package com.huawei.nfc.openapi.impl.util;

import android.content.Context;
import android.text.TextUtils;
import com.huawei.nfc.carrera.logic.dbmanager.IssuerInfoItem;
import com.huawei.nfc.carrera.logic.model.AppInfo;
import com.huawei.nfc.carrera.server.card.impl.CommonCardServer;
import com.huawei.nfc.carrera.server.card.request.QueryIssuerInfoRequest;
import com.huawei.nfc.carrera.server.card.response.IssuerInfoServerItem;
import com.huawei.nfc.carrera.server.card.response.QueryIssuerInfoResponse;
import com.huawei.nfc.carrera.util.LogX;
import com.huawei.nfc.carrera.util.PackageSignatureUtil;
import com.huawei.nfc.carrera.util.json.JsonUtil;
import com.huawei.nfc.carrera.wear.server.health.card.impl.health.CardServer;
import com.huawei.wallet.base.common.grs.wisecloudvirtualcard.WiseCloudVirtualCardServer;
import java.security.AccessControlException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import o.ejf;
import o.ejj;
import o.ejl;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes9.dex */
public class CheckApkSignatrueUtil {
    public static final int DELETE_CARD_BIT = 32;
    private static final String DIC_NAME = "apk.signature";
    private static final String DIC_NAME_OPENAPI_ACCESS_RULE = "openapi_access_rule";
    public static final int ISSUE_CARD_BIT = 4;
    public static final int PRE_ISSUE_CARD_BIT = 2;
    public static final int QUERY_CPLC_BIT = 1;
    public static final int QUERY_TRAFFIC_CARD_INFO_BIT = 16;
    public static final int RECHARGE_BIT = 8;
    public static final int RESERVED_BIT = 128;
    public static final int START_SET_DEFAULT_BIT = 64;

    public static boolean checkApkSignatrue(Context context, String str, String str2, ArrayList<String> arrayList) {
        if (arrayList.contains(str)) {
            return true;
        }
        QueryIssuerInfoRequest queryIssuerInfoRequest = new QueryIssuerInfoRequest();
        queryIssuerInfoRequest.timeStamp = 0L;
        queryIssuerInfoRequest.setIsNeedServiceTokenAuth(false);
        QueryIssuerInfoResponse queryIssuerInfo = new CommonCardServer(context, "Wallet").queryIssuerInfo(queryIssuerInfoRequest);
        if (queryIssuerInfo != null && queryIssuerInfo.returnCode == 0 && queryIssuerInfo.issueInfos != null) {
            IssuerInfoItem issuerInfoItem = null;
            for (IssuerInfoServerItem issuerInfoServerItem : queryIssuerInfo.issueInfos) {
                if (str2.equals(issuerInfoServerItem.getIssuerId())) {
                    issuerInfoItem = new IssuerInfoItem(issuerInfoServerItem);
                }
            }
            try {
                return checkSign(str, issuerInfoItem, PackageSignatureUtil.getInstalledAppHashList(context, str), arrayList);
            } catch (AccessControlException unused) {
                LogX.e("CheckApkSignatrueUtil checkSignatrue failed. get app hash AccessControlException. pkg : " + str);
            } catch (NoSuchAlgorithmException unused2) {
                LogX.e("CheckApkSignatrueUtil checkSignatrue failed. get app hash NoSuchAlgorithmException. pkg : " + str);
                return false;
            } catch (CertificateException unused3) {
                LogX.e("CheckApkSignatrueUtil checkSignatrue failed. get app hash CertificateException. pkg : " + str);
                return false;
            }
        }
        return false;
    }

    public static boolean checkCaller(Context context, String str, ArrayList<String> arrayList) {
        if (arrayList.contains(str)) {
            LogX.d("CheckApkSignatrueUtil checkCaller success end");
            return true;
        }
        ejf ejfVar = new ejf();
        ejfVar.d(str);
        ejfVar.a(DIC_NAME);
        ejfVar.setIsNeedServiceTokenAuth(false);
        ejl b = new WiseCloudVirtualCardServer(context, CardServer.MODULE_NAME_WISE_CLOUD_VIRTUAL_CARD).b(ejfVar);
        if (b == null || b.returnCode != 0) {
            StringBuilder sb = new StringBuilder();
            sb.append("CheckApkSignatrueUtil checkCaller failed. query server failed. retCode = ");
            sb.append(b == null ? "response is null" : Integer.valueOf(b.returnCode));
            LogX.w(sb.toString());
            return false;
        }
        if (b.d.size() <= 0) {
            LogX.w("CheckApkSignatrueUtil checkCaller failed. dicItems size <= 0.");
            return false;
        }
        try {
            List<String> installedAppHashList = PackageSignatureUtil.getInstalledAppHashList(context, str);
            if (installedAppHashList != null && installedAppHashList.size() > 0) {
                StringBuilder sb2 = new StringBuilder();
                Iterator<String> it = installedAppHashList.iterator();
                while (it.hasNext()) {
                    sb2.append(it.next());
                }
                String sb3 = sb2.toString();
                Iterator<ejj> it2 = b.d.iterator();
                while (it2.hasNext()) {
                    ejj next = it2.next();
                    if (str.equals(next.b()) && sb3.equals(next.e())) {
                        arrayList.add(str);
                        LogX.d("CheckApkSignatrueUtil checkCaller success end");
                        return true;
                    }
                }
            }
            LogX.w("checkCaller failed. The caller pkg is not allowed. pkg = " + str);
            return false;
        } catch (AccessControlException unused) {
            LogX.w("CheckApkSignatrueUtil checkCaller failed. get app hash AccessControlException. pkg : " + str);
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            LogX.w("CheckApkSignatrueUtil checkCaller failed. get app hash NoSuchAlgorithmException. pkg : " + str);
            return false;
        } catch (CertificateException unused3) {
            LogX.w("CheckApkSignatrueUtil checkCaller failed. get app hash CertificateException. pkg : " + str);
            return false;
        }
    }

