package com.huawei.systemmanager.rainbow.util;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.UserManager;
import android.securityprofile.SecurityProfileManager;
import android.support.annotation.NonNull;
import android.text.TextUtils;
import com.huawei.android.content.pm.UserInfoEx;
import com.huawei.android.os.SystemPropertiesEx;
import com.huawei.android.os.UserHandleEx;
import com.huawei.android.os.UserManagerEx;
import com.huawei.frameworkwrap.HwLog;
import com.huawei.grs.util.GrsSha256;
import com.huawei.permissionmanager.utils.SharedPrefUtils;
import com.huawei.systemmanager.rainbow.db.CloudDBAdapter;
import com.huawei.systemmanager.rainbow.db.bean.PolicyFileConfigBean;
import com.huawei.systemmanager.securityprofile.BlackAppDisableMultiUserJudgeReceiver;
import com.huawei.systemmanager.securityprofile.SecurityProfileSettings;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import kotlin.UByte;

/* loaded from: classes2.dex */
public class SecurityProfileUtil {
    private static final int DEFAULT_USERS_CAPACITY = 8;
    private static final String LOG_TAG = "SecurityProfileUtil";
    private static final String MANIFEST_NAME = "META-INF/MANIFEST.MF";
    public static final int TYPE_BLACK_APP = 0;
    public static final int TYPE_WHITE_ACCOUNT = 1;
    private static final String WHITE_ACCOUNT_CHECK_MARKER = "white_account_check";

    public static void closeInput(InputStream inputStream) {
        if (inputStream == null) {
            HwLog.i(LOG_TAG, "close inputsteam is null!");
            return;
        }
        try {
            inputStream.close();
        } catch (IOException e) {
            HwLog.e(LOG_TAG, "close catch IOException");
        }
    }

    public static void closeOutput(OutputStream outputStream) {
        if (outputStream == null) {
            HwLog.i(LOG_TAG, "close out is null!");
            return;
        }
        try {
            outputStream.close();
        } catch (IOException e) {
            HwLog.e(LOG_TAG, "close catch IOException");
        }
    }

    private static String getApkHash(ApplicationInfo applicationInfo) {
        return getSHA256(new File(applicationInfo.sourceDir));
    }

    private static String getApkHash(PackageManager packageManager, String str) {
        try {
            return getApkHash(packageManager.getApplicationInfo(str, 0));
        } catch (PackageManager.NameNotFoundException e) {
            HwLog.e(LOG_TAG, "get ApplicationInfo error, name not found");
            return null;
        }
    }

    public static List<String> getBlackAppBySecurityVerify(Context context, List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null && list.size() > 0) {
            for (String str : list) {
                if (securityVerify(context, str, 0)) {
                    arrayList.add(str);
                }
            }
        }
        return arrayList;
    }

    private static String getHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & UByte.MAX_VALUE);
            if (hexString.length() == 1) {
                hexString = '0' + hexString;
            }
            sb.append(hexString.toLowerCase());
        }
        return sb.toString();
    }

    private static String getLocalDisplayId() {
        String str = SystemPropertiesEx.get("ro.huawei.build.display.id", "");
        return TextUtils.isEmpty(str) ? SystemPropertiesEx.get("ro.build.display.id", "") : str;
    }

