package com.noknok.android.client.asm.pinmanagement;

import android.content.Context;
import com.google.gson.Gson;
import com.newrelic.agent.android.instrumentation.GsonInstrumentation;
import com.newrelic.agent.android.instrumentation.Instrumented;
import com.noknok.android.client.asm.pinmanagement.PinDatabase;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.utils.AppSDKConfig;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;

@Instrumented
/* loaded from: classes4.dex */
public class PinManager {

    /* renamed from: a, reason: collision with root package name */
    private final PinDatabase f5054a;
    private final Context b;
    private final IMatcher.IAntiHammeringCallback c;
    private PinDatabase.PinConfig d = null;

    /* renamed from: com.noknok.android.client.asm.pinmanagement.PinManager$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f5055a;

        static {
            int[] iArr = new int[Algorithm.values().length];
            f5055a = iArr;
            try {
                iArr[0] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f5055a[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public enum Algorithm {
        SHA256,
        PBKDF2
    }

    /* loaded from: classes4.dex */
    public enum VerifyStatus {
        SUCCESS,
        FAILED,
        PIN_INVALID,
        PIN_ERASED,
        PIN_LOCKOUT
    }

    public PinManager(String str, Context context, IMatcher.IAntiHammeringCallback iAntiHammeringCallback) {
        this.f5054a = new PinDatabase(context, str);
        this.b = context;
        this.c = iAntiHammeringCallback;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x006e  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x0073  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.noknok.android.client.asm.pinmanagement.PinDatabase.PinData a(java.lang.String r9) {
        /*
            r8 = this;
            java.lang.String r0 = "NnlPinPbkdf2Key"
            java.lang.String r1 = "AndroidKeyStore"
            java.lang.String r2 = "Create PIN data"
            java.lang.String r3 = "PinManager"
            com.noknok.android.client.utils.Logger.i(r3, r2)
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinConfig r2 = r8.getPinConfig()
            long r4 = r2.nonReusableOldPINs
            r6 = 0
            int r2 = (r4 > r6 ? 1 : (r4 == r6 ? 0 : -1))
            r4 = 0
            r5 = 0
            if (r2 <= 0) goto L55
            com.noknok.android.client.asm.pinmanagement.PinDatabase r2 = r8.f5054a
            java.util.List r2 = r2.readUsedPinsList()
            if (r2 == 0) goto L55
            int r6 = r2.size()
            if (r6 <= 0) goto L55
            java.lang.Object r6 = r2.get(r5)
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r6 = (com.noknok.android.client.asm.pinmanagement.PinDatabase.PinData) r6
            com.noknok.android.client.asm.pinmanagement.PinManager$Algorithm r6 = r6.getAlgorithm()
            com.noknok.android.client.asm.pinmanagement.PinManager$Algorithm r7 = com.noknok.android.client.asm.pinmanagement.PinManager.Algorithm.SHA256
            boolean r6 = r6.equals(r7)
            if (r6 == 0) goto L4b
            r6 = 16
            byte[] r7 = new byte[r6]
            java.lang.Object r2 = r2.get(r5)
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r2 = (com.noknok.android.client.asm.pinmanagement.PinDatabase.PinData) r2
            byte[] r2 = r2.getData()
            java.lang.System.arraycopy(r2, r5, r7, r5, r6)
            goto L56
        L4b:
            java.lang.Object r2 = r2.get(r5)
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r2 = (com.noknok.android.client.asm.pinmanagement.PinDatabase.PinData) r2
            int r5 = r2.getIterationCount()
        L55:
            r7 = r4
        L56:
            java.nio.charset.Charset r2 = com.noknok.android.client.utils.Charsets.utf8Charset
            byte[] r9 = r9.getBytes(r2)
            android.content.Context r2 = r8.b
            com.noknok.android.client.utils.AppSDKConfig r2 = com.noknok.android.client.utils.AppSDKConfig.getInstance(r2)
            com.noknok.android.client.utils.AppSDKConfig$Key r6 = com.noknok.android.client.utils.AppSDKConfig.Key.pinSha256Only
            com.google.gson.JsonElement r2 = r2.get(r6)
            boolean r2 = r2.getAsBoolean()
            if (r2 == 0) goto L73
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r9 = r8.a(r9, r7)
            return r9
        L73:
            java.lang.String r2 = "Using PBKDF2"
            com.noknok.android.client.utils.Logger.i(r3, r2)
            java.security.KeyStore r2 = java.security.KeyStore.getInstance(r1)     // Catch: java.security.UnrecoverableKeyException -> L87 java.security.NoSuchAlgorithmException -> L89 java.security.cert.CertificateException -> L8b java.security.KeyStoreException -> L8d java.io.IOException -> L8f
            r2.load(r4)     // Catch: java.security.UnrecoverableKeyException -> L87 java.security.NoSuchAlgorithmException -> L89 java.security.cert.CertificateException -> L8b java.security.KeyStoreException -> L8d java.io.IOException -> L8f
            java.security.Key r2 = r2.getKey(r0, r4)     // Catch: java.security.UnrecoverableKeyException -> L87 java.security.NoSuchAlgorithmException -> L89 java.security.cert.CertificateException -> L8b java.security.KeyStoreException -> L8d java.io.IOException -> L8f
            javax.crypto.SecretKey r2 = (javax.crypto.SecretKey) r2     // Catch: java.security.UnrecoverableKeyException -> L87 java.security.NoSuchAlgorithmException -> L89 java.security.cert.CertificateException -> L8b java.security.KeyStoreException -> L8d java.io.IOException -> L8f
            r4 = r2
            goto L95
        L87:
            r2 = move-exception
            goto L90
        L89:
            r2 = move-exception
            goto L90
        L8b:
            r2 = move-exception
            goto L90
        L8d:
            r2 = move-exception
            goto L90
        L8f:
            r2 = move-exception
        L90:
            java.lang.String r6 = "Unable to get PBKDF2 key"
            com.noknok.android.client.utils.Logger.e(r3, r6, r2)
        L95:
            if (r4 != 0) goto Lbe
            java.lang.String r2 = "Generate a new PBKDF2 key."
            com.noknok.android.client.utils.Logger.i(r3, r2)
            java.lang.String r2 = "HmacSHA256"
            javax.crypto.KeyGenerator r1 = javax.crypto.KeyGenerator.getInstance(r2, r1)     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            android.security.keystore.KeyGenParameterSpec$Builder r2 = new android.security.keystore.KeyGenParameterSpec$Builder     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            r6 = 4
            r2.<init>(r0, r6)     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            android.security.keystore.KeyGenParameterSpec r0 = r2.build()     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            r1.init(r0)     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            javax.crypto.SecretKey r4 = r1.generateKey()     // Catch: java.security.InvalidAlgorithmParameterException -> Lb4 java.security.NoSuchProviderException -> Lb6 java.security.NoSuchAlgorithmException -> Lb8
            goto Lbe
        Lb4:
            r0 = move-exception
            goto Lb9
        Lb6:
            r0 = move-exception
            goto Lb9
        Lb8:
            r0 = move-exception
        Lb9:
            java.lang.String r1 = "Unable to generate PBKDF2 key"
            com.noknok.android.client.utils.Logger.e(r3, r1, r0)
        Lbe:
            if (r4 == 0) goto Lcd
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r9 = r8.a(r9, r5, r4)     // Catch: java.security.InvalidKeyException -> Lc5 java.security.NoSuchAlgorithmException -> Lc7
            return r9
        Lc5:
            r0 = move-exception
            goto Lc8
        Lc7:
            r0 = move-exception
        Lc8:
            java.lang.String r1 = "Unable to calculate PBKDF2"
            com.noknok.android.client.utils.Logger.e(r3, r1, r0)
        Lcd:
            com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData r9 = r8.a(r9, r7)
            return r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.pinmanagement.PinManager.a(java.lang.String):com.noknok.android.client.asm.pinmanagement.PinDatabase$PinData");
    }

