package com.amazon.venezia.command.security;

import android.app.ActivityManager;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Binder;
import android.os.RemoteException;
import com.amazon.android.ConnectivityUtil;
import com.amazon.android.dagger.application.ContextModule;
import com.amazon.logging.Logger;
import com.amazon.mas.client.common.app.ApplicationHelper;
import com.amazon.mas.util.StringUtils;
import com.amazon.sdk.availability.PmetUtils;
import com.amazon.sdk.util.AppstoreSDKUtils;
import com.amazon.venezia.checksum.ChecksumCacheConfig;
import com.amazon.venezia.checksum.ChecksumCacheKeyBuilder;
import com.amazon.venezia.checksum.InMemoryChecksumCache;
import com.amazon.venezia.command.ExceptionResultWithReason;
import com.amazon.venezia.command.FailureResultWithReason;
import com.amazon.venezia.command.action.CommandAction;
import com.amazon.venezia.command.action.CommandActionChain;
import com.amazon.venezia.command.action.CommandActionContext;
import com.amazon.venezia.command.inject.DaggerCommandComponent;
import com.amazon.venezia.command.shared.AuthTokenData;
import com.amazon.venezia.command.shared.AuthTokenTable;
import com.amazon.venezia.provider.ContentMetadataProvider;
import com.amazon.venezia.provider.data.ContentMetadataDetails;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class CheckSecurityAction extends CommandActionChain {
    private static final Logger LOG = Logger.getLogger(CheckSecurityAction.class);
    AuthTokenTable authTokenTable;
    ChecksumCacheConfig checksumCacheConfig;
    ContentMetadataProvider contentMetadataProvider;

    public CheckSecurityAction() {
        this(null);
    }

    public CheckSecurityAction(CommandAction commandAction) {
        super(commandAction);
    }

    private void emitChecksumDurationMetrics(CommandActionContext commandActionContext, long j, String str) {
        long currentTimeMillis = System.currentTimeMillis() - j;
        LOG.d(String.format("%s took %d ms", "Appstore.Metrics.CSA.bc1Checksum.duration", Long.valueOf(currentTimeMillis)));
        PmetUtils.recordPmetTime(commandActionContext.getContext(), "Appstore.Metrics.CSA.bc1Checksum.duration", currentTimeMillis);
        PmetUtils.recordPmetTime(commandActionContext.getContext(), "Appstore.Metrics.CSA.bc1Checksum.duration-" + str, currentTimeMillis);
    }

    private void emitDurationMetrics(CommandActionContext commandActionContext, long j, String str) {
        long currentTimeMillis = System.currentTimeMillis() - j;
        LOG.d(String.format("%s took %d ms", str, Long.valueOf(currentTimeMillis)));
        PmetUtils.recordPmetTime(commandActionContext.getContext(), str, currentTimeMillis);
    }

    private String getSDKVersionFromCommand(CommandActionContext commandActionContext) throws RemoteException {
        if (commandActionContext.getCommand() == null || commandActionContext.getCommand().getData() == null) {
            return null;
        }
        return (String) commandActionContext.getCommand().getData().get("sdkVersion");
    }

    private boolean isSignatureValid(PackageManager packageManager, String str, String str2) {
        try {
            SignatureChecker signatureChecker = new SignatureChecker(str2);
            try {
                for (Signature signature : packageManager.getPackageInfo(str, 64).signatures) {
                    if (signatureChecker.matches(signature)) {
                        return true;
                    }
                }
                return false;
            } catch (PackageManager.NameNotFoundException e) {
                LOG.v("Could not get package info with signatures.", e);
                return false;
            }
        } catch (IOException e2) {
            LOG.v("Could not create signature checker.", e2);
            return false;
        }
    }

    private int retrieveCallingIdentifiers(CommandActionContext commandActionContext) {
        Binder.restoreCallingIdentity(commandActionContext.getIdToken());
        int callingUid = Binder.getCallingUid();
        int callingPid = Binder.getCallingPid();
        commandActionContext.setIdToken(Binder.clearCallingIdentity());
        commandActionContext.setProcessId(callingPid);
        trySetProcessImportance(commandActionContext, callingPid);
        return callingUid;
    }

    private void trySetProcessImportance(CommandActionContext commandActionContext, int i) {
        List<ActivityManager.RunningAppProcessInfo> runningAppProcesses;
        ActivityManager activityManager = (ActivityManager) commandActionContext.getContext().getSystemService("activity");
        if (activityManager == null || (runningAppProcesses = activityManager.getRunningAppProcesses()) == null) {
            return;
        }
        for (ActivityManager.RunningAppProcessInfo runningAppProcessInfo : runningAppProcesses) {
            if (runningAppProcessInfo.pid == i) {
                commandActionContext.setProcessImportance(runningAppProcessInfo.importance);
                return;
            }
        }
    }

