package slack.features.secondaryauth.utils;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.provider.Settings;
import android.security.keystore.KeyGenParameterSpec;
import androidx.activity.BackEventCompat$$ExternalSyntheticOutline0;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentActivity;
import androidx.work.impl.AutoMigration_14_15;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.internal.operators.completable.CompletableCreate;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import kotlin.collections.EmptySet;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.idn.IdnaMappingTable;
import slack.app.di.org.FeatureFlagBaseModule;
import slack.commons.configuration.AppBuildConfig;
import slack.crypto.security.DecryptionResult;
import slack.crypto.security.TinkCryptoAtomic;
import slack.features.search.SearchFragment$$ExternalSyntheticLambda10;
import slack.features.secondaryauth.SecondaryAuthActivity;
import slack.features.secondaryauth.SecondaryAuthFragment;
import slack.libraries.secondaryauth.AuthMode;
import slack.libraries.secondaryauth.AuthType;
import slack.libraries.sharedprefs.api.AppSharedPrefs;
import slack.libraries.sharedprefs.api.PrefsManager;
import slack.libraries.spaceship.commons.CanvasHostHelper;
import slack.services.mdmconfig.MdmTokenRetriever;
import timber.log.Timber;
import timber.log.TimberKt$TREE_OF_SOULS$1;

/* loaded from: classes5.dex */
public final class SecondaryAuthHelperImpl {
    public final AppBuildConfig appBuildConfig;
    public final AppSharedPrefs appPrefs;
    public final AutoMigration_14_15 cipherProvider;
    public final FeatureFlagBaseModule keyGeneratorProvider;
    public final IdnaMappingTable keyStoreProvider;
    public final MdmTokenRetriever mdmTokenRetriever;
    public final CanvasHostHelper secondaryAuthSecurityCheckHelper;
    public final TinkCryptoAtomic tinkCrypto;

    /* loaded from: classes5.dex */
    final class UnableToPeformTinkCryptoException extends RuntimeException {
    }

    public SecondaryAuthHelperImpl(AppBuildConfig appBuildConfig, PrefsManager prefsManager, TinkCryptoAtomic tinkCryptoAtomic, MdmTokenRetriever mdmTokenRetriever, CanvasHostHelper canvasHostHelper) {
        Intrinsics.checkNotNullParameter(appBuildConfig, "appBuildConfig");
        Intrinsics.checkNotNullParameter(prefsManager, "prefsManager");
        Intrinsics.checkNotNullParameter(mdmTokenRetriever, "mdmTokenRetriever");
        IdnaMappingTable idnaMappingTable = new IdnaMappingTable((char) 0, 21);
        FeatureFlagBaseModule featureFlagBaseModule = new FeatureFlagBaseModule(25);
        AutoMigration_14_15 autoMigration_14_15 = new AutoMigration_14_15();
        this.appBuildConfig = appBuildConfig;
        this.tinkCrypto = tinkCryptoAtomic;
        this.mdmTokenRetriever = mdmTokenRetriever;
        this.keyStoreProvider = idnaMappingTable;
        this.keyGeneratorProvider = featureFlagBaseModule;
        this.cipherProvider = autoMigration_14_15;
        this.secondaryAuthSecurityCheckHelper = canvasHostHelper;
        this.appPrefs = prefsManager.getAppPrefs();
    }

    public final void clearSecondaryAuthEnrollment() {
        Timber.tag("SecondaryAuth").d("Clearing secondary auth methods.", new Object[0]);
        EmptySet emptySet = EmptySet.INSTANCE;
        AppSharedPrefs appSharedPrefs = this.appPrefs;
        appSharedPrefs.setSecondaryAuthMethods(emptySet);
        appSharedPrefs.setSecondaryAuthTinkFailures("");
        appSharedPrefs.setSecondaryAuthTinkPin("");
        appSharedPrefs.setIsUsingInsecureAuth(false);
        appSharedPrefs.setLastSecondaryAuthTime(0L);
        appSharedPrefs.setLastBackgroundedTime(0L);
        this.keyStoreProvider.getClass();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(...)");
        keyStore.load(null);
        keyStore.deleteEntry("secondary_auth");
    }

    public final Set getAuthTypesEnrolled() {
        TimberKt$TREE_OF_SOULS$1 tag = Timber.tag("SecondaryAuth");
        CanvasHostHelper canvasHostHelper = this.secondaryAuthSecurityCheckHelper;
        tag.d("Enrolled auth types " + canvasHostHelper.getAuthTypesEnrolled() + ".", new Object[0]);
        return canvasHostHelper.getAuthTypesEnrolled();
    }

    public final Cipher getCipher() {
        try {
            Cipher autoMigration_14_15 = this.cipherProvider.getInstance();
            this.keyStoreProvider.getClass();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(...)");
            keyStore.load(null);
            autoMigration_14_15.init(1, keyStore.getKey("secondary_auth", null));
            return autoMigration_14_15;
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public final boolean getShouldShowPrompt() {
        CanvasHostHelper canvasHostHelper = this.secondaryAuthSecurityCheckHelper;
        return canvasHostHelper.isSecondaryAuthEnabled() && canvasHostHelper.isAuthRequired();
    }