    private static byte[] getManifestFile(File file) {
        byte[] bArr;
        ZipFile zipFile;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[1024];
        ZipFile zipFile2 = null;
        InputStream inputStream = null;
        boolean z = false;
        try {
            try {
                zipFile = new ZipFile(file);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
        }
        try {
            ZipEntry entry = zipFile.getEntry(MANIFEST_NAME);
            if (entry == null) {
                bArr = new byte[0];
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        HwLog.e(LOG_TAG, "IOException in getManifestFile");
                    }
                }
                if (zipFile != null) {
                    try {
                        zipFile.close();
                    } catch (IOException e3) {
                    }
                }
                zipFile2 = zipFile;
            } else {
                inputStream = zipFile.getInputStream(entry);
                if (inputStream != null) {
                    while (true) {
                        int read = inputStream.read(bArr2);
                        if (read <= 0) {
                            break;
                        }
                        byteArrayOutputStream.write(bArr2, 0, read);
                    }
                    z = true;
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                        HwLog.e(LOG_TAG, "IOException in getManifestFile");
                    }
                }
                if (zipFile != null) {
                    try {
                        zipFile.close();
                    } catch (IOException e5) {
                    }
                }
                bArr = z ? byteArrayOutputStream.toByteArray() : new byte[0];
                zipFile2 = zipFile;
            }
        } catch (IOException e6) {
            zipFile2 = zipFile;
            HwLog.e(LOG_TAG, "get manifest file failed due to IOException");
            bArr = null;
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                    HwLog.e(LOG_TAG, "IOException in getManifestFile");
                }
            }
            if (zipFile2 != null) {
                try {
                    zipFile2.close();
                } catch (IOException e8) {
                }
            }
            return bArr;
        } catch (Throwable th2) {
            th = th2;
            zipFile2 = zipFile;
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e9) {
                    HwLog.e(LOG_TAG, "IOException in getManifestFile");
                }
            }
            if (zipFile2 != null) {
                try {
                    zipFile2.close();
                } catch (IOException e10) {
                }
            }
            throw th;
        }
        return bArr;
    }

    @NonNull
    public static List<Integer> getRunningUserIds(Context context) {
        if (context == null) {
            throw new IllegalArgumentException("Context must not null!");
        }
        ArrayList arrayList = new ArrayList(8);
        UserManager userManager = (UserManager) context.getSystemService("user");
        if (userManager == null) {
            HwLog.w(LOG_TAG, "Get user manager null!");
        } else {
            List users = UserManagerEx.getUsers(userManager);
            if (users != null) {
                Iterator it = users.iterator();
                while (it.hasNext()) {
                    int userInfoId = ((UserInfoEx) it.next()).getUserInfoId();
                    if (userManager.isUserRunning(UserHandleEx.getUserHandle(userInfoId))) {
                        arrayList.add(Integer.valueOf(userInfoId));
                    }
                }
            }
        }
        return arrayList;
    }

    private static String getSHA256(File file) {
        byte[] manifestFile = getManifestFile(file);
        if (manifestFile == null || manifestFile.length == 0) {
            return null;
        }
        return sha256(manifestFile);
    }

    private static List<String> getSignatrueList(PackageManager packageManager, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            PackageInfo packageInfo = packageManager.getPackageInfo(str, 64);
            if (packageInfo != null) {
                for (Signature signature : packageInfo.signatures) {
                    arrayList.add(sha256(signature.toByteArray()));
                }
            }
        } catch (PackageManager.NameNotFoundException e) {
            HwLog.e(LOG_TAG, "get PackageInfo error, name not found");
        }
        return arrayList;
    }

    public static boolean isAvailableFile(String str) {
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        return new File(str).isFile();
    }

    private static boolean isBlackApp(Context context, PolicyFileConfigBean policyFileConfigBean, String str) {
        return isNeedToHandle(context, policyFileConfigBean, str) && !isSpecialModel(policyFileConfigBean);
    }

    private static boolean isMatchApkHash(String str, String str2, String str3) {
        if (str3 == null || str3.equals(str2)) {
            return true;
        }
        HwLog.i(LOG_TAG, "the apk hash is not match pkg : " + str + " localHash : " + str2 + " cloudHash : " + str3);
        return false;
    }

    private static boolean isMatchSignature(String str, List<String> list, String str2) {
        if (str2 == null) {
            return true;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str2.equals(it.next())) {
                return true;
            }
        }
        HwLog.i(LOG_TAG, "the signature is not match pkg : " + str + " local sign list : " + list + " cloud signature : " + str2);
        return false;
    }

    private static boolean isNeedToHandle(Context context, PolicyFileConfigBean policyFileConfigBean, String str) {
        String pkgName = policyFileConfigBean.getPkgName();
        String appHash = policyFileConfigBean.getAppHash();
        String appSignature = policyFileConfigBean.getAppSignature();
        PackageManager packageManager = context.getPackageManager();
        String apkHash = getApkHash(packageManager, str);
        List<String> signatrueList = getSignatrueList(packageManager, str);
        if (!str.equals(pkgName)) {
            return false;
        }
        if (appHash == null && appSignature == null) {
            return true;
        }
        return isMatchApkHash(str, apkHash, appHash) && isMatchSignature(str, signatrueList, appSignature);
    }