    private boolean verifyBC1ChecksumOfInstalledAPK(CommandActionContext commandActionContext, String str, String str2, String str3, String str4, String str5, long j) {
        if (str3 == null) {
            return false;
        }
        boolean isChecksumOptimizationFlowEnabled = this.checksumCacheConfig.isChecksumOptimizationFlowEnabled();
        PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.weblabEnabled-" + isChecksumOptimizationFlowEnabled, 1L);
        if (isChecksumOptimizationFlowEnabled && !StringUtils.isEmpty(str4) && !this.checksumCacheConfig.isChecksumSyncCacheExpired(j)) {
            LOG.i("Sync happened previously, skipping the re-computation.");
            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.dbCacheHit", 1L);
            return str3.equals(str4);
        }
        InMemoryChecksumCache orCreateInstance = InMemoryChecksumCache.getOrCreateInstance(this.checksumCacheConfig.getChecksumCacheMaxSize(), this.checksumCacheConfig.getChecksumCacheTTL());
        String build = new ChecksumCacheKeyBuilder().withPackageName(str2).withProcessId(String.valueOf(commandActionContext.getProcessId())).build();
        if (build == null) {
            LOG.d("cacheKey is null, computing checksum for contentId - " + str);
            String bC1Checksum = ApplicationHelper.getBC1Checksum(commandActionContext.getContext(), str2, ApplicationHelper.getApkChecksumAlgoForKiwiVersion(str5));
            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.cacheKeyNull", 1L);
            return str3.equals(bC1Checksum);
        }
        JSONObject jSONObject = (JSONObject) orCreateInstance.getCache().get(build);
        if (jSONObject != null && jSONObject.optBoolean("isChecksumValidated")) {
            LOG.i("Checksum was validated previously. Skipping the re-computation");
            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.cacheHit", 1L);
            return true;
        }
        PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.cacheMiss", 1L);
        String bC1Checksum2 = ApplicationHelper.getBC1Checksum(commandActionContext.getContext(), str2, ApplicationHelper.getApkChecksumAlgoForKiwiVersion(str5));
        boolean equals = str3.equals(bC1Checksum2);
        if (equals) {
            try {
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("isChecksumValidated", true);
                LOG.d("Checksum is valid. Storing the checksum in the cache with key: " + build);
                orCreateInstance.getCache().put(build, jSONObject2);
            } catch (Exception unused) {
                LOG.d("Error while storing data into cache");
                PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.cacheError", 1L);
            }
        }
        if (isChecksumOptimizationFlowEnabled) {
            final HashMap hashMap = new HashMap();
            hashMap.put(str, bC1Checksum2);
            new Thread(new Runnable() { // from class: com.amazon.venezia.command.security.CheckSecurityAction.1
                @Override // java.lang.Runnable
                public void run() {
                    CheckSecurityAction.this.authTokenTable.updateAuthRecords(hashMap);
                }
            }).start();
            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.dbCacheMiss", 1L);
        }
        return equals;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v0, types: [long] */
    /* JADX WARN: Type inference failed for: r11v1 */
    /* JADX WARN: Type inference failed for: r11v10 */
    /* JADX WARN: Type inference failed for: r11v11 */
    /* JADX WARN: Type inference failed for: r11v12 */
    /* JADX WARN: Type inference failed for: r11v2 */
    /* JADX WARN: Type inference failed for: r11v6 */
    /* JADX WARN: Type inference failed for: r11v7, types: [boolean] */
    @Override // com.amazon.venezia.command.action.CommandActionChain
    public boolean executeAction(CommandActionContext commandActionContext) throws RemoteException {
        String str;
        long j;
        long j2;
        String str2;
        long j3;
        ?? r11;
        PackageManager packageManager;
        LOG.v("Executing command action: " + CheckSecurityAction.class);
        DaggerCommandComponent.builder().contextModule(new ContextModule(commandActionContext.getContext())).build().inject(this);
        int currentTimeMillis = System.currentTimeMillis();
        String packageName = commandActionContext.getCommand().getPackageName();
        if (packageName == null) {
            LOG.v("Package name expected.");
            commandActionContext.getCallback().onException(new IllegalArgumentExceptionResult("packageName", ExceptionResultWithReason.ExceptionReason.CSA_NO_PACKAGE_NAME));
            emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
            return false;
        }
        PackageManager packageManager2 = commandActionContext.getContext().getPackageManager();
        int retrieveCallingIdentifiers = retrieveCallingIdentifiers(commandActionContext);
        if (!Arrays.asList(packageManager2.getPackagesForUid(retrieveCallingIdentifiers)).contains(packageName)) {
