package slack.app.utils.secondaryauth;

import android.annotation.TargetApi;
import android.app.KeyguardManager;
import android.content.Context;
import android.provider.Settings;
import android.security.keystore.KeyGenParameterSpec;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentActivity;
import haxe.root.Std;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.internal.operators.completable.CompletableCreate;
import io.reactivex.rxjava3.internal.operators.completable.CompletableError;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import kotlin.collections.CollectionsKt__IteratorsJVMKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.EmptySet;
import kotlinx.coroutines.rx3.RxCompletableKt$$ExternalSyntheticLambda0;
import slack.app.ui.secondaryauth.SecondaryAuthFragment;
import slack.app.utils.secondaryauth.providers.CipherProviderImpl;
import slack.app.utils.secondaryauth.providers.KeyGeneratorProviderImpl;
import slack.app.utils.secondaryauth.providers.KeyStoreProviderImpl;
import slack.commons.configuration.AppBuildConfig;
import slack.corelib.prefs.PrefsManager;
import slack.crypto.security.Cryptographer;
import slack.featureflag.GlobalFeature;
import slack.libraries.secondaryauth.SecondaryAuthHelper;
import slack.model.blockkit.ContextItem;
import slack.model.enterprise.MdmConfiguration;
import slack.securitychecks.checks.SecondaryAuthSecurityCheck;
import slack.securitychecks.checks.SecondaryAuthSecurityCheckHelper;
import slack.services.accountmanager.AccountManager;
import slack.services.featureflag.FeatureFlagStore;
import slack.services.featureflag.FeatureFlagStoreImpl;
import slack.services.sharedprefs.AppSharedPrefs;

/* compiled from: SecondaryAuthHelperImpl.kt */
/* loaded from: classes5.dex */
public final class SecondaryAuthHelperImpl implements SecondaryAuthHelper {
    public final AccountManager accountManager;
    public final AppBuildConfig appBuildConfig;
    public final AppSharedPrefs appPrefs;
    public final CipherProviderImpl cipherProvider;
    public final FeatureFlagStore featureFlagStore;
    public final KeyGeneratorProviderImpl keyGeneratorProvider;
    public final KeyStoreProviderImpl keyStoreProvider;
    public final MdmConfiguration mdmConfig;
    public final SecondaryAuthSecurityCheckHelper secondaryAuthSecurityCheckHelper;
    public final Cryptographer tinkCrypto;

    /* compiled from: SecondaryAuthHelperImpl.kt */
    /* loaded from: classes5.dex */
    public static final class UnableToPeformTinkCryptoException extends RuntimeException {
        public UnableToPeformTinkCryptoException(Throwable th) {
            super(th);
        }
    }

    public SecondaryAuthHelperImpl(AppBuildConfig appBuildConfig, PrefsManager prefsManager, Cryptographer cryptographer, MdmConfiguration mdmConfiguration, AccountManager accountManager, FeatureFlagStore featureFlagStore, SecondaryAuthSecurityCheckHelper secondaryAuthSecurityCheckHelper) {
        KeyStoreProviderImpl keyStoreProviderImpl = new KeyStoreProviderImpl();
        KeyGeneratorProviderImpl keyGeneratorProviderImpl = new KeyGeneratorProviderImpl();
        CipherProviderImpl cipherProviderImpl = new CipherProviderImpl();
        this.appBuildConfig = appBuildConfig;
        this.tinkCrypto = cryptographer;
        this.mdmConfig = mdmConfiguration;
        this.accountManager = accountManager;
        this.keyStoreProvider = keyStoreProviderImpl;
        this.keyGeneratorProvider = keyGeneratorProviderImpl;
        this.cipherProvider = cipherProviderImpl;
        this.featureFlagStore = featureFlagStore;
        this.secondaryAuthSecurityCheckHelper = secondaryAuthSecurityCheckHelper;
        this.appPrefs = prefsManager.getAppPrefs();
    }

    public final void clearKey() {
        Objects.requireNonNull(this.keyStoreProvider);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("secondary_auth");
    }

