package com.gallagher.security.mobileaccess;

import android.app.Activity;
import android.app.FragmentManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import rx.Observable;
import rx.functions.Func1;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class FidoAuthenticatorPinAuthenticationManager {
    private static final String HASH_ALGORITHM = "PBKDF2withHmacSHA1";
    private static final int HASH_ITERATIONS = 1000;
    private static final int HASH_OUTPUT_LENGTH = 256;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FidoAuthenticatorPinAuthenticationManager.class);
    private static final int MAX_AUTHENTICATION_ATTEMPTS = 3;
    private static final int REQUIRED_PIN_LENGTH = 4;
    private static final String SHARED_PREFERENCES = "com.gallagher.security.mobileaccess.pinauthenticationmanager";
    private int mAuthenticationAttempts;
    private final FragmentManager mFragmentManager;
    private final String mPinAlgorithmKey;
    private final FidoAuthenticatorPinAuthenticationFragment mPinAuthenticationFragment;
    private final String mPinHashKey;
    private final String mPinIterationsKey;
    private final String mPinSaltKey;
    private final SharedPreferences mSharedPreferences;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FidoAuthenticatorPinAuthenticationManager(Activity activity, String str, String str2, String str3) {
        FidoAuthenticatorPinAuthenticationFragment fidoAuthenticatorPinAuthenticationFragment = new FidoAuthenticatorPinAuthenticationFragment();
        this.mPinAuthenticationFragment = fidoAuthenticatorPinAuthenticationFragment;
        this.mAuthenticationAttempts = 0;
        this.mFragmentManager = activity.getFragmentManager();
        fidoAuthenticatorPinAuthenticationFragment.title = str;
        fidoAuthenticatorPinAuthenticationFragment.description = str2;
        fidoAuthenticatorPinAuthenticationFragment.requiredPinLength = 4;
        this.mSharedPreferences = activity.getSharedPreferences(SHARED_PREFERENCES, 0);
        this.mPinHashKey = str3 + "/pin/hash";
        this.mPinSaltKey = str3 + "/pin/salt";
        this.mPinAlgorithmKey = str3 + "/pin/algorithm";
        this.mPinIterationsKey = str3 + "/pin/iterations";
    }

    static /* synthetic */ int access$208(FidoAuthenticatorPinAuthenticationManager fidoAuthenticatorPinAuthenticationManager) {
        int i = fidoAuthenticatorPinAuthenticationManager.mAuthenticationAttempts;
        fidoAuthenticatorPinAuthenticationManager.mAuthenticationAttempts = i + 1;
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deregister(String str, Context context) {
        context.getSharedPreferences(SHARED_PREFERENCES, 0).edit().remove(str + "/pin/hash").remove(str + "/pin/salt").remove(str + "/pin/algorithm").remove(str + "/pin/iterations").apply();
    }

