package com.orange.auth;

import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.orange.common.Log;
import com.orange.common.Utils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class AuthController {
    public static final String ACTION_INVALID_AUTH = "com.orange.auth.AuthController.ACTION_INVALID_AUTH";
    private static final String ALIAS_AUTH_STRUCT = "alias_auth_struct";
    private static final String GESTURE_PWD_DERIVE_SALT = "w~D0|JLSPBd;!FO;K0ateV%??cWb$mpy.,|f>:[(zT;YDw`n^VTxd}5 B01-p$\"I";
    private static final String KEY_AUTH_STRUCT_AUTH_ID = "KEY_AUTH_STRUCT_AUTH_ID";
    private static final String KEY_AUTH_STRUCT_EXISTS = "KEY_AUTH_STRUCT_EXISTS";
    private static final String KEY_AUTH_STRUCT_IV = "KEY_AUTH_STRUCT_IV";
    private static final String KEY_GESTURE_PWD_ENABLED = "KEY_GESTURE_PWD_ENABLED";
    private static final String KEY_GESTURE_PWD_HASHING = "KEY_GESTURE_PWD_HASHING";
    public static final String PERMISSION_RECEIVE_AUTH_STATE = "com.orange.auth.AuthController.RECEIVE_AUTH_STATE";
    private static final String SHARED_PREFERENCES = "AuthController";
    private static final String TAG = "AuthController";
    private static AuthController instance;
    private AuthInfo authInfo;
    private File authStructDataFile;
    private File authStructKeyFile;
    private Context context;
    private SharedPreferences sharedPreferences;
    private KeyStoreHelper keyStoreHelper = new KeyStoreHelper();
    private HashMap<String, byte[]> tokenPasswordMap = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class KeyStoreHelper {
        private static final String FILE_PRIVATE_KEY = "key_store_helper_private.key";
        private static final String FILE_PUBLIC_KEY = "key_store_helper_public.key";
        private static final String IV = "2$c48\"Zx";
        private static final String KEY_HELPER_SALT = "KEY_HELPER_SALT";
        private static final String PASSWORD = "&%;YD6En@bnibZm*pD}v{2sZ|62U'Y.c_P6l{dbGhA!HU77ZK{o$zVNQg&|M\"}#Q";

        private KeyStoreHelper() {
        }

        private byte[] getKeyPassword() {
            String string = AuthController.this.sharedPreferences.getString(KEY_HELPER_SALT, null);
            if (string == null) {
                throw new RuntimeException("Unknown error, no salt for KeyStoreHelper");
            }
            byte[] decode = Base64.decode(string, 2);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(decode);
                messageDigest.update(PASSWORD.getBytes());
                return Arrays.copyOfRange(messageDigest.digest(), 4, 28);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }

        void destroyKeyPair() {
            SharedPreferences.Editor edit = AuthController.this.sharedPreferences.edit();
            edit.remove(KEY_HELPER_SALT);
            edit.apply();
            Utils.eraseFile(new File(AuthController.this.context.getFilesDir(), FILE_PRIVATE_KEY));
            Utils.eraseFile(new File(AuthController.this.context.getFilesDir(), FILE_PUBLIC_KEY));
        }

        PrivateKey getPrivateKey() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException, InvalidKeySpecException, InvalidAlgorithmParameterException {
            SecretKey generateSecret = SecretKeyFactory.getInstance("DESede").generateSecret(new DESedeKeySpec(getKeyPassword()));
            IvParameterSpec ivParameterSpec = new IvParameterSpec(IV.getBytes());
            Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
            cipher.init(2, generateSecret, ivParameterSpec);
            CipherInputStream cipherInputStream = new CipherInputStream(AuthController.this.context.openFileInput(FILE_PRIVATE_KEY), cipher);
            byte[] bytesFrom = Utils.getBytesFrom(cipherInputStream, 8);
            cipherInputStream.close();
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bytesFrom));
        }

