package defpackage;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Parcelable;
import android.security.keystore.UserNotAuthenticatedException;
import com.jakewharton.rxrelay.PublishRelay;
import com.truekey.api.v0.crypto.CommonCryptoUtils;
import com.truekey.intel.analytics.Props;
import com.truekey.intel.analytics.StatHelper;
import com.truekey.intel.manager.IDAPIManager;
import com.truekey.intel.model.AuthenticationData;
import com.truekey.intel.model.LocalError;
import com.truekey.intel.model.Operation;
import com.truekey.intel.network.request.YapRpData;
import com.truekey.intel.network.response.AuthenticationResponse;
import com.truekey.intel.network.response.GeneralAuthenticationResponse;
import com.truekey.intel.network.response.IdApiAuthenticationResponse;
import com.truekey.intel.network.response.RemoteError;
import com.truekey.intel.network.response.SessionAuthResponse;
import defpackage.ber;
import defpackage.et;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import rx.Observable;
import rx.Single;
import rx.SingleSubscriber;
import rx.Subscription;
import rx.functions.Action1;
import rx.functions.Func1;
import rx.schedulers.Schedulers;
import timber.log.Timber;

/* loaded from: classes.dex */
public class bep extends bdz<ber> {
    protected ayy<ber> b;
    protected ayy<AuthenticationResponse> c;
    protected Operation d;
    protected int e;
    private final bet f;
    private final AuthenticationData g;
    private final StatHelper h;
    private final IDAPIManager i;
    private Subscription j;
    private PublishRelay<bes> k;
    private ez l;
    private et.a m;
    private String n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: bep$3, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] a = new int[a.values().length];

        static {
            try {
                a[a.VALID.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[a.ERROR_KEY_STORE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                a[a.ERROR_FINGERPRINT_REMOVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum a {
        ERROR_FINGERPRINT_REMOVED,
        ERROR_KEY_STORE,
        ERROR_SESSION_AUTH_FAILED,
        VALID
    }

    /* loaded from: classes.dex */
    class b extends et.a {
        private b() {
        }

        @Override // et.a
        public void a() {
            Timber.b("onAuthenticationFailed", new Object[0]);
            Timber.b("Generic failure, detected fp doesn't match expected value: error count %d", Integer.valueOf(bep.this.e));
            if (bep.this.e >= 3) {
                bep.this.f();
                bep.this.h.a("Debug: fingerprint hw authentication failed", (Parcelable) new Props("error_message", "Fp authentication failed", "error_code", 7, "attempts", Integer.valueOf(bep.this.e)));
                bep.this.k.call(new bes(4, null, 7));
            } else {
                bep.this.h.a("Debug: fingerprint hw authentication failed", (Parcelable) new Props("error_message", "Fp authentication failed", "error_code", 102));
                bep.this.k.call(new bes(2, null, 102));
            }
            bep.this.e++;
        }

        @Override // et.a
        public void a(int i, CharSequence charSequence) {
            Timber.b("onAuthenticationError %s, %d", charSequence, Integer.valueOf(i));
            if (i != 5) {
                bep.this.k.call(new bes(4, charSequence.toString(), i));
            }
            bep.this.h.a("Debug: fingerprint hw authentication failed", (Parcelable) new Props("error_message", charSequence, "error_code", Integer.valueOf(i)));
        }

        @Override // et.a
        public void a(et.b bVar) {
            Timber.b("onAuthenticationSucceeded %s ", bVar);
            bep.this.h.a("Debug: fingerprint hw authentication prompted succeeded");
            if (bep.this.j == null || bep.this.l == null) {
                return;
            }
            bep.this.a(bVar);
        }

