package com.google.android.finsky.auth;

import android.accounts.Account;
import android.os.AsyncTask;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.support.v4.hardware.fingerprint.FingerprintManagerCompat;
import android.text.TextUtils;
import com.google.android.finsky.FinskyApp;
import com.google.android.finsky.billing.challenge.ClientLoginApi;
import com.google.android.finsky.utils.FinskyPreferences;
import com.google.android.finsky.utils.Utils;
import com.google.android.gms.common.GooglePlayServicesUtil;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public final class AuthApi {
    public final Account mAccount;
    private AsyncTask<Void, Void, ReauthSettings> mAuthStateFetcher;
    public final ClientLoginApi mClientLoginApi = new ClientLoginApi(FinskyApp.get().mRequestQueue);
    final ReauthClient mReauthClient;

    public AuthApi(Account account) {
        this.mAccount = account;
        if (shouldUseReauthApi()) {
            this.mReauthClient = new ReauthClient(FinskyApp.get());
        } else {
            this.mReauthClient = null;
        }
    }

    public static boolean isFingerprintAvailable() {
        FingerprintManagerCompat from = FingerprintManagerCompat.from(FinskyApp.get());
        return FingerprintManagerCompat.IMPL.isHardwareDetected(from.mContext) && FingerprintManagerCompat.IMPL.hasEnrolledFingerprints(from.mContext);
    }

    private static boolean isFingerprintEnabled(String str) {
        return FinskyPreferences.useFingerprintForPurchase.get(str).get().booleanValue() && isFingerprintKeyValid();
    }

    public static boolean isFingerprintKeyValid() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            Cipher cipher = Cipher.getInstance(TextUtils.join("/", new String[]{"AES", "CBC", "PKCS7Padding"}));
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey("FingerprintKey", null);
            if (secretKey == null) {
                return true;
            }
            cipher.init(1, secretKey);
            return true;
        } catch (Exception e) {
            if (Build.VERSION.SDK_INT < 23 || !(e instanceof KeyPermanentlyInvalidatedException)) {
                throw new RuntimeException(e);
            }
            return false;
        }
    }

    public static void recordFingerprintKey() {
        if (isFingerprintAvailable()) {
            try {
                KeyStore.getInstance("AndroidKeyStore").load(null);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder("FingerprintKey", 3).setEncryptionPaddings("PKCS7Padding").setBlockModes("CBC").setUserAuthenticationRequired(true).build());
                keyGenerator.generateKey();
            } catch (IOException | IllegalStateException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public static boolean shouldUseReauthApi() {
        FinskyApp finskyApp = FinskyApp.get();
        return (finskyApp.getExperiments().isEnabled(12602373L) || GooglePlayServicesUtil.isSidewinderDevice(finskyApp)) && Build.VERSION.SDK_INT >= 14;
    }

    public final void cancelAuthFetchRequest() {
        if (this.mAuthStateFetcher != null) {
            this.mAuthStateFetcher.cancel(true);
            this.mAuthStateFetcher = null;
        }
    }

    public final void fetchAuthState(final AuthStateFetchListener authStateFetchListener) {
        if (!shouldUseReauthApi()) {
            authStateFetchListener.onComplete(new AuthState(false, null, isFingerprintEnabled(this.mAccount.name)));
            return;
        }
        ReauthSettings reauthSettingsFromDevice = this.mReauthClient.getReauthSettingsFromDevice(this.mAccount);
        if (reauthSettingsFromDevice != null) {
            handleReauthSettingsResponse(authStateFetchListener, reauthSettingsFromDevice);
            return;
        }
        this.mAuthStateFetcher = new AsyncTask<Void, Void, ReauthSettings>() { // from class: com.google.android.finsky.auth.AuthApi.2
            @Override // android.os.AsyncTask
            protected final /* bridge */ /* synthetic */ ReauthSettings doInBackground(Void[] voidArr) {
                if (isCancelled()) {
                    return null;
                }
                return AuthApi.this.mReauthClient.getReauthSettingsFromServer(AuthApi.this.mAccount);
            }

            @Override // android.os.AsyncTask
            protected final /* bridge */ /* synthetic */ void onPostExecute(ReauthSettings reauthSettings) {
                AuthApi.this.handleReauthSettingsResponse(authStateFetchListener, reauthSettings);
            }
        };
        Utils.executeMultiThreaded(this.mAuthStateFetcher, new Void[0]);
        authStateFetchListener.onStart();
    }

    final void handleReauthSettingsResponse(AuthStateFetchListener authStateFetchListener, ReauthSettings reauthSettings) {
        boolean z = reauthSettings != null && reauthSettings.status == 0 && reauthSettings.pin != null && "active".equalsIgnoreCase(reauthSettings.pin.status) && (reauthSettings.passwordStatus == null || !"active".equalsIgnoreCase(reauthSettings.passwordStatus));
        String str = z ? reauthSettings.pin.recoveryUrl : null;
        this.mAuthStateFetcher = null;
        authStateFetchListener.onComplete(new AuthState(z, str, isFingerprintEnabled(this.mAccount.name)));
    }
}