        PublicKey getPublicKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
            FileInputStream openFileInput = AuthController.this.context.openFileInput(FILE_PUBLIC_KEY);
            byte[] bytesFrom = Utils.getBytesFrom(openFileInput, 8);
            openFileInput.close();
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bytesFrom));
        }

        void saveKeyPair(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidKeySpecException, IOException, InvalidAlgorithmParameterException {
            String encodeToString = Base64.encodeToString(new SecureRandom().generateSeed(16), 2);
            SharedPreferences.Editor edit = AuthController.this.sharedPreferences.edit();
            edit.putString(KEY_HELPER_SALT, encodeToString);
            edit.apply();
            SecretKey generateSecret = SecretKeyFactory.getInstance("DESede").generateSecret(new DESedeKeySpec(getKeyPassword()));
            Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
            cipher.init(1, generateSecret, new IvParameterSpec(IV.getBytes()));
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
            CipherOutputStream cipherOutputStream = new CipherOutputStream(AuthController.this.context.openFileOutput(FILE_PRIVATE_KEY, 0), cipher);
            cipherOutputStream.write(pKCS8EncodedKeySpec.getEncoded());
            cipherOutputStream.close();
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
            FileOutputStream openFileOutput = AuthController.this.context.openFileOutput(FILE_PUBLIC_KEY, 0);
            openFileOutput.write(x509EncodedKeySpec.getEncoded());
            openFileOutput.close();
        }
    }

    private AuthController(Context context) {
        this.context = context.getApplicationContext();
        this.sharedPreferences = context.getSharedPreferences("AuthController", 0);
        this.authStructKeyFile = new File(context.getFilesDir(), "AuthStruct.key");
        this.authStructDataFile = new File(context.getFilesDir(), "AuthStruct.dt");
    }

    private byte[] derivePasswordFromGesturePwd(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(GESTURE_PWD_DERIVE_SALT.getBytes());
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private void destroyAuthStruct() {
        setAuthStructExists(false);
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.remove(KEY_AUTH_STRUCT_IV);
        edit.remove(KEY_AUTH_STRUCT_AUTH_ID);
        edit.apply();
        Utils.eraseFile(this.authStructKeyFile);
        Utils.eraseFile(this.authStructDataFile);
    }

    private void destroyKeyStore() {
        if (Build.VERSION.SDK_INT < 18) {
            this.keyStoreHelper.destroyKeyPair();
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(ALIAS_AUTH_STRUCT);
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
        }
    }

    private void generateGesturePwdHash(byte[] bArr) {
        byte[] bArr2 = new byte[256];
        new SecureRandom().nextBytes(bArr2);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr2);
            messageDigest.update(bArr);
            String str = Base64.encodeToString(bArr2, 2) + "$" + Base64.encodeToString(messageDigest.digest(), 2);
            SharedPreferences.Editor edit = this.sharedPreferences.edit();
            edit.putString(KEY_GESTURE_PWD_HASHING, str);
            edit.apply();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private Serializable getAuthStruct(byte[] bArr) {
        if (!isAuthStructExists()) {
            return null;
        }
        try {
            String string = this.sharedPreferences.getString(KEY_AUTH_STRUCT_IV, null);
            if (string == null) {
                Log.e("AuthController", "Unknown error, no iv for AuthStruct");
                return null;
            }
            IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.decode(string, 2));
            Cipher cipher = Cipher.getInstance("DESede/CBC/ISO10126Padding");
            cipher.init(2, getAuthStructKey(bArr), ivParameterSpec);
            ObjectInputStream objectInputStream = new ObjectInputStream(new CipherInputStream(new FileInputStream(this.authStructDataFile), cipher));
            Serializable serializable = (Serializable) objectInputStream.readObject();
            objectInputStream.close();
            return serializable;
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
            return null;
        }
    }

    private SecretKey getAuthStructKey(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, InvalidKeySpecException, NoSuchProviderException {
        Cipher secretKeyCipher = getSecretKeyCipher();
        secretKeyCipher.init(2, getPrivateKey());
        byte[] bArr2 = new byte[16];
        CipherInputStream cipherInputStream = new CipherInputStream(new FileInputStream(this.authStructKeyFile), secretKeyCipher);
        cipherInputStream.read(bArr2);
        cipherInputStream.close();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr2);
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            return SecretKeyFactory.getInstance("DESede").generateSecret(new DESedeKeySpec(Arrays.copyOfRange(messageDigest.digest(), 4, 28)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static AuthController getInstance(Context context) {
        if (instance == null) {
            instance = new AuthController(context);
        }
        return instance;
    }

    private PrivateKey getPrivateKey() {
        try {
            if (Build.VERSION.SDK_INT < 18) {
                return this.keyStoreHelper.getPrivateKey();
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (PrivateKey) keyStore.getKey(ALIAS_AUTH_STRUCT, null);
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
            return null;
        }
    }

