package com.facebook.secure.trustedapp;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.facebook.oxygen.appmanager.protocol.constants.ProtocolConstants;
import com.facebook.secure.trustedapp.FbPermissionEncoder;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: FbPermission.java */
@SuppressLint({"CatchGeneralException", "DefaultLocale"})
/* loaded from: classes.dex */
public class g {

    /* renamed from: a, reason: collision with root package name */
    private static g f5277a;

    /* renamed from: b, reason: collision with root package name */
    private com.facebook.secure.logger.b f5278b = new com.facebook.secure.logger.a();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: FbPermission.java */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public Set<String> f5279a = new HashSet();

        /* renamed from: b, reason: collision with root package name */
        public Set<b> f5280b = new HashSet();

        a() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: FbPermission.java */
    /* loaded from: classes.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public String f5281a;

        /* renamed from: b, reason: collision with root package name */
        public String f5282b;

        b() {
        }
    }

    private g() {
    }

    public static synchronized g a() {
        g gVar;
        synchronized (g.class) {
            if (f5277a == null) {
                f5277a = new g();
            }
            gVar = f5277a;
        }
        return gVar;
    }

    public static synchronized g a(com.facebook.secure.logger.b bVar) {
        g b2;
        synchronized (g.class) {
            b2 = a().b(bVar);
        }
        return b2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static List<String> a(Context context, com.facebook.secure.trustedapp.a aVar) {
        ArrayList arrayList = new ArrayList();
        for (String str : d.a(context, aVar.a())) {
            arrayList.addAll(a(context, str));
        }
        return arrayList;
    }

    protected static List<String> a(Context context, String str) {
        List<String> emptyList = Collections.emptyList();
        try {
            Bundle bundle = context.getPackageManager().getApplicationInfo(str, com.facebook.r.d.bb).metaData;
            if (bundle != null && bundle.size() > 0) {
                emptyList = new ArrayList<>();
                for (String str2 : bundle.keySet()) {
                    if (str2.contains(".fbpermission.")) {
                        emptyList.add(str2);
                    }
                }
            }
            return emptyList;
        } catch (PackageManager.NameNotFoundException unused) {
            return Collections.emptyList();
        }
    }

    private void a(String str, boolean z) {
        this.f5278b.a(z ? String.format("%s; request is allowed for fail-open", str) : String.format("%s; request is denied for fail-close", str));
    }

    private boolean a(Context context, int i, String str) {
        String[] a2 = d.a(context, i);
        if (a2.length > 1) {
            this.f5278b.a(String.format("UID '%d' is shared by multiple packages: %s", Integer.valueOf(i), Arrays.toString(a2)));
        }
        boolean z = false;
        for (String str2 : a2) {
            if (a(context, str2, str)) {
                z = true;
            }
        }
        if (!z) {
            this.f5278b.a(String.format("FBPermission '%s' was not granted to UID '%d' (packages: '%s')", str, Integer.valueOf(i), Arrays.toString(a2)));
        }
        return z;
    }

    private boolean a(Context context, com.facebook.secure.trustedapp.a aVar, String str) {
        if (aVar == null) {
            return false;
        }
        return a(context, aVar.a(), str);
    }

    private static boolean a(PublicKey publicKey, byte[] bArr, byte[] bArr2, String str) {
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static byte[] a(Set<String> set, String str, String str2, String str3, String str4) {
        FbPermissionEncoder fbPermissionEncoder = new FbPermissionEncoder();
        fbPermissionEncoder.a(set, (byte) 1);
        fbPermissionEncoder.a(str, (byte) 2);
        fbPermissionEncoder.a(str2, (byte) 3);
        fbPermissionEncoder.a(str3, (byte) 4);
        fbPermissionEncoder.a(str4, (byte) 5);
        return fbPermissionEncoder.a();
    }

    public static boolean b(Context context, String str) {
        if (com.facebook.secure.trustedapp.signatures.b.b(d.f(context, context.getPackageName()))) {
            return !a(context, str).isEmpty();
        }
        String[] list = context.createPackageContext(str, 0).getAssets().list("");
        if (list == null) {
            return false;
        }
        for (String str2 : list) {
            if (str2.equals("fbpermissions.json")) {
                return true;
            }
        }
        return false;
    }

    private static PublicKey c(Context context, String str) {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(d.g(context, str).toByteArray())).getPublicKey();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(Context context, com.facebook.secure.trustedapp.a aVar, String str, boolean z) {
        boolean a2 = a(context, aVar, str);
        if (!a2) {
            a(String.format("FBPermission '%s' was not granted to %s", str, aVar), z);
        }
        return a2 || z;
    }

