package com.epicshaggy.biometric;

import android.app.KeyguardManager;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.activity.result.ActivityResult;
import androidx.biometric.BiometricManager;
import com.getcapacitor.JSObject;
import com.getcapacitor.Plugin;
import com.getcapacitor.PluginCall;
import com.getcapacitor.PluginMethod;
import com.getcapacitor.annotation.ActivityCallback;
import com.getcapacitor.annotation.CapacitorPlugin;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.cordova.BuildConfig;

@CapacitorPlugin(name = "NativeBiometric")
/* loaded from: classes.dex */
public class NativeBiometric extends Plugin {
    private static final String AES_MODE = "AES/ECB/PKCS7Padding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ENCRYPTED_KEY = "NativeBiometricKey";
    private static final int FACE_AUTHENTICATION = 4;
    private static final int FINGERPRINT = 3;
    private static final byte[] FIXED_IV = new byte[12];
    private static final int IRIS_AUTHENTICATION = 5;
    private static final int MULTIPLE = 6;
    private static final String NATIVE_BIOMETRIC_SHARED_PREFERENCES = "NativeBiometricSharedPreferences";
    private static final int NONE = 0;
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String TRANSFORMATION = "AES/GCM/NoPadding";
    private BiometricManager biometricManager;
    private SharedPreferences encryptedSharedPreferences;
    private KeyStore keyStore;

    private String decryptString(String str, String str2) throws GeneralSecurityException, IOException {
        Cipher cipher;
        byte[] decode = Base64.decode(str, 0);
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(2, getKey(str2), new GCMParameterSpec(128, FIXED_IV));
        } else {
            cipher = Cipher.getInstance(AES_MODE, "BC");
            cipher.init(2, getKey(str2));
        }
        return new String(cipher.doFinal(decode), "UTF-8");
    }

    private String encryptString(String str, String str2) throws GeneralSecurityException, IOException {
        Cipher cipher;
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(1, getKey(str2), new GCMParameterSpec(128, FIXED_IV));
        } else {
            cipher = Cipher.getInstance(AES_MODE, "BC");
            cipher.init(1, getKey(str2));
        }
        return Base64.encodeToString(cipher.doFinal(str.getBytes("UTF-8")), 0);
    }

    private Key generateKey(String str) throws GeneralSecurityException, IOException {
        if (Build.VERSION.SDK_INT < 23) {
            return getAESKey(str);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        return keyGenerator.generateKey();
    }

    private Key getAESKey(String str) throws CertificateException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException, InvalidAlgorithmParameterException {
        SharedPreferences sharedPreferences = getContext().getSharedPreferences(BuildConfig.FLAVOR, 0);
        String string = sharedPreferences.getString(ENCRYPTED_KEY, null);
        if (string != null) {
            return new SecretKeySpec(rsaDecrypt(Base64.decode(string, 0), str), "AES");
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(rsaEncrypt(bArr, str), 0);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(ENCRYPTED_KEY, encodeToString);
        edit.apply();
        return new SecretKeySpec(bArr, "AES");
    }

    private int getAvailableFeature() {
        int i = getContext().getPackageManager().hasSystemFeature("android.hardware.fingerprint") ? 3 : 0;
        if (getContext().getPackageManager().hasSystemFeature("android.hardware.biometrics.face")) {
            if (i != 0) {
                return 6;
            }
            i = 4;
        }
        return getContext().getPackageManager().hasSystemFeature("android.hardware.biometrics.iris") ? i != 0 ? 6 : 5 : i;
    }

    private Key getKey(String str) throws GeneralSecurityException, IOException {
        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) getKeyStore().getEntry(str, null);
        return secretKeyEntry != null ? secretKeyEntry.getSecretKey() : generateKey(str);
    }

    private KeyStore getKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
        this.keyStore = keyStore2;
        keyStore2.load(null);
        return this.keyStore;
    }

    private KeyStore.PrivateKeyEntry getPrivateKeyEntry(String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertificateException, KeyStoreException, IOException, UnrecoverableEntryException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getKeyStore().getEntry(str, null);
        if (privateKeyEntry == null) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()).setAlias(str).build());
            keyPairGenerator.generateKeyPair();
        }
        return privateKeyEntry;
    }

    private byte[] rsaDecrypt(byte[] bArr, String str) throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException, CertificateException, InvalidAlgorithmParameterException {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private byte[] rsaEncrypt(byte[] bArr, String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableEntryException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    @ActivityCallback
    private void verifyResult(PluginCall pluginCall, ActivityResult activityResult) {
        if (activityResult.getResultCode() != -1) {
            pluginCall.reject("Something went wrong.");
            return;
        }
        Intent data = activityResult.getData();
        if (data.hasExtra("result")) {
            String stringExtra = data.getStringExtra("result");
            stringExtra.hashCode();
            if (stringExtra.equals("success")) {
                pluginCall.resolve();
                return;
            }
            if (stringExtra.equals("failed")) {
                pluginCall.reject(data.getStringExtra("errorDetails"), data.getStringExtra("errorCode"));
                return;
            }
            pluginCall.reject("Verification error: " + data.getStringExtra("result"));
        }
    }