    private PublicKey getPublicKey() {
        try {
            if (Build.VERSION.SDK_INT < 18) {
                return this.keyStoreHelper.getPublicKey();
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificate(ALIAS_AUTH_STRUCT).getPublicKey();
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
            return null;
        }
    }

    private Cipher getSecretKeyCipher() throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
        return Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "AndroidKeyStoreBCWorkaround") : Build.VERSION.SDK_INT >= 18 ? Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL") : Cipher.getInstance("RSA/NONE/OAEPwithSHA-256andMGF1Padding");
    }

    private boolean initKeyStore() {
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(ALIAS_AUTH_STRUCT, 2);
                builder.setKeySize(1024);
                builder.setDigests("SHA-256");
                builder.setEncryptionPaddings("OAEPPadding");
                keyPairGenerator.initialize(builder.build());
                keyPairGenerator.generateKeyPair();
            } else if (Build.VERSION.SDK_INT >= 18) {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                KeyPairGeneratorSpec.Builder builder2 = new KeyPairGeneratorSpec.Builder(this.context);
                builder2.setAlias(ALIAS_AUTH_STRUCT);
                builder2.setSerialNumber(new BigInteger(32, new Random()));
                builder2.setSubject(new X500Principal("CN=OrangeColor"));
                builder2.setStartDate(new Date());
                builder2.setEndDate(new Date(Long.MAX_VALUE));
                if (Build.VERSION.SDK_INT >= 19) {
                    builder2.setKeySize(1024);
                }
                keyPairGenerator2.initialize(builder2.build());
                keyPairGenerator2.generateKeyPair();
            } else {
                KeyPairGenerator keyPairGenerator3 = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator3.initialize(1024, new SecureRandom());
                this.keyStoreHelper.saveKeyPair(keyPairGenerator3.generateKeyPair());
            }
            return true;
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
            return false;
        }
    }

    private boolean putAuthStruct(Serializable serializable, byte[] bArr) {
        if (!isAuthenticated()) {
            Log.e("AuthController", "you must login before save AuthStruct Data");
            return false;
        }
        try {
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            Cipher secretKeyCipher = getSecretKeyCipher();
            secretKeyCipher.init(1, getPublicKey());
            CipherOutputStream cipherOutputStream = new CipherOutputStream(new FileOutputStream(this.authStructKeyFile), secretKeyCipher);
            cipherOutputStream.write(bArr2);
            cipherOutputStream.close();
            byte[] bArr3 = new byte[8];
            new SecureRandom().nextBytes(bArr3);
            SharedPreferences.Editor edit = this.sharedPreferences.edit();
            edit.putString(KEY_AUTH_STRUCT_IV, Base64.encodeToString(bArr3, 2));
            edit.apply();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            Cipher cipher = Cipher.getInstance("DESede/CBC/ISO10126Padding");
            cipher.init(1, getAuthStructKey(bArr), ivParameterSpec);
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(new CipherOutputStream(new FileOutputStream(this.authStructDataFile), cipher));
            objectOutputStream.writeObject(serializable);
            objectOutputStream.close();
            SharedPreferences.Editor edit2 = this.sharedPreferences.edit();
            edit2.putString(KEY_AUTH_STRUCT_AUTH_ID, this.authInfo.getId());
            edit2.apply();
            setAuthStructExists(true);
            return true;
        } catch (Exception e) {
            Log.e("AuthController", e.toString(), e);
            return false;
        }
    }

    private void setAuthStructExists(boolean z) {
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.putBoolean(KEY_AUTH_STRUCT_EXISTS, z);
        edit.apply();
    }

    private void setGesturePwdEnabled(boolean z) {
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.putBoolean(KEY_GESTURE_PWD_ENABLED, z);
        edit.apply();
    }

    public String createGesturePwd(byte[] bArr) {
        Serializable authStruct;
        if (!isAuthenticated()) {
            Log.e("AuthController", "you must login before generate GesturePwd");
            return null;
        }
        if (isGesturePwdEnabled()) {
            Log.e("AuthController", "GesturePwd already exists");
            return null;
        }
        generateGesturePwdHash(bArr);
        setGesturePwdEnabled(true);
        if (isAuthStructExists() && ((authStruct = getAuthStruct((byte[]) null)) == null || !putAuthStruct(authStruct, derivePasswordFromGesturePwd(bArr)))) {
            return null;
        }
        String format = String.format(Locale.getDefault(), "%.8f", Float.valueOf(new Random().nextFloat()));
        this.tokenPasswordMap.put(format, derivePasswordFromGesturePwd(bArr));
        return format;
    }

