package at.asitplus.utils.devicecapabilty;

import android.app.Activity;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import at.asitplus.checklib.AuthCheckStatus;
import at.asitplus.checklib.AuthChecks;
import at.asitplus.common.AuthSelection;
import at.asitplus.common.exception.detail.DeviceIntegrityException;
import at.asitplus.common.exception.detail.InsufficientCapabilitiesException;
import at.asitplus.common.exception.detail.UnsupportedAuthenticationSelectionException;
import at.asitplus.common.exception.internal.CryptoException;
import at.asitplus.oegvat.BuildConfig;
import at.asitplus.utils.AndroidKeyStoreService;
import at.asitplus.utils.KeyStoreService;
import at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck;
import at.atrust.mobsig.library.util.KeystoreUtil;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes12.dex */
public class DeviceCapabilityCheck {
    private final Activity activity;
    private final Context context;
    private final DeviceIntegrityCheck deviceIntegrityCheck;
    private final Logger log = LoggerFactory.getLogger((Class<?>) DeviceCapabilityCheck.class);
    private final String exceptionAndroidVersionDoesNotSupportPin = "Android Version does not support PIN";
    private final String exceptionPinIsNotEnrolledOnDevice = "PIN is not enrolled on the device";
    private final String exceptionTheComplexityOfThePinIsNotSufficient = "The complexity of the PIN is not sufficient";
    private final String exceptionStrongBiometryIsNotSupportedByTheHardware = "Strong biometry is not supported by the hardware";
    private final String exceptionStrongBiometryIsNotEnrolledByTheDevice = "Strong biometry is not enrolled on the device";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes12.dex */
    public interface CheckSuccessCallback {
        void onSuccess();
    }

    public DeviceCapabilityCheck(Context context, Activity activity, DeviceIntegrityCheck deviceIntegrityCheck) {
        this.context = context;
        this.activity = activity;
        this.deviceIntegrityCheck = deviceIntegrityCheck;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: attestationCheck, reason: merged with bridge method [inline-methods] */
    public void m5563x4b117ad(ExtendedCheckInfo extendedCheckInfo, ExtendedCheckSuccess extendedCheckSuccess, ExtendedCheckError extendedCheckError) {
        try {
            this.deviceIntegrityCheck.attestationSupportCheck();
            extendedCheckInfo.canCreateAttestation = true;
            extendedCheckInfo.isAttestationValid = true;
            extendedCheckSuccess.success(extendedCheckInfo);
        } catch (DeviceIntegrityException e) {
            extendedCheckInfo.canCreateAttestation = false;
            extendedCheckInfo.isAttestationValid = false;
            extendedCheckInfo.exception = e;
            this.log.warn("performExtendedCheck: " + e);
            extendedCheckError.error(extendedCheckInfo);
        }
    }

    private AuthSelection getPreferredAuthSelection() {
        try {
            performCapabilityChecks();
            AuthCheckStatus currentStatus = AuthChecks.getCurrentStatus(this.context);
            if (Build.VERSION.SDK_INT >= 30) {
                return currentStatus.isLockComplexitySufficient().booleanValue() ? (currentStatus.isStrongBiometrySupportedByHardware().booleanValue() && currentStatus.isStrongBiometryEnrolledOnDevice()) ? AuthSelection.BIOMETRY_AND_PIN : AuthSelection.ONLY_PIN : AuthSelection.ONLY_BIOMETRY;
            }
            if (Build.VERSION.SDK_INT == 29) {
                return currentStatus.isLockComplexitySufficient().booleanValue() ? AuthSelection.BIOMETRY_AND_PIN : AuthSelection.ONLY_BIOMETRY;
            }
            if (Build.VERSION.SDK_INT < 29) {
                return AuthSelection.ONLY_BIOMETRY;
            }
            return null;
        } catch (InsufficientCapabilitiesException e) {
            this.log.warn("getPreferredAuthSelection: No AuthSelection available " + e.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$userAuthenticationAndCsrCreationCheck$1(ExtendedCheckInfo extendedCheckInfo, CheckSuccessCallback checkSuccessCallback, PKCS10CertificationRequest pKCS10CertificationRequest) {
        extendedCheckInfo.canAuthUser = true;
        extendedCheckInfo.canCreateCSR = true;
        checkSuccessCallback.onSuccess();
    }