            LOG.v("Package name (%s) is not associated with calling uid (%d).", packageName, Integer.valueOf(retrieveCallingIdentifiers));
            commandActionContext.getCallback().onException(new UnauthorizedExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_PKG_NAME_NOT_FOR_CALLING_UID));
            emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
            return false;
        }
        long currentTimeMillis2 = System.currentTimeMillis();
        ContentMetadataDetails contentMetadataByPkgName = this.contentMetadataProvider.getContentMetadataByPkgName(packageName);
        if (contentMetadataByPkgName == null) {
            if (ConnectivityUtil.isNetworkConnected(commandActionContext.getContext())) {
                LOG.e("Content metadata not available for package name: " + packageName);
                commandActionContext.getCallback().onFailure(new BadContentFailureResult(commandActionContext, packageName, FailureResultWithReason.FailureReason.CSA_NO_CONTENT_METADATA));
                emitDurationMetrics(commandActionContext, currentTimeMillis2, "Appstore.Metrics.CSA.getContentMetadata.duration");
                emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
                return false;
            }
            LOG.e("Can't get content metadata for " + packageName + " due to network error");
            commandActionContext.getCallback().onException(new BadContentExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_NO_AUTH_TOKEN_NO_INTERNET));
            emitDurationMetrics(commandActionContext, currentTimeMillis2, "Appstore.Metrics.CSA.getContentMetadata.duration");
            emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
            return false;
        }
        String contentId = contentMetadataByPkgName.getContentId();
        if (contentId == null) {
            LOG.e(String.format("App (%s) does not contain a content id.", packageName));
            commandActionContext.getCallback().onException(new BadContentExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_NO_CONTENT_ID));
            emitDurationMetrics(commandActionContext, currentTimeMillis2, "Appstore.Metrics.CSA.getContentMetadata.duration");
            emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
            return false;
        }
        commandActionContext.setValue("com.amazon.venezia.command.security.contentId", contentId);
        emitDurationMetrics(commandActionContext, currentTimeMillis2, "Appstore.Metrics.CSA.getContentMetadata.duration");
        long currentTimeMillis3 = System.currentTimeMillis();
        try {
            AuthTokenData authTokenData = this.authTokenTable.getAuthTokenData(contentId);
            try {
                if (authTokenData != null && !StringUtils.isBlankOrStringLiteralNull(authTokenData.getAuthToken())) {
                    String authToken = authTokenData.getAuthToken();
                    emitDurationMetrics(commandActionContext, currentTimeMillis3, "Appstore.Metrics.CSA.getAuthTokenData.duration");
                    if (AppstoreSDKUtils.isSDKForNonTranscodedApps(getSDKVersionFromCommand(commandActionContext))) {
                        long currentTimeMillis4 = System.currentTimeMillis();
                        String kiwiVersion = contentMetadataByPkgName.getKiwiVersion();
                        long currentTimeMillis5 = System.currentTimeMillis();
                        str = contentId;
                        currentTimeMillis = 1;
                        r11 = 1;
                        currentTimeMillis = 1;
                        packageManager = packageManager2;
                        try {
                            boolean verifyBC1ChecksumOfInstalledAPK = verifyBC1ChecksumOfInstalledAPK(commandActionContext, contentId, packageName, authTokenData.getBc1Checksum(), authTokenData.getInstalledBc1Checksum(), kiwiVersion, currentTimeMillis5);
                            long currentTimeMillis6 = System.currentTimeMillis();
                            LOG.i("Time taken for checksum validation - " + (currentTimeMillis6 - currentTimeMillis5) + " ms");
                            if (!verifyBC1ChecksumOfInstalledAPK) {
                                LOG.e(String.format("APK with package name [sha256: %s] has not been installed by Amazon", StringUtils.sha256(packageName)));
                                PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.failure", 1L);
                                commandActionContext.getCallback().onFailure(new UnauthorizedFailureResult(commandActionContext, authToken, FailureResultWithReason.FailureReason.CSA_INVALID_CHECKSUM));
                                emitChecksumDurationMetrics(commandActionContext, currentTimeMillis4, contentMetadataByPkgName.getAsin());
                                emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
                                return false;
                            }
                            j3 = currentTimeMillis;
                            str2 = authToken;
