package org.chromium.chrome.browser.browserservices;

import android.annotation.SuppressLint;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.net.Uri;
import android.support.annotation.NonNull;
import android.text.TextUtils;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import org.chromium.base.CommandLine;
import org.chromium.base.ContextUtils;
import org.chromium.base.Log;
import org.chromium.base.StrictModeContext;
import org.chromium.base.ThreadUtils;
import org.chromium.base.VisibleForTesting;
import org.chromium.base.annotations.CalledByNative;
import org.chromium.base.annotations.JNINamespace;
import org.chromium.chrome.browser.ChromeSwitches;
import org.chromium.chrome.browser.UrlConstants;
import org.chromium.chrome.browser.profiles.Profile;
import org.chromium.content_public.browser.BrowserStartupController;

@JNINamespace("customtabs")
/* loaded from: classes34.dex */
public class OriginVerifier {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String HANDLE_ALL_URLS = "delegate_permission/common.handle_all_urls";
    private static final String TAG = "OriginVerifier";
    private static final String USE_AS_ORIGIN = "delegate_permission/common.use_as_origin";
    private OriginVerificationListener mListener;
    private long mNativeOriginVerifier;
    private Origin mOrigin;
    private final String mPackageName;
    private final int mRelation;
    private final String mSignatureFingerprint;
    private static final char[] HEX_CHAR_LOOKUP = "0123456789ABCDEF".toCharArray();
    private static final AtomicReference<Set<String>> sVerificationOverrides = new AtomicReference<>();

    /* loaded from: classes34.dex */
    public interface OriginVerificationListener {
        void onOriginVerified(String str, Origin origin, boolean z, Boolean bool);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes34.dex */
    public class VerifiedCallback implements Runnable {
        private final Boolean mOnline;
        private final boolean mResult;

        public VerifiedCallback(boolean z, Boolean bool) {
            this.mResult = z;
            this.mOnline = bool;
        }

        @Override // java.lang.Runnable
        public void run() {
            OriginVerifier.this.originVerified(this.mResult, this.mOnline);
        }
    }

    public OriginVerifier(String str, int i) {
        this.mPackageName = str;
        this.mSignatureFingerprint = getCertificateSHA256FingerprintForPackage(this.mPackageName);
        this.mRelation = i;
    }

    public static void addVerificationOverride(String str, Origin origin, int i) {
        if (sVerificationOverrides.get() == null) {
            sVerificationOverrides.compareAndSet(null, Collections.newSetFromMap(new ConcurrentHashMap()));
        }
        sVerificationOverrides.get().add(new Relationship(str, "", origin, i).toString());
    }

    static String byteArrayToHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder((bArr.length * 3) - 1);
        for (int i = 0; i < bArr.length; i++) {
            sb.append(HEX_CHAR_LOOKUP[(bArr[i] & 240) >>> 4]);
            sb.append(HEX_CHAR_LOOKUP[bArr[i] & 15]);
            if (i < bArr.length - 1) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    private void checkForSavedResult() {
        StrictModeContext allowDiskReads = StrictModeContext.allowDiskReads();
        try {
            boolean isRelationshipSaved = VerificationResultStore.isRelationshipSaved(new Relationship(this.mPackageName, this.mSignatureFingerprint, this.mOrigin, this.mRelation));
            BrowserServicesMetrics.recordVerificationResult(isRelationshipSaved ? 2 : 3);
            originVerified(isRelationshipSaved, false);
            if (allowDiskReads != null) {
                allowDiskReads.close();
            }
        } catch (Throwable th) {
            if (allowDiskReads != null) {
                try {
                    allowDiskReads.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @CalledByNative
    public static void clearBrowsingData() {
        VerificationResultStore.clearStoredRelationships();
    }

    @VisibleForTesting
    public static void clearCachedVerificationsForTesting() {
        VerificationResultStore.clearStoredRelationships();
        if (sVerificationOverrides.get() != null) {
            sVerificationOverrides.get().clear();
        }
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    static String getCertificateSHA256FingerprintForPackage(String str) {
        PackageInfo packageInfo = getPackageInfo(str);
        if (packageInfo == null) {
            return null;
        }
        try {
            return byteArrayToHexString(MessageDigest.getInstance("SHA256").digest(((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(packageInfo.signatures[0].toByteArray()))).getEncoded()));
        } catch (NoSuchAlgorithmException | CertificateException unused) {
            return null;
        } catch (CertificateEncodingException unused2) {
            Log.w(TAG, "Certificate type X509 encoding failed", new Object[0]);
            return null;
        }
    }

    private static PackageInfo getPackageInfo(String str) {
        try {
            return ContextUtils.getApplicationContext().getPackageManager().getPackageInfo(str, 64);
        } catch (PackageManager.NameNotFoundException unused) {
            return null;
        }
    }

    public static Uri getPostMessageUriFromVerifiedOrigin(String str, Origin origin) {
        return Uri.parse("android-app://" + origin.uri().getHost() + "/" + str);
    }

    private native void nativeDestroy(long j2);

    private native long nativeInit(Profile profile);

    private native boolean nativeVerifyOrigin(long j2, String str, String str2, String str3, String str4);

