package h7;

import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Log;
import com.landicorp.android.landibandb3sdk.openmobileapi.service.j;
import h7.d;
import java.io.ByteArrayInputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.MissingResourceException;

/* compiled from: AccessControlEnforcer.java */
/* loaded from: classes2.dex */
public class a {

    /* renamed from: f, reason: collision with root package name */
    private b f23899f;

    /* renamed from: h, reason: collision with root package name */
    private j f23901h;

    /* renamed from: a, reason: collision with root package name */
    private PackageManager f23894a = null;

    /* renamed from: b, reason: collision with root package name */
    private i7.b f23895b = null;

    /* renamed from: c, reason: collision with root package name */
    private boolean f23896c = true;

    /* renamed from: d, reason: collision with root package name */
    private j7.a f23897d = null;

    /* renamed from: e, reason: collision with root package name */
    private boolean f23898e = false;

    /* renamed from: g, reason: collision with root package name */
    private boolean f23900g = false;

    /* renamed from: i, reason: collision with root package name */
    private d f23902i = new d();

    /* renamed from: j, reason: collision with root package name */
    private boolean f23903j = false;

    /* renamed from: k, reason: collision with root package name */
    private boolean f23904k = false;

    public a(j jVar) {
        this.f23899f = null;
        this.f23901h = null;
        this.f23901h = jVar;
        this.f23899f = new b();
    }

    public static Certificate d(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static byte[] i(Certificate certificate) throws CertificateEncodingException {
        MessageDigest messageDigest;
        int i10 = 0;
        while (true) {
            if (i10 >= 10) {
                messageDigest = null;
                break;
            }
            try {
                messageDigest = MessageDigest.getInstance("SHA");
                break;
            } catch (Exception unused) {
                i10++;
            }
        }
        if (messageDigest != null) {
            return messageDigest.digest(certificate.getEncoded());
        }
        throw new SecurityException("Hash can not be computed");
    }

    private synchronized d l(byte[] bArr, String str) {
        Certificate[] j10;
        if (str != null) {
            if (!str.isEmpty()) {
                try {
                    j10 = j(str);
                    if (j10 == null || j10.length == 0) {
                        throw new SecurityException("Application certificates are invalid or do not exist.");
                    }
                } catch (Exception e10) {
                    throw new SecurityException(e10.getMessage());
                }
            }
        }
        throw new SecurityException("package names must be specified");
        return c(bArr, j10);
    }

    public static byte[] m() {
        return i7.b.f();
    }

    private void p() {
        this.f23898e = false;
        this.f23896c = false;
        this.f23903j = false;
        Log.i("SmartcardService", "Allowed ACE mode: ara=" + this.f23896c + " arf=" + this.f23898e + " fullaccess=" + this.f23903j);
    }

    public j a() {
        return this.f23901h;
    }

    public d b(byte[] bArr, String str) {
        d l10;
        if (this.f23902i.k() == d.a.DENIED) {
            throw new SecurityException("Access Control Enforcer: access denied: " + this.f23902i.n());
        }
        if (this.f23896c || this.f23898e) {
            try {
                l10 = l(bArr, str);
            } catch (Exception e10) {
                if (e10 instanceof MissingResourceException) {
                    throw new MissingResourceException("Access Control Enforcer: " + e10.getMessage(), "", "");
                }
                throw new SecurityException("Access Control Enforcer: access denied: " + e10.getMessage());
            }
        } else {
            l10 = null;
        }
        if (l10 == null || (l10.j() != d.a.ALLOWED && !l10.l())) {
            if (!this.f23903j) {
                throw new SecurityException("Access Control Enforcer: no APDU access allowed!");
            }
            l10 = this.f23902i;
        }
        l10.e(str);
        return l10.clone();
    }

    public d c(byte[] bArr, Certificate[] certificateArr) throws SecurityException, CertificateEncodingException {
        d b10 = this.f23900g ? this.f23899f.b(bArr, certificateArr) : null;
        if (b10 != null) {
            return b10;
        }
        d dVar = new d();
        d.a aVar = d.a.DENIED;
        dVar.d(aVar, "no access rule found!");
        dVar.c(aVar);
        dVar.i(aVar);
        return dVar;
    }

    public void e(PackageManager packageManager) {
        this.f23894a = packageManager;
    }

    public synchronized void f(com.landicorp.android.landibandb3sdk.openmobileapi.service.a aVar, byte[] bArr) {
        d i10 = aVar.i();
        if (i10 == null) {
            throw new SecurityException("Access Control Enforcer: Channel access not set");
        }
        String n10 = i10.n();
        if (n10.length() == 0) {
            n10 = "Command not allowed!";
        }
        d.a k10 = i10.k();
        d.a aVar2 = d.a.ALLOWED;
        if (k10 != aVar2) {
            throw new SecurityException("Access Control Enforcer: " + n10);
        }
        if (!i10.l()) {
            if (i10.j() != aVar2) {
                throw new SecurityException("Access Control Enforcer: APDU access NOT allowed");
            }
            return;
        }
        c[] o10 = i10.o();
        if (o10 == null || o10.length == 0) {
            throw new SecurityException("Access Control Enforcer: Access Rule not available: " + n10);
        }
        for (c cVar : o10) {
            if (e.b(bArr, cVar.e(), cVar.d())) {
                return;
            }
        }
        throw new SecurityException("Access Control Enforcer: Access Rule does not match: " + n10);
    }

