package com.amazon.mas.client.install;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Build;
import com.amazon.android.dagger.DaggerAndroid;
import com.amazon.assertion.Assert;
import com.amazon.logging.Logger;
import com.amazon.mas.client.install.InstallResult;
import com.amazon.mas.client.install.Installer;
import com.amazon.mas.client.security.broadcast.SecureBroadcastManager;
import com.amazon.mas.util.BC1;
import com.amazon.mas.util.InvalidJarSignatureException;
import com.amazon.mas.util.Pair;
import com.amazon.mas.util.SignatureChecker;
import com.amazon.mas.util.StringUtils;
import com.amazon.profiling.Profiler;
import com.amazon.profiling.ProfilerScope;
import com.amazon.sdk.availability.AvailabilityService;
import java.io.File;
import java.io.IOException;
import javax.inject.Inject;
import org.iharder.encoders.Base64;

/* loaded from: classes13.dex */
public class SignatureVerificationInstaller implements Installer {
    private static final Logger LOG = Logger.getLogger(SignatureVerificationInstaller.class);

    @Inject
    Context context;

    @Inject
    PackageManager packageManager;

    @Inject
    SecureBroadcastManager secureBroadcastManager;
    private final Installer targetInstaller;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes13.dex */
    public static class SignatureVerificationListener implements Installer.InstallListener {
        private final PackageManager packageManager;
        private SecureBroadcastManager secureBroadcastManager;
        private final Installer.InstallListener targetInstallListener;

        public SignatureVerificationListener(Installer.InstallListener installListener, PackageManager packageManager, SecureBroadcastManager secureBroadcastManager) {
            this.targetInstallListener = installListener;
            this.packageManager = packageManager;
            this.secureBroadcastManager = secureBroadcastManager;
        }

        private void broadcastPostInstallVerificationFailure(String str) {
            SignatureVerificationInstaller.LOG.i(String.format("Failed post signature verfification. App %s installation has been compromised.", str));
            Intent intent = new Intent("com.amazon.mas.client.install.POST_INSTALL_SIGNATURE_VERIFICATION_FAILED");
            intent.putExtra("com.amazon.mas.client.install.apk_package_name", str);
            this.secureBroadcastManager.sendBroadcast(intent);
        }

        private void postInstallSignatureVerification(InstallRequest installRequest, InstallResult installResult) {
            ProfilerScope methodScopeStart = Profiler.methodScopeStart(getClass(), "postInstallSignatureVerification");
            try {
                String expectedApkSignature = installRequest.getExpectedApkSignature();
                if (StringUtils.isBlank(expectedApkSignature)) {
                    SignatureVerificationInstaller.LOG.d("No expected signature. This should not happen we already checked for it. Proceed with result.");
                    return;
                }
                String packageName = installResult.getPackageName();
                Assert.notNull("packageName", packageName);
                SignatureVerificationInstaller.LOG.d("Perform post-install signature verification for %s ...", packageName);
                try {
                    Signature[] signatureArr = this.packageManager.getPackageInfo(packageName, 64).signatures;
                    if (signatureArr == null) {
                        SignatureVerificationInstaller.LOG.i("Cannot locate signature for installed apk.");
                        broadcastPostInstallVerificationFailure(packageName);
                    } else if (SignatureVerificationInstaller.signatureCheck(expectedApkSignature, signatureArr)) {
                        SignatureVerificationInstaller.LOG.d("Signature verification passed. Signature match.");
                    } else {
                        SignatureVerificationInstaller.LOG.i("Signature verification failed. Signature mismatch.");
                        broadcastPostInstallVerificationFailure(packageName);
                    }
                } catch (PackageManager.NameNotFoundException e) {
                    SignatureVerificationInstaller.LOG.i("Unexpected state: The package manager cannot locate " + packageName);
                }
            } finally {
                Profiler.scopeEnd(methodScopeStart);
            }
        }

        @Override // com.amazon.mas.client.install.Installer.InstallListener
        public void onResult(InstallRequest installRequest, InstallResult installResult) {
            SignatureVerificationInstaller.LOG.d("Install result code: %d", Integer.valueOf(installResult.getResultCode()));
            this.targetInstallListener.onResult(installRequest, installResult);
            if (1 == installResult.getResultCode()) {
                SignatureVerificationInstaller.LOG.d("Install succeeded.");
                postInstallSignatureVerification(installRequest, installResult);
            }
        }