    @PluginMethod
    public void deleteCredentials(PluginCall pluginCall) {
        String string = pluginCall.getString("server", null);
        if (string == null) {
            pluginCall.reject("No server name was provided");
            return;
        }
        try {
            getKeyStore().deleteEntry(string);
            SharedPreferences.Editor edit = getContext().getSharedPreferences(NATIVE_BIOMETRIC_SHARED_PREFERENCES, 0).edit();
            edit.clear();
            edit.apply();
            pluginCall.resolve();
        } catch (IOException e) {
            pluginCall.reject("Failed to delete", e);
        } catch (KeyStoreException e2) {
            pluginCall.reject("Failed to delete", e2);
        } catch (NoSuchAlgorithmException e3) {
            pluginCall.reject("Failed to delete", e3);
        } catch (CertificateException e4) {
            pluginCall.reject("Failed to delete", e4);
        }
    }

    @PluginMethod
    public void getCredentials(PluginCall pluginCall) {
        String string = pluginCall.getString("server", null);
        SharedPreferences sharedPreferences = getContext().getSharedPreferences(NATIVE_BIOMETRIC_SHARED_PREFERENCES, 0);
        String string2 = sharedPreferences.getString("username", null);
        String string3 = sharedPreferences.getString("password", null);
        if (string == null) {
            pluginCall.reject("No server name was provided");
            return;
        }
        if (string2 == null || string3 == null) {
            pluginCall.reject("No credentials found");
            return;
        }
        try {
            JSObject jSObject = new JSObject();
            jSObject.put("username", decryptString(string2, string));
            jSObject.put("password", decryptString(string3, string));
            pluginCall.resolve(jSObject);
        } catch (IOException e) {
            pluginCall.reject("Failed to get credentials", e);
        } catch (GeneralSecurityException e2) {
            pluginCall.reject("Failed to get credentials", e2);
        }
    }

    @PluginMethod
    public void isAvailable(PluginCall pluginCall) {
        JSObject jSObject = new JSObject();
        BiometricManager from = BiometricManager.from(getContext());
        this.biometricManager = from;
        int canAuthenticate = from.canAuthenticate();
        if (canAuthenticate != 0) {
            jSObject.put("isAvailable", false);
            jSObject.put("errorCode", canAuthenticate);
        } else {
            jSObject.put("isAvailable", true);
        }
        jSObject.put("biometryType", getAvailableFeature());
        pluginCall.resolve(jSObject);
    }

    @PluginMethod
    public void setCredentials(PluginCall pluginCall) {
        String string = pluginCall.getString("username", null);
        String string2 = pluginCall.getString("password", null);
        String string3 = pluginCall.getString("server", null);
        if (string == null || string2 == null || string3 == null) {
            pluginCall.reject("Missing properties");
            return;
        }
        try {
            SharedPreferences.Editor edit = getContext().getSharedPreferences(NATIVE_BIOMETRIC_SHARED_PREFERENCES, 0).edit();
            edit.putString("username", encryptString(string, string3));
            edit.putString("password", encryptString(string2, string3));
            edit.apply();
            pluginCall.resolve();
        } catch (IOException e) {
            pluginCall.reject("Failed to save credentials", e);
            e.printStackTrace();
        } catch (GeneralSecurityException e2) {
            pluginCall.reject("Failed to save credentials", e2);
            e2.printStackTrace();
        }
    }

    @PluginMethod
    public void verifyIdentity(PluginCall pluginCall) {
        Intent intent = new Intent(getContext(), (Class<?>) AuthActivity.class);
        intent.putExtra("title", pluginCall.getString("title", "Authenticate"));
        if (pluginCall.hasOption("subtitle")) {
            intent.putExtra("subtitle", pluginCall.getString("subtitle"));
        }
        if (pluginCall.hasOption("description")) {
            intent.putExtra("description", pluginCall.getString("description"));
        }
        if (pluginCall.hasOption("negativeButtonText")) {
            intent.putExtra("negativeButtonText", pluginCall.getString("negativeButtonText"));
        }
        if (pluginCall.hasOption("maxAttempts")) {
            intent.putExtra("maxAttempts", pluginCall.getInt("maxAttempts"));
        }
        boolean booleanValue = pluginCall.getBoolean("useFallback", false).booleanValue();
        if (booleanValue && Build.VERSION.SDK_INT >= 23) {
            booleanValue = ((KeyguardManager) getActivity().getSystemService("keyguard")).isDeviceSecure();
        }
        intent.putExtra("useFallback", booleanValue);
        this.bridge.saveCall(pluginCall);
        startActivityForResult(pluginCall, intent, "verifyResult");
    }
}
