package com.samsung.android.authfw.client.trustedfacet;

import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.support.v4.media.session.f;
import android.webkit.URLUtil;
import com.samsung.android.authfw.BuildConfig;
import com.samsung.android.authfw.client.CSLog;
import com.samsung.android.authfw.common.utils.HashUtil;
import com.sec.android.fido.uaf.message.protocol.TrustedFacets;
import g3.e;
import i3.a;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class UafTrustedFacetValidator implements TrustedFacetValidator {
    private static final String TAG = "UafTrustedFacetValidator";
    private static final String sCheckPermission = "org.fidoalliance.uaf.permissions.ACT_AS_WEB_BROWSER";

    private String getPublicDomainNameSuffixPlusOne(String str) {
        try {
            String host = new URL(str).getHost();
            if (!a.d(host)) {
                CSLog.v(TAG, "The hostName is malformed.(hostName=" + host + ")");
                return null;
            }
            a b10 = a.b(host);
            if (!b10.c()) {
                CSLog.v(TAG, "The hostName is not public suffix.(hostName=" + host + ")");
                return null;
            }
            a f10 = b10.f();
            if (f10 == null) {
                CSLog.v(TAG, "The hostName has invalid publicSuffix");
                return null;
            }
            int size = (b10.e().size() - f10.e().size()) - 1;
            if (size < 0) {
                return f10.toString();
            }
            return ((String) b10.e().get(size)) + "." + f10.toString();
        } catch (MalformedURLException unused) {
            CSLog.v(TAG, "The url is malformed.(url=" + str + ")");
            return null;
        }
    }

    @Override // com.samsung.android.authfw.client.trustedfacet.TrustedFacetValidator
    public boolean checkPermissionOfRequestingApp(PackageManager packageManager, String str) {
        String str2 = TAG;
        CSLog.v(str2, "checkPermissionOfRequestingApp() is called");
        if (packageManager == null) {
            CSLog.w(str2, "packageManager is null.");
            return false;
        }
        if (str == null) {
            CSLog.w(str2, "packageName is null.");
            return false;
        }
        if (-1 != packageManager.checkPermission(sCheckPermission, str)) {
            return true;
        }
        CSLog.w(str2, str + " doesn't have permission org.fidoalliance.uaf.permissions.ACT_AS_WEB_BROWSER");
        return false;
    }

    @Override // com.samsung.android.authfw.client.trustedfacet.TrustedFacetValidator
    public Set<String> getHashOfSignature(PackageManager packageManager, String str) {
        PackageInfo packageInfo;
        String str2 = TAG;
        CSLog.v(str2, "getHashOfSignature() is called");
        HashSet hashSet = new HashSet();
        if (packageManager == null) {
            CSLog.w(str2, "packageManager is null.");
            return hashSet;
        }
        if (str == null) {
            CSLog.w(str2, "packageName is null.");
            return hashSet;
        }
        try {
            packageInfo = packageManager.getPackageInfo(str, 64);
        } catch (PackageManager.NameNotFoundException unused) {
            if (!str.equals("android.uid.system:1000")) {
                CSLog.w(TAG, "PackageManager.getPackageInfo() occur NameNotFoundException B");
                return hashSet;
            }
            try {
                packageInfo = packageManager.getPackageInfo(BuildConfig.APPLICATION_ID, 64);
            } catch (PackageManager.NameNotFoundException unused2) {
                CSLog.w(TAG, "PackageManager.getPackageInfo() occur NameNotFoundException A");
                return hashSet;
            }
        }
        for (Signature signature : packageInfo.signatures) {
            byte[] digest = HashUtil.digest(signature.toByteArray(), "SHA-1");
            if (digest.length == 0) {
                CSLog.e(TAG, "failed to SHA-1 digest");
            } else {
                String c3 = e.f5643c.g().c(digest);
                CSLog.v(TAG, "Encoded message digest is " + c3);
                hashSet.add("android:apk-key-hash:" + c3);
            }
        }
        return hashSet;
    }

    @Override // com.samsung.android.authfw.client.trustedfacet.TrustedFacetValidator
    public Set<String> getValidatedFacetIdList(TrustedFacets trustedFacets, String str) {
        HashSet hashSet = new HashSet();
        if (trustedFacets == null) {
            CSLog.w(TAG, "trustedFacets is null.");
            return hashSet;
        }
        String publicDomainNameSuffixPlusOne = getPublicDomainNameSuffixPlusOne(str);
        if (publicDomainNameSuffixPlusOne == null) {
            return hashSet;
        }
        f.k("trustedFacets.getIdList() is null", trustedFacets.getIdList());
        for (String str2 : trustedFacets.getIdList()) {
            if (URLUtil.isHttpsUrl(str2)) {
                String publicDomainNameSuffixPlusOne2 = getPublicDomainNameSuffixPlusOne(str2);
                if (publicDomainNameSuffixPlusOne2 != null && publicDomainNameSuffixPlusOne.equalsIgnoreCase(publicDomainNameSuffixPlusOne2)) {
                    hashSet.add(str2);
                }
            } else if (TrustedFacetManager.isAndroidFacetId(str2)) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }
}