        @Override // et.a
        public void b(int i, CharSequence charSequence) {
            Timber.b("onAuthenticationHelp %s, %d", charSequence, Integer.valueOf(i));
            bep.this.k.call(new bes(3, charSequence.toString(), i));
            bep.this.h.a("Debug: fingerprint hw authentication prompted help", (Parcelable) new Props("error_message", charSequence, "error_code", Integer.valueOf(i)));
        }
    }

    public bep(Context context, AuthenticationData authenticationData, StatHelper statHelper, IDAPIManager iDAPIManager) {
        this.a = ayy.a();
        this.b = ayy.a();
        this.b.onBackpressureLatest();
        this.g = authenticationData;
        this.h = statHelper;
        this.i = iDAPIManager;
        this.c = ayy.a();
        this.k = PublishRelay.create();
        this.m = new b();
        this.f = new bet(context);
        this.d = bmg.g(authenticationData.getOauthTransId()) ? Operation.OPERATION_MATCH : Operation.OPERATION_2ND_FACTOR_MATCH;
        this.e = 1;
    }

    protected static String a(String str, String str2, String str3, String str4) {
        HashMap hashMap = new HashMap();
        hashMap.put("alg", "RS256");
        hashMap.put("typ", "JWT");
        HashMap hashMap2 = new HashMap();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(12, 15);
        hashMap2.put("iat", Long.valueOf(calendar.getTimeInMillis() / 1000));
        hashMap2.put("aud", "https://truekeyapi.intelsecurity.com");
        hashMap2.put("exp", Long.valueOf(calendar2.getTimeInMillis() / 1000));
        hashMap2.put("nbf", Long.valueOf(calendar.getTimeInMillis() / 1000));
        hashMap2.put("jti", str2);
        hashMap2.put("sub", str4);
        hashMap2.put("iss", "Intel_Security_TrueKey_Client_" + str3);
        hashMap2.put("typ", "application/fptruekeyclient");
        hashMap2.put("email", str);
        hashMap2.put("cid", str3);
        hashMap2.put("unique_name", "Intel_Security_TrueKey_Client_" + str3);
        return bpg.d.a(CommonCryptoUtils.getBytesFromString(ayx.c.toJson(hashMap))) + "." + bpg.d.a(CommonCryptoUtils.getBytesFromString(ayx.c.toJson(hashMap2)));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(et.b bVar) {
        try {
            Timber.b("triggerIdApiAuthentication for %s", this.g.getProfileUid());
            String a2 = this.i.a();
            String b2 = bet.b(this.g.getProfileUid());
            Timber.b("User id %s", b2);
            if (bmg.g(b2)) {
                Timber.b("User id is empty, invalid state FP _REMOVED", new Object[0]);
                this.h.a("Debug: user profile uid could not identify fp");
                this.b.call(ber.a(ber.a.FP_REMOVED));
                this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            } else {
                String a3 = a(this.g.getEmail(), this.g.getOauthTransId(), a2, this.g.getProfileUid());
                Signature a4 = bVar.a().a();
                byte[] bytesFromString = CommonCryptoUtils.getBytesFromString(a3);
                a4.update(bytesFromString);
                byte[] sign = a4.sign();
                String a5 = bpg.d.a(sign);
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                Certificate certificate = keyStore.getCertificate("tk_fp_public_key_" + b2);
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(certificate);
                signature.update(bytesFromString);
                boolean verify = signature.verify(sign);
                Timber.b("Verified ?: %s", Boolean.valueOf(verify));
                if (verify) {
                    a(a3 + "." + a5);
                } else {
                    Timber.b("Signature not verified, exiting, FP_REMOVED", new Object[0]);
                    this.b.call(ber.a(ber.a.FP_REMOVED));
                    this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                    bix.a(new IllegalStateException("Signature not validated before fp authentication request"));
                }
            }
        } catch (KeyStoreException e) {
            e = e;
            Timber.d(e, "Keystore exception", new Object[0]);
            this.b.call(ber.a(ber.a.FP_REMOVED));
            this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            bix.a(new IllegalStateException("Signature not validated before fp authentication request", e));
        } catch (SignatureException e2) {
            e = e2;
            Timber.d(e, "Keystore exception", new Object[0]);
            this.b.call(ber.a(ber.a.FP_REMOVED));
            this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            bix.a(new IllegalStateException("Signature not validated before fp authentication request", e));
        } catch (Exception e3) {
            Timber.d(e3, "Unable to create jwt", new Object[0]);
            this.b.call(ber.a(ber.a.ERROR));
            this.h.a("fingerprint", LocalError.ERROR_PROGRAMMATIC_ERROR);
            bix.a(new IllegalStateException("Unable to create jwt based on the provided cert", e3));
            a(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
        }
    }