        @Override // com.amazon.mas.client.install.Installer.InstallListener
        public void onStateChange(InstallRequest installRequest, InstallState installState, InstallState installState2) {
            SignatureVerificationInstaller.LOG.d("State changed. {old: %s, new:%s}", installState, installState2);
            this.targetInstallListener.onStateChange(installRequest, installState, installState2);
        }
    }

    public SignatureVerificationInstaller(Installer installer) {
        this.targetInstaller = installer;
    }

    private static BC1.ManifestChecksumAlg determineManifestChecksumAlg() {
        return Build.VERSION.SDK_INT > 17 ? BC1.ManifestChecksumAlg.SHA256 : BC1.ManifestChecksumAlg.SHA1;
    }

    private void failInstallRequest(InstallRequest installRequest, Installer.InstallListener installListener, int i, String str) {
        LOG.i("Failing install request...");
        installListener.onStateChange(installRequest, InstallState.NOT_STARTED, InstallState.FAILED);
        installListener.onResult(installRequest, new InstallResult.Builder(installRequest, i).withErrorDescription(str).build());
    }

    private void preInstallSignatureAndChecksumVerification(InstallRequest installRequest, Installer.InstallListener installListener) {
        Signature[] collectCertificates;
        DaggerAndroid.inject(this);
        ProfilerScope methodScopeStart = Profiler.methodScopeStart(getClass(), "preInstallSignatureAndChecksumVerification");
        try {
            String expectedApkSignature = installRequest.getExpectedApkSignature();
            String expectedApkChecksum = installRequest.getExpectedApkChecksum();
            if (installRequest.isUninstall() || installRequest.isInstallPackage()) {
                LOG.d("Not an install apk request. Ignore signature/checksum check");
                proceedWithInstallRequestWithoutPostSignatureVerification(installRequest, installListener);
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            if (StringUtils.isBlank(expectedApkSignature) && StringUtils.isBlank(expectedApkChecksum)) {
                LOG.i("Unexpectedly missing both 'expected signature' and checksum.  Install type = " + installRequest.getInstallType());
                AvailabilityService.incrementPmetCount(this.context, "Appstore.InstallMetrics.InstallSevice.MissingSignatureAndChecksum.Count", 1L);
                proceedWithInstallRequestWithoutPostSignatureVerification(installRequest, installListener);
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            String stringExtra = installRequest.getIntent().getStringExtra("com.amazon.mas.client.install.file_location");
            if (StringUtils.isBlank(stringExtra)) {
                LOG.i("No apk file location. Let target installer handle it.");
                proceedWithInstallRequestWithoutPostSignatureVerification(installRequest, installListener);
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            File file = new File(stringExtra);
            if (!file.exists()) {
                LOG.i("Apk file does not exist. Let target installer handle it.");
                proceedWithInstallRequestWithoutPostSignatureVerification(installRequest, installListener);
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            if (StringUtils.isBlank(expectedApkChecksum)) {
                LOG.i("No expected checksum in the intent. Failing install.");
                failInstallRequest(installRequest, installListener, 20003, installRequest.getRequestDescription(this.packageManager));
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            if (StringUtils.isBlank(expectedApkSignature)) {
                LOG.i("No expected signature. Failing install.");
                failInstallRequest(installRequest, installListener, 20006, installRequest.getRequestDescription(this.packageManager));
                Profiler.scopeEnd(methodScopeStart);
                return;
            }
            LOG.d("Performing pre-install checksum verification for %s ...", file.getName());
            try {
                Pair<byte[], byte[]> bC1ChecksumAndManifestHash = BC1.getBC1ChecksumAndManifestHash(file, determineManifestChecksumAlg());
                String encodeBytes = Base64.encodeBytes(bC1ChecksumAndManifestHash.first);
                String encodeBytes2 = Base64.encodeBytes(bC1ChecksumAndManifestHash.second);
                Intent intent = installRequest.getIntent();
                if (expectedApkChecksum.equals(encodeBytes)) {
                    LOG.d("Checksum verification passed. Checksum match.");
                    intent.putExtra("com.amazon.mas.client.install.androidManifestChecksum", encodeBytes2);
                    LOG.d("Performing pre-install signature verification for %s ...", file.getName());
                    PackageInfo packageArchiveInfo = this.packageManager.getPackageArchiveInfo(file.getAbsolutePath(), 64);
                    if (packageArchiveInfo.signatures != null) {
                        LOG.d("Obtained developer certificates from local file via PackageManager");
                        collectCertificates = packageArchiveInfo.signatures;
                    } else {
