package com.noknok.android.uaf.framework.service;

import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import com.fido.android.framework.service.Mfac;
import com.fido.uaf.ver0100.types.TrustedFacets;
import com.google.common.base.Ascii;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
import com.noknok.android.client.asm.api.uaf.json.Version;
import com.noknok.android.client.utils.AppSDKConfig;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.HttpClient;
import com.noknok.android.client.utils.Logger;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashSet;
import java.util.Scanner;
import java.util.Set;

/* loaded from: classes2.dex */
public class FacetIDsValidator {
    private static final String ACT_AS_WEB_BROWSER_PERMISSION = "org.fidoalliance.uaf.permissions.ACT_AS_WEB_BROWSER";
    private static final String EXPIRE_TIME = "expireTime";
    private static final String FIDO_APPID_REDIRECT_AUTHORIZED = "FIDO-AppID-Redirect-Authorized";
    private static final String IDS_LIST = "ids";
    private static final String LIST_SPLITER = ",";
    private static final int MAX_REDIRECTS = 5;
    private static final String MIME_Content_Type = "application/fido.trusted-apps+json";
    private static final String TAG = FacetIDsValidator.class.getSimpleName();
    private static Set<String> mPublicSuffixes = null;
    private final String mAppID;
    private final Context mContext;
    private SharedPreferences mPreferences;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum CacheUpdateStrategy {
        CheckDefaultPeriod,
        ForceUpdate
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class TrustedApps {
        TrustedFacets[] trustedFacets;

        TrustedApps() {
        }
    }

    public FacetIDsValidator(String str, Context context) {
        this.mContext = context;
        this.mAppID = str;
    }

    private static boolean checkCallingActivityPermission(Context context, Activity activity, String str) {
        PackageManager packageManager = context.getPackageManager();
        if (activity == null) {
            return false;
        }
        String callingPackage = activity.getCallingPackage();
        try {
            String[] strArr = packageManager.getPackageInfo(callingPackage, 4096).requestedPermissions;
            if (strArr == null) {
                return false;
            }
            for (String str2 : strArr) {
                if (str2.matches(str)) {
                    return true;
                }
            }
            return false;
        } catch (PackageManager.NameNotFoundException e) {
            Logger.e(TAG, "Failed to get requestedPermissions for " + callingPackage, e);
            return false;
        }
    }

    private static long getExpires(String str) {
        try {
            return new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz").parse(str).getTime();
        } catch (ParseException e) {
            Logger.e(TAG, "Error while getting expires", e);
            return new Date().getTime() + 60000;
        }
    }

    private String getLeastSpecific(String str) {
        if (mPublicSuffixes == null) {
            mPublicSuffixes = loadPSL();
        }
        String host = new URL(str).getHost();
        int i = -1;
        do {
            host = host.substring(i + 1);
            if (mPublicSuffixes.contains(host)) {
                return host;
            }
            i = host.indexOf(46);
        } while (i != -1);
        return null;
    }

    private String getPreferenceFileName() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(this.mAppID.getBytes(Charsets.utf8Charset), 0, this.mAppID.length());
            byte[] digest = messageDigest.digest();
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                int i = (b >>> 4) & 15;
                int i2 = 0;
                while (true) {
                    if (i < 0 || i > 9) {
                        sb.append((char) ((i - 10) + 97));
                    } else {
                        sb.append((char) (i + 48));
                    }
                    int i3 = b & Ascii.SI;
                    int i4 = i2 + 1;
                    if (i2 > 0) {
                        break;
                    }
                    i2 = i4;
                    i = i3;
                }
            }
            Logger.i(TAG, "Preferences file name for " + this.mAppID + " is :" + sb.toString());
            return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            Logger.w(TAG, "Failed to generate preference file name", e);
            return null;
        }
    }

    private boolean isFacetIdInList(String str) {
        String string = this.mPreferences.getString(IDS_LIST, null);
        if (string == null || string.length() == 0) {
            Logger.i(TAG, "IDS list is empty");
            return false;
        }
        String[] split = string.split(LIST_SPLITER);
        for (String str2 : split) {
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isHTTPS(String str) {
        try {
            return "https".equals(new URL(str).getProtocol());
        } catch (MalformedURLException e) {
            Logger.w(TAG, str + " Invalid URL.");
            return false;
        } catch (Exception e2) {
            Logger.e(TAG, "Error while checking URL protocol is https or not", e2);
            return false;
        }
    }

