package atws.shared.auth.token;

import amc.connection.LoginParameters;
import android.content.Context;
import atws.shared.app.BaseClient;
import atws.shared.auth.biometric.IbBiometricManager;
import atws.shared.auth.token.BaseTokenAccessController;
import atws.shared.persistent.Config;
import atws.shared.persistent.IPersistentStorage;
import atws.shared.persistent.TokenStorage;
import com.connection.auth2.AuthTokenType;
import com.connection.auth2.AuthTokenUtilities;
import com.connection.auth2.AuthenticationHandler;
import com.connection.auth2.LoadedTokenData;
import com.connection.auth2.LoadedTokenDataList;
import com.connection.auth2.MobileAuthParams;
import com.connection.auth2.TokenByteData;
import com.connection.auth2.XYZSessionToken;
import com.connection.auth2.XYZSessionTokenEncryptionData;
import com.connection.auth2.XYZSessionTokenType;
import com.connection.util.BaseUtils;
import com.connection.util.BigInteger;
import com.ib.fingerprint.IFingerprintAuthCallback;
import control.AllowedFeatures;
import control.ErrorReason;
import control.LoginTelemetryManager;
import java.util.Date;
import utils.DateFormatHelper;
import utils.S;
import utils.SimulationValueHolder;

/* loaded from: classes2.dex */
public class TstAccessController extends BaseTokenAccessController implements BaseTokenAccessController.TokenCreationCallback {
    public static int FULL_LOGIN_REQUIRED_IN_DAYS = 30;
    public static long TST_TIME_TO_LIVE = 604800000;
    public static final SimulationValueHolder s_simTstCorrupt = new SimulationValueHolder.Orig_ByDefault("TST BYTE DATA CORRUPTION TO FAIL LOGIN:");
    public IFingerprintAuthCallback m_fingerPrintCallback;

    /* loaded from: classes2.dex */
    public class TstUserInputCallBack implements IFingerprintAuthCallback {
        public final UserCredentialsValidationCallback m_callback;
        public long m_uid;

        public TstUserInputCallBack(long j, UserCredentialsValidationCallback userCredentialsValidationCallback) {
            this.m_uid = j;
            this.m_callback = userCredentialsValidationCallback;
        }

        @Override // com.ib.fingerprint.IFingerprintAuthCallback
        public void authFailed(int i, String str, long j, boolean z) {
            if (i != 5) {
                LoginTelemetryManager.getInstance().fail(ErrorReason.TST_LOGIN_FAILED);
            }
            authFailed(str, j, z);
        }

        @Override // com.ib.fingerprint.IFingerprintAuthCallback
        public void authFailed(String str, long j, boolean z) {
            LoadedTokenDataList loadedTokenDataList = new LoadedTokenDataList();
            if (z) {
                TstAccessController.addNonTstTokens(this.m_callback.tokensToValidate(), loadedTokenDataList);
            }
            this.m_callback.setValidTokensAndNotifyDone(loadedTokenDataList);
        }

        @Override // com.ib.fingerprint.IFingerprintAuthCallback
        public void authSucceedWithFingerprint(long j) {
            LoginTelemetryManager.getInstance().xstEnd();
            if (checkUid(j)) {
                UserCredentialsValidationCallback userCredentialsValidationCallback = this.m_callback;
                userCredentialsValidationCallback.setValidTokensAndNotifyDone(composeValidTokensList(XYZSessionTokenType.TST_TOKEN, userCredentialsValidationCallback));
            }
        }

        @Override // com.ib.fingerprint.IFingerprintAuthCallback
        public void authSucceedWithPin(long j) {
            LoginTelemetryManager.getInstance().xstEnd();
            if (checkUid(j)) {
                UserCredentialsValidationCallback userCredentialsValidationCallback = this.m_callback;
                userCredentialsValidationCallback.setValidTokensAndNotifyDone(composeValidTokensList(XYZSessionTokenType.TST_PIN_TOKEN, userCredentialsValidationCallback));
            }
        }