    private void userAuthenticationAndCsrCreationCheck(KeyPair keyPair, AndroidKeyStoreService androidKeyStoreService, AuthSelection authSelection, final ExtendedCheckInfo extendedCheckInfo, final ExtendedCheckError extendedCheckError, final CheckSuccessCallback checkSuccessCallback) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeystoreUtil.KEYSTORE_PROVIDER);
            keyStore.load(null, null);
            androidKeyStoreService.generateCsr(keyPair, ((X509Certificate) keyStore.getCertificateChain(AndroidKeyStoreService.CHECK_BINDING_KEY_ALIAS)[0]).getSubjectDN().getName(), authSelection.getUserAuthTimeout(), authSelection, new KeyStoreService.GenerateCsrCallback() { // from class: at.asitplus.utils.devicecapabilty.DeviceCapabilityCheck$$ExternalSyntheticLambda0
                @Override // at.asitplus.utils.KeyStoreService.GenerateCsrCallback
                public final void success(PKCS10CertificationRequest pKCS10CertificationRequest) {
                    DeviceCapabilityCheck.lambda$userAuthenticationAndCsrCreationCheck$1(ExtendedCheckInfo.this, checkSuccessCallback, pKCS10CertificationRequest);
                }
            }, new KeyStoreService.CallbackError() { // from class: at.asitplus.utils.devicecapabilty.DeviceCapabilityCheck$$ExternalSyntheticLambda1
                @Override // at.asitplus.utils.KeyStoreService.CallbackError
                public final void error(Throwable th) {
                    DeviceCapabilityCheck.this.m5564x2d5e9902(extendedCheckInfo, extendedCheckError, th);
                }
            });
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            extendedCheckInfo.canCreateCSR = false;
            extendedCheckInfo.exception = e;
            this.log.warn("userAuthenticationAndCsrCreationCheck: " + e);
            extendedCheckError.error(extendedCheckInfo);
        }
    }

    public void checkBiometry(AuthCheckStatus authCheckStatus) throws UnsupportedAuthenticationSelectionException {
        if (!authCheckStatus.isStrongBiometrySupportedByHardware().booleanValue()) {
            this.log.warn("Strong biometry is not supported by the hardware");
            throw new UnsupportedAuthenticationSelectionException("Strong biometry is not supported by the hardware");
        }
        if (authCheckStatus.isStrongBiometryEnrolledOnDevice()) {
            return;
        }
        this.log.warn("Strong biometry is not enrolled on the device");
        throw new UnsupportedAuthenticationSelectionException("Strong biometry is not enrolled on the device");
    }

    public void checkPIN(AuthCheckStatus authCheckStatus) throws UnsupportedAuthenticationSelectionException {
        if (!authCheckStatus.doesAndroidVersionSupportPIN()) {
            this.log.warn("Android Version does not support PIN");
            throw new UnsupportedAuthenticationSelectionException("Android Version does not support PIN");
        }
        if (!authCheckStatus.isLockEnrolledOnDevice()) {
            this.log.warn("PIN is not enrolled on the device");
            throw new UnsupportedAuthenticationSelectionException("PIN is not enrolled on the device");
        }
        if (authCheckStatus.isLockComplexitySufficient().booleanValue()) {
            return;
        }
        this.log.warn("The complexity of the PIN is not sufficient");
        throw new UnsupportedAuthenticationSelectionException("The complexity of the PIN is not sufficient");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$userAuthenticationAndCsrCreationCheck$2$at-asitplus-utils-devicecapabilty-DeviceCapabilityCheck, reason: not valid java name */
    public /* synthetic */ void m5564x2d5e9902(ExtendedCheckInfo extendedCheckInfo, ExtendedCheckError extendedCheckError, Throwable th) {
        if (th.getClass() == CryptoException.class) {
            extendedCheckInfo.canAuthUser = true;
            extendedCheckInfo.canCreateCSR = false;
        } else {
            extendedCheckInfo.canAuthUser = false;
        }
        extendedCheckInfo.exception = (Exception) th;
        this.log.warn("userAuthenticationAndCsrCreationCheck: " + th);
        extendedCheckError.error(extendedCheckInfo);
    }

    public void performCapabilityChecks() throws InsufficientCapabilitiesException {
        AuthCheckStatus currentStatus = AuthChecks.getCurrentStatus(this.context);
        if (currentStatus.doesAndroidVersionSupportPIN()) {
            performCapabilityChecks(currentStatus, null);
        } else {
            performCapabilityChecks(currentStatus, (FingerprintManager) this.context.getSystemService(FingerprintManager.class));
        }
    }

