package com.intercede.myIDSecurityLibrary;

import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.lang.ref.WeakReference;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.HashMap;

/* loaded from: classes.dex */
public final class SoftCertSecureKeyChainEncryption {
    public static final String FACTORY_SOPIN = "12345678";
    public static final String HW_ENCRYPTED_DATA_KEY = "encrypted";
    public static final String HW_ENCRYPTED_TYPE_KEY = "encType";
    public static final byte[] SALT_PART3 = {-105, Byte.MIN_VALUE, -77, -88, 38, 68, 42, 119};
    public static final String SECURITY_OFFICER_KEY = "jOHWUEoL2IHK23pyngxJ";
    public static final String TEST_TARGET_KEY = "Pa07ihnYsfDxosrMazWW";
    public static final String TEST_TARGET_STRING = "1234567890INTERCEDE0123456789012";
    public static final String TOUCH_ID_PRIVATE_KEY_SET = "p1dhgAgYTaf36fweH0w";
    public static final String USER_PIN_KEY = "7W55cJb89iooYmFgjKXf";
    public String mAndroidId;
    public SoftStoreIdentitySource mOldIdentitySource;
    public byte[] mPrivateKeysEncryptionKey;
    public AndroidSignerOperationsWithOpenSSL mSignerOperationsWithOpenSSL = new AndroidSignerOperationsWithOpenSSL();
    public SoftCertSecureHardware mSoftCertSecureHardware = new SoftCertSecureHardware();
    public SoftCertSecureKeyChainPINRetry mSoftCertSecureKeyChainPINRetry;
    public WeakReference<SoftCertSecureSigner> mSoftCertSigner;

    /* renamed from: com.intercede.myIDSecurityLibrary.SoftCertSecureKeyChainEncryption$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType = new int[HwEncryptionType.values().length];

        static {
            try {
                $SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType[HwEncryptionType.encryptionType1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType[HwEncryptionType.encryptionType2.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType[HwEncryptionType.encryptionType3.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType[HwEncryptionType.encryptionType4.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum HwEncryptionType {
        encryptionType1,
        encryptionType2,
        encryptionType3,
        encryptionType4,
        maxTypes
    }

    public SoftCertSecureKeyChainEncryption(SoftCertSecureSigner softCertSecureSigner, SoftStoreIdentitySource softStoreIdentitySource, SoftCertSecureKeyChainPINRetry softCertSecureKeyChainPINRetry, String str) {
        this.mSoftCertSigner = new WeakReference<>(softCertSecureSigner);
        this.mOldIdentitySource = softStoreIdentitySource;
        this.mSoftCertSecureKeyChainPINRetry = softCertSecureKeyChainPINRetry;
        this.mAndroidId = str;
    }

    private boolean checkSecurityOfficerPINInitialisationAgainstOldPIN(String str) {
        if (!isKeyChainInitialisedForSecurityOfficerPIN()) {
            if (!this.mOldIdentitySource.getKsAccess().existsPassword(true)) {
                str = FACTORY_SOPIN;
            }
            if (!initializeWithSecurityOfficerPIN(str)) {
                MyIDSecurityLibraryPrivate.log(6, "Failed to change Security Officer PIN");
                return false;
            }
        }
        return true;
    }

    private boolean checkUserPINInitialisationAgainstOldPIN(String str) {
        if (isKeyChainInitialisedForUserPIN() || initializeWithUserPIN(str)) {
            return true;
        }
        MyIDSecurityLibraryPrivate.log(6, "Failed to change User PIN");
        return false;
    }

    private boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(String str, String str2) {
        if (this.mSoftCertSigner.get() == null) {
            return false;
        }
        byte[] derivePBKDF2KeyFromPINAndInitialSalt = this.mSignerOperationsWithOpenSSL.derivePBKDF2KeyFromPINAndInitialSalt(str, this.mSoftCertSigner.get().getUniqueID(), this.mAndroidId);
        if (derivePBKDF2KeyFromPINAndInitialSalt == null || derivePBKDF2KeyFromPINAndInitialSalt.length == 0) {
            MyIDSecurityLibraryPrivate.log(6, "Failed to create derived key");
            return false;
        }
        byte[] encryptDataWithPrivateKeysEncryptionKey = encryptDataWithPrivateKeysEncryptionKey(this.mPrivateKeysEncryptionKey, derivePBKDF2KeyFromPINAndInitialSalt);
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (softCertFileKeyChain != null) {
            return softCertFileKeyChain.updateKeyChainItemForID(str2, encryptDataWithPrivateKeysEncryptionKey);
        }
        return false;
    }

