package org.sufficientlysecure.keychain.remote;

import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Binder;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import org.openintents.openpgp.OpenPgpError;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.daos.ApiAppDao;
import timber.log.Timber;

/* loaded from: classes.dex */
public class ApiPermissionHelper {
    private final ApiAppDao mApiAppDao;
    private final Context mContext;
    private PackageManager mPackageManager;

    /* loaded from: classes.dex */
    public static class WrongPackageCertificateException extends Exception {
        private static final long serialVersionUID = -8294642703122196028L;

        public WrongPackageCertificateException(String str) {
            super(str);
        }
    }

    public ApiPermissionHelper(Context context, ApiAppDao apiAppDao) {
        this.mContext = context;
        this.mPackageManager = context.getPackageManager();
        this.mApiAppDao = apiAppDao;
    }

    private byte[] getPackageCertificate(String str) throws PackageManager.NameNotFoundException {
        Signature[] signatureArr = this.mContext.getPackageManager().getPackageInfo(str, 64).signatures;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (Signature signature : signatureArr) {
            try {
                byteArrayOutputStream.write(signature.toByteArray());
            } catch (IOException unused) {
                throw new RuntimeException("Should not happen! Writing ByteArrayOutputStream to concat certificates failed");
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    private boolean isCallerAllowed() throws WrongPackageCertificateException {
        return isUidAllowed(Binder.getCallingUid());
    }

    private boolean isUidAllowed(int i) throws WrongPackageCertificateException {
        for (String str : this.mPackageManager.getPackagesForUid(i)) {
            if (isPackageAllowed(str)) {
                return true;
            }
        }
        Timber.e("Uid is NOT allowed!", new Object[0]);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCurrentCallingPackage() {
        String str = this.mPackageManager.getPackagesForUid(Binder.getCallingUid())[0];
        Timber.d("currentPkg: " + str, new Object[0]);
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getPackageCertificateOrError(String str) {
        try {
            return getPackageCertificate(str);
        } catch (PackageManager.NameNotFoundException unused) {
            throw new AssertionError("Package signature must be retrievable");
        }
    }

    public boolean isAllowedIgnoreErrors() {
        try {
            return isCallerAllowed();
        } catch (WrongPackageCertificateException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Intent isAllowedOrReturnIntent(Intent intent) {
        ApiPendingIntentFactory apiPendingIntentFactory = new ApiPendingIntentFactory(this.mContext);
        try {
            if (isCallerAllowed()) {
                return null;
            }
            String currentCallingPackage = getCurrentCallingPackage();
            Timber.d("isAllowed packageName: " + currentCallingPackage, new Object[0]);
            try {
                byte[] packageCertificate = getPackageCertificate(currentCallingPackage);
                Timber.e("Not allowed to use service! return PendingIntent for registration!", new Object[0]);
                PendingIntent createRegisterPendingIntent = apiPendingIntentFactory.createRegisterPendingIntent(intent, currentCallingPackage, packageCertificate);
                Intent intent2 = new Intent();
                intent2.putExtra("result_code", 2);
                intent2.putExtra("intent", createRegisterPendingIntent);
                return intent2;
            } catch (PackageManager.NameNotFoundException e) {
                Timber.e(e, "Should not happen, returning!", new Object[0]);
                Intent intent3 = new Intent();
                intent3.putExtra("result_code", 0);
                intent3.putExtra("error", new OpenPgpError(0, e.getMessage()));
                return intent3;
            }
        } catch (WrongPackageCertificateException e2) {
            Timber.e(e2, "wrong signature!", new Object[0]);
            PendingIntent createErrorPendingIntent = apiPendingIntentFactory.createErrorPendingIntent(intent, this.mContext.getString(R.string.api_error_wrong_signature));
            Intent intent4 = new Intent();
            intent4.putExtra("result_code", 2);
            intent4.putExtra("intent", createErrorPendingIntent);
            return intent4;
        }
    }

    public boolean isPackageAllowed(String str) throws WrongPackageCertificateException {
        Timber.d("isPackageAllowed packageName: " + str, new Object[0]);
        byte[] apiAppCertificate = this.mApiAppDao.getApiAppCertificate(str);
        if (!(apiAppCertificate != null)) {
            Timber.d("Package is NOT allowed! packageName: " + str, new Object[0]);
            return false;
        }
        Timber.d("Package is allowed! packageName: " + str, new Object[0]);
        try {
            if (!Arrays.equals(getPackageCertificate(str), apiAppCertificate)) {
                throw new WrongPackageCertificateException("PACKAGE NOT ALLOWED DUE TO CERTIFICATE MISMATCH!");
            }
            Timber.d("Package certificate matches expected.", new Object[0]);
            return true;
        } catch (PackageManager.NameNotFoundException e) {
            throw new WrongPackageCertificateException(e.getMessage());
        }
    }
}