    public void performCapabilityChecks(AuthCheckStatus authCheckStatus, FingerprintManager fingerprintManager) throws InsufficientCapabilitiesException {
        this.log.info("This is {} {}, running on Android {} (SDK {}), Device {}, {}, {}, {}, {}, {}", BuildConfig.LIBRARY_PACKAGE_NAME, "2.1.1", Build.VERSION.RELEASE, Integer.valueOf(Build.VERSION.SDK_INT), Build.MANUFACTURER, Build.BRAND, Build.MODEL, Build.DEVICE, Build.PRODUCT, Build.DISPLAY);
        if (!authCheckStatus.isLockEnrolledOnDevice()) {
            this.log.error("No pin set");
            throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_PIN_SET);
        }
        if (!authCheckStatus.doesAndroidVersionSupportPIN()) {
            if (fingerprintManager == null) {
                this.log.error("No fingerprint manager available");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_FINGERPRINT_HARDWARE);
            }
            if (!fingerprintManager.isHardwareDetected()) {
                this.log.error("No fingerprint hardware");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_FINGERPRINT_HARDWARE);
            }
            if (fingerprintManager.hasEnrolledFingerprints()) {
                this.log.info("Biometric hardware available");
                return;
            } else {
                this.log.error("No enrolled fingerprints");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_FINGERPRINT_ENROLLED);
            }
        }
        if (!authCheckStatus.isLockComplexitySufficient().booleanValue()) {
            this.log.warn("Lock complexity is insufficient");
            if (!authCheckStatus.isStrongBiometrySupportedByHardware().booleanValue()) {
                this.log.error("No biometric hardware");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_BIOMETRIC_HARDWARE);
            }
            if (authCheckStatus.isStrongBiometryEnrolledOnDevice()) {
                this.log.info("Biometric hardware available");
                return;
            } else {
                this.log.error("No enrolled strong biometrics");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_BIOMETRIC_ENROLLED);
            }
        }
        this.log.info("Lock complexity is sufficient");
        if (Build.VERSION.SDK_INT == 29) {
            if (!authCheckStatus.isStrongBiometrySupportedByHardware().booleanValue()) {
                this.log.warn("No biometric hardware");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_BIOMETRIC_HARDWARE);
            }
            if (authCheckStatus.isStrongBiometryEnrolledOnDevice()) {
                this.log.info("Biometric hardware available");
                return;
            } else {
                this.log.warn("No enrolled strong biometrics");
                throw new InsufficientCapabilitiesException(InsufficientCapabilitiesException.Reason.NO_BIOMETRIC_ENROLLED);
            }
        }
        if (!authCheckStatus.isStrongBiometrySupportedByHardware().booleanValue()) {
            this.log.warn("No biometric hardware");
        } else if (authCheckStatus.isStrongBiometryEnrolledOnDevice()) {
            this.log.info("Biometric hardware available");
        } else {
            this.log.warn("No enrolled strong biometrics");
        }
    }

    public void performExtendedCheck(final ExtendedCheckSuccess extendedCheckSuccess, final ExtendedCheckError extendedCheckError) {
        final ExtendedCheckInfo extendedCheckInfo = new ExtendedCheckInfo();
        AndroidKeyStoreService androidKeyStoreService = new AndroidKeyStoreService(this.activity, this, AndroidKeyStoreService.CHECK_BINDING_KEY_ALIAS, AndroidKeyStoreService.CHECK_BINDING_CERT_ALIAS);
        AuthSelection preferredAuthSelection = getPreferredAuthSelection();
        if (preferredAuthSelection == null) {
            this.log.warn("performExtendedCheck: No AuthSelection is available");
            extendedCheckInfo.exception = new Exception("No AuthSelection is available");
            extendedCheckError.error(extendedCheckInfo);
            return;
        }
        try {
            this.log.debug("Preferred AuthSelection = " + preferredAuthSelection);
            KeyPair generateKeyPair = androidKeyStoreService.generateKeyPair(256, "EC", true, preferredAuthSelection.getUserAuthTimeout(), "random".getBytes(), preferredAuthSelection);
            extendedCheckInfo.canGenerateKeyPair = true;
            userAuthenticationAndCsrCreationCheck(generateKeyPair, androidKeyStoreService, preferredAuthSelection, extendedCheckInfo, extendedCheckError, new CheckSuccessCallback() { // from class: at.asitplus.utils.devicecapabilty.DeviceCapabilityCheck$$ExternalSyntheticLambda2
                @Override // at.asitplus.utils.devicecapabilty.DeviceCapabilityCheck.CheckSuccessCallback
                public final void onSuccess() {
                    DeviceCapabilityCheck.this.m5563x4b117ad(extendedCheckInfo, extendedCheckSuccess, extendedCheckError);
                }
            });
        } catch (Exception e) {
            extendedCheckInfo.canGenerateKeyPair = false;
            extendedCheckInfo.exception = e;
            this.log.warn("performExtendedCheck: " + e);
            extendedCheckError.error(extendedCheckInfo);
        }
    }

    public InitialCheckInfo performInitialCheck() {
        InitialCheckInfo initialCheckInfo = new InitialCheckInfo();
        initialCheckInfo.isBootloaderClosed = Boolean.valueOf(this.deviceIntegrityCheck.bootloaderCheck(false));
        try {
            this.deviceIntegrityCheck.rootCheck(false);
            initialCheckInfo.isDeviceNotRooted = true;
        } catch (DeviceIntegrityException e) {
            initialCheckInfo.isDeviceNotRooted = false;
            this.log.warn("performInitialCheck: " + e);
        }
        try {
            performCapabilityChecks();
            initialCheckInfo.isAuthPossible = true;
        } catch (InsufficientCapabilitiesException e2) {
            initialCheckInfo.isAuthPossible = false;
            this.log.warn("performInitialCheck: " + e2);
        }
        try {
            this.deviceIntegrityCheck.attestationSupportCheck();
            initialCheckInfo.isAttestationSupported = true;
        } catch (DeviceIntegrityException e3) {
            initialCheckInfo.isAttestationSupported = false;
            this.log.warn("performInitialCheck: " + e3);
        }
        return initialCheckInfo;
    }
}
