package ch.threema.app.services;

import android.app.Activity;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.widget.Toast;
import androidx.biometric.CryptoObjectUtils$Api23Impl$$ExternalSyntheticApiModelOutline3;
import androidx.biometric.CryptoObjectUtils$Api23Impl$$ExternalSyntheticApiModelOutline4;
import ch.threema.app.libre.R;
import ch.threema.base.utils.LoggingUtil;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.slf4j.Logger;

/* loaded from: classes3.dex */
public class SystemScreenLockServiceImpl implements SystemScreenLockService {
    public final Context context;
    public KeyguardManager keyguardManager;
    public final LockAppService lockAppService;
    public final PreferenceService preferenceService;
    public static final Logger logger = LoggingUtil.getThreemaLogger("SystemScreenLockServiceImpl");
    public static final byte[] SECRET_BYTE_ARRAY = {4, 5, 1, 4, 9, 6};
    public static long lastAuthenticationTimeStamp = 0;

    public SystemScreenLockServiceImpl(Context context, LockAppService lockAppService, PreferenceService preferenceService) {
        boolean isDeviceSecure;
        this.context = context;
        this.lockAppService = lockAppService;
        this.preferenceService = preferenceService;
        KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService("keyguard");
        this.keyguardManager = keyguardManager;
        if (Build.VERSION.SDK_INT < 23 || keyguardManager == null) {
            return;
        }
        isDeviceSecure = keyguardManager.isDeviceSecure();
        if (isDeviceSecure) {
            createKey();
        }
    }

    public final boolean createKey() {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                KeyStore.getInstance("AndroidKeyStore").load(null);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                CryptoObjectUtils$Api23Impl$$ExternalSyntheticApiModelOutline4.m();
                blockModes = CryptoObjectUtils$Api23Impl$$ExternalSyntheticApiModelOutline3.m("threema_pinlock_key", 3).setBlockModes("CBC");
                userAuthenticationRequired = blockModes.setUserAuthenticationRequired(true);
                userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(3);
                encryptionPaddings = userAuthenticationValidityDurationSeconds.setEncryptionPaddings("PKCS7Padding");
                build = encryptionPaddings.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException | CertificateException e) {
                logger.error("Exception", e);
                return false;
            }
        }
        return true;
    }

    @Override // ch.threema.app.services.SystemScreenLockService
    public void setAuthenticated(boolean z) {
        if (z) {
            lastAuthenticationTimeStamp = System.currentTimeMillis();
        } else {
            lastAuthenticationTimeStamp = 0L;
        }
    }

    public final void showAlreadyAuthenticated() {
        logger.debug("AlreadyAuthenticated");
        LockAppService lockAppService = this.lockAppService;
        if (lockAppService != null) {
            lockAppService.unlock(null);
        }
    }

    public final void showAuthenticationScreen(Activity activity, int i) {
        Intent createConfirmDeviceCredentialIntent;
        logger.debug("showAuthenticationScreen");
        if (Build.VERSION.SDK_INT < 23 || (createConfirmDeviceCredentialIntent = this.keyguardManager.createConfirmDeviceCredentialIntent(null, null)) == null) {
            return;
        }
        activity.startActivityForResult(createConfirmDeviceCredentialIntent, i);
        activity.overridePendingTransition(0, 0);
    }

    @Override // ch.threema.app.services.SystemScreenLockService
    public boolean systemUnlock(Activity activity) {
        boolean isDeviceSecure;
        if (Build.VERSION.SDK_INT < 23) {
            return true;
        }
        isDeviceSecure = this.keyguardManager.isDeviceSecure();
        if (!isDeviceSecure) {
            Toast.makeText(this.context, R.string.no_lockscreen_set, 1).show();
            LockAppService lockAppService = this.lockAppService;
            if (lockAppService != null) {
                lockAppService.unlock(null);
                PreferenceService preferenceService = this.preferenceService;
                if (preferenceService != null) {
                    preferenceService.setLockMechanism("none");
                    this.preferenceService.setPrivateChatsHidden(false);
                }
            }
        }
        return tryEncrypt(activity, 20021);
    }

    @Override // ch.threema.app.services.SystemScreenLockService
    public boolean tryEncrypt(Activity activity, int i) {
        if (Build.VERSION.SDK_INT < 23) {
            return false;
        }
        if (lastAuthenticationTimeStamp >= System.currentTimeMillis() - 3000) {
            showAlreadyAuthenticated();
            return true;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey("threema_pinlock_key", null);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, secretKey);
            cipher.doFinal(SECRET_BYTE_ARRAY);
            showAlreadyAuthenticated();
            return true;
        } catch (IOException e) {
            e = e;
            logger.error("Exception", e);
            return false;
        } catch (InvalidKeyException unused) {
            showAuthenticationScreen(activity, i);
            return false;
        } catch (KeyStoreException e2) {
            e = e2;
            logger.error("Exception", e);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            logger.error("Exception", e);
            return false;
        } catch (UnrecoverableKeyException e4) {
            Toast.makeText(activity, "Error in Android Key Store implementation. Please contact your phone manufacturer and try again later", 1).show();
            logger.error("Exception", (Throwable) e4);
            return false;
        } catch (CertificateException e5) {
            e = e5;
            logger.error("Exception", e);
            return false;
        } catch (BadPaddingException unused2) {
            showAuthenticationScreen(activity, i);
            return false;
        } catch (IllegalBlockSizeException e6) {
            e = e6;
            logger.error("Exception", e);
            return false;
        } catch (NoSuchPaddingException e7) {
            e = e7;
            logger.error("Exception", e);
            return false;
        }
    }
}
