package com.facebook.secure.trustedapp;

import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Message;
import android.text.TextUtils;
import com.facebook.secure.config.SecurityConfigsHolder;
import com.facebook.secure.logger.Reporter;
import com.facebook.secure.trustboundary.ExpectedAppIdentity;
import com.facebook.secure.trustboundary.TrustBoundariesBuilder;
import com.facebook.secure.trustboundary.TrustBoundariesException;
import com.facebook.secure.trustedapp.exception.FbPermissionException;
import com.facebook.secure.trustedapp.generated.TrustedSignatures;
import com.facebook.secure.trustedapp.signatures.AppSignatureHash;
import com.google.android.gms.common.api.a;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: classes5.dex */
public class TrustedCaller {
    private static final long FLAG_CALLERIDENTITY_DISABLE_TTL = 16;
    protected static final long FLAG_TRUSTEDAPP_ALLOW_BINDER_SAME_UID_DIFFERENT_PACKAGE = 32;
    private static final long FLAG_TRUSTEDAPP_ALLOW_SAME_APP = 1;
    private static final String TAG = "TrustedCaller";
    private final AppIdentityRegistry mAppIdentityRegistry;
    private final ArrayList<String> mDomains;
    private final long mFlags;
    private final ArrayList<String> mPermissions;
    private final TrustedApp mTrustedApp;

    /* loaded from: classes5.dex */
    public static final class TrustedCallerBuilder {
        private AppIdentityRegistry mAppIdentityRegistry;
        private TrustedApp mTrustedApp;
        private long mFlags = 0;
        private final ArrayList<String> mDomains = new ArrayList<>();
        private final ArrayList<String> mPermissions = new ArrayList<>();
        private final Map<AppSignatureHash, Set<String>> mTrustedPackages = new HashMap();

        private void throwIfInvalidBuilder() {
            if (this.mTrustedApp != null && !this.mTrustedPackages.isEmpty()) {
                throw new IllegalArgumentException("TrustedCaller needs to be configured with either a TrustedApp or list of trusted packages");
            }
        }

        public TrustedCallerBuilder addDomain(String str) {
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException();
            }
            this.mDomains.add(str);
            return this;
        }

        public TrustedCallerBuilder addDomains(Collection<String> collection) {
            this.mDomains.addAll(collection);
            return this;
        }

        public TrustedCallerBuilder addFbPermission(String str) {
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException();
            }
            this.mPermissions.add(str);
            return this;
        }

        public TrustedCallerBuilder addFbPermissions(Collection<String> collection) {
            if (collection == null || collection.isEmpty()) {
                throw new IllegalArgumentException();
            }
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                addFbPermission(it.next());
            }
            return this;
        }

        public TrustedCallerBuilder addTrustedPackage(AppSignatureHash appSignatureHash, String str) {
            Set<String> set;
            if (this.mTrustedPackages.containsKey(appSignatureHash) && (set = this.mTrustedPackages.get(appSignatureHash)) != null) {
                set.add(str);
                return this;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(str);
            this.mTrustedPackages.put(appSignatureHash, hashSet);
            return this;
        }

        public TrustedCallerBuilder addTrustedPackages(AppSignatureHash appSignatureHash, Set<String> set) {
            Set<String> set2;
            if (this.mTrustedPackages.containsKey(appSignatureHash) && (set2 = this.mTrustedPackages.get(appSignatureHash)) != null) {
                set2.addAll(set);
                return this;
            }
            HashSet hashSet = new HashSet();
            hashSet.addAll(set);
            this.mTrustedPackages.put(appSignatureHash, hashSet);
            return this;
        }

        public TrustedCaller build() {
            throwIfInvalidBuilder();
            if (!this.mTrustedPackages.isEmpty()) {
                this.mTrustedApp = new TrustedApp(this.mTrustedPackages);
            }
            return new TrustedCaller(this);
        }

        public TrustedCallerBuilder disableTTLCheckCompletely_UNSAFE() {
            this.mFlags |= 16;
            return this;
        }

