package androidx.car.app.validation;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.content.pm.SigningInfo;
import android.os.Build;
import android.os.Process;
import android.support.v4.media.c;
import android.util.Log;
import android.util.Pair;
import androidx.car.app.HostInfo;
import androidx.car.app.utils.LogTags;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes.dex */
public final class HostValidator {
    public static final HostValidator ALLOW_ALL_HOSTS_VALIDATOR = new HostValidator(null, new HashMap(), true);
    public static final String TEMPLATE_RENDERER_PERMISSION = "android.car.permission.TEMPLATE_RENDERER";
    private final boolean mAllowAllHosts;
    private final Map<String, List<String>> mAllowedHosts;
    private final Map<String, Pair<Integer, Boolean>> mCallerChecked = new HashMap();
    private final PackageManager mPackageManager;

    /* loaded from: classes.dex */
    public static final class Api28Impl {
        private Api28Impl() {
        }

        public static PackageInfo getPackageInfo(PackageManager packageManager, String str) {
            return packageManager.getPackageInfo(str, 134221824);
        }

        public static Signature[] getSignatures(PackageInfo packageInfo) {
            SigningInfo signingInfo = packageInfo.signingInfo;
            if (signingInfo == null) {
                return null;
            }
            return signingInfo.getSigningCertificateHistory();
        }
    }

    /* loaded from: classes.dex */
    public static final class Builder {
        private final Map<String, List<String>> mAllowedHosts = new HashMap();
        private final Context mContext;

        public Builder(Context context) {
            this.mContext = context;
        }

        private String cleanUp(String str) {
            return str.toLowerCase(Locale.US).replace(" ", "");
        }

        public Builder addAllowedHost(String str, String str2) {
            Objects.requireNonNull(str);
            Objects.requireNonNull(str2);
            List<String> list = this.mAllowedHosts.get(str);
            if (list == null) {
                list = new ArrayList<>();
                this.mAllowedHosts.put(str, list);
            }
            list.add(str2);
            return this;
        }

        @SuppressLint({"MissingGetterMatchingBuilder"})
        public Builder addAllowedHosts(int i10) {
            String[] stringArray = this.mContext.getResources().getStringArray(i10);
            if (stringArray == null) {
                throw new IllegalArgumentException(c.j("Invalid allowlist res id: ", i10));
            }
            for (String str : stringArray) {
                String[] split = str.split(",", -1);
                if (split.length != 2) {
                    throw new IllegalArgumentException(c.n("Invalid allowed host entry: '", str, "'"));
                }
                addAllowedHost(cleanUp(split[1]), cleanUp(split[0]));
            }
            return this;
        }

        public HostValidator build() {
            return new HostValidator(this.mContext.getPackageManager(), this.mAllowedHosts, false);
        }
    }

    public HostValidator(PackageManager packageManager, Map<String, List<String>> map, boolean z10) {
        this.mPackageManager = packageManager;
        this.mAllowedHosts = map;
        this.mAllowAllHosts = z10;
    }

    private Boolean checkCache(HostInfo hostInfo) {
        Pair<Integer, Boolean> pair = this.mCallerChecked.get(hostInfo.getPackageName());
        if (pair != null && ((Integer) pair.first).intValue() == hostInfo.getUid()) {
            return (Boolean) pair.second;
        }
        return null;
    }

    private String getDigest(Signature signature) {
        byte[] byteArray = signature.toByteArray();
        MessageDigest messageDigest = getMessageDigest();
        if (messageDigest == null) {
            return null;
        }
        messageDigest.update(byteArray);
        byte[] digest = messageDigest.digest();
        StringBuilder sb = new StringBuilder((digest.length * 3) - 1);
        for (byte b10 : digest) {
            sb.append(String.format("%02x", Byte.valueOf(b10)));
        }
        return sb.toString();
    }

    private static MessageDigest getMessageDigest() {
        try {
            return MessageDigest.getInstance("SHA256");
        } catch (NoSuchAlgorithmException e10) {
            Log.e(LogTags.TAG_HOST_VALIDATION, "Could not find SHA256 hash algorithm", e10);
            return null;
        }
    }

    private PackageInfo getPackageInfo(String str) {
        try {
            PackageManager packageManager = this.mPackageManager;
            if (packageManager != null) {
                return Build.VERSION.SDK_INT >= 28 ? Api28Impl.getPackageInfo(packageManager, str) : packageManager.getPackageInfo(str, 4160);
            }
            Log.d(LogTags.TAG_HOST_VALIDATION, "PackageManager is null. Package info cannot be found for package " + str);
            return null;
        } catch (PackageManager.NameNotFoundException e10) {
            Log.w(LogTags.TAG_HOST_VALIDATION, "Package " + str + " not found", e10);
            return null;
        }
    }

