package com.facebook.oxygen.appmanager.update.core;

import android.annotation.SuppressLint;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Build;
import android.util.Base64;
import com.facebook.infer.annotation.Nullsafe;
import com.facebook.oxygen.appmanager.update.info.UpdateInfo;
import com.facebook.oxygen.appmanager.update.info.UpdateInfoContract;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.collect.cj;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Locale;

/* compiled from: ApkVerificationUtil.java */
@Nullsafe(Nullsafe.Mode.LOCAL)
/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private static final Class<?> f5223a = a.class;

    /* renamed from: b, reason: collision with root package name */
    private final com.facebook.inject.ae<com.facebook.oxygen.common.verification.e> f5224b = com.facebook.inject.ai.b(com.facebook.ultralight.d.ge);

    /* renamed from: c, reason: collision with root package name */
    private final com.facebook.inject.ae<com.facebook.oxygen.appmanager.update.i.a> f5225c = com.facebook.inject.ai.b(com.facebook.ultralight.d.gd);
    private final com.facebook.inject.ae<com.facebook.preloads.platform.support.b.l> d = com.facebook.inject.ai.b(com.facebook.ultralight.d.cC);
    private final com.facebook.inject.ae<com.facebook.oxygen.common.errorreporting.b.b> e = com.facebook.inject.e.b(com.facebook.ultralight.d.bz);
    private final com.facebook.inject.ae<PackageManager> f = com.facebook.inject.e.b(com.facebook.ultralight.d.bA);
    private final com.facebook.inject.ae<com.facebook.oxygen.common.k.b.a> g = com.facebook.inject.ai.b(com.facebook.ultralight.d.gt);
    private final com.facebook.inject.ae<com.facebook.oxygen.common.apklite.b> h = com.facebook.inject.ai.b(com.facebook.ultralight.d.gs);
    private final com.facebook.inject.ae<com.facebook.oxygen.appmanager.firstparty.b.c> i = com.facebook.inject.ai.b(com.facebook.ultralight.d.el);
    private final com.facebook.inject.ae<com.facebook.oxygen.appmanager.d.a.a> j = com.facebook.inject.e.b(com.facebook.ultralight.d.dx);
    private final com.facebook.inject.ae<aq> k = com.facebook.inject.e.b(com.facebook.ultralight.d.gr);

    /* compiled from: ApkVerificationUtil.java */
    /* renamed from: com.facebook.oxygen.appmanager.update.core.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static class C0158a {

        /* renamed from: a, reason: collision with root package name */
        public final boolean f5226a;

        /* renamed from: b, reason: collision with root package name */
        public final String f5227b;

        /* renamed from: c, reason: collision with root package name */
        public final String f5228c;
        public final PackageInfo d;

        public C0158a(boolean z, String str, String str2, PackageInfo packageInfo) {
            this.f5226a = z;
            this.f5227b = str;
            this.f5228c = str2;
            this.d = packageInfo;
        }

        public static C0158a a() {
            return new C0158a(true, "verification_success", "Success", null);
        }

        public static C0158a a(PackageInfo packageInfo) {
            return new C0158a(true, "verification_success", "Success", packageInfo);
        }

        public static C0158a a(String str, String str2) {
            return new C0158a(false, str, str2, null);
        }
    }

    @SuppressLint({"BadMethodUse-java.io.File.getAbsolutePath"})
    private PackageInfo a(File file) {
        return this.f.get().getPackageArchiveInfo(file.getAbsolutePath(), 4288);
    }