    public boolean deleteGesturePwd(byte[] bArr) {
        Serializable authStruct;
        if (!verifyGesturePwdHash(bArr)) {
            return false;
        }
        if (isAuthStructExists() && ((authStruct = getAuthStruct(derivePasswordFromGesturePwd(bArr))) == null || !putAuthStruct(authStruct, (byte[]) null))) {
            return false;
        }
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.remove(KEY_GESTURE_PWD_HASHING);
        edit.apply();
        setGesturePwdEnabled(false);
        return true;
    }

    public void destroyGesturePwd() {
        if (isGesturePwdEnabled()) {
            if (isAuthStructExists()) {
                destroyAuthStruct();
            }
            SharedPreferences.Editor edit = this.sharedPreferences.edit();
            edit.remove(KEY_GESTURE_PWD_HASHING);
            edit.apply();
            setGesturePwdEnabled(false);
        }
    }

    public AuthInfo getAuthInfo() {
        return this.authInfo;
    }

    public Serializable getAuthStruct(String str) {
        return getAuthStruct(this.tokenPasswordMap.remove(str));
    }

    public void invalidAuth() {
        this.authInfo = null;
        this.tokenPasswordMap.clear();
        this.context.sendBroadcast(new Intent(ACTION_INVALID_AUTH), "com.orange.auth.AuthController.RECEIVE_AUTH_STATE");
    }

    public boolean isAuthStructExists() {
        return this.sharedPreferences.getBoolean(KEY_AUTH_STRUCT_EXISTS, false);
    }

    public boolean isAuthenticated() {
        return this.authInfo != null;
    }

    public boolean isGesturePwdEnabled() {
        return this.sharedPreferences.getBoolean(KEY_GESTURE_PWD_ENABLED, false);
    }

    public void login(AuthInfo authInfo) {
        this.authInfo = authInfo;
        if (!isAuthStructExists()) {
            initKeyStore();
            return;
        }
        if (authInfo.getId().equals(this.sharedPreferences.getString(KEY_AUTH_STRUCT_AUTH_ID, null))) {
            return;
        }
        if (isGesturePwdEnabled()) {
            destroyGesturePwd();
        } else {
            destroyAuthStruct();
        }
        initKeyStore();
    }

    public void logout() {
        this.authInfo = null;
        destroyKeyStore();
        destroyAuthStruct();
        destroyGesturePwd();
    }

    public boolean putAuthStruct(Serializable serializable, String str) {
        if (!isAuthenticated()) {
            Log.e("AuthController", "you must login before save AuthStruct Data");
            return false;
        }
        byte[] bArr = null;
        if (isGesturePwdEnabled() && (bArr = this.tokenPasswordMap.remove(str)) == null) {
            return false;
        }
        return putAuthStruct(serializable, bArr);
    }

    public boolean updateGesturePwd(byte[] bArr, byte[] bArr2) {
        Serializable authStruct;
        if (!verifyGesturePwdHash(bArr)) {
            return false;
        }
        if (isAuthStructExists() && ((authStruct = getAuthStruct(derivePasswordFromGesturePwd(bArr))) == null || !putAuthStruct(authStruct, derivePasswordFromGesturePwd(bArr2)))) {
            return false;
        }
        generateGesturePwdHash(bArr2);
        return true;
    }

    public String verifyGesturePwd(byte[] bArr) {
        if (!verifyGesturePwdHash(bArr)) {
            return null;
        }
        String format = String.format(Locale.getDefault(), "%.8f", Float.valueOf(new Random().nextFloat()));
        this.tokenPasswordMap.put(format, derivePasswordFromGesturePwd(bArr));
        return format;
    }

    public boolean verifyGesturePwdHash(byte[] bArr) {
        String string = this.sharedPreferences.getString(KEY_GESTURE_PWD_HASHING, null);
        if (string == null) {
            return false;
        }
        String[] split = string.split("\\$");
        byte[] decode = Base64.decode(split[0], 2);
        String str = split[1];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(decode);
            messageDigest.update(bArr);
            return str.equals(Base64.encodeToString(messageDigest.digest(), 2));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