    public final Intent getStartingIntent(Context context, AuthMode authMode) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intent intent = new Intent(context, (Class<?>) SecondaryAuthActivity.class);
        intent.putExtra("auth_mode", authMode);
        return intent;
    }

    public final void incrementFailureCounter() {
        try {
            this.appPrefs.setSecondaryAuthTinkFailures(this.tinkCrypto.encrypt(String.valueOf(this.secondaryAuthSecurityCheckHelper.getFailureCount() + 1)));
        } catch (GeneralSecurityException e) {
            Timber.tag("SecondaryAuth").w(new RuntimeException(e), "Failed to update the failure count", new Object[0]);
        }
    }

    public final boolean isDeviceSupported(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.appBuildConfig.getClass();
        boolean areEqual = Intrinsics.areEqual(Settings.System.getString(context.getContentResolver(), "firebase.test.lab"), "true");
        Object systemService = context.getSystemService("keyguard");
        Intrinsics.checkNotNull(systemService, "null cannot be cast to non-null type android.app.KeyguardManager");
        return ((KeyguardManager) systemService).isDeviceSecure() || areEqual;
    }

    public final boolean isKeystoreValid() {
        TimberKt$TREE_OF_SOULS$1 tag = Timber.tag("SecondaryAuth");
        Set authTypesEnrolled = getAuthTypesEnrolled();
        AppSharedPrefs appSharedPrefs = this.appPrefs;
        boolean z = !appSharedPrefs.getIsUsingInsecureAuth();
        boolean z2 = getCipher() != null;
        StringBuilder sb = new StringBuilder("Check if keystore is valid auth types = ");
        sb.append(authTypesEnrolled);
        sb.append(", is using secure auth = ");
        sb.append(z);
        sb.append(", does cipher exist = ");
        tag.d(BackEventCompat$$ExternalSyntheticOutline0.m(sb, z2, "."), new Object[0]);
        return getAuthTypesEnrolled().isEmpty() || appSharedPrefs.getIsUsingInsecureAuth() || getCipher() != null;
    }

    public final boolean performKeyGeneration(boolean z) {
        this.keyGeneratorProvider.getClass();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(...)");
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("secondary_auth", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "setEncryptionPaddings(...)");
        AppSharedPrefs appSharedPrefs = this.appPrefs;
        if (z) {
            encryptionPaddings.setUserAuthenticationValidityDurationSeconds((int) TimeUnit.MINUTES.toSeconds(1440L)).setUserAuthenticationRequired(true);
            appSharedPrefs.setIsUsingInsecureAuth(false);
        } else {
            appSharedPrefs.setIsUsingInsecureAuth(true);
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            keyGenerator.generateKey();
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | ProviderException unused) {
            return false;
        }
    }

    public final void setPin(String pin) {
        AppSharedPrefs appSharedPrefs = this.appPrefs;
        Intrinsics.checkNotNullParameter(pin, "pin");
        try {
            appSharedPrefs.setSecondaryAuthTinkPin(this.tinkCrypto.encrypt(pin));
            Timber.tag("SecondaryAuth").d("Adding secondary auth method " + AuthType.PIN + " to " + appSharedPrefs.getSecondaryAuthMethods() + ".", new Object[0]);
            Set secondaryAuthMethods = appSharedPrefs.getSecondaryAuthMethods();
            Intrinsics.checkNotNullExpressionValue(secondaryAuthMethods, "getSecondaryAuthMethods(...)");
            appSharedPrefs.setSecondaryAuthMethods(SetsKt.plus(secondaryAuthMethods, "PIN"));
        } catch (GeneralSecurityException e) {
            Timber.tag("SecondaryAuth").w(new RuntimeException(e));
        }
    }

    public final Completable validateBiometricPrompt(FragmentActivity activity, BiometricPrompt.PromptInfo promptInfo) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        Fragment findFragmentByTag = activity.getSupportFragmentManager().findFragmentByTag(SecondaryAuthFragment.class.getName());
        Cipher cipher = getCipher();
        return cipher != null ? new CompletableCreate(new SearchFragment$$ExternalSyntheticLambda10(findFragmentByTag, promptInfo, cipher, 9)) : Completable.error(new KeystoreException());
    }

    public final boolean validatePin(String pin) {
        Intrinsics.checkNotNullParameter(pin, "pin");
        try {
            if (pin.length() > 0) {
                return pin.equals(DecryptionResult.getClearText(this.tinkCrypto.decrypt(this.appPrefs.getSecondaryAuthTinkPin())));
            }
            return false;
        } catch (GeneralSecurityException e) {
            Timber.tag("SecondaryAuth").e(new RuntimeException(e));
            return false;
        }
    }
}
