package com.qihoo360.accounts.sso.svc.impl;

import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.os.Process;
import android.os.RemoteException;
import android.text.TextUtils;
import com.qihoo360.accounts.IQihooAccountManager;
import com.qihoo360.accounts.IQihooAmResponse;
import com.qihoo360.accounts.QihooAccount;
import com.qihoo360.accounts.api.auth.CSAuth;
import com.qihoo360.accounts.api.auth.p.ClientAuthKey;
import com.qihoo360.accounts.api.auth.p.model.CsAuthResult;
import com.qihoo360.accounts.api.auth.p.model.CsAuthServer;
import com.qihoo360.accounts.base.common.Constant;
import com.qihoo360.accounts.base.common.ErrorCode;
import com.qihoo360.accounts.base.utils.BinderUtils;
import com.qihoo360.accounts.base.utils.CertUtils;
import com.qihoo360.accounts.base.utils.IoStreamUtils;
import com.qihoo360.accounts.base.utils.QihooTextUtils;
import com.qihoo360.accounts.base.utils.ServiceFileUtils;
import com.qihoo360.accounts.sso.extra.AppPermissionInfo;
import com.qihoo360.accounts.sso.extra.SignatureParser;
import com.qihoo360.accounts.sso.svc.QihooServiceController;
import com.qihoo360.accounts.sso.svc.m.AccountsModel;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class QihooServiceManagerService extends IQihooAccountManager.Stub {
    private static final int MAX_USER_DATA_LENGTH = 128;
    private static final int MSG_AUTH_CLIENT_BY_SERVER = 1;
    private static final String TAG = "ACCOUNT.QihooServiceManagerService";
    private final Context mContext;
    private final Handler mHandler = new Handler() { // from class: com.qihoo360.accounts.sso.svc.impl.QihooServiceManagerService.1
        @Override // android.os.Handler
        public void handleMessage(Message message) {
            switch (message.what) {
                case 1:
                    QihooServiceManagerService.this.handleAuthClientByServer((String) message.obj);
                    return;
                default:
                    return;
            }
        }
    };
    AccountsModel mModel;
    private final PackageManager mPackageManager;
    private final Map<String, AppPermissionInfo> mPermissionMap;
    private final File mStopFile;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class AuthClientListener implements CSAuth.IAuthListener {
        private CsAuthServer mAuthApp;

        public AuthClientListener(CsAuthServer csAuthServer) {
            this.mAuthApp = null;
            this.mAuthApp = csAuthServer;
        }

        private void handlePermissionDeny() {
            QihooServiceManagerService.this.mPermissionMap.put(this.mAuthApp.pkg, AppPermissionInfo.createInvalidPermission(this.mAuthApp.pkg));
            QihooServiceManagerService.this.saveClientList(QihooServiceManagerService.this.mContext, QihooServiceManagerService.this.mPermissionMap);
        }

        @Override // com.qihoo360.accounts.api.auth.CSAuth.IAuthListener
        public void onAuthFailed(int i, int i2, String str) {
        }

        @Override // com.qihoo360.accounts.api.auth.CSAuth.IAuthListener
        public void onAuthSuccess(List<CsAuthResult> list) {
            if (list == null || list.size() <= 0) {
                handlePermissionDeny();
                return;
            }
            CsAuthResult csAuthResult = list.get(0);
            if (this.mAuthApp.id != csAuthResult.id) {
                handlePermissionDeny();
                return;
            }
            QihooServiceManagerService.this.mPermissionMap.put(this.mAuthApp.pkg, new AppPermissionInfo(csAuthResult.id, csAuthResult.flags, csAuthResult.values, csAuthResult.body));
            QihooServiceManagerService.this.saveClientList(QihooServiceManagerService.this.mContext, QihooServiceManagerService.this.mPermissionMap);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class SSOClientInfo {
        public String mBody;
        public int mFlag;
        public int mId;
        public int mValues;
        public String pkg;