        public TrustedCallerBuilder enableTrustedAppAllowBinderSameUIDDifferentProcess_UNSAFE() {
            this.mFlags |= 32;
            return this;
        }

        public TrustedCallerBuilder enableTrustedAppSamePackage() {
            this.mFlags |= 1;
            return this;
        }

        public TrustedCallerBuilder setTrustedApp(TrustedApp trustedApp) {
            this.mTrustedApp = trustedApp;
            return this;
        }

        public TrustedCallerBuilder withAppIdentityRegistry_EXPERIMENTAL(AppIdentityRegistry appIdentityRegistry) {
            this.mAppIdentityRegistry = appIdentityRegistry;
            return this;
        }

        public TrustedCallerBuilder withTrustedAppSameKey(Context context) {
            HashSet hashSet = new HashSet();
            hashSet.add(AppVerifier.getSignatureFromPackageName(context, context.getPackageName()));
            return setTrustedApp(TrustedAppHelper.createTrustedApp(Collections.unmodifiableSet(hashSet)));
        }
    }

    private TrustedCaller(TrustedCallerBuilder trustedCallerBuilder) {
        TrustedApp trustedApp = trustedCallerBuilder.mTrustedApp;
        this.mTrustedApp = trustedApp;
        this.mDomains = trustedCallerBuilder.mDomains;
        ArrayList<String> arrayList = trustedCallerBuilder.mPermissions;
        this.mPermissions = arrayList;
        this.mAppIdentityRegistry = trustedCallerBuilder.mAppIdentityRegistry;
        this.mFlags = trustedCallerBuilder.mFlags;
        if (trustedApp == null && arrayList.isEmpty() && !hasFlag(1L)) {
            throw new IllegalArgumentException("TrustedCaller needs to be configured with at least 1 security check");
        }
    }

    public static TrustedCallerBuilder builder() {
        return new TrustedCallerBuilder();
    }

    public static TrustedCaller createWithFbPermission(String str) {
        return builder().addFbPermission(str).build();
    }

    public static boolean doesCallerHavePackageName(Context context, Intent intent, String str) {
        AppIdentity callerAppIdentity = CallerIdentityUtil.getCallerAppIdentity(context, intent, (Reporter) null);
        if (callerAppIdentity == null) {
            return false;
        }
        Iterator<String> it = callerAppIdentity.getPackageNames().iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void enforceTrustedCallerApp(Context context, AppIdentity appIdentity, Reporter reporter) {
        if (appIdentity == null) {
            throw new SecurityException("Invalid Caller Identity (null)");
        }
        throwIfInvalidDomain(appIdentity);
        boolean z11 = hasFlag(1L) && context.getPackageName().equals(appIdentity.getPackageName());
        if (z11) {
            return;
        }
        boolean isDebugSignatureHash = TrustedSignatures.isDebugSignatureHash(getRegistry(context).getAppIdentityForPackage(context.getPackageName()).getIdentity().getSignatureHash());
        if (SecurityConfigsHolder.get().getTrustedAppConfig().getUseTrustBoundariesForTrustedAppChecks()) {
            throwIfTrustBoundaryMismatch(context, appIdentity, isDebugSignatureHash);
        } else {
            throwIfTrustedAppMismatch(appIdentity, isDebugSignatureHash);
        }
        throwIfMissingFbPermission(appIdentity, context, reporter, isDebugSignatureHash);
        throwIfCallerAppIsNotSameSamePackageAndNoOtherIdentityChecksRan(z11);
    }

    public static String getCallerDebugString_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo != null) {
            return callerInfo.toString();
        }
        return null;
    }

    public static String getCallerDomain_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo != null) {
            return callerInfo.getDomainName();
        }
        return null;
    }

    public static String getCallerPackageName_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo != null) {
            return callerInfo.getPackageName();
        }
        return null;
    }

    public static String getCallerPackageName_FOR_LOGGING_ONLY(Context context, Message message) {
        AppIdentity callerAppIdentity = CallerIdentityUtil.getCallerAppIdentity(context, message, (Reporter) null);
        if (callerAppIdentity != null) {
            return callerAppIdentity.getPackageName();
        }
        return null;
    }