    private void a(String str) {
        this.i.b(this.g.getEmail(), str, this.g).observeOn(Schedulers.newThread()).subscribeOn(Schedulers.computation()).subscribe(new Action1<IdApiAuthenticationResponse>() { // from class: bep.10
            @Override // rx.functions.Action1
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(IdApiAuthenticationResponse idApiAuthenticationResponse) {
                if (idApiAuthenticationResponse == null) {
                    bep.this.b.call(ber.a(ber.a.ERROR));
                    bix.a(new IllegalStateException("Null response from backend, unable to proceed"));
                    bep.this.h.a("fingerprint", LocalError.ERROR_DURING_REQUEST, "No valid response from backend");
                    bep.this.a(new GeneralAuthenticationResponse(LocalError.ERROR_DURING_REQUEST));
                    return;
                }
                Timber.b("fingerprintMatchResponse: %s, succeeded: %s", idApiAuthenticationResponse.getErrorCode(), Boolean.valueOf(idApiAuthenticationResponse.succeeded()));
                if (idApiAuthenticationResponse.succeeded()) {
                    bep.this.b.call(ber.a(ber.a.SUCCESS));
                    bep.this.b(idApiAuthenticationResponse);
                    return;
                }
                if (RemoteError.INVALID_PROFILE_CREDENTIALS_PASSWORD.equals(idApiAuthenticationResponse.getErrorCode())) {
                    Timber.b("E3002 received TYPE_ERROR FP_REMOVED", new Object[0]);
                    bep.this.b.call(ber.a(ber.a.FP_REMOVED));
                    bep.this.h.a("fingerprint", idApiAuthenticationResponse.getErrorCode());
                    bix.a(new IllegalStateException("Fp removed, unable to confirm(E3002)"));
                    return;
                }
                bep.this.b.call(ber.a(ber.a.ERROR));
                bix.a(new IllegalStateException("Fp removed, unable to confirm (" + idApiAuthenticationResponse.getErrorCode() + ", " + idApiAuthenticationResponse.getErrorDescription() + ")"));
                bep.this.h.a("fingerprint", idApiAuthenticationResponse.getErrorCode(), idApiAuthenticationResponse.getErrorDescription());
                bep.this.a(new GeneralAuthenticationResponse(idApiAuthenticationResponse.getErrorCode()));
            }
        }, new Action1<Throwable>() { // from class: bep.11
            @Override // rx.functions.Action1
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(Throwable th) {
                Timber.d(th, "Unable to trigger fp", new Object[0]);
            }
        });
    }