    public static boolean isSingleUserRunning(Context context) {
        if (context == null) {
            throw new IllegalArgumentException("Context must not null");
        }
        return getRunningUserIds(context).size() == 1;
    }

    private static boolean isSpecialModel(PolicyFileConfigBean policyFileConfigBean) {
        String modelName = policyFileConfigBean.getModelName();
        if (modelName == null || !modelName.equals(SystemPropertiesEx.get("ro.product.model", (String) null))) {
            return false;
        }
        String modelVersion = policyFileConfigBean.getModelVersion();
        if (modelVersion == null) {
            return true;
        }
        return modelVersion.equals(getLocalDisplayId());
    }

    private static boolean isWhiteAccount(Context context, PolicyFileConfigBean policyFileConfigBean) {
        if (!WHITE_ACCOUNT_CHECK_MARKER.equals(policyFileConfigBean.getModelName())) {
            return false;
        }
        if (!TextUtils.isEmpty(policyFileConfigBean.getModelVersion())) {
            SharedPrefUtils.setAccOtherName(context, policyFileConfigBean.getModelVersion());
        }
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0037 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:14:0x0049  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static byte[] readAssetsFile(android.content.Context r8, java.lang.String r9) {
        /*
            r2 = 0
            r3 = 0
            android.content.res.Resources r6 = r8.getResources()     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            android.content.res.AssetManager r6 = r6.getAssets()     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            java.io.InputStream r2 = r6.open(r9)     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            r6 = 4096(0x1000, float:5.74E-42)
            byte[] r0 = new byte[r6]     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            java.io.ByteArrayOutputStream r4 = new java.io.ByteArrayOutputStream     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            r4.<init>()     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L51
            r5 = 0
        L18:
            int r5 = r2.read(r0)     // Catch: java.io.IOException -> L24 java.lang.Throwable -> L4e
            r6 = -1
            if (r5 == r6) goto L39
            r6 = 0
            r4.write(r0, r6, r5)     // Catch: java.io.IOException -> L24 java.lang.Throwable -> L4e
            goto L18
        L24:
            r1 = move-exception
            r3 = r4
        L26:
            java.lang.String r6 = "SecurityProfileUtil"
            java.lang.String r7 = "IOException in readFile"
            com.huawei.frameworkwrap.HwLog.e(r6, r7)     // Catch: java.lang.Throwable -> L41
            closeInput(r2)
            closeOutput(r3)
        L35:
            if (r3 != 0) goto L49
            r6 = 0
        L38:
            return r6
        L39:
            closeInput(r2)
            closeOutput(r4)
            r3 = r4
            goto L35
        L41:
            r6 = move-exception
        L42:
            closeInput(r2)
            closeOutput(r3)
            throw r6
        L49:
            byte[] r6 = r3.toByteArray()
            goto L38
        L4e:
            r6 = move-exception
            r3 = r4
            goto L42
        L51:
            r1 = move-exception
            goto L26
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.systemmanager.rainbow.util.SecurityProfileUtil.readAssetsFile(android.content.Context, java.lang.String):byte[]");
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0036 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0049  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static byte[] readFile(java.lang.String r9) {
        /*
            r2 = 0
            r4 = 0
            java.io.FileInputStream r3 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L55
            java.io.File r7 = new java.io.File     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L55
            r7.<init>(r9)     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L55
            r3.<init>(r7)     // Catch: java.lang.Throwable -> L41 java.io.IOException -> L55
            r7 = 4096(0x1000, float:5.74E-42)
            byte[] r0 = new byte[r7]     // Catch: java.lang.Throwable -> L4e java.io.IOException -> L57
            java.io.ByteArrayOutputStream r5 = new java.io.ByteArrayOutputStream     // Catch: java.lang.Throwable -> L4e java.io.IOException -> L57
            r5.<init>()     // Catch: java.lang.Throwable -> L4e java.io.IOException -> L57
            r6 = 0
        L16:
            int r6 = r3.read(r0)     // Catch: java.io.IOException -> L22 java.lang.Throwable -> L51
            r7 = -1
            if (r6 == r7) goto L38
            r7 = 0
            r5.write(r0, r7, r6)     // Catch: java.io.IOException -> L22 java.lang.Throwable -> L51
            goto L16
        L22:
            r1 = move-exception
            r4 = r5
            r2 = r3
        L25:
            java.lang.String r7 = "SecurityProfileUtil"
            java.lang.String r8 = "IOException in readFile"
            com.huawei.frameworkwrap.HwLog.e(r7, r8)     // Catch: java.lang.Throwable -> L41
            closeInput(r2)
            closeOutput(r4)
        L34:
            if (r4 != 0) goto L49
            r7 = 0
        L37:
            return r7
        L38:
            closeInput(r3)
            closeOutput(r5)
            r4 = r5
            r2 = r3
            goto L34
        L41:
            r7 = move-exception
        L42:
            closeInput(r2)
            closeOutput(r4)
            throw r7
        L49:
            byte[] r7 = r4.toByteArray()
            goto L37
        L4e:
            r7 = move-exception
            r2 = r3
            goto L42
        L51:
            r7 = move-exception
            r4 = r5
            r2 = r3
            goto L42
        L55:
            r1 = move-exception
            goto L25
        L57:
            r1 = move-exception
            r2 = r3
            goto L25
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.systemmanager.rainbow.util.SecurityProfileUtil.readFile(java.lang.String):byte[]");
    }