    public void g(PrintWriter printWriter, String str) {
        printWriter.println(str + "SmartcardService:");
        StringBuilder sb2 = new StringBuilder();
        sb2.append(str);
        sb2.append("  ");
        String sb3 = sb2.toString();
        printWriter.println(sb3 + "mUseArf: " + this.f23898e);
        printWriter.println(sb3 + "mUseAra: " + this.f23896c);
        StringBuilder sb4 = new StringBuilder();
        sb4.append(sb3);
        sb4.append("mInitialChannelAccess:");
        printWriter.println(sb4.toString());
        printWriter.println(sb3 + "  " + this.f23902i.toString());
        printWriter.println();
        b bVar = this.f23899f;
        if (bVar != null) {
            bVar.f(printWriter, sb3);
        }
    }

    public synchronized boolean h(boolean z10, com.landicorp.android.landibandb3sdk.openmobileapi.service.d dVar) {
        boolean z11;
        boolean z12;
        j7.a aVar;
        String str = "";
        d dVar2 = this.f23902i;
        d.a aVar2 = d.a.ALLOWED;
        dVar2.c(aVar2);
        this.f23902i.i(aVar2);
        this.f23902i.d(aVar2, "");
        p();
        if (!this.f23901h.t().startsWith("SIM")) {
            this.f23903j = true;
        }
        if (this.f23896c && this.f23895b == null) {
            this.f23895b = new i7.b(this);
        }
        z11 = false;
        if (this.f23896c) {
            try {
                this.f23895b.e(z10, dVar);
                Log.i("SmartcardService", "ARA applet is used for:" + this.f23901h.t());
                this.f23898e = false;
                this.f23903j = false;
            } catch (Exception e10) {
                this.f23896c = false;
                str = e10.getLocalizedMessage();
                if (e10 instanceof MissingResourceException) {
                    if (!this.f23901h.t().startsWith("SIM")) {
                        throw new MissingResourceException(e10.getMessage(), "", "");
                    }
                    Log.w("SmartcardService", "Got MissingResourceException: Does the UICC support logical channel?");
                    Log.w("SmartcardService", "Full message: " + e10.getMessage());
                } else if (this.f23895b.d()) {
                    Log.i("SmartcardService", "No ARA applet found in: " + this.f23901h.t());
                } else {
                    Log.i("SmartcardService", "AccessControlEnforcer - Problem accessing ARA, Access DENIED. " + e10.getLocalizedMessage());
                    this.f23898e = false;
                    this.f23903j = false;
                    z12 = false;
                }
            }
        }
        z12 = true;
        if (this.f23898e && !this.f23901h.t().startsWith("SIM")) {
            Log.i("SmartcardService", "Disable ARF for terminal: " + this.f23901h.t() + " (ARF is only available for UICC)");
            this.f23898e = false;
        }
        if (this.f23898e && this.f23897d == null) {
            this.f23897d = new j7.a(this);
        }
        if (this.f23898e && (aVar = this.f23897d) != null) {
            try {
                aVar.b(dVar);
                Log.i("SmartcardService", "ARF rules are used for:" + this.f23901h.t());
                this.f23903j = false;
            } catch (Exception e11) {
                this.f23898e = false;
                str = e11.getLocalizedMessage();
                Log.e("SmartcardService", e11.getMessage());
            }
        }
        z11 = z12;
        if (this.f23903j) {
            d dVar3 = this.f23902i;
            d.a aVar3 = d.a.ALLOWED;
            dVar3.c(aVar3);
            this.f23902i.i(aVar3);
            this.f23902i.d(aVar3, "");
            Log.i("SmartcardService", "Full access granted for:" + this.f23901h.t());
        }
        if (!this.f23898e && !this.f23896c && !this.f23903j) {
            d dVar4 = this.f23902i;
            d.a aVar4 = d.a.DENIED;
            dVar4.c(aVar4);
            this.f23902i.i(aVar4);
            this.f23902i.d(aVar4, str);
            Log.i("SmartcardService", "Deny any access to:" + this.f23901h.t());
        }
        this.f23900g = z11;
        this.f23904k = true;
        return z11;
    }

    public Certificate[] j(String str) throws CertificateException, NoSuchAlgorithmException, SecurityException {
        if (str == null || str.length() == 0) {
            throw new SecurityException("Package Name not defined");
        }
        try {
            PackageInfo packageInfo = this.f23894a.getPackageInfo(str, 64);
            if (packageInfo == null) {
                throw new SecurityException("Package does not exist");
            }
            ArrayList arrayList = new ArrayList();
            for (Signature signature : packageInfo.signatures) {
                arrayList.add(d(signature.toByteArray()));
            }
            return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        } catch (PackageManager.NameNotFoundException unused) {
            throw new SecurityException("Package does not exist");
        }
    }

    public b k() {
        return this.f23899f;
    }

    public synchronized void n() {
        Log.i("SmartcardService", "Reset the ACE for terminal:" + this.f23901h.t());
        this.f23895b = null;
        this.f23897d = null;
    }

    public boolean o() {
        return this.f23904k;
    }
}