    private void logHwKeyInfo(String str) {
        Log.w(MyIDSecurityLibraryPrivate.tag, str);
    }

    private boolean replaceOldPINWithNewPINForItemID(String str, String str2, String str3) {
        if (!verifyPINForItemID(str, str3)) {
            return false;
        }
        boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(str2, str3);
        if (encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID) {
            this.mOldIdentitySource.getKsAccess().setPassword(str2, str3.equals(SECURITY_OFFICER_KEY));
        }
        if (encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID) {
            initialiseWithTouchID();
        }
        return encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID;
    }

    private boolean verifyPINForItemID(String str, String str2) {
        String str3;
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (softCertFileKeyChain == null) {
            str3 = "Failed to get key chain accessor";
        } else {
            byte[] keyChainItemForID = softCertFileKeyChain.getKeyChainItemForID(str2);
            if (keyChainItemForID == null) {
                str3 = "Failed to read item from key chain";
            } else {
                String uniqueID = this.mSoftCertSigner.get().getUniqueID();
                byte[] derivePBKDF2KeyFromPINAndInitialSalt = this.mSignerOperationsWithOpenSSL.derivePBKDF2KeyFromPINAndInitialSalt(str, uniqueID, this.mAndroidId);
                if (derivePBKDF2KeyFromPINAndInitialSalt != null && derivePBKDF2KeyFromPINAndInitialSalt.length != 0) {
                    byte[] decryptDataWithPrivateKeysEncryptionKey = decryptDataWithPrivateKeysEncryptionKey(keyChainItemForID, derivePBKDF2KeyFromPINAndInitialSalt);
                    if (Arrays.equals(decryptDataWithPrivateKeysEncryptionKey(softCertFileKeyChain.getKeyChainItemForID(TEST_TARGET_KEY), decryptDataWithPrivateKeysEncryptionKey), TEST_TARGET_STRING.getBytes(Charset.forName("UTF-8")))) {
                        this.mPrivateKeysEncryptionKey = decryptDataWithPrivateKeysEncryptionKey;
                        if (str2.equalsIgnoreCase(SECURITY_OFFICER_KEY)) {
                            this.mSoftCertSecureKeyChainPINRetry.resetSecurityOfficerPINRetryCount(uniqueID);
                            return true;
                        }
                        if (!str2.equalsIgnoreCase(USER_PIN_KEY)) {
                            return true;
                        }
                        this.mSoftCertSecureKeyChainPINRetry.resetPINRetryCount(uniqueID);
                        return true;
                    }
                    if (str2.equalsIgnoreCase(SECURITY_OFFICER_KEY)) {
                        this.mSoftCertSecureKeyChainPINRetry.decrementSecurityOfficerPINRetryCount(uniqueID);
                        if (this.mSoftCertSecureKeyChainPINRetry.getSecurityOfficerPINRetryCount(uniqueID) <= 0) {
                            byte[] bArr = new byte[32];
                            Arrays.fill(bArr, (byte) 0);
                            softCertFileKeyChain.updateKeyChainItemForID(SECURITY_OFFICER_KEY, bArr);
                        }
                    } else if (str2.equalsIgnoreCase(USER_PIN_KEY)) {
                        this.mSoftCertSecureKeyChainPINRetry.decrementPINRetryCount(uniqueID);
                        if (this.mSoftCertSecureKeyChainPINRetry.getPINRetryCount(uniqueID) <= 0) {
                            byte[] bArr2 = new byte[32];
                            Arrays.fill(bArr2, (byte) 0);
                            softCertFileKeyChain.updateKeyChainItemForID(USER_PIN_KEY, bArr2);
                        }
                    }
                    resetPrivateKeysEncryptionKey();
                    return false;
                }
                str3 = "Failed to create derived key";
            }
        }
        MyIDSecurityLibraryPrivate.log(6, str3);
        return false;
    }