        @Override // com.ib.fingerprint.IFingerprintAuthCallback
        public long callUid() {
            return this.m_uid;
        }

        public final boolean checkUid(long j) {
            boolean z = this.m_uid == j;
            if (!z) {
                TstAccessController.this.log().err("UID check failed " + this.m_uid + "!=" + j);
                authFailed("UID check failed!", this.m_uid, true);
            }
            return z;
        }

        public final LoadedTokenDataList composeValidTokensList(XYZSessionTokenType xYZSessionTokenType, UserCredentialsValidationCallback userCredentialsValidationCallback) {
            LoadedTokenData composeDecryptedData = TstAccessController.this.composeDecryptedData(userCredentialsValidationCallback.tokensToValidate().tst(), xYZSessionTokenType);
            LoadedTokenDataList loadedTokenDataList = new LoadedTokenDataList();
            if (composeDecryptedData != null) {
                loadedTokenDataList.put(composeDecryptedData);
            }
            TstAccessController.addNonTstTokens(userCredentialsValidationCallback.tokensToValidate(), loadedTokenDataList);
            return loadedTokenDataList;
        }
    }

    public static void addNonTstTokens(LoadedTokenDataList loadedTokenDataList, LoadedTokenDataList loadedTokenDataList2) {
        for (V v : loadedTokenDataList.values()) {
            if (!v.tokenType().isTstToken()) {
                loadedTokenDataList2.put(v);
            }
        }
    }

    public boolean canLoginWithTst() {
        return canLoginWithTst(true);
    }

    public boolean canLoginWithTst(boolean z) {
        boolean z2 = false;
        if (!IbBiometricManager.isLockOrFingerprintAvailable()) {
            return false;
        }
        if (z && !Config.INSTANCE.autoReconnect()) {
            return false;
        }
        TokenStorage tstStorage = tstStorage();
        LoadedTokenData loadedTokenData = tstStorage != null ? tstStorage.tokenData() : null;
        if (loadedTokenData == null) {
            return false;
        }
        boolean z3 = !loadedTokenData.byteData().empty();
        boolean isNotNull = BaseUtils.isNotNull(tstStorage.tokenUser());
        boolean validateTstTimestamp = validateTstTimestamp(loadedTokenData);
        boolean isTstFamilyToken = isTstFamilyToken(loadedTokenData.tokenType());
        boolean hasValidKeyStoreKey = hasValidKeyStoreKey(loadedTokenData.tokenType());
        if (z3 && isNotNull && validateTstTimestamp && isTstFamilyToken && hasValidKeyStoreKey) {
            z2 = true;
        }
        log(String.format("Can login with TST:%s->keyDataAvailable=%s, keyUserAvailable=%s, keyTimeStampValid=%s, tstFamilyToken=%s, hasValidKeyStoreKey=%s", Boolean.valueOf(z2), Boolean.valueOf(z3), Boolean.valueOf(isNotNull), Boolean.valueOf(validateTstTimestamp), Boolean.valueOf(isTstFamilyToken), Boolean.valueOf(hasValidKeyStoreKey)), true);
        return z2;
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController
    public void clearTokenData() {
        TokenStorage tstStorage = tstStorage();
        if (tstStorage != null) {
            tstStorage.clearTokenData();
            log().log("TstAccessController.clearTokenData", true);
        }
    }

    public final LoadedTokenData composeDecryptedData(LoadedTokenData loadedTokenData, XYZSessionTokenType xYZSessionTokenType) {
        TokenStorage tstStorage;
        LoadedTokenData loadedTokenData2 = null;
        try {
            boolean z = xYZSessionTokenType == XYZSessionTokenType.TST_TOKEN;
            XYZSessionTokenEncryptionData decryptData = keyStore().decryptData(loadedTokenData.getEncryptedData(), xYZSessionTokenType);
            long currentTimeMillis = z ? System.currentTimeMillis() : loadedTokenData.timestamp();
            if (z && (tstStorage = tstStorage()) != null) {
                tstStorage.timestamp(currentTimeMillis);
            }
            if (s_simTstCorrupt.simulated(false)) {
                byte[] data = decryptData.data();
                byte[] bArr = new byte[data.length];
                int length = data.length - 1;
                for (byte b : data) {
                    bArr[length] = b;
                    length--;
                }
                decryptData = XYZSessionTokenEncryptionData.createNative(bArr);
            }
            XYZSessionTokenEncryptionData xYZSessionTokenEncryptionData = decryptData;
            LoadedTokenData loadedTokenData3 = new LoadedTokenData(loadedTokenData.user(), new TokenByteData(xYZSessionTokenEncryptionData.data(), TokenByteData.ENCRYPTION.PC_READY), xYZSessionTokenType, currentTimeMillis, loadedTokenData.shortTokenHash());
            try {
                log("Loaded:" + xYZSessionTokenEncryptionData.data().length);
                return loadedTokenData3;
            } catch (Throwable th) {
                th = th;
                loadedTokenData2 = loadedTokenData3;
                log().err("Failed to load touch data!", th);
                return loadedTokenData2;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public void decryptLoadedTstData(UserCredentialsValidationCallback userCredentialsValidationCallback) {
        this.m_fingerPrintCallback = new TstUserInputCallBack(System.currentTimeMillis(), userCredentialsValidationCallback);
        new IbBiometricManager(userCredentialsValidationCallback.fragmentActivity(), this.m_fingerPrintCallback).startAuthentication();
        LoginTelemetryManager.getInstance().xstStart();
    }