    private Signature[] getSignatures(PackageInfo packageInfo) {
        if (Build.VERSION.SDK_INT >= 28) {
            return Api28Impl.getSignatures(packageInfo);
        }
        Signature[] signatureArr = packageInfo.signatures;
        if (signatureArr == null || signatureArr.length != 1) {
            return null;
        }
        return signatureArr;
    }

    private static boolean hasPermissionGranted(PackageInfo packageInfo, String str) {
        if (packageInfo.requestedPermissionsFlags != null && packageInfo.requestedPermissions != null) {
            int i10 = 0;
            while (true) {
                int[] iArr = packageInfo.requestedPermissionsFlags;
                if (i10 >= iArr.length) {
                    break;
                }
                if ((iArr[i10] & 2) != 0) {
                    String[] strArr = packageInfo.requestedPermissions;
                    if (i10 < strArr.length && str.equals(strArr[i10])) {
                        return true;
                    }
                }
                i10++;
            }
        }
        return false;
    }

    private boolean isAllowListed(String str, Signature[] signatureArr) {
        List<String> list = this.mAllowedHosts.get(str);
        if (list == null) {
            return false;
        }
        for (Signature signature : signatureArr) {
            if (list.contains(getDigest(signature))) {
                return true;
            }
        }
        return false;
    }

    private void updateCache(HostInfo hostInfo, boolean z10) {
        this.mCallerChecked.put(hostInfo.getPackageName(), Pair.create(Integer.valueOf(hostInfo.getUid()), Boolean.valueOf(z10)));
    }

    private boolean validateHost(HostInfo hostInfo) {
        String packageName = hostInfo.getPackageName();
        PackageInfo packageInfo = getPackageInfo(packageName);
        if (packageInfo == null) {
            Log.w(LogTags.TAG_HOST_VALIDATION, "Rejected - package name " + packageName + " not found");
            return false;
        }
        Signature[] signatures = getSignatures(packageInfo);
        if (signatures == null || signatures.length == 0) {
            Log.w(LogTags.TAG_HOST_VALIDATION, "Package " + packageName + " is not signed or it has more than one signature");
            return false;
        }
        int i10 = packageInfo.applicationInfo.uid;
        if (i10 != hostInfo.getUid()) {
            throw new IllegalStateException("Host " + hostInfo + " doesn't match caller's actual UID " + i10);
        }
        boolean hasPermissionGranted = hasPermissionGranted(packageInfo, TEMPLATE_RENDERER_PERMISSION);
        boolean isAllowListed = isAllowListed(packageName, signatures);
        if (i10 == Process.myUid()) {
            if (Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
                Log.d(LogTags.TAG_HOST_VALIDATION, "Accepted - Local service call");
            }
            return true;
        }
        if (isAllowListed) {
            if (Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
                Log.d(LogTags.TAG_HOST_VALIDATION, "Accepted - Host in allow-list");
            }
            return true;
        }
        if (i10 == 1000) {
            if (Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
                Log.d(LogTags.TAG_HOST_VALIDATION, "Accepted - System binding");
            }
            return true;
        }
        if (!hasPermissionGranted) {
            Log.e(LogTags.TAG_HOST_VALIDATION, String.format("Unrecognized host.\nIf this is a valid caller, please add the following to your CarAppService#createHostValidator() implementation:\nreturn new HostValidator.Builder(context)\n\t.addAllowedHost(\"%s\", \"%s\");\n\t.build()", packageName, getDigest(signatures[0])));
            return false;
        }
        if (Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
            Log.d(LogTags.TAG_HOST_VALIDATION, "Accepted - Host has android.car.permission.TEMPLATE_RENDERER");
        }
        return true;
    }

    public Map<String, List<String>> getAllowedHosts() {
        return Collections.unmodifiableMap(this.mAllowedHosts);
    }

    public boolean isValidHost(HostInfo hostInfo) {
        Objects.requireNonNull(hostInfo);
        if (Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
            Log.d(LogTags.TAG_HOST_VALIDATION, "Evaluating " + hostInfo);
        }
        if (this.mAllowAllHosts) {
            if (!Log.isLoggable(LogTags.TAG_HOST_VALIDATION, 3)) {
                return true;
            }
            Log.d(LogTags.TAG_HOST_VALIDATION, "Accepted - Validator disabled, all hosts allowed");
            return true;
        }
        Boolean checkCache = checkCache(hostInfo);
        if (checkCache != null) {
            return checkCache.booleanValue();
        }
        boolean validateHost = validateHost(hostInfo);
        updateCache(hostInfo, validateHost);
        return validateHost;
    }
}
