package com.landicorp.android.band.openmobileapi.service.security;

import android.annotation.SuppressLint;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Log;
import com.landicorp.android.band.openmobileapi.service.Channel;
import com.landicorp.android.band.openmobileapi.service.ISmartcardServiceCallback;
import com.landicorp.android.band.openmobileapi.service.Terminal;
import com.landicorp.android.band.openmobileapi.service.security.ChannelAccess;
import com.landicorp.android.band.openmobileapi.service.security.ara.AraController;
import com.landicorp.android.band.openmobileapi.service.security.arf.ArfController;
import com.xiaomi.mipush.sdk.Constants;
import java.io.ByteArrayInputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.MissingResourceException;

/* compiled from: TbsSdkJava */
/* loaded from: classes5.dex */
public class AccessControlEnforcer {
    private AccessRuleCache mAccessRuleCache;
    private Terminal mTerminal;
    private PackageManager mPackageManager = null;
    private AraController mAraController = null;
    private boolean mUseAra = true;
    private ArfController mArfController = null;
    private boolean mUseArf = false;
    private boolean mRulesRead = false;
    private ChannelAccess mInitialChannelAccess = new ChannelAccess();
    private boolean mFullAccess = false;
    private boolean initialized = false;
    protected boolean[] mNfcEventFlags = null;
    private final String ACCESS_CONTROL_ENFORCER = "Access Control Enforcer: ";

    public AccessControlEnforcer(Terminal terminal) {
        this.mAccessRuleCache = null;
        this.mTerminal = null;
        this.mTerminal = terminal;
        this.mAccessRuleCache = new AccessRuleCache();
    }

    public static Certificate decodeCertificate(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static byte[] getAppCertHash(Certificate certificate) throws CertificateEncodingException {
        MessageDigest messageDigest;
        int i = 0;
        while (true) {
            if (i >= 10) {
                messageDigest = null;
                break;
            }
            try {
                messageDigest = MessageDigest.getInstance("SHA");
                break;
            } catch (Exception unused) {
                i++;
            }
        }
        if (messageDigest != null) {
            return messageDigest.digest(certificate.getEncoded());
        }
        throw new SecurityException("Hash can not be computed");
    }

    public static byte[] getDefaultAccessControlAid() {
        return AraController.getAraMAid();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private synchronized boolean[] internal_isNFCEventAllowed(byte[] bArr, String[] strArr) {
        Certificate[] aPPCerts;
        this.mNfcEventFlags = new boolean[strArr.length];
        int i = 0;
        for (String str : strArr) {
            try {
                aPPCerts = getAPPCerts(str);
            } catch (Exception e) {
                Log.w("SmartcardService", " Access Rules for NFC: " + e.getLocalizedMessage());
                this.mNfcEventFlags[i] = false;
            }
            if (aPPCerts == null || aPPCerts.length == 0) {
                throw new SecurityException("Application certificates are invalid or do not exist.");
                break;
            }
            this.mNfcEventFlags[i] = getAccessRule(bArr, aPPCerts).getNFCEventAccess() == ChannelAccess.ACCESS.ALLOWED;
            i++;
        }
        return this.mNfcEventFlags;
    }

    @SuppressLint({"NewApi"})
    private synchronized ChannelAccess internal_setUpChannelAccess(byte[] bArr, String str) {
        Certificate[] aPPCerts;
        if (str != null) {
            if (!str.isEmpty()) {
                try {
                    aPPCerts = getAPPCerts(str);
                    if (aPPCerts == null || aPPCerts.length == 0) {
                        throw new SecurityException("Application certificates are invalid or do not exist.");
                    }
                } catch (Exception e) {
                    throw new SecurityException(e.getMessage());
                }
            }
        }
        throw new SecurityException("package names must be specified");
        return getAccessRule(bArr, aPPCerts);
    }