    @CalledByNative
    private void onOriginVerificationResult(int i) {
        switch (i) {
            case 0:
                BrowserServicesMetrics.recordVerificationResult(0);
                originVerified(true, true);
                return;
            case 1:
                BrowserServicesMetrics.recordVerificationResult(1);
                originVerified(false, true);
                return;
            case 2:
                Log.i(TAG, "Device is offline, checking saved verification result.", new Object[0]);
                checkForSavedResult();
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void originVerified(boolean z, Boolean bool) {
        Object[] objArr = new Object[1];
        objArr[0] = z ? "succeeded" : "failed";
        Log.i(TAG, "Verification %s.", objArr);
        if (z) {
            Log.d(TAG, "Adding: %s for %s", this.mPackageName, this.mOrigin);
            VerificationResultStore.addRelationship(new Relationship(this.mPackageName, this.mSignatureFingerprint, this.mOrigin, this.mRelation));
            TrustedWebActivityClient.registerClient(ContextUtils.getApplicationContext(), this.mOrigin, this.mPackageName);
        }
        saveVerificationResult(z);
        OriginVerificationListener originVerificationListener = this.mListener;
        if (originVerificationListener != null) {
            originVerificationListener.onOriginVerified(this.mPackageName, this.mOrigin, z, bool);
        }
        cleanUp();
    }

    private void saveVerificationResult(boolean z) {
        Relationship relationship = new Relationship(this.mPackageName, this.mSignatureFingerprint, this.mOrigin, this.mRelation);
        if (z) {
            VerificationResultStore.addRelationship(relationship);
        } else {
            VerificationResultStore.removeRelationship(relationship);
        }
    }

    private static boolean shouldOverrideVerification(String str, Origin origin, int i) {
        if (sVerificationOverrides.get() == null) {
            return false;
        }
        return sVerificationOverrides.get().contains(new Relationship(str, "", origin, i).toString());
    }

    private static boolean wasPreviouslyVerified(String str, String str2, Origin origin, int i) {
        return VerificationResultStore.isRelationshipSaved(new Relationship(str, str2, origin, i));
    }

    public static boolean wasPreviouslyVerified(String str, Origin origin, int i) {
        return shouldOverrideVerification(str, origin, i) || VerificationResultStore.isRelationshipSaved(new Relationship(str, getCertificateSHA256FingerprintForPackage(str), origin, i));
    }

    public void cleanUp() {
        long j2 = this.mNativeOriginVerifier;
        if (j2 == 0) {
            return;
        }
        nativeDestroy(j2);
        this.mNativeOriginVerifier = 0L;
    }

    public void start(@NonNull OriginVerificationListener originVerificationListener, @NonNull Origin origin) {
        String str;
        ThreadUtils.assertOnUiThread();
        this.mOrigin = origin;
        this.mListener = originVerificationListener;
        String switchValue = CommandLine.getInstance().getSwitchValue(ChromeSwitches.DISABLE_DIGITAL_ASSET_LINK_VERIFICATION);
        if (!TextUtils.isEmpty(switchValue) && this.mOrigin.equals(new Origin(switchValue))) {
            Log.i(TAG, "Verification skipped for %s due to command line flag.", origin);
            ThreadUtils.runOnUiThread(new VerifiedCallback(true, null));
            return;
        }
        String scheme = this.mOrigin.uri().getScheme();
        if (TextUtils.isEmpty(scheme) || !UrlConstants.HTTPS_SCHEME.equals(scheme.toLowerCase(Locale.US))) {
            Log.i(TAG, "Verification failed for %s as not https.", origin);
            BrowserServicesMetrics.recordVerificationResult(4);
            ThreadUtils.runOnUiThread(new VerifiedCallback(false, null));
            return;
        }
        if (shouldOverrideVerification(this.mPackageName, this.mOrigin, this.mRelation)) {
            Log.i(TAG, "Verification succeeded for %s, it was overridden.", origin);
            ThreadUtils.runOnUiThread(new VerifiedCallback(true, null));
            return;
        }
        if (this.mNativeOriginVerifier != 0) {
            cleanUp();
        }
        if (BrowserStartupController.CC.get(1).isStartupSuccessfullyCompleted()) {
            this.mNativeOriginVerifier = nativeInit(Profile.getLastUsedProfile().getOriginalProfile());
            switch (this.mRelation) {
                case 1:
                    str = USE_AS_ORIGIN;
                    break;
                case 2:
                    str = HANDLE_ALL_URLS;
                    break;
                default:
                    str = null;
                    break;
            }
            if (nativeVerifyOrigin(this.mNativeOriginVerifier, this.mPackageName, this.mSignatureFingerprint, this.mOrigin.toString(), str)) {
                return;
            }
            BrowserServicesMetrics.recordVerificationResult(5);
            ThreadUtils.runOnUiThread(new VerifiedCallback(false, false));
        }
    }

    public boolean wasPreviouslyVerified(Origin origin) {
        return wasPreviouslyVerified(this.mPackageName, this.mSignatureFingerprint, origin, this.mRelation);
    }
}