    public static List<String> getCallerPackageNames_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo != null) {
            return callerInfo.getPackageNames();
        }
        return null;
    }

    public static String getCallerSignatureHash_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppSignatureHash signatureHash;
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo == null || (signatureHash = callerInfo.getSignatureHash()) == null) {
            return null;
        }
        return signatureHash.getSha256Hash();
    }

    public static String getCallerVersionName_FOR_LOGGING_ONLY(Context context, Intent intent) {
        AppIdentity callerInfo = CallerInfoHelper.getCallerInfo(context, intent);
        if (callerInfo != null) {
            return callerInfo.getVersionName();
        }
        return null;
    }

    private AppIdentityRegistry getRegistry(Context context) {
        AppIdentityRegistry appIdentityRegistry = this.mAppIdentityRegistry;
        return appIdentityRegistry != null ? appIdentityRegistry : LiveAppIdentityRegistry.get(context);
    }

    public void enforceTrustedCallerApp(Context context) {
        enforceTrustedCallerApp(context, (Reporter) null);
    }

    public void enforceTrustedCallerApp(Context context, Intent intent) {
        enforceTrustedCallerApp(context, intent, (Reporter) null);
    }

    public void enforceTrustedCallerApp(Context context, Intent intent, Reporter reporter) {
        enforceTrustedCallerApp(context, CallerIdentityUtil.getCallerAppIdentity(context, intent, reporter, hasFlag(16L) ? a.e.API_PRIORITY_OTHER : 86400000, this.mFlags), reporter);
    }

    public void enforceTrustedCallerApp(Context context, Uri uri) {
        enforceTrustedCallerApp(context, uri, (Reporter) null);
    }

    public void enforceTrustedCallerApp(Context context, Uri uri, Reporter reporter) {
        enforceTrustedCallerApp(context, CallerIdentityUtil.getCallerAppIdentity(context, uri, reporter), reporter);
    }

    public void enforceTrustedCallerApp(Context context, Message message) {
        enforceTrustedCallerApp(context, message, (Reporter) null);
    }

    public void enforceTrustedCallerApp(Context context, Message message, Reporter reporter) {
        enforceTrustedCallerApp(context, CallerIdentityUtil.getCallerAppIdentity(context, message, reporter), reporter);
    }

    public void enforceTrustedCallerApp(Context context, Reporter reporter) {
        enforceTrustedCallerApp(context, (Intent) null, reporter);
    }

    public void enforceTrustedCallerApp(Context context, BinderIdentity binderIdentity, Reporter reporter) {
        enforceTrustedCallerApp(context, getRegistry(context).getAppIdentityForUid(binderIdentity).getIdentity(), reporter);
    }

    public boolean hasFlag(long j11) {
        return (j11 & this.mFlags) != 0;
    }

    public boolean isCallerAppTrusted(Context context) {
        return isCallerAppTrusted(context, (Reporter) null);
    }

    public boolean isCallerAppTrusted(Context context, Intent intent) {
        return isCallerAppTrusted(context, intent, (Reporter) null);
    }

    public boolean isCallerAppTrusted(Context context, Intent intent, Reporter reporter) {
        try {
            enforceTrustedCallerApp(context, intent, reporter);
            return true;
        } catch (SecurityException e11) {
            if (reporter == null) {
                return false;
            }
            String message = e11.getMessage();
            if (message == null) {
                message = "Cannot trust caller";
            }
            reporter.report(TAG, message, e11.getCause());
            return false;
        }
    }

    public boolean isCallerAppTrusted(Context context, Uri uri) {
        return isCallerAppTrusted(context, uri, (Reporter) null);
    }

    public boolean isCallerAppTrusted(Context context, Uri uri, Reporter reporter) {
        try {
            enforceTrustedCallerApp(context, uri, reporter);
            return true;
        } catch (SecurityException e11) {
            if (reporter == null) {
                return false;
            }
            reporter.report(TAG, "untrusted content uri " + uri.getScheme() + "://" + uri.getHost(), e11);
            return false;
        }
    }

