package com.chinamobile.bluetoothapi.impl.service.a;

import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import com.chinamobile.bluetoothapi.impl.service.SmartcardError;
import com.umeng.analytics.pro.cj;
import java.io.ByteArrayInputStream;
import java.security.AccessControlException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.NoSuchElementException;

/* loaded from: classes.dex */
public class e {
    public static final byte[] d = {-46, 118, 0, 1, 24, -86, -1, -1, 73, cj.n, 72, -119, 1};

    /* renamed from: b, reason: collision with root package name */
    protected PackageManager f2810b;

    /* renamed from: a, reason: collision with root package name */
    protected d f2809a = null;
    protected String c = "AccessController";

    public e(PackageManager packageManager) {
        this.f2810b = null;
        this.f2810b = packageManager;
    }

    public static Certificate a(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    protected f a(com.chinamobile.bluetoothapi.impl.service.c cVar, byte[] bArr, String str) throws NoSuchAlgorithmException, AccessControlException, com.chinamobile.bluetoothapi.impl.service.a, CertificateException {
        f fVar = new f();
        if (cVar == null) {
            throw new AccessControlException("Channel must be specified");
        }
        if (str == null || str.length() == 0) {
            throw new AccessControlException("CallerPackageName must be specified");
        }
        if (bArr == null || bArr.length == 0) {
            throw new AccessControlException("AID must be specified");
        }
        if (bArr.length < 5 || bArr.length > 16) {
            throw new AccessControlException("AID has an invalid length");
        }
        try {
            this.f2809a = new d(cVar);
            this.f2809a.a(bArr);
            Certificate a2 = a(cVar, str);
            if (a2 == null) {
                throw new AccessControlException("APKP Certificate is invalid");
            }
            MessageDigest messageDigest = null;
            for (int i = 0; i < 10; i++) {
                try {
                    messageDigest = MessageDigest.getInstance("SHA");
                    break;
                } catch (Exception e) {
                }
            }
            if (messageDigest == null) {
                throw new AccessControlException("Hash can not be computed");
            }
            a[] b2 = this.f2809a.b(messageDigest.digest(a2.getEncoded()));
            if (b2 == null || b2.length == 0) {
                b2 = this.f2809a.b(c());
            }
            if (b2 == null || b2.length == 0) {
                throw new AccessControlException("ACL not available");
            }
            Certificate b3 = b();
            if (b3 == null) {
                fVar.b(true);
                fVar.a(b2);
            } else {
                if (!a(b3, a2)) {
                    throw new AccessControlException("APK Certificate verification not successful");
                }
                fVar.b(true);
                fVar.a(b2);
            }
            return fVar;
        } catch (Throwable th) {
            throw new AccessControlException("AID not found");
        }
    }

    public f a(com.chinamobile.bluetoothapi.impl.service.d dVar, byte[] bArr, String str, SmartcardError smartcardError) throws Exception {
        long c;
        f fVar = new f();
        try {
            c = dVar.c(a());
        } catch (Exception e) {
            String str2 = "Access Control Applet couldn't be selected: " + e.toString();
            if (!(e instanceof NoSuchElementException)) {
                a(dVar.a(0L));
                throw e;
            }
            fVar.a(true);
            a(dVar.a(0L));
        }
        try {
            fVar = a(dVar.a(c), bArr, str);
            a(dVar.a(c));
            return fVar;
        } catch (Exception e2) {
            String exc = e2.toString();
            smartcardError.a(AccessControlException.class, exc);
            fVar.a(true, exc);
            a(dVar.a(c));
            throw new AccessControlException(exc);
        }
    }

    protected Certificate a(com.chinamobile.bluetoothapi.impl.service.c cVar, String str) throws CertificateException, NoSuchAlgorithmException, AccessControlException, com.chinamobile.bluetoothapi.impl.service.a {
        PackageInfo packageInfo;
        Iterator<PackageInfo> it = this.f2810b.getInstalledPackages(4416).iterator();
        while (true) {
            if (!it.hasNext()) {
                packageInfo = null;
                break;
            }
            packageInfo = it.next();
            if (str.equals(packageInfo.packageName)) {
                break;
            }
        }
        if (packageInfo == null) {
            return null;
        }
        Signature[] signatureArr = packageInfo.signatures;
        if (0 < signatureArr.length) {
            return a(signatureArr[0].toByteArray());
        }
        return null;
    }

    protected void a(com.chinamobile.bluetoothapi.impl.service.c cVar) {
        if (cVar != null) {
            try {
                if (cVar.b() != 0) {
                    cVar.a();
                }
            } catch (com.chinamobile.bluetoothapi.impl.service.a e) {
            }
        }
    }

    public void a(com.chinamobile.bluetoothapi.impl.service.c cVar, byte[] bArr) {
        f f = cVar.f();
        String e = f.e();
        String str = e.length() > 0 ? ": " + e : e;
        if (f == null) {
            throw new AccessControlException("Access denied: command not allowed: ChannelAccess not defined");
        }
        if (f.a()) {
            return;
        }
        if (f.b()) {
            throw new AccessControlException("Access denied: command not allowed: No access" + str);
        }
        if (!f.c()) {
            throw new AccessControlException("Access denied: command not allowed: Channel state unknown" + str);
        }
        a[] f2 = f.f();
        if (f2 == null || f2.length == 0) {
            throw new AccessControlException("Access denied: command not allowed: ACL not available" + str);
        }
        for (a aVar : f2) {
            if (g.a(bArr, aVar.b(), aVar.a())) {
                return;
            }
        }
        throw new AccessControlException("Access denied: command not allowed: ACL does not match" + str);
    }

    protected boolean a(Certificate certificate, Certificate certificate2) {
        if (certificate2.equals(certificate)) {
            return true;
        }
        try {
            certificate2.verify(certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public byte[] a() {
        return d;
    }

    protected Certificate b() throws AccessControlException, com.chinamobile.bluetoothapi.impl.service.a, CertificateException {
        byte[] a2 = this.f2809a.a();
        if (a2.length == 0) {
            return null;
        }
        return a(a2);
    }

    protected byte[] c() {
        return new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    }
}