                        LOG.d("Can't get certificates from PackageManager.  Go grab coffee while we execute our method...");
                        collectCertificates = SignatureChecker.collectCertificates(file.getAbsolutePath());
                    }
                    if (collectCertificates == null) {
                        LOG.i("Cannot locate signatures for apk file.");
                        failInstallRequest(installRequest, installListener, 20005, installRequest.getRequestDescription(this.packageManager) + ", [Cannot locate signatures for apk file]");
                        Profiler.scopeEnd(methodScopeStart);
                    } else if (signatureCheck(expectedApkSignature, collectCertificates)) {
                        try {
                            PackageInfo packageInfo = this.packageManager.getPackageInfo(installRequest.getPackageName(), 8256);
                            if (packageInfo.signatures == null) {
                                LOG.w("Cannot locate signature for installed apk.");
                            } else if (!signatureCheck(expectedApkSignature, packageInfo.signatures)) {
                                LOG.i("Signature verification failed. Signature mismatch with respect to the already installed apk signature.");
                                failInstallRequest(installRequest, installListener, 20000, installRequest.getRequestDescription(this.packageManager) + ", installedPackageInfo.signatures.length = " + packageInfo.signatures.length + ", installedPackageInfo.signatures[0]: " + SignatureChecker.convertSignatureToEncodedString(collectCertificates[0]));
                                Profiler.scopeEnd(methodScopeStart);
                            }
                        } catch (PackageManager.NameNotFoundException e) {
                            LOG.d(installRequest.getPackageName() + " not installed. Not an update operation.");
                        }
                        LOG.d("Signature verification passed. Signature match.");
                        proceedWithInstallRequest(installRequest, installListener);
                        Profiler.scopeEnd(methodScopeStart);
                    } else {
                        LOG.i("Signature verification failed. Signature mismatch with respect to the DS signature.");
                        failInstallRequest(installRequest, installListener, 20005, installRequest.getRequestDescription(this.packageManager) + ", signatures.length = " + collectCertificates.length + ", signatures[0]: " + SignatureChecker.convertSignatureToEncodedString(collectCertificates[0]));
                        Profiler.scopeEnd(methodScopeStart);
                    }
                } else {
                    LOG.i("Checksum verification failed. Checksum mismatch.");
                    intent.putExtra("com.amazon.mas.client.install.androidManifestChecksum", (String) null);
                    failInstallRequest(installRequest, installListener, 20001, installRequest.getRequestDescription(this.packageManager) + ", apkChecksum: " + encodeBytes);
                    Profiler.scopeEnd(methodScopeStart);
                }
            } catch (InvalidJarSignatureException e2) {
                LOG.i("Apk file is not signed correctly. Failing install.", e2);
                failInstallRequest(installRequest, installListener, 20002, installRequest.getRequestDescription(this.packageManager) + ", InvalidJarSignatureException: " + e2.getMessage());
                Profiler.scopeEnd(methodScopeStart);
            } catch (IOException e3) {
                LOG.i("Apk file does not exist. Let target installer handle it.", e3);
                proceedWithInstallRequestWithoutPostSignatureVerification(installRequest, installListener);
                Profiler.scopeEnd(methodScopeStart);
            }
        } catch (Throwable th) {
            Profiler.scopeEnd(methodScopeStart);
            throw th;
        }
    }

    private void proceedWithInstallRequest(InstallRequest installRequest, Installer.InstallListener installListener) {
        LOG.d("Proceeding with install request...");
        this.targetInstaller.process(installRequest, new SignatureVerificationListener(installListener, this.packageManager, this.secureBroadcastManager));
    }

    private void proceedWithInstallRequestWithoutPostSignatureVerification(InstallRequest installRequest, Installer.InstallListener installListener) {
        LOG.d("Proceeding with install request...");
        this.targetInstaller.process(installRequest, installListener);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean signatureCheck(String str, Signature[] signatureArr) {
        try {
            SignatureChecker fromBase64String = SignatureChecker.fromBase64String(str);
            for (Signature signature : signatureArr) {
                if (fromBase64String.matches(signature)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            return false;
        }
    }

    @Override // com.amazon.mas.client.install.Installer
    public void process(InstallRequest installRequest, Installer.InstallListener installListener) {
        preInstallSignatureAndChecksumVerification(installRequest, installListener);
    }
}
