package com.google.android.apps.wallet.pin;

import android.content.Context;
import com.google.android.apps.embeddedse.iso7816.SecureElementAppletConditionsNotSatisfiedException;
import com.google.android.apps.embeddedse.iso7816.SecureElementAppletStatusException;
import com.google.android.apps.embeddedse.util.SecurePin;
import com.google.android.apps.wallet.WalletApplication;
import com.google.android.apps.wallet.datamanager.SettingProtoManager;
import com.google.android.apps.wallet.datamanager.local.DeviceInfoManager;
import com.google.android.apps.wallet.inject.WalletInjector;
import com.google.android.apps.wallet.pin.PinStateManager;
import com.google.android.apps.wallet.secureelement.SecureElementApi;
import com.google.android.apps.wallet.services.periodic.PeriodicExecutionScheduler;
import com.google.android.apps.wallet.util.DigestUtil;
import com.google.android.apps.wallet.util.SecureRandom;
import com.google.android.apps.wallet.util.SystemClock;
import com.google.android.apps.wallet.util.WLog;
import com.google.common.base.Preconditions;
import com.google.common.primitives.Bytes;
import com.google.protobuf.ByteString;
import com.google.wallet.proto.WalletClient;
import java.io.IOException;

/* loaded from: classes.dex */
public class SecurePinManager extends AbstractPinManager {
    private static final String TAG = SecurePinManager.class.getSimpleName();
    private final PinManagerImpl mLocalPinManager;
    private final SecureElementApi mSecureElementApi;
    private Boolean mSecureElementApiSupportsPin;

    public SecurePinManager(DeviceInfoManager deviceInfoManager, SettingProtoManager settingProtoManager, PinProtectedServicesManager pinProtectedServicesManager, PinStateManager pinStateManager, PeriodicExecutionScheduler periodicExecutionScheduler, SystemClock systemClock, SecureRandom secureRandom, SecureElementApi secureElementApi, PinManagerImpl pinManagerImpl) {
        super(deviceInfoManager, settingProtoManager, pinProtectedServicesManager, pinStateManager, periodicExecutionScheduler, systemClock, secureRandom);
        this.mSecureElementApiSupportsPin = null;
        this.mSecureElementApi = secureElementApi;
        this.mLocalPinManager = pinManagerImpl;
    }

    private void acknowledgePendingSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder) {
        int pendingSecurePinVersion = builder.getPendingSecurePinVersion();
        builder.clearLocalSalt().clearLocalPinHash().clearPendingSecurePinVersion().clearPendingSecurePinBytes().setSecurePinVersion(pendingSecurePinVersion).setSecurePinBytes(builder.getPendingSecurePinBytes());
    }

    private boolean changeSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin, UserPin userPin2) throws IOException {
        WLog.dfmt(TAG, "changeSecurePin", new Object[0]);
        SecurePin createPendingSecurePin = createPendingSecurePin(builder, userPin2);
        try {
            this.mDeviceInfoManager.persistPinInfo(builder.build());
            SecurePin securePin = getSecurePin(builder, userPin);
            try {
                try {
                    this.mSecureElementApi.changePin(securePin, createPendingSecurePin);
                    createPendingSecurePin.shred();
                    acknowledgePendingSecurePin(builder);
                    return true;
                } catch (SecureElementAppletStatusException e) {
                    WLog.dfmt(TAG, e, "failed: %s", e);
                    verifySecurePinFailed(builder, e);
                    builder.clearPendingSecurePinVersion().clearPendingSecurePinBytes();
                    createPendingSecurePin.shred();
                    return false;
                }
            } finally {
                securePin.shred();
            }
        } catch (Throwable th) {
            createPendingSecurePin.shred();
            throw th;
        }
    }

    private boolean doSecureElementApiSupportsPin() throws IOException {
        this.mSecureElementApi.open();
        try {
            return this.mSecureElementApi.supportsPin();
        } finally {
            this.mSecureElementApi.close();
        }
    }

    static SecurePin getSecurePin(int i, byte[] bArr, UserPin userPin) {
        if (userPin.equals(UserPin.NO_PIN)) {
            return new SecurePin(userPin.array());
        }
        switch (i) {
            case 1:
                return new SecurePin(DigestUtil.sha256(Bytes.concat(bArr, userPin.array())));
            default:
                throw new IllegalArgumentException(String.format("Unsupported SecurePinVersion: %s", Integer.valueOf(i)));
        }
    }