    public static final a a(int i, com.facebook.inject.ac acVar, Object obj) {
        return new a();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public C0158a a(File file, UpdateInfo updateInfo) {
        com.facebook.debug.a.b.b(f5223a, "verifyPrimaryApkFile(): %s", updateInfo.b());
        String d = updateInfo.f().d((String) null);
        if (updateInfo.f().a(UpdateInfoContract.BinaryType.FULL) == UpdateInfoContract.BinaryType.FULL && !this.k.get().a(file, d)) {
            return C0158a.a("UPDATE_INVALID_FULL_FILE", this.k.get().a("File hash doesn't match : '%s'", d));
        }
        try {
            this.f5224b.get().a(file);
            PackageInfo a2 = a(file);
            if (a2 == null) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.f5225c.get().a(file));
            }
            if (!updateInfo.b().equals(a2.packageName)) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed apk. Package extracted: %s, expected: %s", a2.packageName, updateInfo.b()));
            }
            if (updateInfo.c() != a2.versionCode) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed apk. Version extracted: %d, expected: %d", Integer.valueOf(a2.versionCode), Integer.valueOf(updateInfo.c())));
            }
            if (!this.d.get().a("appmanager_enable_high_version_code") && a2.versionCode > 2100000000) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed apk. Version extracted: %d, higher then threshold: %d", Integer.valueOf(a2.versionCode), 2100000000));
            }
            if (a2.signatures == null) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", "Malformed apk. Has not signatures.");
            }
            if (a2.signatures.length != 1) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed apk. Expected exactly one signature in apk file. Instead saw %d", Integer.valueOf(a2.signatures.length)));
            }
            String c2 = com.facebook.oxygen.common.util.c.a.c(a2.signatures[0].toByteArray());
            String e = updateInfo.f().e(null);
            if (!c2.equals(e)) {
                return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed apk. Signature in apk file (%s) is not the one we expect (%s)", c2, e));
            }
            if (Build.VERSION.SDK_INT < 23 || ((ApplicationInfo) com.google.common.base.s.a(a2.applicationInfo)).targetSdkVersion < 23 || !this.d.get().a("appmanager_remove_permission_request")) {
                Sets.b c3 = Sets.c(a2.requestedPermissions == null ? ImmutableSet.i() : ImmutableSet.a((Object[]) a2.requestedPermissions), updateInfo.e());
                if (!c3.isEmpty()) {
                    return C0158a.a("UPDATE_INVALID_PERMISSIONS", this.k.get().a("Malformed apk. Following extra permissions found in downloaded APK: %s", c3));
                }
            }
            if (!com.facebook.oxygen.sdk.b.a.f6094a.equals(updateInfo.b()) && !com.facebook.oxygen.sdk.b.a.f6096c.equals(updateInfo.b())) {
                ImmutableList.a aVar = new ImmutableList.a();
                String g = updateInfo.f().g(null);
                if (g != null) {
                    aVar.b(g);
                }
                ImmutableList a3 = aVar.a();
                cj it = a3.iterator();
                int i = 0;
                while (it.hasNext()) {
                    String str = (String) it.next();
                    com.facebook.oxygen.common.k.c.a a4 = com.facebook.oxygen.common.k.c.b.a(Base64.decode(str, 0));
                    if (a4.f5784b) {
                        com.facebook.oxygen.common.k.c.c cVar = a4.f5783a;
                        if (this.g.get().a(cVar)) {
                            try {
                                com.facebook.oxygen.common.verification.a a5 = this.g.get().a(file, cVar);
                                if (!a5.f5975a) {
                                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("External signature verification failed. External signature (%s). Reason: %s", str, a5.f5976b));
                                }
                                i++;
                            } catch (IOException | GeneralSecurityException e2) {
                                this.e.get().a("UPDATE_INVALID_APK_FILE", e2);
                                return C0158a.a("UPDATE_NONTRUSTED_APK_FILE", this.k.get().a("Unable to verify external signature (%s).", str));
                            }
                        } else {
                            continue;
                        }
                    } else {
                        this.e.get().a(com.facebook.oxygen.common.errorreporting.b.d.b("UPDATE_UNPARSEABLE_EXT_SIG", String.format(Locale.US, "Unable to parse external signature: (%s). Reason: %s", str, a4.f5785c)));
                    }
                }
                if (i == 0) {
                    return C0158a.a("UPDATE_NONTRUSTED_APK_FILE", this.k.get().a("Nontrusted apk. No verifiable external signatures identified. External signatures = %s.", a3.toString()));
                }
            }
            return C0158a.a(a2);
        } catch (IOException unused) {
            return C0158a.a("UPDATE_INVALID_APK_FILE", this.f5225c.get().a(file));
        } catch (SecurityException e3) {
            return C0158a.a("UPDATE_MALICIOUS_ZIP_FILE", this.k.get().a("Malicious zip: %s", e3.getMessage()));
        }
    }

