package de.tutao.tutanota.credentials;

import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.fragment.app.FragmentActivity;
import de.tutao.tutanota.AndroidKeyStoreFacade;
import de.tutao.tutanota.CredentialAuthenticationException;
import de.tutao.tutanota.CryptoError;
import de.tutao.tutanota.R;
import de.tutao.tutanota.Utils;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;

/* loaded from: classes.dex */
public final class CredentialsEncryptionBeforeAPI30 implements ICredentialsEncryption {
    private final FragmentActivity activity;
    private final AuthenticationPrompt authenticationPrompt;
    private final AndroidKeyStoreFacade keyStoreFacade;

    public CredentialsEncryptionBeforeAPI30(AndroidKeyStoreFacade androidKeyStoreFacade, FragmentActivity fragmentActivity, AuthenticationPrompt authenticationPrompt) {
        this.keyStoreFacade = androidKeyStoreFacade;
        this.activity = fragmentActivity;
        this.authenticationPrompt = authenticationPrompt;
    }

    private BiometricPrompt.PromptInfo createPromptInfo(CredentialEncryptionMode credentialEncryptionMode) {
        if (credentialEncryptionMode == CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS) {
            return new BiometricPrompt.PromptInfo.Builder().setTitle(this.activity.getString(R.string.unlockCredentials_action)).setAllowedAuthenticators(15).setNegativeButtonText(this.activity.getString(android.R.string.cancel)).build();
        }
        if (credentialEncryptionMode == CredentialEncryptionMode.ENCRYPTION_MODE_SYSTEM_PASSWORD) {
            return new BiometricPrompt.PromptInfo.Builder().setTitle(this.activity.getString(R.string.unlockCredentials_action)).setAllowedAuthenticators(33023).build();
        }
        throw new AssertionError("");
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public String decryptUsingKeychain(String str, CredentialEncryptionMode credentialEncryptionMode) throws KeyStoreException, CryptoError, CredentialAuthenticationException, KeyPermanentlyInvalidatedException {
        Cipher cipherForDecryptionMode;
        byte[] base64ToBytes = Utils.base64ToBytes(str);
        try {
            cipherForDecryptionMode = this.keyStoreFacade.getCipherForDecryptionMode(credentialEncryptionMode, base64ToBytes);
            if (credentialEncryptionMode == CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS) {
                this.authenticationPrompt.authenticateCryptoObject(this.activity, createPromptInfo(credentialEncryptionMode), new BiometricPrompt.CryptoObject(cipherForDecryptionMode));
            }
        } catch (KeyStoreException e) {
            if (!(e.getCause() instanceof UserNotAuthenticatedException)) {
                throw e;
            }
            this.authenticationPrompt.authenticate(this.activity, createPromptInfo(credentialEncryptionMode));
            cipherForDecryptionMode = this.keyStoreFacade.getCipherForDecryptionMode(credentialEncryptionMode, base64ToBytes);
        }
        return Utils.bytesToBase64(this.keyStoreFacade.decryptData(base64ToBytes, cipherForDecryptionMode));
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public String encryptUsingKeychain(String str, CredentialEncryptionMode credentialEncryptionMode) throws KeyStoreException, CryptoError, CredentialAuthenticationException, KeyPermanentlyInvalidatedException {
        Cipher cipherForEncryptionMode;
        byte[] base64ToBytes = Utils.base64ToBytes(str);
        try {
            cipherForEncryptionMode = this.keyStoreFacade.getCipherForEncryptionMode(credentialEncryptionMode);
            if (credentialEncryptionMode == CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS) {
                this.authenticationPrompt.authenticateCryptoObject(this.activity, createPromptInfo(credentialEncryptionMode), new BiometricPrompt.CryptoObject(cipherForEncryptionMode));
            }
        } catch (KeyStoreException e) {
            if (!(e.getCause() instanceof UserNotAuthenticatedException)) {
                throw e;
            }
            this.authenticationPrompt.authenticate(this.activity, createPromptInfo(credentialEncryptionMode));
            cipherForEncryptionMode = this.keyStoreFacade.getCipherForEncryptionMode(credentialEncryptionMode);
        }
        return Utils.bytesToBase64(this.keyStoreFacade.encryptData(base64ToBytes, cipherForEncryptionMode));
    }

    @Override // de.tutao.tutanota.credentials.ICredentialsEncryption
    public List<CredentialEncryptionMode> getSupportedEncryptionModes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_DEVICE_LOCK);
        BiometricManager from = BiometricManager.from(this.activity);
        if (from.canAuthenticate(15) == 0) {
            arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_BIOMETRICS);
        }
        if (from.canAuthenticate(33023) == 0) {
            arrayList.add(CredentialEncryptionMode.ENCRYPTION_MODE_SYSTEM_PASSWORD);
        }
        return arrayList;
    }
}