    public void clearSecondaryAuthEnrollment() {
        this.appPrefs.setSecondaryAuthMethods(EmptySet.INSTANCE);
        this.appPrefs.setSecondaryAuthTinkFailures("");
        this.appPrefs.setSecondaryAuthTinkPin("");
        this.appPrefs.setIsUsingInsecureAuth(false);
        clearKey();
    }

    public Set getAuthTypesEnrolled() {
        Set<String> secondaryAuthMethods = this.secondaryAuthSecurityCheckHelper.appSharedPrefs.getSecondaryAuthMethods();
        Std.checkNotNullExpressionValue(secondaryAuthMethods, "appSharedPrefs.secondaryAuthMethods");
        ArrayList arrayList = new ArrayList(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(secondaryAuthMethods, 10));
        for (String str : secondaryAuthMethods) {
            Std.checkNotNullExpressionValue(str, "it");
            arrayList.add(SecondaryAuthSecurityCheck.AuthType.valueOf(str));
        }
        return CollectionsKt___CollectionsKt.toSet(arrayList);
    }

    public final Cipher getCipher() {
        try {
            Objects.requireNonNull(this.cipherProvider);
            Std.checkNotNullParameter("AES/GCM/NoPadding", "transformation");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Objects.requireNonNull(this.keyStoreProvider);
            Std.checkNotNullParameter("AndroidKeyStore", "type");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            cipher.init(1, keyStore.getKey("secondary_auth", null));
            return cipher;
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public boolean getShouldShowPrompt() {
        return isSecondaryAuthEnabled() && this.secondaryAuthSecurityCheckHelper.isAuthRequired();
    }

    public boolean isDeviceSupported(Context context) {
        Std.checkNotNullParameter(context, ContextItem.TYPE);
        Objects.requireNonNull(this.appBuildConfig);
        boolean z = Std.areEqual(Settings.System.getString(context.getContentResolver(), "firebase.test.lab"), "true");
        Object systemService = context.getSystemService("keyguard");
        Objects.requireNonNull(systemService, "null cannot be cast to non-null type android.app.KeyguardManager");
        return ((KeyguardManager) systemService).isDeviceSecure() || z;
    }

    public boolean isFaceUnlockEnabled() {
        return ((FeatureFlagStoreImpl) this.featureFlagStore).isEnabled(GlobalFeature.SECONDARY_AUTH_FACE);
    }

    @TargetApi(29)
    public boolean isFaceUnlockSupported(Context context) {
        return context.getPackageManager().hasSystemFeature("android.hardware.biometrics.face");
    }

    public boolean isKeystoreValid() {
        return getAuthTypesEnrolled().isEmpty() || this.appPrefs.getIsUsingInsecureAuth() || getCipher() != null;
    }

    public boolean isSecondaryAuthEnabled() {
        return this.secondaryAuthSecurityCheckHelper.isSecondaryAuthEnabled();
    }

    public final boolean performKeyGeneration(boolean z) {
        Objects.requireNonNull(this.keyGeneratorProvider);
        Std.checkNotNullParameter("AES", "algorithm");
        Std.checkNotNullParameter("AndroidKeyStore", "provider");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("secondary_auth", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Std.checkNotNullExpressionValue(encryptionPaddings, "Builder(\n      SECONDARY….ENCRYPTION_PADDING_NONE)");
        if (z) {
            encryptionPaddings.setUserAuthenticationValidityDurationSeconds((int) TimeUnit.MINUTES.toSeconds(1440L)).setUserAuthenticationRequired(true);
            this.appPrefs.setIsUsingInsecureAuth(false);
        } else {
            this.appPrefs.setIsUsingInsecureAuth(true);
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            keyGenerator.generateKey();
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | ProviderException unused) {
            return false;
        }
    }

    public Completable validateBiometricPrompt(FragmentActivity fragmentActivity, BiometricPrompt.PromptInfo promptInfo) {
        Std.checkNotNullParameter(fragmentActivity, "activity");
        Fragment findFragmentByTag = fragmentActivity.getSupportFragmentManager().findFragmentByTag(SecondaryAuthFragment.class.getName());
        Cipher cipher = getCipher();
        return cipher == null ? new CompletableError(new KeystoreException(null, 1)) : new CompletableCreate(new RxCompletableKt$$ExternalSyntheticLambda0(findFragmentByTag, promptInfo, cipher));
    }
}
