package com.noknok.android.client.asm.pinmanagement;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.google.gson.Gson;
import com.newrelic.agent.android.instrumentation.GsonInstrumentation;
import com.newrelic.agent.android.instrumentation.Instrumented;
import com.noknok.android.client.asm.pinmanagement.PinDatabase;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.utils.AppSDKConfig;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

@Instrumented
/* loaded from: classes3.dex */
public class PinManager {

    /* renamed from: a, reason: collision with root package name */
    public final PinDatabase f4942a;
    public final Context b;
    public final IMatcher.IAntiHammeringCallback c;
    public PinDatabase.PinConfig d = null;

    /* renamed from: com.noknok.android.client.asm.pinmanagement.PinManager$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f4943a;

        static {
            int[] iArr = new int[Algorithm.values().length];
            f4943a = iArr;
            try {
                iArr[0] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f4943a[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes3.dex */
    public enum Algorithm {
        SHA256,
        PBKDF2
    }

    /* loaded from: classes3.dex */
    public enum VerifyStatus {
        SUCCESS,
        FAILED,
        PIN_INVALID,
        PIN_ERASED,
        PIN_LOCKOUT
    }

    public PinManager(String str, Context context, IMatcher.IAntiHammeringCallback iAntiHammeringCallback) {
        this.f4942a = new PinDatabase(context, str);
        this.b = context;
        this.c = iAntiHammeringCallback;
    }

    public final PinDatabase.PinData a(String str) {
        byte[] bArr;
        byte[] bytes;
        List<PinDatabase.PinData> readUsedPinsList;
        Logger.i("PinManager", "Create PIN data");
        SecretKey secretKey = null;
        int i = 0;
        if (getPinConfig().nonReusableOldPINs > 0 && (readUsedPinsList = this.f4942a.readUsedPinsList()) != null && readUsedPinsList.size() > 0) {
            if (readUsedPinsList.get(0).getAlgorithm().equals(Algorithm.SHA256)) {
                bArr = new byte[16];
                System.arraycopy(readUsedPinsList.get(0).getData(), 0, bArr, 0, 16);
                bytes = str.getBytes(Charsets.utf8Charset);
                if (Build.VERSION.SDK_INT >= 23 || AppSDKConfig.getInstance(this.b).get(AppSDKConfig.Key.pinSha256Only).getAsBoolean()) {
                    return a(bytes, bArr);
                }
                Logger.i("PinManager", "Using PBKDF2");
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    secretKey = (SecretKey) keyStore.getKey("NnlPinPbkdf2Key", null);
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                    Logger.e("PinManager", "Unable to get PBKDF2 key", e);
                }
                if (secretKey == null) {
                    Logger.i("PinManager", "Generate a new PBKDF2 key.");
                    try {
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA256", "AndroidKeyStore");
                        keyGenerator.init(new KeyGenParameterSpec.Builder("NnlPinPbkdf2Key", 4).build());
                        secretKey = keyGenerator.generateKey();
                    } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                        Logger.e("PinManager", "Unable to generate PBKDF2 key", e2);
                    }
                }
                if (secretKey != null) {
                    try {
                        return a(bytes, i, secretKey);
                    } catch (InvalidKeyException | NoSuchAlgorithmException e3) {
                        Logger.e("PinManager", "Unable to calculate PBKDF2", e3);
                    }
                }
                return a(bytes, bArr);
            }
            i = readUsedPinsList.get(0).getIterationCount();
        }
        bArr = null;
        bytes = str.getBytes(Charsets.utf8Charset);
        if (Build.VERSION.SDK_INT >= 23) {
        }
        return a(bytes, bArr);
    }

    public final PinDatabase.PinData a(byte[] bArr, int i, SecretKey secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKey);
        byte[] doFinal = mac.doFinal(bArr);
        if (i == 0) {
            long currentTimeMillis = System.currentTimeMillis();
            do {
                c(doFinal, mac.doFinal(doFinal));
                i++;
            } while (System.currentTimeMillis() - currentTimeMillis < 100);
        } else {
            for (int i2 = 0; i2 < i; i2++) {
                c(doFinal, mac.doFinal(doFinal));
            }
        }
        Logger.i("PinManager", i + " iterations has been done for hash calculation");
        if (doFinal == null) {
            return null;
        }
        PinDatabase.PinData pinData = new PinDatabase.PinData();
        pinData.setData(doFinal).setPinLength(bArr.length).setAlgorithm(Algorithm.PBKDF2).setIterationCount(i);
        return pinData;
    }

    public final PinDatabase.PinData a(byte[] bArr, byte[] bArr2) {
        Logger.i("PinManager", "Using SHA256");
        if (bArr2 == null) {
            bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
            messageDigest.update(b(bArr2, bArr));
            return new PinDatabase.PinData().setData(b(bArr2, messageDigest.digest())).setPinLength(bArr.length);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Unable to calculate PIN Hash", e);
        }
    }

    public final void a(PinDatabase.PinData pinData) {
        List<PinDatabase.PinData> readUsedPinsList = this.f4942a.readUsedPinsList();
        readUsedPinsList.add(0, pinData);
        if (5 < readUsedPinsList.size()) {
            readUsedPinsList.remove(readUsedPinsList.size() - 1);
        }
        this.f4942a.writeUsedPinsList(readUsedPinsList);
    }

    public final byte[] b(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    public final void c(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
    }

