package com.squareup.whorlwind;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Process;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Log;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.Cipher;
import rx.Observable;

/* JADX INFO: Access modifiers changed from: package-private */
@TargetApi(23)
/* loaded from: classes.dex */
public final class RealWhorlwind extends Whorlwind {
    private final Context context;
    private final FingerprintManager fingerprintManager;
    private final String keyAlias;
    private final KeyFactory keyFactory;
    private final KeyPairGenerator keyGenerator;
    private final KeyStore keyStore;
    private final Storage storage;
    private final Object dataLock = new Object();
    private final AtomicBoolean readerScanning = new AtomicBoolean();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RealWhorlwind(Context context, FingerprintManager fingerprintManager, Storage storage, String str, KeyStore keyStore, KeyPairGenerator keyPairGenerator, KeyFactory keyFactory) {
        this.context = context;
        this.fingerprintManager = fingerprintManager;
        this.storage = storage;
        this.keyAlias = str;
        this.keyStore = keyStore;
        this.keyGenerator = keyPairGenerator;
        this.keyFactory = keyFactory;
    }

    private int checkSelfPermission(String str) {
        return this.context.checkPermission(str, Process.myPid(), Process.myUid());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Cipher createCipher() throws GeneralSecurityException {
        return Cipher.getInstance("RSA/ECB/PKCS1Padding");
    }

    @Override // com.squareup.whorlwind.Whorlwind
    @SuppressLint({"MissingPermission"})
    public boolean canStoreSecurely() {
        return checkSelfPermission("android.permission.USE_FINGERPRINT") == 0 && this.fingerprintManager.isHardwareDetected() && this.fingerprintManager.hasEnrolledFingerprints();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkCanStoreSecurely() {
        if (!canStoreSecurely()) {
            throw new IllegalStateException("Can't store securely. Check canStoreSecurely() before attempting to read/write.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getPrivateKey() throws GeneralSecurityException {
        return (PrivateKey) this.keyStore.getKey(this.keyAlias, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void prepareKeyStore() {
        try {
            Key key = this.keyStore.getKey(this.keyAlias, null);
            Certificate certificate = this.keyStore.getCertificate(this.keyAlias);
            if (key != null && certificate != null) {
                try {
                    createCipher().init(2, key);
                    return;
                } catch (KeyPermanentlyInvalidatedException e) {
                    Log.d("Whorlwind", "Key invalidated.");
                }
            }
            this.storage.clear();
            this.keyGenerator.initialize(new KeyGenParameterSpec.Builder(this.keyAlias, 3).setBlockModes("ECB").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS1Padding").build());
            this.keyGenerator.generateKeyPair();
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // com.squareup.whorlwind.Whorlwind
    public Observable<ReadResult> read(String str) {
        checkCanStoreSecurely();
        return Observable.create(new FingerprintAuthOnSubscribe(this.fingerprintManager, this.storage, str, this.readerScanning, this.dataLock, this));
    }
}