    public boolean authenticateWithSecurityOfficerPINAndThenSetUserPIN(String str, String str2) {
        String str3;
        if (checkSecurityOfficerPINInitialisationAgainstOldPIN(str)) {
            String uniqueID = this.mSoftCertSigner.get().getUniqueID();
            if (this.mSoftCertSecureKeyChainPINRetry.isSecurityOfficerPINLocked(uniqueID)) {
                str3 = "authenticateWithSecurityOfficerPINAndThenSetUserPIN: Security Officer PIN is locked";
            } else {
                if (!verifyPINForItemID(str, SECURITY_OFFICER_KEY)) {
                    return false;
                }
                if (!isKeyChainInitialisedForUserPIN()) {
                    return initializeWithUserPIN(str2);
                }
                byte[] derivePBKDF2KeyFromPINAndInitialSalt = this.mSignerOperationsWithOpenSSL.derivePBKDF2KeyFromPINAndInitialSalt(str2, uniqueID, this.mAndroidId);
                if (derivePBKDF2KeyFromPINAndInitialSalt != null && derivePBKDF2KeyFromPINAndInitialSalt.length != 0) {
                    byte[] encryptDataWithPrivateKeysEncryptionKey = encryptDataWithPrivateKeysEncryptionKey(this.mPrivateKeysEncryptionKey, derivePBKDF2KeyFromPINAndInitialSalt);
                    this.mSoftCertSecureKeyChainPINRetry.resetPINRetryCount(uniqueID);
                    SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
                    boolean updateKeyChainItemForID = softCertFileKeyChain != null ? softCertFileKeyChain.updateKeyChainItemForID(USER_PIN_KEY, encryptDataWithPrivateKeysEncryptionKey) : false;
                    this.mOldIdentitySource.getKsAccess().setPassword(str2, false);
                    return updateKeyChainItemForID;
                }
                str3 = "Failed to create derived key";
            }
        } else {
            str3 = "authenticateWithSecurityOfficerPINAndThenSetUserPIN: Failed to check Security Officer PIN initialisation status";
        }
        MyIDSecurityLibraryPrivate.log(6, str3);
        return false;
    }

    public byte[] decryptDataWithPrivateKeysEncryptionKey(byte[] bArr, byte[] bArr2) {
        byte[] hardwareDecryptData;
        HashMap dictFromSerializedData = dictFromSerializedData(bArr);
        if (dictFromSerializedData == null) {
            logHwKeyInfo("AndroidKeyStore not used (decrypt)");
            return this.mSignerOperationsWithOpenSSL.decryptDataWithPrivateKeysEncryptionKey(bArr, bArr2);
        }
        byte[] bArr3 = (byte[]) dictFromSerializedData.get(HW_ENCRYPTED_DATA_KEY);
        if (AnonymousClass1.$SwitchMap$com$intercede$myIDSecurityLibrary$SoftCertSecureKeyChainEncryption$HwEncryptionType[((HwEncryptionType) dictFromSerializedData.get(HW_ENCRYPTED_TYPE_KEY)).ordinal()] != 1 || (hardwareDecryptData = this.mSoftCertSecureHardware.hardwareDecryptData(bArr3)) == null) {
            return null;
        }
        logHwKeyInfo(this.mSoftCertSecureHardware.isKeystoreHardwareBacked() ? "Hardware backed AndroidKeyStore used (decrypt)" : "Software backed AndroidKeyStore used (decrypt)");
        return this.mSignerOperationsWithOpenSSL.decryptDataWithPrivateKeysEncryptionKey(hardwareDecryptData, bArr2);
    }

    public HashMap dictFromSerializedData(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return (HashMap) new ObjectInputStream(new ByteArrayInputStream(bArr)).readObject();
        } catch (Exception e) {
            MyIDSecurityLibraryPrivate.log(6, "dictFromSerializedData: " + e.getLocalizedMessage());
            return null;
        }
    }

    public byte[] encryptDataWithPrivateKeysEncryptionKey(byte[] bArr, byte[] bArr2) {
        byte[] encryptDataWithPrivateKeysEncryptionKey = this.mSignerOperationsWithOpenSSL.encryptDataWithPrivateKeysEncryptionKey(bArr, bArr2);
        byte[] hardwareEncryptData = this.mSoftCertSecureHardware.hardwareEncryptData(encryptDataWithPrivateKeysEncryptionKey);
        if (hardwareEncryptData == null) {
            logHwKeyInfo("AndroidKeyStore not used (encrypt)");
            return encryptDataWithPrivateKeysEncryptionKey;
        }
        logHwKeyInfo(this.mSoftCertSecureHardware.isKeystoreHardwareBacked() ? "Hardware backed AndroidKeyStore used (encrypt)" : "Software backed AndroidKeyStore used (encrypt)");
        HashMap hashMap = new HashMap();
        hashMap.put(HW_ENCRYPTED_DATA_KEY, hardwareEncryptData);
        hashMap.put(HW_ENCRYPTED_TYPE_KEY, HwEncryptionType.encryptionType1);
        return serializedDataFromDict(hashMap);
    }