    public boolean isCallerAppTrusted(Context context, Message message) {
        return isCallerAppTrusted(context, message, (Reporter) null);
    }

    public boolean isCallerAppTrusted(Context context, Message message, Reporter reporter) {
        try {
            enforceTrustedCallerApp(context, message, reporter);
            return true;
        } catch (SecurityException e11) {
            if (reporter == null) {
                return false;
            }
            reporter.report(TAG, e11.getMessage(), e11.getCause());
            return false;
        }
    }

    public boolean isCallerAppTrusted(Context context, Reporter reporter) {
        return isCallerAppTrusted(context, (Intent) null, reporter);
    }

    public boolean isCallerAppTrusted(Context context, AppIdentity appIdentity) {
        try {
            enforceTrustedCallerApp(context, appIdentity, (Reporter) null);
            return true;
        } catch (SecurityException unused) {
            return false;
        }
    }

    public void throwIfCallerAppIsNotSameSamePackageAndNoOtherIdentityChecksRan(boolean z11) {
        if (!z11 && this.mPermissions.isEmpty() && this.mTrustedApp == null) {
            throw new SecurityException("Calling app is not the same package, and no other identity checks were performed.");
        }
    }

    public void throwIfInvalidDomain(AppIdentity appIdentity) {
        if (this.mDomains.isEmpty() || this.mDomains.contains(appIdentity.getDomainName())) {
            return;
        }
        throw new SecurityException("Missing required Caller Domains " + this.mDomains + " from caller " + appIdentity);
    }

    public void throwIfMissingFbPermission(AppIdentity appIdentity, Context context, Reporter reporter, boolean z11) {
        if (this.mPermissions.isEmpty()) {
            return;
        }
        FbPermission fbPermission = reporter != null ? FbPermission.get(context, reporter) : FbPermission.get(context);
        if (this.mPermissions.size() == 1) {
            String str = this.mPermissions.get(0);
            try {
                fbPermission.assertFbPermission(context, appIdentity, str);
                return;
            } catch (FbPermissionException e11) {
                throw new SecurityException("Missing or unable to evaluate FbPermission '" + str + "' from caller " + appIdentity, e11);
            }
        }
        Iterator<String> it = this.mPermissions.iterator();
        while (it.hasNext()) {
            if (fbPermission.checkFbPermission(context, appIdentity, it.next())) {
                return;
            }
        }
        throw new SecurityException("Missing at least one required FBPermission (of multiple defined) " + this.mPermissions + " from caller " + appIdentity);
    }

    public void throwIfTrustBoundaryMismatch(Context context, AppIdentity appIdentity, boolean z11) {
        TrustedApp trustedApp = this.mTrustedApp;
        if (trustedApp == null) {
            return;
        }
        Set<ExpectedAppIdentity> asExpectedAppIdentities = trustedApp.asExpectedAppIdentities(this.mDomains);
        try {
            TrustBoundariesBuilder trustBoundariesBuilder = new TrustBoundariesBuilder();
            trustBoundariesBuilder.trustAppIdentity((ExpectedAppIdentity[]) asExpectedAppIdentities.toArray(new ExpectedAppIdentity[0]));
            if (z11) {
                trustBoundariesBuilder.trustDebugApps_DO_NOT_USE_MIGRATION_ONLY();
            }
            trustBoundariesBuilder.build().assertTrusted(context, appIdentity);
        } catch (TrustBoundariesException e11) {
            throw new SecurityException("[TrustBoundary] Caller Identity '" + appIdentity + "' is not trusted", e11);
        }
    }

    public void throwIfTrustedAppMismatch(AppIdentity appIdentity, boolean z11) {
        TrustedApp trustedApp = this.mTrustedApp;
        if (trustedApp == null || trustedApp.isAppIdentityTrusted(appIdentity, z11)) {
            return;
        }
        throw new SecurityException("Caller Identity '" + appIdentity + "' is not trusted");
    }
}
