package com.facebook.secure.trustedapp;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.VisibleForTesting;
import com.facebook.secure.logger.LocalReporter;
import com.facebook.secure.logger.Reporter;
import com.facebook.secure.trustedapp.FbPermissionEncoder;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

@SuppressLint({"CatchGeneralException", "DefaultLocale"})
/* loaded from: classes.dex */
public class FbPermission {
    private static FbPermission a;
    private Reporter b = new LocalReporter();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class FbPermissions {
        public Set<String> a = new HashSet();
        public Set<FbPermissionsSignature> b = new HashSet();

        FbPermissions() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class FbPermissionsSignature {
        public String a;
        public String b;

        FbPermissionsSignature() {
        }
    }

    private FbPermission() {
    }

    public static synchronized FbPermission a() {
        FbPermission fbPermission;
        synchronized (FbPermission.class) {
            if (a == null) {
                a = new FbPermission();
            }
            fbPermission = a;
        }
        return fbPermission;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public static List<String> a(Context context, String str) {
        List<String> emptyList = Collections.emptyList();
        try {
            Bundle bundle = context.getPackageManager().getApplicationInfo(str, 128).metaData;
            if (bundle != null && bundle.size() > 0) {
                emptyList = new ArrayList<>();
                for (String str2 : bundle.keySet()) {
                    if (str2.contains(".fbpermission.")) {
                        emptyList.add(str2);
                    }
                }
            }
            return emptyList;
        } catch (PackageManager.NameNotFoundException unused) {
            return Collections.emptyList();
        }
    }

    @VisibleForTesting
    private boolean a(Context context, String str, String str2) {
        String str3;
        if (!b(context, str)) {
            return false;
        }
        FbPermissions b = b(context, str, context.getPackageName());
        if (b == null) {
            this.b.a(String.format("Failed to read fb permissions from '%s' asset", str));
            return false;
        }
        if (!b.a.contains(str2)) {
            this.b.a(String.format("Missing FBPermission '%s' in '%s' required by '%s'", str2, str, context.getPackageName()));
            return false;
        }
        if (b.b.isEmpty()) {
            this.b.a(String.format("Missing signature entry while verifying '%s' from package '%s'", str2, str));
            return false;
        }
        try {
            String str4 = AppVerifier.c(context, str).sha256Hash;
            long d = AppVerifier.d(context, str);
            if (str4 == null || d <= 0) {
                this.b.a(String.format("Invalid key hash or version code for package '%s' while verifying '%s'", str, str2));
                return false;
            }
            for (FbPermissionsSignature fbPermissionsSignature : b.b) {
                String str5 = fbPermissionsSignature.a;
                String str6 = fbPermissionsSignature.b;
                if (TextUtils.isEmpty(str6) || TextUtils.isEmpty(str5)) {
                    str3 = str4;
                    this.b.a(String.format("Invalid signature for package '%s' while verifying '%s': algorithm(%s), value(%s)", str, str2, str5, str6));
                } else {
                    str3 = str4;
                    if (a(context, str, String.valueOf(d), str4, b.a, str6, str5)) {
                        return true;
                    }
                }
                str4 = str3;
            }
            return false;
        } catch (SecurityException unused) {
            this.b.a(String.format("Invalid developer key for package '%s' while verifying '%s'", str, str2));
            return false;
        }
    }

    @VisibleForTesting
    private boolean a(Context context, String str, String str2, String str3, Set<String> set, String str4, String str5) {
        String packageName = context.getPackageName();
        try {
            PublicKey publicKey = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(AppVerifier.a(AppVerifier.b(context, packageName)).toByteArray())).getPublicKey();
            FbPermissionEncoder fbPermissionEncoder = new FbPermissionEncoder();
            fbPermissionEncoder.a(set);
            fbPermissionEncoder.a(str, (byte) 2);
            fbPermissionEncoder.a(str2, (byte) 3);
            fbPermissionEncoder.a(str3, (byte) 4);
            fbPermissionEncoder.a(packageName, (byte) 5);
            byte[] byteArray = fbPermissionEncoder.a.toByteArray();
            byteArray[1] = (byte) (fbPermissionEncoder.b & 255);
            byte[] decode = Base64.decode(str4, 10);
            Signature signature = Signature.getInstance(str5);
            signature.initVerify(publicKey);
            signature.update(byteArray);
            return signature.verify(decode);
        } catch (FbPermissionEncoder.EncoderException unused) {
            this.b.a("Failed to encode data using FbPermissionEncoder");
            return false;
        } catch (SecurityException unused2) {
            this.b.a("Failed to get provider package signature");
            return false;
        } catch (InvalidKeyException unused3) {
            this.b.a("Invalid public key");
            return false;
        } catch (NoSuchAlgorithmException unused4) {
            this.b.a("Unsupported signature algorithm");
            return false;
        } catch (SignatureException unused5) {
            this.b.a("Signature type wrong or improperly encoded");
            return false;
        } catch (CertificateException unused6) {
            this.b.a("Failed to get public key due to certificate exception");
            return false;
        }
    }