    public IFingerprintAuthCallback fingerPrintCallback() {
        return this.m_fingerPrintCallback;
    }

    public final boolean generateKeyStoreKeyIfNeeded(XYZSessionTokenType xYZSessionTokenType, long j, boolean z, Context context) {
        if (hasValidKeyStoreKey(xYZSessionTokenType) && !z) {
            return false;
        }
        keyStore().generateStoreKey(xYZSessionTokenType, j, true, context);
        return true;
    }

    public void generateStoreKeyIfNecessary(Context context) {
        generateStoreKeyIfNecessary(context, 0L, false);
    }

    public boolean generateStoreKeyIfNecessary(Context context, long j, boolean z) {
        boolean z2 = false;
        if (AllowedFeatures.zenithAuthRequired()) {
            return false;
        }
        XYZSessionTokenType tstTokenTypeToBeUsed = tstTokenTypeToBeUsed();
        if (tstTokenTypeToBeUsed != null) {
            z2 = generateKeyStoreKeyIfNeeded(tstTokenTypeToBeUsed, j, z, context);
            if (z2) {
                clearTokenData();
            }
        } else {
            S.log(String.format("TST: TstAccessController.generateStoreKeyIfNecessary no any TST token allowed: isLockOrBiometricsAvailable=%s, isBiometricsAvailable=%s", Boolean.valueOf(IbBiometricManager.isLockOrFingerprintAvailable()), Boolean.valueOf(IbBiometricManager.biometricIsAvailable())), true);
        }
        return z2;
    }

    public boolean hasActiveTst() {
        TokenStorage tstStorage = tstStorage();
        return tstStorage != null && canLoginWithTst(false) && BaseUtils.equals(BaseTokenAccessController.client().paidUsername(), tstStorage.tokenUser());
    }