    public void factoryReset() {
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        softCertFileKeyChain.deleteKeyChainItemForID(SECURITY_OFFICER_KEY);
        softCertFileKeyChain.deleteKeyChainItemForID(TEST_TARGET_KEY);
        softCertFileKeyChain.deleteKeyChainItemForID(USER_PIN_KEY);
        softCertFileKeyChain.deleteKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET);
        this.mSoftCertSecureHardware.deleteSecureHardwareKey();
    }

    public boolean forSecurityOfficerChangeOldPINToNewPIN(String str, String str2) {
        if (!checkSecurityOfficerPINInitialisationAgainstOldPIN(str)) {
            MyIDSecurityLibraryPrivate.log(6, "Initialisation failed whilst changing Security Officer PIN ");
            return false;
        }
        if (this.mSoftCertSecureKeyChainPINRetry.isSecurityOfficerPINLocked(this.mSoftCertSigner.get().getUniqueID())) {
            MyIDSecurityLibraryPrivate.log(6, "Security Officer PIN is locked");
            resetPrivateKeysEncryptionKey();
            return false;
        }
        boolean replaceOldPINWithNewPINForItemID = replaceOldPINWithNewPINForItemID(str, str2, SECURITY_OFFICER_KEY);
        resetPrivateKeysEncryptionKey();
        return replaceOldPINWithNewPINForItemID;
    }

    public boolean forUserChangeOldPINToNewPin(String str, String str2) {
        if (isKeyChainInitialisedForUserPIN()) {
            return !this.mSoftCertSecureKeyChainPINRetry.isPINBlocked(this.mSoftCertSigner.get().getUniqueID()) && replaceOldPINWithNewPINForItemID(str, str2, USER_PIN_KEY);
        }
        return false;
    }

    public boolean initialiseWithTouchID() {
        if (!removeTouchID() || new SoftCertAutoGeneratedUserPin().isAutoPinInUse()) {
            return false;
        }
        return SoftCertFileKeyChain.getSoftCertFileKeyChain().createKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET, encryptDataWithPrivateKeysEncryptionKey(this.mPrivateKeysEncryptionKey, this.mSignerOperationsWithOpenSSL.getHardCodedTouchIDPrivateKey())).booleanValue();
    }

    public boolean initializeWithSecurityOfficerPIN(String str) {
        String str2;
        if (isKeyChainInitialisedForSecurityOfficerPIN()) {
            str2 = "Failed attempting to re-initialize an already initialized Security Officer PIN";
        } else {
            KSAccess ksAccess = this.mOldIdentitySource.getKsAccess();
            boolean existsPassword = ksAccess.existsPassword(true);
            if (isKeyChainInitialisedForUserPIN()) {
                byte[] bArr = this.mPrivateKeysEncryptionKey;
                if (bArr == null || bArr.length == 0) {
                    str2 = "Failed to initialize the Security Officer PIN";
                } else {
                    if (!existsPassword || ksAccess.verifyPassword(str, true)) {
                        boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(str, SECURITY_OFFICER_KEY);
                        this.mSoftCertSecureKeyChainPINRetry.resetSecurityOfficerPINRetryCount(this.mSoftCertSigner.get().getUniqueID());
                        resetPrivateKeysEncryptionKey();
                        if (!existsPassword && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID) {
                            ksAccess.setPassword(str, true);
                        }
                        return encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID;
                    }
                    str2 = "Failed to verify Security Officer PIN against original key chain [1]";
                }
            } else if (!existsPassword || ksAccess.verifyPassword(str, true)) {
                byte[] createPrivateKeysEncryptionKey = this.mSignerOperationsWithOpenSSL.createPrivateKeysEncryptionKey();
                if (createPrivateKeysEncryptionKey != null && createPrivateKeysEncryptionKey.length != 0) {
                    this.mPrivateKeysEncryptionKey = createPrivateKeysEncryptionKey;
                    byte[] encryptDataWithPrivateKeysEncryptionKey = encryptDataWithPrivateKeysEncryptionKey(TEST_TARGET_STRING.getBytes(Charset.forName("UTF-8")), this.mPrivateKeysEncryptionKey);
                    SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
                    boolean updateKeyChainItemForID = softCertFileKeyChain != null ? softCertFileKeyChain.updateKeyChainItemForID(TEST_TARGET_KEY, encryptDataWithPrivateKeysEncryptionKey) : false;
                    boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2 = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(str, SECURITY_OFFICER_KEY);
                    this.mSoftCertSecureKeyChainPINRetry.resetSecurityOfficerPINRetryCount(this.mSoftCertSigner.get().getUniqueID());
                    if (!existsPassword && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2) {
                        ksAccess.setPassword(str, true);
                    }
                    return updateKeyChainItemForID && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2;
                }
                str2 = "Failed to create AES-256 key";
            } else {
                str2 = "Failed to verify Security Officer PIN against original key chain [2]";
            }
        }
        MyIDSecurityLibraryPrivate.log(6, str2);
        return false;
    }