    private Set<String> loadPSL() {
        BufferedReader bufferedReader;
        HashSet hashSet = new HashSet();
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(this.mContext.getResources().openRawResource(this.mContext.getResources().getIdentifier("psl", "raw", this.mContext.getPackageName())), Charsets.utf8Charset));
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return hashSet;
                    }
                    hashSet.add(readLine);
                } catch (Throwable th) {
                    th = th;
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                    throw th;
                }
            }
        } catch (Throwable th2) {
            th = th2;
            bufferedReader = null;
        }
    }

    private String resolveFacetID(int i, Activity activity) {
        String str;
        PackageManager packageManager = this.mContext.getPackageManager();
        if (activity != null) {
            str = activity.getCallingPackage();
        } else {
            String[] packagesForUid = packageManager.getPackagesForUid(i);
            if (packagesForUid == null) {
                return null;
            }
            try {
                str = packageManager.getPackageInfo(packagesForUid[0], 0).packageName;
            } catch (PackageManager.NameNotFoundException e) {
                Logger.e(TAG, "Failed to get packageName", e);
                return null;
            }
        }
        try {
            Signature[] signatureArr = packageManager.getPackageInfo(str, 64).signatures;
            if (signatureArr.length > 0) {
                Signature signature = signatureArr[0];
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                messageDigest.update(signature.toByteArray());
                return "android:apk-key-hash:" + Base64.encodeToString(messageDigest.digest(), 3);
            }
        } catch (PackageManager.NameNotFoundException | NoSuchAlgorithmException e2) {
            Logger.e(TAG, "Failed to generate FacetID", e2);
        }
        return null;
    }

    private static String resolveFacetID(String str) {
        String str2;
        URISyntaxException e;
        try {
            URI uri = new URI(str);
            String path = uri.getPath();
            String str3 = path.length() > 0 ? str.split(path)[0] : str;
            try {
                int port = uri.getPort();
                str2 = (port != -1 && uri.getScheme().equalsIgnoreCase("https") && port == 443) ? str3.split(":443")[0] : str3;
            } catch (URISyntaxException e2) {
                str2 = str3;
                e = e2;
            }
            try {
                return !str2.endsWith("/") ? str2 + "/" : str2;
            } catch (URISyntaxException e3) {
                e = e3;
                Logger.e(TAG, "Error while resolving FacetID", e);
                return str2;
            }
        } catch (URISyntaxException e4) {
            str2 = null;
            e = e4;
        }
    }