    private byte[] generateSalt() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] hash(String str, int i, byte[] bArr, String str2) throws GeneralSecurityException {
        return SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(str2.toCharArray(), bArr, i, 256)).getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Observable<Void> authenticate() {
        if (!canAuthenticate()) {
            throw new FatalError("No pin registered");
        }
        String string = this.mSharedPreferences.getString(this.mPinHashKey, null);
        String string2 = this.mSharedPreferences.getString(this.mPinSaltKey, null);
        final String string3 = this.mSharedPreferences.getString(this.mPinAlgorithmKey, null);
        final int i = this.mSharedPreferences.getInt(this.mPinIterationsKey, 0);
        if (string == null || string2 == null || string3 == null || i == 0) {
            LOG.error("Unable to fetch shared preferences");
            return Observable.error(new FidoAuthenticationException("Unable to get shared preferences for PIN authentication"));
        }
        final byte[] decode = Base64.decode(string, 0);
        final byte[] decode2 = Base64.decode(string2, 0);
        this.mPinAuthenticationFragment.feedbackMessage = R.string.ggl_pin_enter;
        this.mFragmentManager.beginTransaction().add(R.id.ggl_host_activity_fragment_container, this.mPinAuthenticationFragment).commit();
        return this.mPinAuthenticationFragment.onPinEntered.flatMap(new Func1<String, Observable<Void>>() { // from class: com.gallagher.security.mobileaccess.FidoAuthenticatorPinAuthenticationManager.1
            @Override // rx.functions.Func1
            public Observable<Void> call(String str) {
                if (str == null) {
                    return Observable.error(new FidoAuthenticationException("Cancelled", FidoResult.CANCELED));
                }
                try {
                    if (Arrays.equals(decode, FidoAuthenticatorPinAuthenticationManager.this.hash(string3, i, decode2, str))) {
                        return Observable.just(null);
                    }
                    FidoAuthenticatorPinAuthenticationManager.access$208(FidoAuthenticatorPinAuthenticationManager.this);
                    FidoAuthenticatorPinAuthenticationManager.this.mPinAuthenticationFragment.showVerifyPinFailed();
                    return FidoAuthenticatorPinAuthenticationManager.this.mAuthenticationAttempts >= 3 ? Observable.error(new FidoAuthenticationException("Unable to authenticate, user exceeded maximum PIN attempts")) : Observable.empty();
                } catch (GeneralSecurityException e) {
                    FidoAuthenticatorPinAuthenticationManager.LOG.error("Cannot hash pin", (Throwable) e);
                    return Observable.error(new FidoAuthenticationException("Unable to hash PIN for authentication"));
                }
            }
        }).first();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canAuthenticate() {
        return this.mSharedPreferences.contains(this.mPinHashKey) && this.mSharedPreferences.contains(this.mPinSaltKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canRegister() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Observable<Void> register() {
        if (!canRegister()) {
            throw new FatalError("Unable to register");
        }
        this.mPinAuthenticationFragment.feedbackMessage = R.string.ggl_pin_create;
        this.mFragmentManager.beginTransaction().add(R.id.ggl_host_activity_fragment_container, this.mPinAuthenticationFragment).commit();
        final byte[][] bArr = new byte[1];
        final byte[] generateSalt = generateSalt();
        return this.mPinAuthenticationFragment.onPinEntered.flatMap(new Func1<String, Observable<Void>>() { // from class: com.gallagher.security.mobileaccess.FidoAuthenticatorPinAuthenticationManager.2
            @Override // rx.functions.Func1
            public Observable<Void> call(String str) {
                if (str == null) {
                    return Observable.error(new FidoRegistrationException("Cancelled", FidoResult.CANCELED));
                }
                try {
                    byte[] hash = FidoAuthenticatorPinAuthenticationManager.this.hash(FidoAuthenticatorPinAuthenticationManager.HASH_ALGORITHM, 1000, generateSalt, str);
                    byte[][] bArr2 = bArr;
                    if (bArr2[0] == null) {
                        FidoAuthenticatorPinAuthenticationManager.this.mPinAuthenticationFragment.showVerifyPin();
                        bArr[0] = hash;
                        return Observable.empty();
                    }
                    if (Arrays.equals(bArr2[0], hash)) {
                        String encodeToString = Base64.encodeToString(hash, 0);
                        FidoAuthenticatorPinAuthenticationManager.this.mSharedPreferences.edit().putString(FidoAuthenticatorPinAuthenticationManager.this.mPinHashKey, encodeToString).putString(FidoAuthenticatorPinAuthenticationManager.this.mPinSaltKey, Base64.encodeToString(generateSalt, 0)).putString(FidoAuthenticatorPinAuthenticationManager.this.mPinAlgorithmKey, FidoAuthenticatorPinAuthenticationManager.HASH_ALGORITHM).putInt(FidoAuthenticatorPinAuthenticationManager.this.mPinIterationsKey, 1000).apply();
                        return Observable.just(null);
                    }
                    FidoAuthenticatorPinAuthenticationManager.this.mPinAuthenticationFragment.showVerifyPinFailed();
                    FidoAuthenticatorPinAuthenticationManager.this.mPinAuthenticationFragment.showFeedback(R.string.ggl_pin_create);
                    bArr[0] = null;
                    return Observable.empty();
                } catch (GeneralSecurityException e) {
                    FidoAuthenticatorPinAuthenticationManager.LOG.error("Cannot hash pin", (Throwable) e);
                    return Observable.error(new FidoRegistrationException("Unable to hash PIN for registration"));
                }
            }
        }).first();
    }
}
