package de.tutao.tutanota.credentials;

import android.security.keystore.KeyPermanentlyInvalidatedException;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.FragmentActivity;
import de.tutao.tutanota.AndroidKeyStoreFacade;
import de.tutao.tutanota.CredentialAuthenticationException;
import de.tutao.tutanota.CryptoError;
import de.tutao.tutanota.R;
import de.tutao.tutanota.Utils;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;

/* loaded from: classes.dex */
public final class CredentialsEncryptionFromAPI30 implements ICredentialsEncryption {
    private final FragmentActivity activity;
    private final AuthenticationPrompt authenticationPrompt;
    private final AndroidKeyStoreFacade keyStoreFacade;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.tutao.tutanota.credentials.CredentialsEncryptionFromAPI30$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$tutao$tutanota$credentials$CredentialEncryptionMode;

        static {
            int[] iArr = new int[CredentialEncryptionMode.values().length];
            $SwitchMap$de$tutao$tutanota$credentials$CredentialEncryptionMode = iArr;
            try {
                iArr[CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$de$tutao$tutanota$credentials$CredentialEncryptionMode[CredentialEncryptionMode.ENCRYPTION_MODE_SYSTEM_PASSWORD.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$de$tutao$tutanota$credentials$CredentialEncryptionMode[CredentialEncryptionMode.ENCRYPTION_MODE_DEVICE_LOCK.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public CredentialsEncryptionFromAPI30(AndroidKeyStoreFacade androidKeyStoreFacade, FragmentActivity fragmentActivity, AuthenticationPrompt authenticationPrompt) {
        this.keyStoreFacade = androidKeyStoreFacade;
        this.activity = fragmentActivity;
        this.authenticationPrompt = authenticationPrompt;
    }

    private void authenticateCipher(Cipher cipher, CredentialEncryptionMode credentialEncryptionMode) throws CredentialAuthenticationException {
        int i = AnonymousClass1.$SwitchMap$de$tutao$tutanota$credentials$CredentialEncryptionMode[credentialEncryptionMode.ordinal()];
        if (i == 1) {
            authenticateUsingBiometrics(new BiometricPrompt.CryptoObject(cipher), credentialEncryptionMode);
        } else if (i == 2) {
            authenticateUsingBiometrics(new BiometricPrompt.CryptoObject(cipher), credentialEncryptionMode);
        } else if (i != 3) {
            throw new AssertionError("Unknown encryption mode");
        }
    }

    public void authenticateUsingBiometrics(BiometricPrompt.CryptoObject cryptoObject, CredentialEncryptionMode credentialEncryptionMode) throws CredentialAuthenticationException {
        CredentialEncryptionMode credentialEncryptionMode2 = CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS;
        BiometricPrompt.PromptInfo.Builder allowedAuthenticators = new BiometricPrompt.PromptInfo.Builder().setTitle(this.activity.getString(R.string.unlockCredentials_action)).setAllowedAuthenticators(credentialEncryptionMode == credentialEncryptionMode2 ? 15 : 32783);
        if (credentialEncryptionMode == credentialEncryptionMode2) {
            allowedAuthenticators.setNegativeButtonText(this.activity.getString(android.R.string.cancel));
        }
        this.authenticationPrompt.authenticateCryptoObject(this.activity, allowedAuthenticators.build(), cryptoObject);
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public String decryptUsingKeychain(String str, CredentialEncryptionMode credentialEncryptionMode) throws KeyStoreException, CryptoError, CredentialAuthenticationException, KeyPermanentlyInvalidatedException {
        byte[] base64ToBytes = Utils.base64ToBytes(str);
        Cipher cipherForDecryptionMode = this.keyStoreFacade.getCipherForDecryptionMode(credentialEncryptionMode, base64ToBytes);
        authenticateCipher(cipherForDecryptionMode, credentialEncryptionMode);
        return Utils.bytesToBase64(this.keyStoreFacade.decryptData(base64ToBytes, cipherForDecryptionMode));
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public String encryptUsingKeychain(String str, CredentialEncryptionMode credentialEncryptionMode) throws KeyStoreException, CryptoError, CredentialAuthenticationException, KeyPermanentlyInvalidatedException {
        byte[] base64ToBytes = Utils.base64ToBytes(str);
        Cipher cipherForEncryptionMode = this.keyStoreFacade.getCipherForEncryptionMode(credentialEncryptionMode);
        authenticateCipher(cipherForEncryptionMode, credentialEncryptionMode);
        return Utils.bytesToBase64(this.keyStoreFacade.encryptData(base64ToBytes, cipherForEncryptionMode));
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public List<CredentialEncryptionMode> getSupportedEncryptionModes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_DEVICE_LOCK);
        BiometricManager from = BiometricManager.from(this.activity);
        if (from.canAuthenticate(15) == 0) {
            arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS);
        }
        if (from.canAuthenticate(32783) == 0) {
            arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_SYSTEM_PASSWORD);
        }
        return arrayList;
    }
}