    private void readSecurityProfile() {
        this.mUseArf = false;
        this.mUseAra = false;
        this.mFullAccess = false;
        Log.i("SmartcardService", "Allowed ACE mode: ara=" + this.mUseAra + " arf=" + this.mUseArf + " fullaccess=" + this.mFullAccess);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public synchronized void checkCommand(Channel channel, byte[] bArr) {
        ChannelAccess channelAccess = channel.getChannelAccess();
        if (channelAccess == null) {
            throw new SecurityException("Access Control Enforcer: Channel access not set");
        }
        String reason = channelAccess.getReason();
        if (reason.length() == 0) {
            reason = "Command not allowed!";
        }
        if (channelAccess.getAccess() != ChannelAccess.ACCESS.ALLOWED) {
            throw new SecurityException("Access Control Enforcer: " + reason);
        }
        if (!channelAccess.isUseApduFilter()) {
            if (channelAccess.getApduAccess() != ChannelAccess.ACCESS.ALLOWED) {
                throw new SecurityException("Access Control Enforcer: APDU access NOT allowed");
            }
            return;
        }
        ApduFilter[] apduFilter = channelAccess.getApduFilter();
        if (apduFilter == null || apduFilter.length == 0) {
            throw new SecurityException("Access Control Enforcer: Access Rule not available: " + reason);
        }
        for (ApduFilter apduFilter2 : apduFilter) {
            if (CommandApdu.compareHeaders(bArr, apduFilter2.getMask(), apduFilter2.getApdu())) {
                return;
            }
        }
        throw new SecurityException("Access Control Enforcer: Access Rule does not match: " + reason);
    }

    public void dump(PrintWriter printWriter, String str) {
        printWriter.println(String.valueOf(str) + "SmartcardService" + Constants.COLON_SEPARATOR);
        StringBuilder sb = new StringBuilder(String.valueOf(str));
        sb.append("  ");
        String sb2 = sb.toString();
        printWriter.println(String.valueOf(sb2) + "mUseArf: " + this.mUseArf);
        printWriter.println(String.valueOf(sb2) + "mUseAra: " + this.mUseAra);
        StringBuilder sb3 = new StringBuilder(String.valueOf(sb2));
        sb3.append("mInitialChannelAccess:");
        printWriter.println(sb3.toString());
        printWriter.println(String.valueOf(sb2) + "  " + this.mInitialChannelAccess.toString());
        printWriter.println();
        AccessRuleCache accessRuleCache = this.mAccessRuleCache;
        if (accessRuleCache != null) {
            accessRuleCache.dump(printWriter, sb2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Certificate[] getAPPCerts(String str) throws CertificateException, NoSuchAlgorithmException, SecurityException {
        if (str == null || str.length() == 0) {
            throw new SecurityException("Package Name not defined");
        }
        try {
            PackageInfo packageInfo = this.mPackageManager.getPackageInfo(str, 64);
            if (packageInfo == null) {
                throw new SecurityException("Package does not exist");
            }
            ArrayList arrayList = new ArrayList();
            for (Signature signature : packageInfo.signatures) {
                arrayList.add(decodeCertificate(signature.toByteArray()));
            }
            return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        } catch (PackageManager.NameNotFoundException unused) {
            throw new SecurityException("Package does not exist");
        }
    }

    public ChannelAccess getAccessRule(byte[] bArr, Certificate[] certificateArr) throws SecurityException, CertificateEncodingException {
        ChannelAccess findAccessRule = this.mRulesRead ? this.mAccessRuleCache.findAccessRule(bArr, certificateArr) : null;
        if (findAccessRule != null) {
            return findAccessRule;
        }
        ChannelAccess channelAccess = new ChannelAccess();
        channelAccess.setAccess(ChannelAccess.ACCESS.DENIED, "no access rule found!");
        channelAccess.setApduAccess(ChannelAccess.ACCESS.DENIED);
        channelAccess.setNFCEventAccess(ChannelAccess.ACCESS.DENIED);
        return channelAccess;
    }

    public AccessRuleCache getAccessRuleCache() {
        return this.mAccessRuleCache;
    }

    public PackageManager getPackageManager() {
        return this.mPackageManager;
    }

