package com.microsoft.authenticator.logging.powerLift.businesslogic;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import androidx.work.Data;
import com.azure.authenticator.logging.ExternalLogger;
import com.azure.authenticator.logging.LoggingConstants;
import com.microsoft.authenticator.core.crypto.CryptoFactory;
import com.microsoft.authenticator.core.crypto.IMessageDigest;
import com.microsoft.authenticator.core.jobs.DeferrableWorkerUtils;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt__SetsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.StringsKt__StringsJVMKt;

/* compiled from: PowerLiftUploadManager.kt */
/* loaded from: classes2.dex */
public final class PowerLiftUploadManager {
    private static final String COMPANY_PORTAL_CERT_HASH_DEBUG = "1C102EE647EE0D66CB35C28612520E8528A10487";
    private static final String COMPANY_PORTAL_CERT_HASH_PRODUCTION = "D4BE19F45242827E5CD152E1C80C42E4EF4B7651";
    private static final String COMPANY_PORTAL_PACKAGE_NAME_PRODUCTION = "com.microsoft.windowsintune.companyportal";
    private static final String DEFENDER_CERT_HASH = "7DC83CD2ABE833560C2896626E307041C0DF3A7A";
    private static final String INTUNE_PACKAGE_NAME = "com.microsoft.intune";
    private static final String OUTLOOK_CERT_HASH_DOGFOOD = "8C4E80BBC36F878DA701CCD4BFE256FD0D4C4C28";
    private static final String OUTLOOK_CERT_HASH_PRODUCTION = "7DC83CD2ABE833560C2896626E307041C0DF3A7A";
    private static final String OUTLOOK_PACKAGE_NAME_DOGFOOD = "com.microsoft.office.outlook.dawg";
    private static final String OUTLOOK_PACKAGE_NAME_PRODUCTION = "com.microsoft.office.outlook";
    public static final String POWERLIFT_UPLOAD_TAG = "POWERLIFT_UPLOAD_TAG";
    private static final Set<String> certHashes;
    private final DeferrableWorkerUtils deferrableWorkerUtils;
    public static final Companion Companion = new Companion(null);
    private static final String OUTLOOK_POWERLIFT_API_KEY = "5Ga0EMzQ27t1mWq6PesYTK7/IeBbbDEh";
    private static final String COMPANY_PORTAL_POWERLIFT_API_KEY = "A8lGQAG2jRjvSuyP7xgvSK/N4CpyaPHw";
    private static final String INTUNE_PACKAGE_NAME_AOSPAGENT = "com.microsoft.intune.aospagent";
    private static final String DEFENDER_PACKAGE_NAME = "com.microsoft.scmx";
    private static final String DEFENDER_POWERLIFT_API_KEY = "fUCF4B6h8EEc45lN28SD4HPiEdNys2mB";
    private static final Map<String, String> packageNameToApiKey = MapsKt.mapOf(TuplesKt.to("com.microsoft.office.outlook", OUTLOOK_POWERLIFT_API_KEY), TuplesKt.to("com.microsoft.office.outlook.dawg", OUTLOOK_POWERLIFT_API_KEY), TuplesKt.to("com.microsoft.windowsintune.companyportal", COMPANY_PORTAL_POWERLIFT_API_KEY), TuplesKt.to("com.microsoft.intune", COMPANY_PORTAL_POWERLIFT_API_KEY), TuplesKt.to(INTUNE_PACKAGE_NAME_AOSPAGENT, COMPANY_PORTAL_POWERLIFT_API_KEY), TuplesKt.to(DEFENDER_PACKAGE_NAME, DEFENDER_POWERLIFT_API_KEY));

    /* compiled from: PowerLiftUploadManager.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        Set<String> of;
        of = SetsKt__SetsKt.setOf((Object[]) new String[]{"7DC83CD2ABE833560C2896626E307041C0DF3A7A", OUTLOOK_CERT_HASH_DOGFOOD, COMPANY_PORTAL_CERT_HASH_PRODUCTION, COMPANY_PORTAL_CERT_HASH_DEBUG, "7DC83CD2ABE833560C2896626E307041C0DF3A7A"});
        certHashes = of;
    }

    public PowerLiftUploadManager(DeferrableWorkerUtils deferrableWorkerUtils) {
        Intrinsics.checkNotNullParameter(deferrableWorkerUtils, "deferrableWorkerUtils");
        this.deferrableWorkerUtils = deferrableWorkerUtils;
    }

    private final boolean checkCallingAppCertificate(Context context, String str) {
        try {
            Signature[] packageInfoSignatures = getPackageInfoSignatures(context, str);
            if (packageInfoSignatures.length > 0) {
                return certHashes.contains(generateX509CertificateHash(packageInfoSignatures[0]));
            }
        } catch (PackageManager.NameNotFoundException e) {
            ExternalLogger.Companion.e("Failed to find package: " + str, e);
        }
        return false;
    }

