package net.koofr.vault.features.repo;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.autofill.HintConstants;
import androidx.biometric.BiometricPrompt;
import java.security.Key;
import java.security.KeyStore;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import net.koofr.vault.SecureStorage;

/* compiled from: RepoPasswordBiometricsHelper.kt */
@Metadata(d1 = {"\u0000Z\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0005\b\u0007\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0016\u0010\f\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010J\u0016\u0010\u0011\u001a\u00020\u00122\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u0003J\u0012\u0010\u0014\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0007\u001a\u00020\u0003H\u0002J\u0010\u0010\u0016\u001a\u00020\u00122\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\b\u0010\u0019\u001a\u00020\u000eH\u0002J\u0010\u0010\u001a\u001a\u0004\u0018\u00010\u001b2\u0006\u0010\u001c\u001a\u00020\u0010J\b\u0010\u001d\u001a\u0004\u0018\u00010\u001bJ\u0014\u0010\u001e\u001a\u0010\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u0010\u0018\u00010\u001fJ\u0006\u0010 \u001a\u00020!J\u0012\u0010\"\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0007\u001a\u00020\u0003H\u0002J\u0006\u0010#\u001a\u00020\u0012J\u0010\u0010$\u001a\u00020\u00122\u0006\u0010\u0007\u001a\u00020\u0003H\u0002J\n\u0010%\u001a\u0004\u0018\u00010\u001bH\u0002R\u000e\u0010\u0007\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\b\u001a\u00020\t¢\u0006\b\n\u0000\u001a\u0004\b\n\u0010\u000bR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006&"}, d2 = {"Lnet/koofr/vault/features/repo/RepoPasswordBiometricsHelper;", "", "repoId", "", "secureStorage", "Lnet/koofr/vault/SecureStorage;", "(Ljava/lang/String;Lnet/koofr/vault/SecureStorage;)V", "keyName", "promptInfo", "Landroidx/biometric/BiometricPrompt$PromptInfo;", "getPromptInfo", "()Landroidx/biometric/BiometricPrompt$PromptInfo;", "decryptPassword", "cipher", "Ljavax/crypto/Cipher;", "encryptedPassword", "", "enableBiometricUnlock", "", HintConstants.AUTOFILL_HINT_PASSWORD, "ensureSecretKey", "Ljavax/crypto/SecretKey;", "generateSecretKey", "keyGenParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "getCipher", "getDecryptCryptoObject", "Landroidx/biometric/BiometricPrompt$CryptoObject;", "iv", "getEncryptCryptoObject", "getEncryptedPasswordIv", "Lkotlin/Pair;", "isBiometricUnlockEnabled", "", "loadSecretKey", "removeBiometricUnlock", "removeSecretKey", "tryGetEncryptCryptoObject", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class RepoPasswordBiometricsHelper {
    public static final int $stable = 8;
    private final String keyName;
    private final BiometricPrompt.PromptInfo promptInfo;
    private final String repoId;
    private final SecureStorage secureStorage;

    public RepoPasswordBiometricsHelper(String repoId, SecureStorage secureStorage) {
        Intrinsics.checkNotNullParameter(repoId, "repoId");
        Intrinsics.checkNotNullParameter(secureStorage, "secureStorage");
        this.repoId = repoId;
        this.secureStorage = secureStorage;
        this.keyName = "vaultRepoPassword_" + repoId + "_v1";
        BiometricPrompt.PromptInfo build = new BiometricPrompt.PromptInfo.Builder().setTitle("Safe Key biometrics").setSubtitle("Use biometrics to save your Safe Key").setNegativeButtonText("Don't use biometrics").build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        this.promptInfo = build;
    }

    private final SecretKey ensureSecretKey(String keyName) {
        SecretKey loadSecretKey = loadSecretKey(keyName);
        if (loadSecretKey != null) {
            return loadSecretKey;
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyName, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        generateSecretKey(build);
        return loadSecretKey(keyName);
    }

    private final void generateSecretKey(KeyGenParameterSpec keyGenParameterSpec) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        keyGenerator.generateKey();
    }

    private final Cipher getCipher() {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
        return cipher;
    }

    private final SecretKey loadSecretKey(String keyName) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey(keyName, null);
        if (key != null) {
            return (SecretKey) key;
        }
        return null;
    }

    private final void removeSecretKey(String keyName) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(keyName);
    }

    private final BiometricPrompt.CryptoObject tryGetEncryptCryptoObject() {
        SecretKey ensureSecretKey = ensureSecretKey(this.keyName);
        Cipher cipher = getCipher();
        cipher.init(1, ensureSecretKey);
        return new BiometricPrompt.CryptoObject(cipher);
    }

    public final String decryptPassword(Cipher cipher, byte[] encryptedPassword) {
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        Intrinsics.checkNotNullParameter(encryptedPassword, "encryptedPassword");
        byte[] doFinal = cipher.doFinal(encryptedPassword);
        Intrinsics.checkNotNull(doFinal);
        return new String(doFinal, Charsets.UTF_8);
    }

    public final void enableBiometricUnlock(Cipher cipher, String password) {
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        Intrinsics.checkNotNullParameter(password, "password");
        byte[] bytes = password.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        this.secureStorage.setItem(this.keyName, Base64.encodeToString(cipher.getIV(), 0) + "|" + encodeToString);
    }

    public final BiometricPrompt.CryptoObject getDecryptCryptoObject(byte[] iv) {
        Intrinsics.checkNotNullParameter(iv, "iv");
        SecretKey loadSecretKey = loadSecretKey(this.keyName);
        Cipher cipher = getCipher();
        cipher.init(2, loadSecretKey, new IvParameterSpec(iv));
        return new BiometricPrompt.CryptoObject(cipher);
    }

    public final BiometricPrompt.CryptoObject getEncryptCryptoObject() {
        try {
            return tryGetEncryptCryptoObject();
        } catch (KeyPermanentlyInvalidatedException unused) {
            removeSecretKey(this.keyName);
            return tryGetEncryptCryptoObject();
        }
    }

    public final Pair<byte[], byte[]> getEncryptedPasswordIv() {
        String item = this.secureStorage.getItem(this.keyName);
        if (item == null) {
            return null;
        }
        List split$default = StringsKt.split$default((CharSequence) item, new char[]{'|'}, false, 0, 6, (Object) null);
        return new Pair<>(Base64.decode((String) split$default.get(1), 0), Base64.decode((String) split$default.get(0), 0));
    }

    public final BiometricPrompt.PromptInfo getPromptInfo() {
        return this.promptInfo;
    }

    public final boolean isBiometricUnlockEnabled() {
        return this.secureStorage.getItem(this.keyName) != null;
    }

    public final void removeBiometricUnlock() {
        this.secureStorage.removeItem(this.keyName);
    }
}