        private SSOClientInfo() {
        }

        public static SSOClientInfo fromJsonObject(JSONObject jSONObject) throws JSONException {
            SSOClientInfo sSOClientInfo = new SSOClientInfo();
            if (jSONObject.has("id")) {
                sSOClientInfo.mId = jSONObject.getInt("id");
            }
            if (jSONObject.has("pkg")) {
                sSOClientInfo.pkg = jSONObject.getString("pkg");
            }
            if (jSONObject.has("flag")) {
                sSOClientInfo.mFlag = jSONObject.getInt("flag");
            }
            if (jSONObject.has("values")) {
                sSOClientInfo.mValues = jSONObject.getInt("values");
            }
            if (jSONObject.has("body")) {
                sSOClientInfo.mBody = jSONObject.getString("body");
            }
            return sSOClientInfo;
        }

        public JSONObject toJsonObject() {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("pkg", this.pkg);
                jSONObject.put("id", this.mId);
                jSONObject.put("flag", this.mFlag);
                jSONObject.put("values", this.mValues);
                jSONObject.put("body", this.mBody);
            } catch (JSONException e) {
            }
            return jSONObject;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QihooServiceManagerService(Context context, AccountsModel accountsModel) {
        this.mContext = context;
        this.mModel = accountsModel;
        this.mPackageManager = context.getPackageManager();
        this.mPermissionMap = loadClientList(this.mContext);
        this.mStopFile = ServiceFileUtils.getStopFlagFile(this.mContext);
    }

    private final void checkServiceStatus() {
        File file = this.mStopFile;
        if (file != null && file.exists()) {
            throw new IllegalStateException("disabled service do nothing");
        }
    }

    private final void enforceCallingPermission(String str, int i, int i2, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        if (Process.myUid() == i) {
            return;
        }
        if (!isValidCallingPackage(str)) {
            if (iQihooAmResponse != null) {
                errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, null);
            }
            throw new SecurityException("Invalid package");
        }
        if (this.mContext.getPackageName().equals(str)) {
            return;
        }
        AppPermissionInfo appPermissionInfo = this.mPermissionMap.get(str);
        if (appPermissionInfo == null) {
            if (iQihooAmResponse != null) {
                errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_NEED_AUTH_PERMISSION, null);
            }
            throw new SecurityException("Need auth client");
        }
        if (appPermissionInfo.isInvalidPermission()) {
            if (iQihooAmResponse != null) {
                errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, null);
            }
            throw new SecurityException("Permission Deny: Invalid client app");
        }
        if (!appPermissionInfo.hasClientPermission()) {
            if (iQihooAmResponse != null) {
                errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_NEED_CLIENT_PERMISSION, null);
            }
            throw new SecurityException("Permission Deny: Need client permission");
        }
        if ((i2 & 4) != 0 && !appPermissionInfo.hasReadPermission()) {
            if (iQihooAmResponse != null) {
                errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_NEED_READ_PERMISSION, null);
            }
            throw new SecurityException("Permission Deny: Need read permission");
        }
        if ((i2 & 8) == 0 || appPermissionInfo.hasWritePermission()) {
            return;
        }
        if (iQihooAmResponse != null) {
            errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_NEED_WRITE_PERMISSION, null);
        }
        throw new SecurityException("Permission Deny: Need write permission");
    }

    private final void errorNotify(IQihooAmResponse iQihooAmResponse, int i, int i2, String str) {
        try {
            iQihooAmResponse.onError(i, i2, str);
        } catch (RemoteException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void handleAuthClientByServer(String str) {
        if (QihooTextUtils.isEmpty(str)) {
            return;
        }
        String authKeyFrom = QihooServiceController.getAuthKeyFrom();
        String authKeySignKey = QihooServiceController.getAuthKeySignKey();
        String authKeyCryptKey = QihooServiceController.getAuthKeyCryptKey();
        if (QihooTextUtils.isEmpty(authKeyFrom) || QihooTextUtils.isEmpty(authKeySignKey) || QihooTextUtils.isEmpty(authKeyCryptKey)) {
            throw new IllegalArgumentException("Empty auth keys");
        }
        ClientAuthKey clientAuthKey = new ClientAuthKey(authKeyFrom, authKeySignKey, authKeyCryptKey);
        ArrayList arrayList = new ArrayList();
        CsAuthServer csAuthServer = new CsAuthServer();
        String[] publicKeys = CertUtils.getPublicKeys(this.mContext, str);
        if (publicKeys == null || publicKeys.length <= 0) {
            this.mPermissionMap.put(str, AppPermissionInfo.createInvalidPermission(str));
            return;
        }
        csAuthServer.sig = publicKeys[0];
        csAuthServer.id = str.hashCode();
        csAuthServer.pkg = str;
        try {
            csAuthServer.ver = Integer.toString(BinderUtils.getPackageInfo(this.mContext.getPackageManager(), str, 0).versionCode);
        } catch (PackageManager.NameNotFoundException e) {
        }
        arrayList.add(csAuthServer);
        new CSAuth(this.mContext, clientAuthKey, new AuthClientListener(csAuthServer)).authServer(CsAuthServer.toJson(arrayList));
    }