    public boolean initializeWithUserPIN(String str) {
        String str2;
        boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID;
        if (isKeyChainInitialisedForUserPIN()) {
            str2 = "initializeWithUserPIN: Failed attempting to re-initialize an already initialized User PIN";
        } else {
            String uniqueID = this.mSoftCertSigner.get().getUniqueID();
            if (isKeyChainInitialisedForSecurityOfficerPIN()) {
                byte[] bArr = this.mPrivateKeysEncryptionKey;
                if (bArr != null && bArr.length != 0) {
                    boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2 = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(str, USER_PIN_KEY);
                    this.mSoftCertSecureKeyChainPINRetry.resetPINRetryCount(uniqueID);
                    if (encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2) {
                        this.mOldIdentitySource.getKsAccess().setPassword(str, false);
                    }
                    return encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID2;
                }
                str2 = "initializeWithUserPIN: Failed to initialize the User PIN";
            } else {
                KSAccess ksAccess = this.mOldIdentitySource.getKsAccess();
                boolean existsPassword = ksAccess.existsPassword(false);
                if (!existsPassword || ksAccess.verifyPassword(str, false)) {
                    this.mPrivateKeysEncryptionKey = this.mSignerOperationsWithOpenSSL.createPrivateKeysEncryptionKey();
                    byte[] bArr2 = this.mPrivateKeysEncryptionKey;
                    if (bArr2 != null && bArr2.length != 0) {
                        boolean encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID3 = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(str, USER_PIN_KEY);
                        if (!existsPassword && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID3) {
                            ksAccess.setPassword(str, false);
                        }
                        boolean existsPassword2 = ksAccess.existsPassword(true);
                        if (!existsPassword2 || ksAccess.verifyPassword(FACTORY_SOPIN, true)) {
                            encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID = encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID(FACTORY_SOPIN, SECURITY_OFFICER_KEY);
                            this.mSoftCertSecureKeyChainPINRetry.resetSecurityOfficerPINRetryCount(uniqueID);
                            if (!existsPassword2 && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID) {
                                ksAccess.setPassword(FACTORY_SOPIN, true);
                            }
                        } else {
                            encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID = true;
                        }
                        byte[] encryptDataWithPrivateKeysEncryptionKey = encryptDataWithPrivateKeysEncryptionKey(TEST_TARGET_STRING.getBytes(Charset.forName("UTF-8")), this.mPrivateKeysEncryptionKey);
                        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
                        boolean updateKeyChainItemForID = softCertFileKeyChain != null ? softCertFileKeyChain.updateKeyChainItemForID(TEST_TARGET_KEY, encryptDataWithPrivateKeysEncryptionKey) : false;
                        this.mSoftCertSecureKeyChainPINRetry.resetPINRetryCount(uniqueID);
                        return encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID3 && encryptPrivateKeysEncryptionKeyWithPINAndSaveForItemID && updateKeyChainItemForID;
                    }
                    str2 = "initializeWithUserPIN: Failed to create AES-256 key";
                } else {
                    str2 = "initializeWithUserPIN: Failed to verify User PIN against original key chain";
                }
            }
        }
        MyIDSecurityLibraryPrivate.log(6, str2);
        return false;
    }