    private PinDatabase.PinData a(byte[] bArr, int i, SecretKey secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKey);
        byte[] doFinal = mac.doFinal(bArr);
        if (i == 0) {
            long currentTimeMillis = System.currentTimeMillis();
            do {
                c(doFinal, mac.doFinal(doFinal));
                i++;
            } while (System.currentTimeMillis() - currentTimeMillis < 100);
        } else {
            for (int i2 = 0; i2 < i; i2++) {
                c(doFinal, mac.doFinal(doFinal));
            }
        }
        Logger.i("PinManager", i + " iterations has been done for hash calculation");
        if (doFinal == null) {
            return null;
        }
        PinDatabase.PinData pinData = new PinDatabase.PinData();
        pinData.setData(doFinal).setPinLength(bArr.length).setAlgorithm(Algorithm.PBKDF2).setIterationCount(i);
        return pinData;
    }

    private PinDatabase.PinData a(byte[] bArr, byte[] bArr2) {
        Logger.i("PinManager", "Using SHA256");
        if (bArr2 == null) {
            bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(b(bArr2, bArr));
            return new PinDatabase.PinData().setData(b(bArr2, messageDigest.digest())).setPinLength(bArr.length);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Unable to calculate PIN Hash", e);
        }
    }

    private void a(PinDatabase.PinData pinData) {
        List<PinDatabase.PinData> readUsedPinsList = this.f5054a.readUsedPinsList();
        readUsedPinsList.add(0, pinData);
        if (5 < readUsedPinsList.size()) {
            readUsedPinsList.remove(readUsedPinsList.size() - 1);
        }
        this.f5054a.writeUsedPinsList(readUsedPinsList);
    }

    private byte[] b(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private void c(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
    }

    public VerifyStatus changePin(String str, String str2) {
        if (str == null || str2 == null) {
            throw new InvalidParameterException("Invalid parameters, oldPIN or newPIN is null");
        }
        VerifyStatus verify = verify(str);
        VerifyStatus verifyStatus = VerifyStatus.SUCCESS;
        if (!verify.equals(verifyStatus)) {
            return verify;
        }
        PinDatabase.PinData a2 = a(str2);
        this.f5054a.write(a2);
        if (getPinConfig().nonReusableOldPINs > 0) {
            a(a2);
        }
        return verifyStatus;
    }