    public final boolean hasValidKeyStoreKey() {
        XYZSessionTokenType tstTokenTypeToBeUsed = tstTokenTypeToBeUsed();
        return tstTokenTypeToBeUsed != null && hasValidKeyStoreKey(tstTokenTypeToBeUsed);
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x004a A[Catch: all -> 0x0074, TRY_ENTER, TryCatch #1 {all -> 0x0074, blocks: (B:21:0x004a, B:24:0x0077, B:27:0x0086, B:30:0x0091, B:33:0x00b4, B:35:0x009e), top: B:19:0x0048 }] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0077 A[Catch: all -> 0x0074, TryCatch #1 {all -> 0x0074, blocks: (B:21:0x004a, B:24:0x0077, B:27:0x0086, B:30:0x0091, B:33:0x00b4, B:35:0x009e), top: B:19:0x0048 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean hasValidKeyStoreKey(com.connection.auth2.XYZSessionTokenType r12) {
        /*
            r11 = this;
            r0 = 0
            atws.shared.auth.token.KeyStoreAccessor r1 = r11.keyStore()     // Catch: java.lang.Throwable -> L21
            java.security.KeyStore$PrivateKeyEntry r12 = r1.keyEntry(r12)     // Catch: java.lang.Throwable -> L21
            r1 = 0
            if (r12 != 0) goto Le
            r2 = r1
            goto L14
        Le:
            java.security.cert.Certificate r2 = r12.getCertificate()     // Catch: java.lang.Throwable -> L21
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2     // Catch: java.lang.Throwable -> L21
        L14:
            if (r2 == 0) goto L24
            java.util.Date r3 = r2.getNotAfter()     // Catch: java.lang.Throwable -> L21
            if (r3 == 0) goto L24
            java.util.Date r3 = r2.getNotAfter()     // Catch: java.lang.Throwable -> L21
            goto L25
        L21:
            r12 = move-exception
            goto Lc3
        L24:
            r3 = r1
        L25:
            r4 = 60000(0xea60, double:2.9644E-319)
            if (r3 == 0) goto L38
            long r6 = r3.getTime()     // Catch: java.lang.Throwable -> L21
            long r8 = java.lang.System.currentTimeMillis()     // Catch: java.lang.Throwable -> L21
            long r8 = r8 + r4
            long r6 = r6 - r8
            java.lang.Long r1 = java.lang.Long.valueOf(r6)     // Catch: java.lang.Throwable -> L21
        L38:
            r6 = 1
            if (r1 == 0) goto L47
            long r7 = r1.longValue()     // Catch: java.lang.Throwable -> L21
            r9 = 0
            int r7 = (r7 > r9 ? 1 : (r7 == r9 ? 0 : -1))
            if (r7 <= 0) goto L47
            r7 = r6
            goto L48
        L47:
            r7 = r0
        L48:
            if (r7 == 0) goto L77
            java.lang.StringBuilder r12 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L74
            r12.<init>()     // Catch: java.lang.Throwable -> L74
            java.lang.String r0 = "KStore key valid till "
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r0 = java.lang.String.valueOf(r3)     // Catch: java.lang.Throwable -> L74
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r0 = " now:"
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.util.Date r0 = new java.util.Date     // Catch: java.lang.Throwable -> L74
            r0.<init>()     // Catch: java.lang.Throwable -> L74
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r12 = r12.toString()     // Catch: java.lang.Throwable -> L74
            boolean r0 = r11.moreLogs()     // Catch: java.lang.Throwable -> L74
            r11.log(r12, r0)     // Catch: java.lang.Throwable -> L74
            goto Lcd
        L74:
            r12 = move-exception
            r0 = r7
            goto Lc3
        L77:
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L74
            r3.<init>()     // Catch: java.lang.Throwable -> L74
            java.lang.String r8 = "KStore key NOT valid! 'key null'="
            r3.append(r8)     // Catch: java.lang.Throwable -> L74
            if (r12 != 0) goto L85
            r12 = r6
            goto L86
        L85:
            r12 = r0
        L86:
            r3.append(r12)     // Catch: java.lang.Throwable -> L74
            java.lang.String r12 = " 'cert_null'="
            r3.append(r12)     // Catch: java.lang.Throwable -> L74
            if (r2 != 0) goto L91
            r0 = r6
        L91:
            r3.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r12 = " 'cert_time_diff'="
            r3.append(r12)     // Catch: java.lang.Throwable -> L74
            if (r1 != 0) goto L9e
            java.lang.String r12 = "null"
            goto Lb4
        L9e:
            java.lang.StringBuilder r12 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L74
            r12.<init>()     // Catch: java.lang.Throwable -> L74
            long r0 = r1.longValue()     // Catch: java.lang.Throwable -> L74
            long r0 = r0 / r4
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r0 = " minutes"
            r12.append(r0)     // Catch: java.lang.Throwable -> L74
            java.lang.String r12 = r12.toString()     // Catch: java.lang.Throwable -> L74
        Lb4:
            r3.append(r12)     // Catch: java.lang.Throwable -> L74
            java.lang.String r12 = r3.toString()     // Catch: java.lang.Throwable -> L74
            boolean r0 = r11.moreLogs()     // Catch: java.lang.Throwable -> L74
            r11.log(r12, r0)     // Catch: java.lang.Throwable -> L74
            goto Lcd
        Lc3:
            utils.NamedLogger r1 = r11.log()
            java.lang.String r2 = "Failed to retrieve tst key!"
            r1.err(r2, r12)
            r7 = r0
        Lcd:
            return r7
        */
        throw new UnsupportedOperationException("Method not decompiled: atws.shared.auth.token.TstAccessController.hasValidKeyStoreKey(com.connection.auth2.XYZSessionTokenType):boolean");
    }

    public final boolean isTstFamilyToken(XYZSessionTokenType xYZSessionTokenType) {
        if (!IbBiometricManager.isLockOrFingerprintAvailable()) {
            return false;
        }
        if (xYZSessionTokenType == XYZSessionTokenType.TST_PIN_TOKEN) {
            return true;
        }
        return IbBiometricManager.biometricIsAvailable() && xYZSessionTokenType == XYZSessionTokenType.TST_TOKEN;
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController
    public LoadedTokenData loadInitialTokenData(LoadedTokenDataList.ReadTokensMode readTokensMode) {
        TokenStorage tstStorage = tstStorage();
        if (tstStorage == null || !canLoginWithTst()) {
            return null;
        }
        return tstStorage.tokenData();
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController
    public String logPrefix() {
        return "TST: ";
    }