    public boolean isKeyChainInitialisedForSecurityOfficerPIN() {
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (softCertFileKeyChain != null) {
            return softCertFileKeyChain.hasKeyChainItemForID(SECURITY_OFFICER_KEY).booleanValue();
        }
        return false;
    }

    public boolean isKeyChainInitialisedForTouchID() {
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (softCertFileKeyChain != null) {
            return softCertFileKeyChain.hasKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET).booleanValue();
        }
        return false;
    }

    public boolean isKeyChainInitialisedForUserPIN() {
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (softCertFileKeyChain != null) {
            return softCertFileKeyChain.hasKeyChainItemForID(USER_PIN_KEY).booleanValue();
        }
        return false;
    }

    public boolean isLocked() {
        byte[] bArr = this.mPrivateKeysEncryptionKey;
        return bArr == null || bArr.length == 0;
    }

    public boolean removeTouchID() {
        if (!this.mSoftCertSigner.get().touchIDAllowed()) {
            return false;
        }
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        if (!softCertFileKeyChain.hasKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET).booleanValue()) {
            return true;
        }
        softCertFileKeyChain.deleteKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET);
        return true;
    }

    public void resetPrivateKeysEncryptionKey() {
        if (this.mPrivateKeysEncryptionKey == null) {
            return;
        }
        int i = 0;
        while (true) {
            byte[] bArr = this.mPrivateKeysEncryptionKey;
            if (i >= bArr.length) {
                this.mPrivateKeysEncryptionKey = null;
                return;
            } else {
                bArr[i] = 0;
                i++;
            }
        }
    }

    public byte[] serializedDataFromDict(HashMap hashMap) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2048);
        try {
            new ObjectOutputStream(byteArrayOutputStream).writeObject(hashMap);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            MyIDSecurityLibraryPrivate.log(6, "serializedDataFromDict throws exception: " + e.toString());
            return null;
        }
    }

    public byte[] usePrivateKeysEncryptionKeyToDecryptData(byte[] bArr) {
        return decryptDataWithPrivateKeysEncryptionKey(bArr, this.mPrivateKeysEncryptionKey);
    }

    public byte[] usePrivateKeysEncryptionKeyToEncryptData(byte[] bArr) {
        return encryptDataWithPrivateKeysEncryptionKey(bArr, this.mPrivateKeysEncryptionKey);
    }

    public boolean verifySecurityOfficerPIN(String str) {
        if (!verifyPINForItemID(str, SECURITY_OFFICER_KEY)) {
            return false;
        }
        resetPrivateKeysEncryptionKey();
        return true;
    }

    public boolean verifyUserPIN(String str) {
        return !this.mSoftCertSecureKeyChainPINRetry.isPINBlocked(this.mSoftCertSigner.get().getUniqueID()) && checkUserPINInitialisationAgainstOldPIN(str) && verifyPINForItemID(str, USER_PIN_KEY);
    }

    public boolean verifyUsingTouchID() {
        byte[] hardCodedTouchIDPrivateKey = this.mSignerOperationsWithOpenSSL.getHardCodedTouchIDPrivateKey();
        SoftCertFileKeyChain softCertFileKeyChain = SoftCertFileKeyChain.getSoftCertFileKeyChain();
        byte[] decryptDataWithPrivateKeysEncryptionKey = decryptDataWithPrivateKeysEncryptionKey(softCertFileKeyChain.getKeyChainItemForID(TOUCH_ID_PRIVATE_KEY_SET), hardCodedTouchIDPrivateKey);
        Arrays.fill(hardCodedTouchIDPrivateKey, (byte) 0);
        if (Arrays.equals(decryptDataWithPrivateKeysEncryptionKey(softCertFileKeyChain.getKeyChainItemForID(TEST_TARGET_KEY), decryptDataWithPrivateKeysEncryptionKey), TEST_TARGET_STRING.getBytes(Charset.forName("UTF-8")))) {
            this.mPrivateKeysEncryptionKey = decryptDataWithPrivateKeysEncryptionKey;
            return true;
        }
        resetPrivateKeysEncryptionKey();
        return false;
    }
}