    public static boolean checkCallerAccessRule(Context context, String str, String str2, int i) {
        String stringValue;
        ArrayList<String> stringArrayValue;
        ejf ejfVar = new ejf();
        ejfVar.d(str);
        ejfVar.a(DIC_NAME_OPENAPI_ACCESS_RULE);
        ejfVar.setIsNeedServiceTokenAuth(false);
        ejl b = new WiseCloudVirtualCardServer(context, CardServer.MODULE_NAME_WISE_CLOUD_VIRTUAL_CARD).b(ejfVar);
        if (b == null || b.returnCode != 0) {
            StringBuilder sb = new StringBuilder();
            sb.append("CheckApkSignatrueUtil checkCallerAccessRule failed. query server failed. retCode = ");
            sb.append(b == null ? "response is null" : Integer.valueOf(b.returnCode));
            LogX.w(sb.toString());
            return false;
        }
        if (b.d.size() <= 0) {
            LogX.w("CheckApkSignatrueUtil checkCallerAccessRule failed. dicItems size <= 0.");
            return false;
        }
        try {
            List<String> installedAppHashList = PackageSignatureUtil.getInstalledAppHashList(context, str);
            if (installedAppHashList != null && installedAppHashList.size() > 0) {
                StringBuilder sb2 = new StringBuilder();
                Iterator<String> it = installedAppHashList.iterator();
                while (it.hasNext()) {
                    sb2.append(it.next());
                }
                String sb3 = sb2.toString();
                Iterator<ejj> it2 = b.d.iterator();
                while (it2.hasNext()) {
                    ejj next = it2.next();
                    try {
                        stringValue = JsonUtil.getStringValue(new JSONObject(next.e()), "sign");
                        stringArrayValue = JsonUtil.getStringArrayValue(new JSONObject(next.e()), "issuers");
                    } catch (NumberFormatException unused) {
                        LogX.e("NumberFormatException error ");
                    } catch (JSONException unused2) {
                        LogX.e("parseReservedJson error ");
                    }
                    if (stringArrayValue != null && !stringArrayValue.isEmpty()) {
                        Iterator<String> it3 = stringArrayValue.iterator();
                        while (it3.hasNext()) {
                            String next2 = it3.next();
                            String stringValue2 = JsonUtil.getStringValue(new JSONObject(next2), "issuerId");
                            String stringValue3 = JsonUtil.getStringValue(new JSONObject(next2), "accessRule");
                            if (TextUtils.isEmpty(stringValue3)) {
                                LogX.d("CheckApkSignatrueUtil check access rule failed , rule is null");
                                return false;
                            }
                            if (str.equals(next.b()) && sb3.equals(stringValue) && str2.equals(stringValue2)) {
                                if ((Integer.parseInt(stringValue3.replace("0x", ""), 16) & i) != 0) {
                                    LogX.d("CheckApkSignatrueUtil check access rule success end");
                                    return true;
                                }
                                LogX.d("CheckApkSignatrueUtil check access rule failed end");
                            }
                        }
                    }
                    return false;
                }
            }
            LogX.w("checkCallerAccessRule failed. The caller issuers is not allowed. issuers = " + str2);
            return false;
        } catch (AccessControlException unused3) {
            LogX.w("CheckApkSignatrueUtil checkCallerAccessRule failed. get app hash AccessControlException. pkg : " + str);
            return false;
        } catch (NoSuchAlgorithmException unused4) {
            LogX.w("CheckApkSignatrueUtil checkCallerAccessRule failed. get app hash NoSuchAlgorithmException. pkg : " + str);
            return false;
        } catch (CertificateException unused5) {
            LogX.w("CheckApkSignatrueUtil checkCallerAccessRule failed. get app hash CertificateException. pkg : " + str);
            return false;
        }
    }

    private static boolean checkSign(String str, IssuerInfoItem issuerInfoItem, List<String> list, ArrayList<String> arrayList) {
        if (issuerInfoItem != null && list != null && list.size() > 0) {
            StringBuilder sb = new StringBuilder();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sb.append(it.next());
            }
            String sb2 = sb.toString();
            for (AppInfo appInfo : issuerInfoItem.getAppInfos()) {
                if (str.equals(appInfo.getIssuerAppPkg()) && sb2.equals(appInfo.getApkSign())) {
                    arrayList.add(str);
                    return true;
                }
            }
        }
        LogX.i("checkSignatrue failed. The caller pkg is not allowed. pkg = " + str);
        return false;
    }
}