    public boolean needToPublishTst() {
        if (keyStore() == null || !IbBiometricManager.isLockOrFingerprintAvailable()) {
            return false;
        }
        return hasValidKeyStoreKey();
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController
    public void onPaidLoggedIn(MobileAuthParams mobileAuthParams) {
        boolean isReconnectSecurityAllowed = BaseClient.isReconnectSecurityAllowed();
        TokenStorage tstStorage = tstStorage();
        if ((tstStorage != null && tstStorage.hasTokenData() && !BaseUtils.equals(tstStorage.tokenUser(), BaseTokenAccessController.client().paidUsername())) || !isReconnectSecurityAllowed) {
            clearTokenData();
        }
        if (!isReconnectSecurityAllowed) {
            BaseClient.logForReconnectSecurity("TstAccessController.onPaidLoggedIn: TST is restricted due next parameters: ");
            return;
        }
        if (mobileAuthParams.hasPublishTokens() && mobileAuthParams.requestedTstToPublish() && AuthenticationHandler.isSoft()) {
            produceToken(AuthenticationHandler.pc(), this, mobileAuthParams.tstBasedOnPin() ? XYZSessionTokenType.TST_PIN_TOKEN : XYZSessionTokenType.TST_TOKEN);
        } else if (mobileAuthParams.authTokenType() == AuthTokenType.TST) {
            prolongTimeStamp(tstStorage());
        }
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController.TokenCreationCallback
    public void onTokenCreated(BigInteger bigInteger, BigInteger bigInteger2, XYZSessionTokenType xYZSessionTokenType) {
        if (bigInteger2 == null) {
            tokenCreationFailed("PST created, while auth pc data is missing!");
            return;
        }
        LoginParameters loginParameters = BaseTokenAccessController.client().loginParameters();
        if (!tokenCreationAllowed(loginParameters != null ? loginParameters.userCredentials() : null)) {
            tokenCreationFailed("TST token creation not allowed by logged in user type halting!");
            return;
        }
        try {
            byte[] produceTokenToStore = BaseTokenAccessController.produceTokenToStore(bigInteger, bigInteger2, log());
            String computeShortTokenHash = AuthTokenUtilities.computeShortTokenHash(bigInteger);
            XYZSessionTokenEncryptionData encryptData = keyStore().encryptData(produceTokenToStore, xYZSessionTokenType);
            if (encryptData == null) {
                tokenCreationFailed("Failed to produce TST for storage!");
                return;
            }
            LoadedTokenData loadedTokenData = new LoadedTokenData(BaseTokenAccessController.client().paidUsername(), new TokenByteData(encryptData.data(), TokenByteData.ENCRYPTION.STORAGE), xYZSessionTokenType, System.currentTimeMillis(), 0L, computeShortTokenHash);
            tstStorage().tokenData(loadedTokenData);
            log(moreLogs() ? String.format("saveTstKey \"%s\" was saved into persistence item \"%s\"", XYZSessionToken.logToken(bigInteger), loadedTokenData) : XYZSessionToken.logToken(bigInteger), true);
        } catch (Throwable th) {
            log().err("Failed to produce TST for storage!", th);
            tokenCreationFailed("Failed to produce TST for storage!");
        }
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController.TokenCreationCallback
    public void tokenCreationFailed(String str) {
        log().err(str);
        clearTokenData();
    }

    @Override // atws.shared.auth.token.BaseTokenAccessController
    public String tokenSuffix() {
        return AuthTokenUtilities.tstTokenSuffix();
    }

    public final TokenStorage tstStorage() {
        IPersistentStorage storage2 = BaseTokenAccessController.storage();
        if (storage2 != null) {
            return storage2.tstStorage();
        }
        return null;
    }

    public XYZSessionTokenType tstTokenTypeToBeUsed() {
        if (IbBiometricManager.isLockOrFingerprintAvailable()) {
            return IbBiometricManager.biometricIsAvailable() ? XYZSessionTokenType.TST_TOKEN : XYZSessionTokenType.TST_PIN_TOKEN;
        }
        return null;
    }

    public final boolean validateTstTimestamp(LoadedTokenData loadedTokenData) {
        long timestamp = loadedTokenData.timestamp();
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - timestamp > TST_TIME_TO_LIVE) {
            StringBuilder sb = new StringBuilder();
            sb.append("timestamp failed TTL check! 0 stamp:");
            sb.append(timestamp == 0);
            log(sb.toString(), moreLogs());
            return false;
        }
        if (loadedTokenData.tokenType() != XYZSessionTokenType.TST_PIN_TOKEN) {
            return true;
        }
        String format = String.format("(TST PIN timestamp=%s)", DateFormatHelper.formatFixDateEng(new Date(timestamp)));
        boolean z = currentTimeMillis < timestamp + 43200000;
        StringBuilder sb2 = new StringBuilder();
        sb2.append(z ? "pin timestamp valid" : "pin timestamp failed 12h check!");
        sb2.append(format);
        log(sb2.toString(), moreLogs());
        return z;
    }
}