    private boolean i() {
        String oauthTransId = this.g.getOauthTransId();
        if (bmg.g(oauthTransId)) {
            oauthTransId = this.n;
        }
        if (this.f.b() != 2) {
            Timber.a("Start fingerprint as a first factor: %s invalid state FP_REMOVED", this.f.c());
            this.b.call(ber.a(ber.a.FP_REMOVED));
            this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
            return false;
        }
        this.j = Observable.timer(20000L, TimeUnit.MILLISECONDS).observeOn(Schedulers.newThread()).subscribe(j(), new Action1<Throwable>() { // from class: bep.1
            @Override // rx.functions.Action1
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(Throwable th) {
                Timber.d(th, "Unable to trigger fp", new Object[0]);
            }
        });
        if (bmg.g(oauthTransId)) {
            this.i.a(this.g.getEmail(), this.g.getAffId(), this.g.isTablet(), this.g.getClientId(), this.g.getCulture()).flatMap(new Func1<SessionAuthResponse, Single<a>>() { // from class: bep.6
                @Override // rx.functions.Func1
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public Single<a> call(SessionAuthResponse sessionAuthResponse) {
                    Timber.b("Session started? %s", Boolean.valueOf(sessionAuthResponse.succeeded()));
                    if (sessionAuthResponse.succeeded()) {
                        bep.this.g.setOauthTransId(sessionAuthResponse.getOAuthTransId());
                        bep bepVar = bep.this;
                        return bepVar.a(bepVar.m);
                    }
                    bep.this.b.call(ber.a(ber.a.ERROR));
                    bep.this.k.call(new bes(4, null, 101));
                    bep.this.a(new GeneralAuthenticationResponse(sessionAuthResponse.getErrorCode()));
                    return Single.just(a.ERROR_SESSION_AUTH_FAILED);
                }
            }).observeOn(Schedulers.newThread()).subscribeOn(Schedulers.io()).subscribe(new Action1<a>() { // from class: bep.4
                @Override // rx.functions.Action1
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public void call(a aVar) {
                    Timber.a("Start fingerprint as a first factor: %s", aVar);
                    if (aVar == a.VALID) {
                        bep.this.b.call(ber.a(ber.a.HW_LAUNCHED));
                        return;
                    }
                    Timber.a("Start fingerprint as a first factor: %s invalid stat FP _REMOVED", aVar);
                    bep.this.b.call(ber.a(ber.a.FP_REMOVED));
                    bep.this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                }
            }, new Action1<Throwable>() { // from class: bep.5
                @Override // rx.functions.Action1
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public void call(Throwable th) {
                    Timber.d(th, "Start fingerprint as a first factor: failed", new Object[0]);
                    bep.this.b.call(ber.a(ber.a.ERROR));
                    bep.this.k.call(new bes(4, null, 101));
                    bep.this.a(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
                }
            });
        } else {
            a(this.m).subscribe(k(), new Action1<Throwable>() { // from class: bep.7
                @Override // rx.functions.Action1
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public void call(Throwable th) {
                    bep.this.b.call(ber.a(ber.a.ERROR));
                    bep.this.k.call(new bes(4, null, 101));
                    bep.this.a(new GeneralAuthenticationResponse(LocalError.ERROR_PROGRAMMATIC_ERROR));
                }
            });
        }
        return true;
    }

    private Action1<Long> j() {
        return new Action1<Long>() { // from class: bep.8
            @Override // rx.functions.Action1
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(Long l) {
                Timber.b("Timeout reached: ", new Object[0]);
                bep.this.h.a("Debug: fingerprint timed out", (Parcelable) new Props("attempts", Integer.valueOf(bep.this.e - 1)));
                if (bep.this.e >= 3) {
                    bep.this.f();
                    bep.this.k.call(new bes(4, null, 7));
                    bep.this.h.a("Debug: fingerprint hw authentication failed", (Parcelable) new Props("error_message", "Fp authentication timed out max", "error_code", 7, "attempts", Integer.valueOf(bep.this.e)));
                } else {
                    bep.this.h.a("Debug: fingerprint hw authentication failed", (Parcelable) new Props("error_message", "Fp authentication timed out", "error_code", 3, "attempts", Integer.valueOf(bep.this.e)));
                    bep.this.m.a(3, "software_timeout");
                    bep.this.f();
                }
                bep.this.e++;
            }
        };
    }

    private Action1<? super a> k() {
        return new Action1<a>() { // from class: bep.9
            @Override // rx.functions.Action1
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(a aVar) {
                Timber.b("Launching fp as a second factor: %s", aVar);
                int i = AnonymousClass3.a[aVar.ordinal()];
                if (i == 1) {
                    bep.this.b.call(ber.a(ber.a.HW_LAUNCHED));
                } else if (i == 2 || i == 3) {
                    Timber.a("authenticationStateHandler: %s invalid state FP _REMOVED", aVar);
                    bep.this.b.call(ber.a(ber.a.FP_REMOVED));
                    bep.this.h.a("fingerprint", LocalError.UNSUCCESSFUL_FINGERPRINT_AUTH);
                }
            }
        };
    }

    @Override // defpackage.bdz
    public ayy<ber> a() {
        return this.b;
    }