    @Nullable
    @VisibleForTesting
    private FbPermissions b(Context context, String str, String str2) {
        JSONArray jSONArray;
        FbPermissions fbPermissions = new FbPermissions();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(context.createPackageContext(str, 0).getAssets().open("fbpermissions.json")));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            bufferedReader.close();
            if (sb.length() == 0) {
                this.b.a(String.format("Consumer app '%s' has an empty FbPermissions asset file", str));
                return null;
            }
            JSONObject jSONObject = new JSONObject(sb.toString());
            if (!jSONObject.has(str2)) {
                return null;
            }
            JSONObject jSONObject2 = jSONObject.getJSONObject(str2);
            JSONArray jSONArray2 = jSONObject2.getJSONArray("permissions");
            if (jSONArray2.length() == 0) {
                this.b.a(String.format("Consumer app '%s' has an empty permissions list for '%s' provider", str, str2));
                return null;
            }
            for (int i = 0; i < jSONArray2.length(); i++) {
                fbPermissions.a.add(jSONArray2.getString(i));
            }
            if (jSONObject2.has("signatures")) {
                jSONArray = jSONObject2.getJSONArray("signatures");
            } else {
                JSONArray jSONArray3 = new JSONArray();
                jSONArray3.put(jSONObject2.getJSONObject("signature"));
                jSONArray = jSONArray3;
            }
            for (int i2 = 0; i2 < jSONArray.length(); i2++) {
                JSONObject jSONObject3 = jSONArray.getJSONObject(i2);
                FbPermissionsSignature fbPermissionsSignature = new FbPermissionsSignature();
                fbPermissionsSignature.a = jSONObject3.getString("algorithm");
                fbPermissionsSignature.b = jSONObject3.getString("value");
                fbPermissions.b.add(fbPermissionsSignature);
            }
            return fbPermissions;
        } catch (PackageManager.NameNotFoundException unused) {
            this.b.a(String.format("Cannot create package context for '%s'", str));
            return null;
        } catch (IOException e) {
            this.b.a(String.format("Failed to read FBPermission asset file from package '%s': %s", str, e.getMessage()));
            return null;
        } catch (JSONException e2) {
            this.b.a(String.format("Failed to decode FBPermission asset file from package '%s' due to JSON exception: %s", str, e2.getMessage()));
            return null;
        }
    }

    private static boolean b(Context context, String str) {
        if (AllFamilyTrustedSignatures.aH.contains(AppVerifier.c(context, context.getPackageName()))) {
            return !a(context, str).isEmpty();
        }
        String[] list = context.createPackageContext(str, 0).getAssets().list("");
        if (list == null) {
            return false;
        }
        for (String str2 : list) {
            if (str2.equals("fbpermissions.json")) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean a(Context context, @Nullable AppIdentity appIdentity, String str, boolean z) {
        boolean z2;
        if (appIdentity == null) {
            z2 = false;
        } else {
            int i = appIdentity.a;
            String[] a2 = AppVerifier.a(context, i);
            if (a2.length > 1) {
                this.b.a(String.format("UID '%d' is shared by multiple packages: %s", Integer.valueOf(i), Arrays.toString(a2)));
            }
            z2 = false;
            for (String str2 : a2) {
                if (a(context, str2, str)) {
                    z2 = true;
                }
            }
            if (!z2) {
                this.b.a(String.format("FBPermission '%s' was not granted to UID '%d' (packages: '%s')", str, Integer.valueOf(i), Arrays.toString(a2)));
            }
        }
        if (!z2) {
            String format = String.format("FBPermission '%s' was not granted to %s", str, appIdentity);
            this.b.a(z ? String.format("%s; request is allowed for fail-open", format) : String.format("%s; request is denied for fail-close", format));
        }
        return z2 || z;
    }
}