    public static boolean securityVerify(Context context, String str, int i) {
        if (context == null || str == null) {
            return false;
        }
        PolicyFileConfigBean singlePolicyFileConfig = CloudDBAdapter.getInstance(context).getSinglePolicyFileConfig(str);
        if (singlePolicyFileConfig == null) {
            return false;
        }
        switch (i) {
            case 0:
                return isBlackApp(context, singlePolicyFileConfig, str);
            case 1:
                return isWhiteAccount(context, singlePolicyFileConfig);
            default:
                HwLog.i(LOG_TAG, "securityVerify type is wrong!");
                return false;
        }
    }

    private static String sha256(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(GrsSha256.ALGORITHM_SHA256);
            messageDigest.update(bArr);
            return getHexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            HwLog.e(LOG_TAG, "NoSuchAlgorithmException in sha256");
            return null;
        }
    }

    public static void updateBlackAppToSecurityProfile(@NonNull BlackAppDisableMultiUserJudgeReceiver.PackageJudgeInfo packageJudgeInfo) {
        if (SecurityProfileSettings.DEBUG) {
            HwLog.d(LOG_TAG, "Update to security profile: " + packageJudgeInfo.toString());
        }
        List asList = Arrays.asList(packageJudgeInfo.judgingPackageName);
        SecurityProfileManager securityProfileManager = SecurityProfileManager.getDefault();
        if (packageJudgeInfo.isJudgeBlack) {
            securityProfileManager.updateBlackApp(asList, 2);
        } else {
            securityProfileManager.updateBlackApp(asList, 3);
        }
    }

    public static boolean verifySignature(Context context, String str, String str2, String str3) {
        byte[] readFile = readFile(str);
        byte[] readFile2 = readFile(str2);
        byte[] readAssetsFile = readAssetsFile(context, str3);
        if (readAssetsFile == null || readFile == null || readFile2 == null) {
            HwLog.i(LOG_TAG, "data is null");
            return false;
        }
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(readAssetsFile));
            java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA");
            signature.initVerify(generatePublic);
            signature.update(readFile);
            return signature.verify(readFile2);
        } catch (InvalidKeyException e) {
            HwLog.e(LOG_TAG, "InvalidKeyException in verifySignature");
            return false;
        } catch (NoSuchAlgorithmException e2) {
            HwLog.e(LOG_TAG, "NoSuchAlgorithmException in verifySignature");
            return false;
        } catch (SignatureException e3) {
            HwLog.e(LOG_TAG, "SignatureException in verifySignature");
            return false;
        } catch (InvalidKeySpecException e4) {
            HwLog.e(LOG_TAG, "InvalidKeySpecException in verifySignature");
            return false;
        }
    }
}