    public C0158a a(File file, UpdateInfo updateInfo, com.facebook.oxygen.appmanager.update.info.b bVar) {
        com.facebook.debug.a.b.b(f5223a, "verifyModuleApkFile(): %s/%s", updateInfo.b(), bVar.c());
        String a2 = bVar.e().a((String) null);
        if (bVar.e().a(UpdateInfoContract.BinaryType.FULL) == UpdateInfoContract.BinaryType.FULL && !this.k.get().a(file, a2)) {
            return C0158a.a("UPDATE_INVALID_FULL_FILE", this.k.get().a("Module '%s' file hash doesn't match.", bVar.c(), a2));
        }
        try {
            this.f5224b.get().a(file);
            cj<String> it = bVar.f().externalSignatures.iterator();
            int i = 0;
            while (it.hasNext()) {
                String next = it.next();
                com.facebook.oxygen.common.k.c.a a3 = com.facebook.oxygen.common.k.c.b.a(Base64.decode(next, 0));
                if (a3.f5784b) {
                    com.facebook.oxygen.common.k.c.c cVar = a3.f5783a;
                    if (this.g.get().a(cVar)) {
                        com.facebook.oxygen.common.verification.a a4 = this.g.get().a(file, cVar);
                        if (!a4.f5975a) {
                            return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("External signature verification failed. External signature (%s). Reason: %s", next, a4.f5976b));
                        }
                        i++;
                    } else {
                        continue;
                    }
                } else {
                    this.e.get().a(com.facebook.oxygen.common.errorreporting.b.d.b("UPDATE_UNPARSEABLE_EXT_SIG", String.format(Locale.US, "Unable to parse external signature: (%s). Reason: %s", next, a3.f5785c)));
                }
            }
            if (i == 0) {
                return C0158a.a("UPDATE_NONTRUSTED_APK_FILE", this.k.get().a("Nontrusted module apk. No verifiable external signatures identified. External signatures = %s.", bVar.f().externalSignatures.toString()));
            }
            if (this.j.get().a().f5611a) {
                com.facebook.oxygen.common.apklite.a a5 = this.h.get().a(file, true);
                if (!updateInfo.b().equals(a5.f5494a)) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Package extracted: %s, expected: %s", a5.f5494a, updateInfo.b()));
                }
                if (updateInfo.c() != a5.f5496c) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Version extracted: %d, expected: %d", Integer.valueOf(a5.f5496c), Integer.valueOf(updateInfo.c())));
                }
                if (!bVar.c().equals(a5.f5495b)) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Module name extracted: %s, expected: %s", a5.f5495b, bVar.c()));
                }
                if (Build.VERSION.SDK_INT >= 22 && bVar.d() != a5.d) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Revision extracted: %d, expected: %d", Integer.valueOf(a5.d), Integer.valueOf(bVar.d())));
                }
                if (a5.f.isEmpty()) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", "Malformed module apk. Has no signatures.");
                }
                if (a5.f.size() > 1) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Expected exactly one signature in apk file. Instead saw %d", Integer.valueOf(a5.f.size())));
                }
                String c2 = com.facebook.oxygen.common.util.c.a.c(a5.f.get(0).toByteArray());
                String e = updateInfo.f().e(null);
                if (!c2.equals(e)) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Signature in apk file (%s) is not the one we expect (%s)", c2, e));
                }
                if (!this.i.get().a(c2)) {
                    return C0158a.a("UPDATE_NONTRUSTED_APK_FILE", this.k.get().a("Nontrusted module apk. Signature is not the one we trust. Apk signature = %s.", c2));
                }
            } else {
                com.facebook.oxygen.common.manifest.c a6 = com.facebook.oxygen.common.manifest.d.a(file);
                if (!updateInfo.b().equals(a6.f5824a)) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Package extracted from manifest: %s, expected: %s", a6.f5824a, updateInfo.b()));
                }
                if (!bVar.c().equals(a6.d)) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Module name extracted from manifest: %s, expected: %s", a6.d, bVar.c()));
                }
                if (!a6.f5825b.equals(String.valueOf(updateInfo.c()))) {
                    return C0158a.a("UPDATE_INVALID_APK_FILE", this.k.get().a("Malformed module apk. Version code extracted from manifest: %s, expected: %s", a6.f5825b, Integer.valueOf(updateInfo.c())));
                }
            }
            return C0158a.a();
        } catch (IOException unused) {
            return C0158a.a("UPDATE_INVALID_APK_FILE", this.f5225c.get().a(file));
        } catch (SecurityException e2) {
            return C0158a.a("UPDATE_MALICIOUS_ZIP_FILE", this.k.get().a("Malicious zip: %s", e2.getMessage()));
        }
    }
}