    public Single<a> a(final et.a aVar) {
        Timber.b("startListeningForAuthentication for %s", this.g.getProfileUid());
        return Single.create(new Single.OnSubscribe<a>() { // from class: bep.2
            @Override // rx.functions.Action1
            @TargetApi(23)
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void call(SingleSubscriber<? super a> singleSubscriber) {
                try {
                    bep.this.l = new ez();
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    Timber.b("Profile UID: " + bep.this.g.getProfileUid(), new Object[0]);
                    String b2 = bet.b(bep.this.g.getProfileUid());
                    Timber.b("User id: " + b2, new Object[0]);
                    if (bmg.g(b2)) {
                        Timber.b("startListeningForAuthentication for %s, but remote user reference is empty ERROR_FINGERPRINT_REMOVED", bep.this.g.getProfileUid());
                        singleSubscriber.onSuccess(a.ERROR_FINGERPRINT_REMOVED);
                    } else {
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey("tk_fp_key" + b2, null);
                        Signature signature = Signature.getInstance("SHA256withRSA");
                        signature.initSign(privateKey);
                        bep.this.f.a(new et.c(signature), bep.this.l, aVar);
                        singleSubscriber.onSuccess(a.VALID);
                    }
                } catch (UserNotAuthenticatedException e) {
                    e = e;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_FINGERPRINT_REMOVED", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_FINGERPRINT_REMOVED);
                } catch (IOException e2) {
                    e = e2;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_KEY_STORE", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_KEY_STORE);
                } catch (NullPointerException e3) {
                    e = e3;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_FINGERPRINT_REMOVED", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_FINGERPRINT_REMOVED);
                } catch (InvalidKeyException e4) {
                    e = e4;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_KEY_STORE", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_KEY_STORE);
                } catch (KeyStoreException e5) {
                    e = e5;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_FINGERPRINT_REMOVED", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_FINGERPRINT_REMOVED);
                } catch (NoSuchAlgorithmException e6) {
                    e = e6;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_KEY_STORE", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_KEY_STORE);
                } catch (UnrecoverableKeyException e7) {
                    e = e7;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_FINGERPRINT_REMOVED", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_FINGERPRINT_REMOVED);
                } catch (CertificateException e8) {
                    e = e8;
                    Timber.d(e, "Unable to launch fingerprint, ERROR_KEY_STORE", new Object[0]);
                    bix.a(e);
                    singleSubscriber.onSuccess(a.ERROR_KEY_STORE);
                }
            }
        });
    }

    @Override // defpackage.bdz
    public void a(AuthenticationResponse authenticationResponse) {
        Subscription subscription = this.j;
        if (subscription != null && !subscription.isUnsubscribed()) {
            this.j.unsubscribe();
            this.j = null;
        }
        this.c.call(authenticationResponse);
    }

    public void a(boolean z) {
        this.h.a("Changed login factor", new Props("from_factor_type", "fingerprint", "to_factor_type", YapRpData.RESPONSE_TYPE_PASSWORD));
    }

    @Override // defpackage.bdz
    public Observable<AuthenticationResponse> b() {
        this.e = 1;
        Timber.b("FP startFlow", new Object[0]);
        this.h.c("fingerprint");
        this.n = this.g.getOauthTransId();
        i();
        return this.c;
    }

    @Override // defpackage.bdz
    protected void b(AuthenticationResponse authenticationResponse) {
        Subscription subscription = this.j;
        if (subscription != null && !subscription.isUnsubscribed()) {
            this.j.unsubscribe();
            this.j = null;
        }
        this.h.b("fingerprint");
        this.c.call(authenticationResponse);
    }

    public Operation d() {
        return this.d;
    }

    public PublishRelay<bes> e() {
        return this.k;
    }

    public void f() {
        Object[] objArr = new Object[2];
        boolean z = false;
        objArr[0] = Boolean.valueOf(this.l != null);
        ez ezVar = this.l;
        if (ezVar != null && ezVar.a()) {
            z = true;
        }
        objArr[1] = Boolean.valueOf(z);
        Timber.b("cancelIfActive, cancellation valid %s, cancellation is canceled %s", objArr);
        ez ezVar2 = this.l;
        if (ezVar2 == null || ezVar2.a()) {
            return;
        }
        this.l.b();
        Subscription subscription = this.j;
        if (subscription == null || !subscription.isUnsubscribed()) {
            return;
        }
        this.j.unsubscribe();
        this.j = null;
    }

    public boolean g() {
        ez ezVar = this.l;
        return ezVar != null && ezVar.a();
    }

    public ayy<ber> h() {
        Timber.b("Restarting flow", new Object[0]);
        this.b = ayy.a();
        this.b.onBackpressureLatest();
        i();
        return this.b;
    }
}
