                        throw new RuntimeException("Failed to load secret key", e6);
                    }
                } catch (NoSuchAlgorithmException | NoSuchProviderException e7) {
                    throw new RuntimeException("Failed to get an instance of KeyGenerator", e7);
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e8) {
                throw new RuntimeException("Failed to load KeyStore", e8);
            }
        } catch (KeyStoreException e9) {
            throw new RuntimeException("Failed to get an instance of KeyStore", e9);
        }
    }

    public boolean g() {
        return this.l;
    }

    public void j(b bVar) {
        if (this.f) {
            Log.DEBUG("GPI:GPBioAuth: start listening...");
            this.j = bVar;
            this.k = false;
            CancellationSignal cancellationSignal = new CancellationSignal();
            this.i = cancellationSignal;
            this.h.authenticate(this.g, cancellationSignal, 0, this, null);
            this.l = true;
        }
    }

    public void k() {
        CancellationSignal cancellationSignal = this.i;
        if (cancellationSignal != null) {
            this.k = true;
            cancellationSignal.cancel();
            this.i = null;
            this.l = false;
            Log.DEBUG("GPI:GPBioAuth: stop listen");
        }
    }

    public String l(String str) throws RuntimeException {
        try {
            return new String(this.g.getCipher().doFinal(Base64.decode(str, 0)), StandardCharsets.UTF_8);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            String message = e.getCause() != null ? e.getCause().getMessage() : null;
            if (message == null) {
                throw new RuntimeException("Failed to decrypt", e);
            }
            throw new RuntimeException("Failed to decrypt, reason: " + message, e);
        }
    }

    public String m(String str) throws RuntimeException {
        try {
            byte[] doFinal = this.g.getCipher().doFinal(str.getBytes(StandardCharsets.UTF_8));
            this.e = Base64.encodeToString(((IvParameterSpec) this.g.getCipher().getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 0);
            return Base64.encodeToString(doFinal, 0);
        } catch (InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException("Failed to encrypt", e);
        }
    }

    @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
    public void onAuthenticationError(int i, CharSequence charSequence) {
        Log.DEBUG(String.format("GPI:GPBioAuth: onAuthenticationError, errMsgId: %d, errString: %s", Integer.valueOf(i), charSequence));
        if (7 == i) {
            Log.DEBUG("GPI:GPBioAuth: fingerprint lockout for 60 seconds");
            o = System.currentTimeMillis() + 60000;
        }
        i(3, charSequence.toString());
    }

    @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
    public void onAuthenticationFailed() {
        i(1, null);
    }

    @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
    public void onAuthenticationHelp(int i, CharSequence charSequence) {
        i(2, charSequence.toString());
    }

    @Override // android.hardware.fingerprint.FingerprintManager.AuthenticationCallback
    public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult authenticationResult) {
        i(0, null);
    }
}