                            emitChecksumDurationMetrics(commandActionContext, currentTimeMillis4, contentMetadataByPkgName.getAsin());
                        } catch (IOException unused) {
                            j2 = currentTimeMillis;
                            Logger logger = LOG;
                            Object[] objArr = new Object[currentTimeMillis];
                            objArr[0] = str;
                            logger.v("Can't get auth token for %s due to network error", objArr);
                            commandActionContext.getCallback().onException(new BadContentExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_NO_AUTH_TOKEN_NO_INTERNET));
                            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.IOException", 1L);
                            emitDurationMetrics(commandActionContext, j2, "Appstore.Metrics.CSA.duration");
                            return false;
                        } catch (IllegalArgumentException unused2) {
                            j = currentTimeMillis;
                            Logger logger2 = LOG;
                            Object[] objArr2 = new Object[currentTimeMillis];
                            objArr2[0] = str;
                            logger2.v("Can't get auth token table due to db error", objArr2);
                            commandActionContext.getCallback().onException(new BadContentExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_UNEXPECTED_AUTH_DB_EXCEPTION));
                            PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.dbIllegalArgumentException", 1L);
                            emitDurationMetrics(commandActionContext, j, "Appstore.Metrics.CSA.duration");
                            return false;
                        }
                    } else {
                        str2 = authToken;
                        j3 = currentTimeMillis;
                        r11 = 1;
                        packageManager = packageManager2;
                    }
                    PmetUtils.incrementPmetCount(commandActionContext.getContext(), "Appstore.Metrics.bc1Checksum.success", 1L);
                    commandActionContext.setValue("com.amazon.venezia.command.security.authToken", str2);
                    if (!packageName.equals(contentMetadataByPkgName.getPackageName())) {
                        Logger logger3 = LOG;
                        Object[] objArr3 = new Object[2];
                        objArr3[0] = packageName;
                        objArr3[r11] = contentMetadataByPkgName.getPackageName();
                        logger3.e(String.format("Package name (%s) does not match content metadata (%s)", objArr3));
                        commandActionContext.getCallback().onFailure(new BadContentFailureResult(commandActionContext, str2, FailureResultWithReason.FailureReason.CSA_CONTENT_MD_PKG_NAME_MISMATCH));
                        emitDurationMetrics(commandActionContext, j3, "Appstore.Metrics.CSA.duration");
                        return false;
                    }
                    long currentTimeMillis7 = System.currentTimeMillis();
                    if (isSignatureValid(packageManager, packageName, contentMetadataByPkgName.getSignature())) {
                        emitDurationMetrics(commandActionContext, currentTimeMillis7, "Appstore.Metrics.CSA.signature.duration");
                        commandActionContext.setValue("com.amazon.venezia.command.security.asin", contentMetadataByPkgName.getAsin());
                        emitDurationMetrics(commandActionContext, j3, "Appstore.Metrics.CSA.duration");
                        return r11;
                    }
                    LOG.e("Could not verify signature: " + contentMetadataByPkgName.getSignature());
                    commandActionContext.getCallback().onFailure(new UnauthorizedFailureResult(commandActionContext, str2, FailureResultWithReason.FailureReason.CSA_INVALID_SIGNATURE));
                    emitDurationMetrics(commandActionContext, currentTimeMillis7, "Appstore.Metrics.CSA.signature.duration");
                    emitDurationMetrics(commandActionContext, j3, "Appstore.Metrics.CSA.duration");
                    return false;
                }
                LOG.v("Auth token not available for content id (%s).", contentId);
                commandActionContext.getCallback().onException(new BadContentExceptionResult(ExceptionResultWithReason.ExceptionReason.CSA_NO_AUTH_TOKEN));
                emitDurationMetrics(commandActionContext, currentTimeMillis3, "Appstore.Metrics.CSA.getAuthTokenData.duration");
                emitDurationMetrics(commandActionContext, currentTimeMillis, "Appstore.Metrics.CSA.duration");
                return false;
            } catch (IOException unused3) {
            } catch (IllegalArgumentException unused4) {
            }
        } catch (IOException unused5) {
            str = contentId;
            j2 = currentTimeMillis;
            currentTimeMillis = 1;
        } catch (IllegalArgumentException unused6) {
            str = contentId;
            j = currentTimeMillis;
            currentTimeMillis = 1;
        }
    }
}
