package com.samsung.android.app.notes.lock.common.utils;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

@TargetApi(28)
/* loaded from: classes2.dex */
public class LockApi28Utils {
    private static final String ALIAS_NAME_BIOMETRICS = "com.samsung.android.app.notes_biometric_pass_key";
    private static final String TAG = "LockApi28Utils";

    public static PrivateKey createKeyPair() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPair makePasswordKeyPair = makePasswordKeyPair();
        if (makePasswordKeyPair != null) {
            return makePasswordKeyPair.getPrivate();
        }
        Log.e(TAG, "Fail to make key pair");
        return null;
    }

    public static void deleteKeyPair() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(ALIAS_NAME_BIOMETRICS)) {
                keyStore.deleteEntry(ALIAS_NAME_BIOMETRICS);
            } else {
                Log.e(TAG, "KeyStore does not contain keyPair");
            }
        } catch (IOException e) {
        } catch (KeyStoreException e2) {
        } catch (NoSuchAlgorithmException e3) {
        } catch (CertificateException e4) {
        }
    }

    private static PrivateKey getPasswordPrivateKey() {
        PrivateKey privateKey;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(ALIAS_NAME_BIOMETRICS)) {
                privateKey = (PrivateKey) keyStore.getKey(ALIAS_NAME_BIOMETRICS, null);
                if (privateKey == null) {
                    privateKey = createKeyPair();
                }
            } else {
                Log.e(TAG, "KeyStore does not contain keyPair");
                privateKey = createKeyPair();
            }
            return privateKey;
        } catch (IOException e) {
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            return null;
        } catch (KeyStoreException e3) {
            return null;
        } catch (NoSuchAlgorithmException e4) {
            return null;
        } catch (NoSuchProviderException e5) {
            return null;
        } catch (UnrecoverableKeyException e6) {
            return null;
        } catch (CertificateException e7) {
            return null;
        }
    }

    public static boolean hasKeyPair() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(ALIAS_NAME_BIOMETRICS)) {
                return true;
            }
            Log.e(TAG, "KeyStore does not contain keyPair");
            return false;
        } catch (IOException e) {
            return false;
        } catch (KeyStoreException e2) {
            return false;
        } catch (NoSuchAlgorithmException e3) {
            return false;
        } catch (CertificateException e4) {
            return false;
        }
    }

    public static synchronized boolean isBiometricEnrollmentChanged() {
        boolean z;
        synchronized (LockApi28Utils.class) {
            z = !isValidKeystore();
        }
        return z;
    }

    private static boolean isValidKeystore() {
        boolean z = false;
        PrivateKey passwordPrivateKey = getPasswordPrivateKey();
        if (passwordPrivateKey == null) {
            Log.e(TAG, "isValidKeystore fail 2");
        } else {
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
                try {
                    if (25 < Build.VERSION.SDK_INT) {
                        cipher.init(2, passwordPrivateKey, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
                        z = true;
                    } else {
                        cipher.init(2, passwordPrivateKey);
                        z = true;
                    }
                } catch (Exception e) {
                    Log.e(TAG, "isValidKeystore fail 4 - [" + e.toString() + "]");
                }
            } catch (Exception e2) {
                Log.e(TAG, "isValidKeystore fail 3 - [" + e2.toString() + "]");
            }
        }
        return z;
    }

    private static KeyPair makePasswordKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(ALIAS_NAME_BIOMETRICS, 3).setKeySize(2048).setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setUserAuthenticationRequired(true).setInvalidatedByBiometricEnrollment(true).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    public static synchronized boolean registerBiometric() {
        boolean z = false;
        synchronized (LockApi28Utils.class) {
            try {
                try {
                    try {
                        makePasswordKeyPair();
                        z = true;
                    } catch (NoSuchAlgorithmException e) {
                        Log.e(TAG, "registerBiometric " + e.getMessage());
                    }
                } catch (NoSuchProviderException e2) {
                    Log.e(TAG, "registerBiometric " + e2.getMessage());
                }
            } catch (InvalidAlgorithmParameterException e3) {
                Log.e(TAG, "registerBiometric " + e3.getMessage());
            }
        }
        return z;
    }

    public boolean migrateUniqueIdToBiometricKeyStore() {
        return true;
    }
}