    private static int getSecurePinTryCounter(SecureElementAppletStatusException secureElementAppletStatusException) throws SecureElementAppletStatusException {
        int statusWord = secureElementAppletStatusException.getStatusWord();
        if (statusWord == 27011) {
            return 0;
        }
        if ((statusWord & 25536) == 25536) {
            return statusWord & 15;
        }
        throw secureElementAppletStatusException;
    }

    public static SecurePinManager injectInstance(Context context) {
        WalletInjector walletInjector = WalletApplication.getWalletInjector();
        return new SecurePinManager(walletInjector.getDeviceInfoManager(context), walletInjector.getSettingProtoManager(context), walletInjector.getPinProtectedServicesManagerSingleton(context), walletInjector.getPinStateManager(context), walletInjector.getPeriodicExecutionScheduler(context), walletInjector.getSystemClock(context), SecureRandom.RealRandom.getInstance(context), walletInjector.getSecureElementApi(context), PinManagerImpl.injectInstance(context));
    }

    private boolean secureElementApiSupportsPin() throws IOException {
        if (this.mSecureElementApiSupportsPin == null) {
            this.mSecureElementApiSupportsPin = Boolean.valueOf(doSecureElementApiSupportsPin());
        }
        return this.mSecureElementApiSupportsPin.booleanValue();
    }

    private boolean setSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        WLog.dfmt(TAG, "setSecurePin", new Object[0]);
        SecurePin createPendingSecurePin = createPendingSecurePin(builder, userPin);
        try {
            this.mDeviceInfoManager.persistPinInfo(builder.build());
            try {
                this.mSecureElementApi.setPin(createPendingSecurePin);
                createPendingSecurePin.shred();
                acknowledgePendingSecurePin(builder);
                return true;
            } catch (SecureElementAppletConditionsNotSatisfiedException e) {
                WLog.dfmt(TAG, e, "failed: %s", e);
                builder.clearPendingSecurePinVersion().clearPendingSecurePinBytes();
                createPendingSecurePin.shred();
                return false;
            }
        } catch (Throwable th) {
            createPendingSecurePin.shred();
            throw th;
        }
    }

    private Boolean verifyAndAcknowledgePendingSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        WLog.d(TAG, "verifyAndAcknowledgePendingSecurePin");
        try {
            SecurePin securePin = getSecurePin(builder.getPendingSecurePinVersion(), builder.getPendingSecurePinBytes().toByteArray(), userPin);
            try {
                this.mSecureElementApi.verifyPin(securePin);
                acknowledgePendingSecurePin(builder);
                verifySecurePinSuccess(builder);
                return Boolean.TRUE;
            } finally {
                securePin.shred();
            }
        } catch (SecureElementAppletConditionsNotSatisfiedException e) {
            WLog.vfmt(TAG, e, "PIN not set: %s", e);
            return null;
        } catch (SecureElementAppletStatusException e2) {
            verifySecurePinFailed(builder, e2);
            return Boolean.FALSE;
        }
    }

    private boolean verifySecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        WLog.d(TAG, "verifySecurePin");
        try {
            SecurePin securePin = getSecurePin(builder, userPin);
            try {
                this.mSecureElementApi.verifyPin(securePin);
                verifySecurePinSuccess(builder);
                return true;
            } finally {
                securePin.shred();
            }
        } catch (SecureElementAppletStatusException e) {
            verifySecurePinFailed(builder, e);
            return false;
        }
    }

    private static void verifySecurePinFailed(WalletClient.DeviceInfo.PinInfo.Builder builder, SecureElementAppletStatusException secureElementAppletStatusException) throws SecureElementAppletStatusException {
        int securePinTryCounter = getSecurePinTryCounter(secureElementAppletStatusException);
        builder.setPinTryCounter(securePinTryCounter);
        if (!builder.hasPinTryLimit() || builder.getPinTryLimit() < securePinTryCounter + 1) {
            builder.setPinTryLimit(securePinTryCounter + 1);
        }
        WLog.vfmt(TAG, "verifySecurePin false: pinTryCounter=%s pinTryLimit=%s", Integer.valueOf(securePinTryCounter), builder.hasPinTryLimit() ? Integer.toString(builder.getPinTryLimit()) : "none");
    }