    public Terminal getTerminal() {
        return this.mTerminal;
    }

    public synchronized boolean initialize(boolean z, ISmartcardServiceCallback iSmartcardServiceCallback) {
        boolean z2;
        String str = "";
        this.mInitialChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
        this.mInitialChannelAccess.setNFCEventAccess(ChannelAccess.ACCESS.ALLOWED);
        this.mInitialChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
        readSecurityProfile();
        if (!this.mTerminal.getName().startsWith("SIM")) {
            this.mFullAccess = true;
        }
        if (this.mUseAra && this.mAraController == null) {
            this.mAraController = new AraController(this);
        }
        if (this.mUseAra) {
            try {
                this.mAraController.initialize(z, iSmartcardServiceCallback);
                Log.i("SmartcardService", "ARA applet is used for:" + this.mTerminal.getName());
                this.mUseArf = false;
                this.mFullAccess = false;
            } catch (Exception e) {
                this.mUseAra = false;
                str = e.getLocalizedMessage();
                if (e instanceof MissingResourceException) {
                    if (!this.mTerminal.getName().startsWith("SIM")) {
                        throw new MissingResourceException(e.getMessage(), "", "");
                    }
                    Log.w("SmartcardService", "Got MissingResourceException: Does the UICC support logical channel?");
                    Log.w("SmartcardService", "Full message: " + e.getMessage());
                } else if (this.mAraController.isNoSuchElement()) {
                    Log.i("SmartcardService", "No ARA applet found in: " + this.mTerminal.getName());
                } else {
                    Log.i("SmartcardService", "AccessControlEnforcer - Problem accessing ARA, Access DENIED. " + e.getLocalizedMessage());
                    this.mUseArf = false;
                    this.mFullAccess = false;
                    z2 = false;
                }
            }
        }
        z2 = true;
        if (this.mUseArf && !this.mTerminal.getName().startsWith("SIM")) {
            Log.i("SmartcardService", "Disable ARF for terminal: " + this.mTerminal.getName() + " (ARF is only available for UICC)");
            this.mUseArf = false;
        }
        if (this.mUseArf && this.mArfController == null) {
            this.mArfController = new ArfController(this);
        }
        if (this.mUseArf && this.mArfController != null) {
            try {
                this.mArfController.initialize(iSmartcardServiceCallback);
                Log.i("SmartcardService", "ARF rules are used for:" + this.mTerminal.getName());
                this.mFullAccess = false;
            } catch (Exception e2) {
                this.mUseArf = false;
                str = e2.getLocalizedMessage();
                Log.e("SmartcardService", e2.getMessage());
                z2 = false;
            }
        }
        if (this.mFullAccess) {
            this.mInitialChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
            this.mInitialChannelAccess.setNFCEventAccess(ChannelAccess.ACCESS.ALLOWED);
            this.mInitialChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
            Log.i("SmartcardService", "Full access granted for:" + this.mTerminal.getName());
        }
        if (!this.mUseArf && !this.mUseAra && !this.mFullAccess) {
            this.mInitialChannelAccess.setApduAccess(ChannelAccess.ACCESS.DENIED);
            this.mInitialChannelAccess.setNFCEventAccess(ChannelAccess.ACCESS.DENIED);
            this.mInitialChannelAccess.setAccess(ChannelAccess.ACCESS.DENIED, str);
            Log.i("SmartcardService", "Deny any access to:" + this.mTerminal.getName());
        }
        this.mRulesRead = z2;
        this.initialized = true;
        return z2;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public synchronized boolean[] isNFCEventAllowed(byte[] bArr, String[] strArr) {
        if (!this.mUseAra && !this.mUseArf) {
            boolean[] zArr = new boolean[strArr.length];
            for (int i = 0; i < zArr.length; i++) {
                zArr[i] = this.mFullAccess;
            }
            return zArr;
        }
        return internal_isNFCEventAllowed(bArr, strArr);
    }

    public synchronized void reset() {
        Log.i("SmartcardService", "Reset the ACE for terminal:" + this.mTerminal.getName());
        this.mAraController = null;
        this.mArfController = null;
    }

    public void setPackageManager(PackageManager packageManager) {
        this.mPackageManager = packageManager;
    }

    public ChannelAccess setUpChannelAccess(byte[] bArr, String str) {
        ChannelAccess internal_setUpChannelAccess;
        if (this.mInitialChannelAccess.getAccess() == ChannelAccess.ACCESS.DENIED) {
            throw new SecurityException("Access Control Enforcer: access denied: " + this.mInitialChannelAccess.getReason());
        }
        if (this.mUseAra || this.mUseArf) {
            try {
                internal_setUpChannelAccess = internal_setUpChannelAccess(bArr, str);
            } catch (Exception e) {
                if (e instanceof MissingResourceException) {
                    throw new MissingResourceException("Access Control Enforcer: " + e.getMessage(), "", "");
                }
                throw new SecurityException("Access Control Enforcer: access denied: " + e.getMessage());
            }
        } else {
            internal_setUpChannelAccess = null;
        }
        if (internal_setUpChannelAccess == null || (internal_setUpChannelAccess.getApduAccess() != ChannelAccess.ACCESS.ALLOWED && !internal_setUpChannelAccess.isUseApduFilter())) {
            if (!this.mFullAccess) {
                throw new SecurityException("Access Control Enforcer: no APDU access allowed!");
            }
            internal_setUpChannelAccess = this.mInitialChannelAccess;
        }
        internal_setUpChannelAccess.setPackageName(str);
        return internal_setUpChannelAccess.m63clone();
    }
}