    public VerifyStatus changePin(String str, String str2) {
        if (str == null || str2 == null) {
            throw new InvalidParameterException("Invalid parameters, oldPIN or newPIN is null");
        }
        VerifyStatus verify = verify(str);
        VerifyStatus verifyStatus = VerifyStatus.SUCCESS;
        if (!verify.equals(verifyStatus)) {
            return verify;
        }
        PinDatabase.PinData a2 = a(str2);
        this.f4942a.write(a2);
        if (getPinConfig().nonReusableOldPINs > 0) {
            a(a2);
        }
        return verifyStatus;
    }

    public void enroll(String str) {
        PinDatabase.PinData a2 = a(str);
        this.f4942a.write(a2);
        if (getPinConfig().nonReusableOldPINs > 0) {
            a(a2);
        }
    }

    public PinDatabase.PinConfig getPinConfig() {
        int i;
        if (this.d == null) {
            PinDatabase.PinConfig pinConfig = (PinDatabase.PinConfig) GsonInstrumentation.fromJson(new Gson(), AppSDKConfig.getInstance(this.b).get(AppSDKConfig.Key.pinConfig), PinDatabase.PinConfig.class);
            this.d = pinConfig;
            int i2 = pinConfig.minLength;
            if (i2 < 4 || (i = pinConfig.maxLength) < i2 || pinConfig.maxFalseAttempts <= 1 || pinConfig.probationPeriod < 0 || pinConfig.lockoutPeriod < 0) {
                throw new IllegalArgumentException("The PIN options are invalid");
            }
            if (i2 != i) {
                pinConfig.confirmationButton = true;
            }
            if (pinConfig.maxRepeatDigits == 0) {
                pinConfig.maxRepeatDigits = i;
            }
            if (pinConfig.maxSequentialDigits == 0) {
                pinConfig.maxSequentialDigits = i;
            }
            if (pinConfig.nonReusableOldPINs > 5) {
                pinConfig.nonReusableOldPINs = 5L;
            }
            if (pinConfig.nonReusableOldPINs < 0) {
                pinConfig.nonReusableOldPINs = 0L;
            }
        }
        return this.d;
    }

    public int getPinLength() {
        PinDatabase.PinData read = this.f4942a.read();
        if (read == null || read.pinLength == null) {
            return 0;
        }
        return read.getPinLength();
    }

    public boolean hasPinBeenUsed(String str) {
        List<PinDatabase.PinData> readUsedPinsList;
        long j = getPinConfig().nonReusableOldPINs;
        if (j != 0 && (readUsedPinsList = this.f4942a.readUsedPinsList()) != null && readUsedPinsList.size() != 0) {
            PinDatabase.PinData a2 = a(str);
            for (int i = 0; i < j && i < readUsedPinsList.size(); i++) {
                if (readUsedPinsList.get(i).data.equals(a2.data)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean isEnrolled() {
        return this.f4942a.hasRegistrations();
    }

    public void remove() {
        this.f4942a.eraseDatabase();
    }

    public PinManager setAppId(String str) {
        this.f4942a.setAppId(str);
        return this;
    }

    public PinManager setCallerId(String str) {
        this.f4942a.setCallerId(str);
        return this;
    }

    public PinManager setGlobalEnrollment(boolean z) {
        this.f4942a.setGlobalEnrollment(z);
        return this;
    }

    public PinManager setKeyId(String str) {
        this.f4942a.setKeyId(str);
        return this;
    }

    public VerifyStatus verify(String str) {
        byte[] bytes = str.getBytes(Charsets.utf8Charset);
        PinDatabase.PinData read = this.f4942a.read();
        if (read == null) {
            Logger.e("PinManager", "Empty PIN Data");
            return VerifyStatus.FAILED;
        }
        byte[] data = read.getData();
        if (data == null) {
            Logger.e("PinManager", "Invalid PIN Data");
            return VerifyStatus.FAILED;
        }
        int ordinal = read.getAlgorithm().ordinal();
        boolean z = false;
        if (ordinal == 0) {
            byte[] bArr = new byte[16];
            System.arraycopy(data, 0, bArr, 0, 16);
            int length = data.length - 16;
            byte[] bArr2 = new byte[length];
            System.arraycopy(data, 16, bArr2, 0, length);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
                messageDigest.update(b(bArr, bytes));
                z = Arrays.equals(messageDigest.digest(), bArr2);
            } catch (NoSuchAlgorithmException e) {
                Logger.e("PinManager", "Unable to calculate PIN Hash", e);
                return VerifyStatus.FAILED;
            }
        } else if (ordinal != 1) {
            Logger.e("PinManager", "Invalid algorithm");
        } else {
            Logger.i("PinManager", "Using PBKDF2 algorithm");
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                z = Arrays.equals(a(bytes, read.getIterationCount(), (SecretKey) keyStore.getKey("NnlPinPbkdf2Key", null)).getData(), data);
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                Logger.e("PinManager", "Unable to calculate pbkdf2Hmac", e2);
                return VerifyStatus.FAILED;
            }
        }
        if (!z) {
            return this.c.incrementFailedCount() ? this.c.getLockedState() == 0 ? VerifyStatus.PIN_ERASED : VerifyStatus.PIN_LOCKOUT : VerifyStatus.PIN_INVALID;
        }
        this.c.resetFailedCount();
        return VerifyStatus.SUCCESS;
    }
}