    private void updateFacetIDsList(CacheUpdateStrategy cacheUpdateStrategy, String str, Version version, int i) {
        String header;
        if (cacheUpdateStrategy != CacheUpdateStrategy.ForceUpdate && (cacheUpdateStrategy != CacheUpdateStrategy.CheckDefaultPeriod || new Date().getTime() <= this.mPreferences.getLong(EXPIRE_TIME, 0L))) {
            Logger.i(TAG, "TrustedFacets list is up to date.");
            return;
        }
        Logger.i(TAG, "Need to update TrustedFacets list");
        Logger.i(TAG, "Send request to " + str);
        StringBuilder sb = new StringBuilder("");
        long j = 0;
        boolean z = false;
        try {
            try {
                HttpClient httpClient = new HttpClient(str, HttpClient.HttpMethod.GET);
                JsonElement jsonElement = Mfac.Instance().getConfig().get(AppSDKConfig.Key.allowedSslProtocols);
                httpClient.setAllowedSSLProtocols(jsonElement != null ? (String[]) new Gson().fromJson(jsonElement, String[].class) : null);
                httpClient.setFollowRedirects(false);
                httpClient.addHeader("Accept", MIME_Content_Type);
                httpClient.sendRequest();
                int statusCode = httpClient.getStatusCode();
                if (statusCode >= 300 && statusCode < 400) {
                    Logger.i(TAG, "Conditional: (statusCode >= 300 && statusCode < 400)");
                    String header2 = httpClient.getHeader(FIDO_APPID_REDIRECT_AUTHORIZED, 0);
                    if (header2 == null || !header2.matches("true") || (header = httpClient.getHeader("Location", 0)) == null || header == null || !isHTTPS(header)) {
                        Logger.e(TAG, "Missing or incomplete FIDO-AppID-Redirect-Authorized header");
                    } else {
                        z = true;
                        if (i >= 5) {
                            Logger.e(TAG, "Failed to get FacetIDs list - too much redirections!");
                        } else {
                            updateFacetIDsList(cacheUpdateStrategy, header, version, i + 1);
                        }
                    }
                } else if (statusCode == 200) {
                    Logger.i(TAG, "Conditional: (statusCode == 200)");
                    String header3 = httpClient.getHeader("Content-Type", 0);
                    if (header3 == null) {
                        Logger.e(TAG, "Missing or incomplete content type(contentType) header");
                    } else if (header3.contains(MIME_Content_Type)) {
                        Logger.i(TAG, "Conditional: application/fido.trusted-apps+json");
                        Scanner useDelimiter = new Scanner(httpClient.getResponse()).useDelimiter("\\A");
                        String next = useDelimiter.hasNext() ? useDelimiter.next() : null;
                        useDelimiter.close();
                        if (next != null && next.length() > 0) {
                            Logger.i(TAG, "Conditional: jsonResponse != null && jsonResponse.length() > 0");
                            TrustedFacets[] trustedFacetsArr = ((TrustedApps) new Gson().fromJson(next, TrustedApps.class)).trustedFacets;
                            String leastSpecific = getLeastSpecific(this.mAppID);
                            for (TrustedFacets trustedFacets : trustedFacetsArr) {
                                if (trustedFacets.version.equals(version)) {
                                    for (String str2 : trustedFacets.ids) {
                                        if (validateFacets(str2, leastSpecific)) {
                                            sb.append(str2).append(LIST_SPLITER);
                                        }
                                    }
                                }
                            }
                            String header4 = httpClient.getHeader("Expires", 0);
                            if (header4 != null) {
                                j = getExpires(header4);
                            }
                        }
                    }
                }
                if (z) {
                    return;
                }
                SharedPreferences.Editor edit = this.mPreferences.edit();
                edit.putString(IDS_LIST, sb.toString());
                edit.putLong(EXPIRE_TIME, j);
                edit.apply();
            } catch (JsonParseException e) {
                Logger.e(TAG, "Failed at parsing TrustedFacets JSON", e);
                if (0 == 0) {
                    SharedPreferences.Editor edit2 = this.mPreferences.edit();
                    edit2.putString(IDS_LIST, sb.toString());
                    edit2.putLong(EXPIRE_TIME, 0L);
                    edit2.apply();
                }
            } catch (IOException e2) {
                Logger.e(TAG, "Failed to retrieve TrustedFacets list", e2);
                if (0 == 0) {
                    SharedPreferences.Editor edit3 = this.mPreferences.edit();
                    edit3.putString(IDS_LIST, sb.toString());
                    edit3.putLong(EXPIRE_TIME, 0L);
                    edit3.apply();
                }
            }
        } catch (Throwable th) {
            if (0 == 0) {
                SharedPreferences.Editor edit4 = this.mPreferences.edit();
                edit4.putString(IDS_LIST, sb.toString());
                edit4.putLong(EXPIRE_TIME, 0L);
                edit4.apply();
            }
            throw th;
        }
    }

    private boolean validateFacets(String str, String str2) {
        if (str.startsWith("android:apk-key-hash:")) {
            return true;
        }
        if (isHTTPS(str) && str2 != null) {
            try {
                if (new URL(str).getHost().endsWith(str2)) {
                    return true;
                }
            } catch (MalformedURLException e) {
                Logger.e(TAG, "Failed to parse URL", e);
            }
            return false;
        }
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x00b5, code lost:
    
        if (new java.net.URL(r8.mAppID).getHost().compareToIgnoreCase(new java.net.URL(r0).getHost()) != 0) goto L42;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String validateCaller(int r9, int r10, android.app.Activity r11, java.lang.String r12, com.noknok.android.client.asm.api.uaf.json.Version r13) {
        /*
            Method dump skipped, instructions count: 277
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.uaf.framework.service.FacetIDsValidator.validateCaller(int, int, android.app.Activity, java.lang.String, com.noknok.android.client.asm.api.uaf.json.Version):java.lang.String");
    }
}