    public void enroll(String str) {
        PinDatabase.PinData a2 = a(str);
        this.f5054a.write(a2);
        if (getPinConfig().nonReusableOldPINs > 0) {
            a(a2);
        }
    }

    public PinDatabase.PinConfig getPinConfig() {
        int i;
        if (this.d == null) {
            PinDatabase.PinConfig pinConfig = (PinDatabase.PinConfig) GsonInstrumentation.fromJson(new Gson(), AppSDKConfig.getInstance(this.b).get(AppSDKConfig.Key.pinConfig), PinDatabase.PinConfig.class);
            this.d = pinConfig;
            int i2 = pinConfig.minLength;
            if (i2 < 4 || (i = pinConfig.maxLength) < i2 || pinConfig.maxFalseAttempts <= 1 || pinConfig.probationPeriod < 0 || pinConfig.lockoutPeriod < 0) {
                throw new IllegalArgumentException("The PIN options are invalid");
            }
            if (i2 != i) {
                pinConfig.confirmationButton = true;
            }
            if (pinConfig.maxRepeatDigits == 0) {
                pinConfig.maxRepeatDigits = i;
            }
            if (pinConfig.maxSequentialDigits == 0) {
                pinConfig.maxSequentialDigits = i;
            }
            if (pinConfig.nonReusableOldPINs > 5) {
                pinConfig.nonReusableOldPINs = 5L;
            }
            if (pinConfig.nonReusableOldPINs < 0) {
                pinConfig.nonReusableOldPINs = 0L;
            }
        }
        return this.d;
    }

    public int getPinLength() {
        PinDatabase.PinData read = this.f5054a.read();
        if (read == null || read.pinLength == null) {
            return 0;
        }
        return read.getPinLength();
    }

    public boolean hasPinBeenUsed(String str) {
        List<PinDatabase.PinData> readUsedPinsList;
        long j = getPinConfig().nonReusableOldPINs;
        if (j != 0 && (readUsedPinsList = this.f5054a.readUsedPinsList()) != null && readUsedPinsList.size() != 0) {
            PinDatabase.PinData a2 = a(str);
            for (int i = 0; i < j && i < readUsedPinsList.size(); i++) {
                if (readUsedPinsList.get(i).data.equals(a2.data)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean isEnrolled() {
        return this.f5054a.hasRegistrations();
    }

    public void remove() {
        this.f5054a.eraseDatabase();
    }

    public PinManager setAppId(String str) {
        this.f5054a.setAppId(str);
        return this;
    }

    public PinManager setCallerId(String str) {
        this.f5054a.setCallerId(str);
        return this;
    }

    public PinManager setGlobalEnrollment(boolean z) {
        this.f5054a.setGlobalEnrollment(z);
        return this;
    }

    public PinManager setKeyId(String str) {
        this.f5054a.setKeyId(str);
        return this;
    }

    public VerifyStatus verify(String str) {
        byte[] bytes = str.getBytes(Charsets.utf8Charset);
        PinDatabase.PinData read = this.f5054a.read();
        if (read == null) {
            Logger.e("PinManager", "Empty PIN Data");
            return VerifyStatus.FAILED;
        }
        byte[] data = read.getData();
        if (data == null) {
            Logger.e("PinManager", "Invalid PIN Data");
            return VerifyStatus.FAILED;
        }
        int ordinal = read.getAlgorithm().ordinal();
        boolean z = false;
        if (ordinal == 0) {
            byte[] bArr = new byte[16];
            System.arraycopy(data, 0, bArr, 0, 16);
            int length = data.length - 16;
            byte[] bArr2 = new byte[length];
            System.arraycopy(data, 16, bArr2, 0, length);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(b(bArr, bytes));
                z = Arrays.equals(messageDigest.digest(), bArr2);
            } catch (NoSuchAlgorithmException e) {
                Logger.e("PinManager", "Unable to calculate PIN Hash", e);
                return VerifyStatus.FAILED;
            }
        } else if (ordinal != 1) {
            Logger.e("PinManager", "Invalid algorithm");
        } else {
            Logger.i("PinManager", "Using PBKDF2 algorithm");
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                z = Arrays.equals(a(bytes, read.getIterationCount(), (SecretKey) keyStore.getKey("NnlPinPbkdf2Key", null)).getData(), data);
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                Logger.e("PinManager", "Unable to calculate pbkdf2Hmac", e2);
                return VerifyStatus.FAILED;
            }
        }
        if (!z) {
            return this.c.incrementFailedCount() ? this.c.getLockedState() == 0 ? VerifyStatus.PIN_ERASED : VerifyStatus.PIN_LOCKOUT : VerifyStatus.PIN_INVALID;
        }
        this.c.resetFailedCount();
        return VerifyStatus.SUCCESS;
    }
}