    private final boolean hasMatchingPackageNameAndApiKey(String str, String str2) {
        Map<String, String> map = packageNameToApiKey;
        if (map.containsKey(str)) {
            if (Intrinsics.areEqual(str2, map.get(str))) {
                return true;
            }
            ExternalLogger.Companion.e("Api key match not found for: " + str);
        }
        ExternalLogger.Companion.e("Package name: " + str + " is not trusted");
        return false;
    }

    public final String generateX509CertificateHash(Signature signature) {
        Intrinsics.checkNotNullParameter(signature, "signature");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(signature.toByteArray());
        try {
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                IMessageDigest buildMessageDigest = CryptoFactory.Companion.getInstance().buildMessageDigest("SHA-1");
                byte[] encoded = ((X509Certificate) generateCertificate).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "cert.encoded");
                byte[] digest = buildMessageDigest.digest(encoded);
                StringBuilder sb = new StringBuilder(digest.length * 2);
                for (byte b : digest) {
                    StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                    String format = String.format("%02X", Arrays.copyOf(new Object[]{Byte.valueOf(b)}, 1));
                    Intrinsics.checkNotNullExpressionValue(format, "format(format, *args)");
                    sb.append(format);
                }
                String sb2 = sb.toString();
                Intrinsics.checkNotNullExpressionValue(sb2, "buffer.toString()");
                CloseableKt.closeFinally(byteArrayInputStream, null);
                return sb2;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    CloseableKt.closeFinally(byteArrayInputStream, th);
                    throw th2;
                }
            }
        } catch (Exception e) {
            ExternalLogger.Companion.e("Failed to generate cert hash.", e);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(byteArrayInputStream, null);
            return "";
        }
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    public final Signature[] getPackageInfoSignatures(Context context, String callingAppPackageName) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(callingAppPackageName, "callingAppPackageName");
        Signature[] signatureArr = context.getPackageManager().getPackageInfo(callingAppPackageName, 64).signatures;
        Intrinsics.checkNotNullExpressionValue(signatureArr, "packageInfo.signatures");
        return signatureArr;
    }

    public final boolean scheduleSendDiagnosticRequest(Context context, String sessionId, String powerliftPartnerApiKey, String callingAppPackageName) {
        boolean isBlank;
        boolean isBlank2;
        boolean isBlank3;
        boolean isBlank4;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(sessionId, "sessionId");
        Intrinsics.checkNotNullParameter(powerliftPartnerApiKey, "powerliftPartnerApiKey");
        Intrinsics.checkNotNullParameter(callingAppPackageName, "callingAppPackageName");
        isBlank = StringsKt__StringsJVMKt.isBlank(sessionId);
        if (!isBlank) {
            isBlank3 = StringsKt__StringsJVMKt.isBlank(powerliftPartnerApiKey);
            if (!isBlank3) {
                isBlank4 = StringsKt__StringsJVMKt.isBlank(callingAppPackageName);
                if (!isBlank4) {
                    if (!checkCallingAppCertificate(context, callingAppPackageName) || !hasMatchingPackageNameAndApiKey(callingAppPackageName, powerliftPartnerApiKey)) {
                        ExternalLogger.Companion.e("Broadcast received by untrusted app: " + callingAppPackageName);
                        return false;
                    }
                    ExternalLogger.Companion companion = ExternalLogger.Companion;
                    companion.i("Accepted request to upload logs to PowerLift from: " + callingAppPackageName);
                    DeferrableWorkerUtils deferrableWorkerUtils = this.deferrableWorkerUtils;
                    Data build = new Data.Builder().putString("PowerLiftApiKey", powerliftPartnerApiKey).putString(LoggingConstants.KEY_CALLING_APP_PACKAGE_NAME, callingAppPackageName).putString("SessionID", sessionId).build();
                    Intrinsics.checkNotNullExpressionValue(build, "Builder()\n              …                 .build()");
                    deferrableWorkerUtils.enqueueOneTimeWorkRequest(POWERLIFT_UPLOAD_TAG, PowerLiftUploadWorker.class, build, this.deferrableWorkerUtils.getNetworkConstraints(), 0L, 0L);
                    companion.i("Scheduled the worker to upload logs.");
                    return true;
                }
            }
        }
        ExternalLogger.Companion companion2 = ExternalLogger.Companion;
        StringBuilder sb = new StringBuilder();
        sb.append("Ignoring broadcast that doesn't contain all necessary information: session ID = ");
        sb.append(sessionId);
        sb.append(",partnerApiKey.isBlank() = ");
        isBlank2 = StringsKt__StringsJVMKt.isBlank(powerliftPartnerApiKey);
        sb.append(isBlank2);
        sb.append("callingAppPackageName = ");
        sb.append(callingAppPackageName);
        companion2.e(sb.toString());
        return false;
    }
}