    protected boolean a(Context context, String str, String str2) {
        if (!b(context, str)) {
            return false;
        }
        a b2 = b(context, str, context.getPackageName());
        if (b2 == null) {
            this.f5278b.a(String.format("Failed to read fb permissions from '%s' asset", str));
            return false;
        }
        if (!b2.f5279a.contains(str2)) {
            this.f5278b.a(String.format("Missing FBPermission '%s' in '%s' required by '%s'", str2, str, context.getPackageName()));
            return false;
        }
        if (b2.f5280b.isEmpty()) {
            this.f5278b.a(String.format("Missing signature entry while verifying '%s' from package '%s'", str2, str));
            return false;
        }
        try {
            String b3 = d.f(context, str).b();
            long h = d.h(context, str);
            if (b3 == null || h <= 0) {
                this.f5278b.a(String.format("Invalid key hash or version code for package '%s' while verifying '%s'", str, str2));
                return false;
            }
            for (b bVar : b2.f5280b) {
                String str3 = bVar.f5281a;
                String str4 = bVar.f5282b;
                if (TextUtils.isEmpty(str4) || TextUtils.isEmpty(str3)) {
                    this.f5278b.a(String.format("Invalid signature for package '%s' while verifying '%s': algorithm(%s), value(%s)", str, str2, str3, str4));
                } else if (a(context, str, String.valueOf(h), b3, b2.f5279a, str4, str3)) {
                    return true;
                }
            }
            return false;
        } catch (SecurityException unused) {
            this.f5278b.a(String.format("Invalid developer key for package '%s' while verifying '%s'", str, str2));
            return false;
        }
    }

    protected boolean a(Context context, String str, String str2, String str3, Set<String> set, String str4, String str5) {
        String packageName = context.getPackageName();
        try {
            return a(c(context, packageName), a(set, str, str2, str3, packageName), Base64.decode(str4, 10), str5);
        } catch (FbPermissionEncoder.EncoderException unused) {
            this.f5278b.a("Failed to encode data using FbPermissionEncoder");
            return false;
        } catch (SecurityException unused2) {
            this.f5278b.a("Failed to get provider package signature");
            return false;
        } catch (InvalidKeyException unused3) {
            this.f5278b.a("Invalid public key");
            return false;
        } catch (NoSuchAlgorithmException unused4) {
            this.f5278b.a("Unsupported signature algorithm");
            return false;
        } catch (SignatureException unused5) {
            this.f5278b.a("Signature type wrong or improperly encoded");
            return false;
        } catch (CertificateException unused6) {
            this.f5278b.a("Failed to get public key due to certificate exception");
            return false;
        }
    }

    protected a b(Context context, String str, String str2) {
        JSONArray jSONArray;
        a aVar = new a();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(context.createPackageContext(str, 0).getAssets().open("fbpermissions.json")));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            bufferedReader.close();
            if (sb.length() == 0) {
                this.f5278b.a(String.format("Consumer app '%s' has an empty FbPermissions asset file", str));
                return null;
            }
            JSONObject jSONObject = new JSONObject(sb.toString());
            if (!jSONObject.has(str2)) {
                return null;
            }
            JSONObject jSONObject2 = jSONObject.getJSONObject(str2);
            JSONArray jSONArray2 = jSONObject2.getJSONArray("permissions");
            if (jSONArray2.length() == 0) {
                this.f5278b.a(String.format("Consumer app '%s' has an empty permissions list for '%s' provider", str, str2));
                return null;
            }
            for (int i = 0; i < jSONArray2.length(); i++) {
                aVar.f5279a.add(jSONArray2.getString(i));
            }
            if (jSONObject2.has("signatures")) {
                jSONArray = jSONObject2.getJSONArray("signatures");
            } else {
                JSONArray jSONArray3 = new JSONArray();
                jSONArray3.put(jSONObject2.getJSONObject("signature"));
                jSONArray = jSONArray3;
            }
            for (int i2 = 0; i2 < jSONArray.length(); i2++) {
                JSONObject jSONObject3 = jSONArray.getJSONObject(i2);
                b bVar = new b();
                bVar.f5281a = jSONObject3.getString(ProtocolConstants.GraphApiFields.COMPRESSED_BINARY_NODE.ALGORITHM);
                bVar.f5282b = jSONObject3.getString("value");
                aVar.f5280b.add(bVar);
            }
            return aVar;
        } catch (PackageManager.NameNotFoundException unused) {
            this.f5278b.a(String.format("Cannot create package context for '%s'", str));
            return null;
        } catch (IOException e) {
            this.f5278b.a(String.format("Failed to read FBPermission asset file from package '%s': %s", str, e.getMessage()));
            return null;
        } catch (JSONException e2) {
            this.f5278b.a(String.format("Failed to decode FBPermission asset file from package '%s' due to JSON exception: %s", str, e2.getMessage()));
            return null;
        }
    }

    g b(com.facebook.secure.logger.b bVar) {
        this.f5278b = bVar;
        return this;
    }
}