    private static void verifySecurePinSuccess(WalletClient.DeviceInfo.PinInfo.Builder builder) {
        if (builder.hasPinTryLimit()) {
            builder.setPinTryCounter(builder.getPinTryLimit());
        } else {
            builder.clearPinTryCounter();
        }
        WLog.vfmt(TAG, "verifySecurePin true: pinTryCounter=%s pinTryLimit=%s", builder.hasPinTryCounter() ? Integer.toString(builder.getPinTryCounter()) : "none", builder.hasPinTryLimit() ? Integer.toString(builder.getPinTryLimit()) : "none");
    }

    public SecurePin createPendingSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) {
        byte[] bArr = new byte[32];
        this.mSecureRandom.nextBytes(bArr);
        builder.setPendingSecurePinVersion(1).setPendingSecurePinBytes(ByteString.copyFrom(bArr));
        return getSecurePin(1, bArr, userPin);
    }

    @Override // com.google.android.apps.wallet.pin.AbstractPinManager
    protected boolean doChangePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin, UserPin userPin2) throws IOException {
        WLog.d(TAG, "doChangePin");
        this.mSecureElementApi.open();
        try {
            if (secureElementApiSupportsPin()) {
                return SecurePinStateManager.pinInfoHasSecurePin(builder) ? changeSecurePin(builder, userPin, userPin2) : setSecurePin(builder, userPin2);
            }
            this.mSecureElementApi.close();
            return this.mLocalPinManager.doChangePin(builder, userPin, userPin2);
        } finally {
            this.mSecureElementApi.close();
        }
    }

    @Override // com.google.android.apps.wallet.pin.AbstractPinManager
    protected boolean doSetPin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        WLog.d(TAG, "doSetPin");
        this.mSecureElementApi.open();
        try {
            if (secureElementApiSupportsPin()) {
                return setSecurePin(builder, userPin);
            }
            this.mSecureElementApi.close();
            return this.mLocalPinManager.doSetPin(builder, userPin);
        } finally {
            this.mSecureElementApi.close();
        }
    }

    @Override // com.google.android.apps.wallet.pin.AbstractPinManager
    protected Boolean doVerifyAndAcknowledgePendingPin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        this.mSecureElementApi.open();
        try {
            Preconditions.checkState(secureElementApiSupportsPin(), "Applet should have secure PIN!");
            return verifyAndAcknowledgePendingSecurePin(builder, userPin);
        } finally {
            this.mSecureElementApi.close();
        }
    }

    @Override // com.google.android.apps.wallet.pin.AbstractPinManager
    protected boolean doVerifyPin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) throws IOException {
        WLog.d(TAG, "doVerifyPin");
        if (SecurePinStateManager.pinInfoHasSecurePin(builder)) {
            this.mSecureElementApi.open();
            try {
                Preconditions.checkState(secureElementApiSupportsPin(), "Applet should have secure PIN!");
                return verifySecurePin(builder, userPin);
            } finally {
            }
        }
        if (!this.mLocalPinManager.doVerifyPin(builder, userPin)) {
            return false;
        }
        this.mSecureElementApi.open();
        try {
            if (secureElementApiSupportsPin()) {
                setSecurePin(builder, userPin);
                return verifySecurePin(builder, userPin);
            }
            this.mSecureElementApi.close();
            return true;
        } finally {
        }
    }

    public SecurePin getSecurePin(WalletClient.DeviceInfo.PinInfo.Builder builder, UserPin userPin) {
        return getSecurePin(builder.getSecurePinVersion(), builder.getSecurePinBytes().toByteArray(), userPin);
    }

    @Override // com.google.android.apps.wallet.pin.AbstractPinManager, com.google.android.apps.wallet.pin.PinManager
    public PinStateManager.State pinEntered(UserPin userPin) throws IOException {
        this.mSecureElementApi.open();
        try {
            return super.pinEntered(userPin);
        } finally {
            this.mSecureElementApi.close();
        }
    }
}
