package com.squareup.cash.biometrics;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import androidx.biometric.BiometricManager;
import com.squareup.cash.biometrics.SecureStore;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import kotlin.Unit;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okio.ByteString;
import timber.log.Timber;

/* compiled from: AndroidSecureStore.kt */
/* loaded from: classes.dex */
public final class AndroidSecureStore implements SecureStore {
    public final BiometricManager biometricManager;
    public final Crypto crypto;
    public final Object dataLock;
    public final String keyAlias;
    public final Storage storage;

    /* compiled from: AndroidSecureStore.kt */
    /* loaded from: classes.dex */
    public static abstract class Crypto {

        /* compiled from: AndroidSecureStore.kt */
        /* loaded from: classes.dex */
        public static final class Ready extends Crypto {
            public final KeyFactory keyFactory;
            public final KeyPairGenerator keyGenerator;
            public final KeyStore keyStore;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            public Ready(KeyStore keyStore, KeyPairGenerator keyGenerator, KeyFactory keyFactory) {
                super(null);
                Intrinsics.checkNotNullParameter(keyStore, "keyStore");
                Intrinsics.checkNotNullParameter(keyGenerator, "keyGenerator");
                Intrinsics.checkNotNullParameter(keyFactory, "keyFactory");
                this.keyStore = keyStore;
                this.keyGenerator = keyGenerator;
                this.keyFactory = keyFactory;
            }
        }

        /* compiled from: AndroidSecureStore.kt */
        /* loaded from: classes.dex */
        public static final class Unavailable extends Crypto {
            public static final Unavailable INSTANCE = new Unavailable();

            public Unavailable() {
                super(null);
            }
        }

        public Crypto(DefaultConstructorMarker defaultConstructorMarker) {
        }
    }

    public AndroidSecureStore(Context context, Storage storage, String keyAlias) {
        Crypto crypto;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(storage, "storage");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        this.storage = storage;
        this.keyAlias = keyAlias;
        BiometricManager biometricManager = new BiometricManager(context);
        Intrinsics.checkNotNullExpressionValue(biometricManager, "BiometricManager.from(context)");
        this.biometricManager = biometricManager;
        this.dataLock = new Object();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            createCipher();
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "keyGenerator");
            Intrinsics.checkNotNullExpressionValue(keyFactory, "keyFactory");
            crypto = new Crypto.Ready(keyStore, keyGenerator, keyFactory);
        } catch (Exception unused) {
            crypto = Crypto.Unavailable.INSTANCE;
        }
        this.crypto = crypto;
    }

    @Override // com.squareup.cash.biometrics.SecureStore
    public boolean canStoreSecurely() {
        return (this.crypto instanceof Crypto.Ready) && this.biometricManager.canAuthenticate() == 0;
    }

    public final Cipher createCipher() {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        Intrinsics.checkNotNullExpressionValue(cipher, "Cipher.getInstance(\"$KEY…PTION_PADDING_RSA_PKCS1\")");
        return cipher;
    }

    public final PublicKey getPublicKey(Crypto.Ready ready) {
        Certificate certificate = ready.keyStore.getCertificate(this.keyAlias);
        Intrinsics.checkNotNullExpressionValue(certificate, "crypto.keyStore.getCertificate(keyAlias)");
        PublicKey publicKey = certificate.getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
        return ready.keyFactory.generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
    }

    public final void prepareKeyStore(Crypto.Ready ready) {
        try {
            Key key = ready.keyStore.getKey(this.keyAlias, null);
            Certificate certificate = ready.keyStore.getCertificate(this.keyAlias);
            if (key != null && certificate != null) {
                try {
                    createCipher().init(2, key);
                    return;
                } catch (KeyPermanentlyInvalidatedException unused) {
                    Timber.TREE_OF_SOULS.d("Key invalidated.", new Object[0]);
                }
            }
            this.storage.clear();
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.keyAlias, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").setUserAuthenticationRequired(true).build();
            Intrinsics.checkNotNullExpressionValue(build, "KeyGenParameterSpec.Buil…ed(true)\n        .build()");
            ready.keyGenerator.initialize(build);
            ready.keyGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.squareup.cash.biometrics.SecureStore
    public SecureStore.SecureValue read(String key) {
        Intrinsics.checkNotNullParameter(key, "key");
        if (!canStoreSecurely()) {
            return null;
        }
        Crypto crypto = this.crypto;
        if (!(crypto instanceof Crypto.Ready)) {
            crypto = null;
        }
        Crypto.Ready ready = (Crypto.Ready) crypto;
        if (ready != null) {
            try {
                synchronized (this.dataLock) {
                    ByteString byteString = this.storage.get(key);
                    if (byteString == null) {
                        return null;
                    }
                    prepareKeyStore(ready);
                    Cipher createCipher = createCipher();
                    Key key2 = ready.keyStore.getKey(this.keyAlias, null);
                    if (!(key2 instanceof PrivateKey)) {
                        key2 = null;
                    }
                    createCipher.init(2, (PrivateKey) key2);
                    return new AndroidSecureValue(byteString, createCipher);
                }
            } catch (Exception e) {
                Timber.TREE_OF_SOULS.e(e);
            }
        }
        return null;
    }

    @Override // com.squareup.cash.biometrics.SecureStore
    public void write(String key, ByteString byteString) {
        Intrinsics.checkNotNullParameter(key, "key");
        synchronized (this.dataLock) {
            if (byteString == null) {
                this.storage.remove(key);
                return;
            }
            if (canStoreSecurely()) {
                Crypto crypto = this.crypto;
                if (!(crypto instanceof Crypto.Ready)) {
                    crypto = null;
                }
                Crypto.Ready ready = (Crypto.Ready) crypto;
                if (ready != null) {
                    try {
                        prepareKeyStore(ready);
                        Cipher createCipher = createCipher();
                        createCipher.init(1, getPublicKey(ready));
                        Storage storage = this.storage;
                        ByteString.Companion companion = ByteString.Companion;
                        byte[] doFinal = createCipher.doFinal(byteString.toByteArray());
                        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(value.toByteArray())");
                        storage.put(key, ByteString.Companion.of$default(companion, doFinal, 0, 0, 3));
                    } catch (Exception e) {
                        Timber.TREE_OF_SOULS.e(e);
                        this.storage.remove(key);
                    }
                    Unit unit = Unit.INSTANCE;
                }
            }
        }
    }
}