    private final boolean isValidCallingPackage(String str) {
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        String[] packagesForUid = this.mPackageManager.getPackagesForUid(Binder.getCallingUid());
        if (packagesForUid == null || packagesForUid.length <= 0) {
            return false;
        }
        for (String str2 : packagesForUid) {
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    private final HashMap<String, AppPermissionInfo> loadClientList(Context context) {
        HashMap<String, AppPermissionInfo> hashMap = new HashMap<>();
        File file = new File(ServiceFileUtils.getPath(context) + "/" + Constant.CS_AUTH_BLACKLIST_FILE_NAME);
        if (file.exists()) {
            FileInputStream fileInputStream = null;
            try {
                FileInputStream fileInputStream2 = new FileInputStream(file);
                try {
                    byte[] bArr = new byte[fileInputStream2.available()];
                    fileInputStream2.read(bArr);
                    JSONArray jSONArray = new JSONArray(new String(bArr));
                    for (int i = 0; i < jSONArray.length(); i++) {
                        SSOClientInfo fromJsonObject = SSOClientInfo.fromJsonObject(jSONArray.getJSONObject(i));
                        hashMap.put(fromJsonObject.pkg, new AppPermissionInfo(fromJsonObject.mId, fromJsonObject.mFlag, fromJsonObject.mValues, fromJsonObject.mBody));
                    }
                    IoStreamUtils.closeSilently(fileInputStream2);
                } catch (IOException e) {
                    fileInputStream = fileInputStream2;
                    IoStreamUtils.closeSilently(fileInputStream);
                    return hashMap;
                } catch (JSONException e2) {
                    fileInputStream = fileInputStream2;
                    IoStreamUtils.closeSilently(fileInputStream);
                    return hashMap;
                } catch (Throwable th) {
                    th = th;
                    fileInputStream = fileInputStream2;
                    IoStreamUtils.closeSilently(fileInputStream);
                    throw th;
                }
            } catch (IOException e3) {
            } catch (JSONException e4) {
            } catch (Throwable th2) {
                th = th2;
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void saveClientList(Context context, Map<String, AppPermissionInfo> map) {
        FileOutputStream fileOutputStream;
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            AppPermissionInfo appPermissionInfo = map.get(str);
            SSOClientInfo sSOClientInfo = new SSOClientInfo();
            sSOClientInfo.pkg = str;
            sSOClientInfo.mId = appPermissionInfo.getId();
            sSOClientInfo.mFlag = appPermissionInfo.getFlag();
            sSOClientInfo.mValues = appPermissionInfo.getValues();
            sSOClientInfo.mBody = appPermissionInfo.getBody();
            arrayList.add(sSOClientInfo);
        }
        JSONArray jSONArray = new JSONArray();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            jSONArray.put(((SSOClientInfo) it.next()).toJsonObject());
        }
        FileOutputStream fileOutputStream2 = null;
        try {
            fileOutputStream = new FileOutputStream(new File(ServiceFileUtils.getPath(context) + "/" + Constant.CS_AUTH_BLACKLIST_FILE_NAME));
        } catch (IOException e) {
        } catch (Throwable th) {
            th = th;
        }
        try {
            fileOutputStream.write(jSONArray.toString().getBytes());
            fileOutputStream.flush();
            IoStreamUtils.closeSilently(fileOutputStream);
        } catch (IOException e2) {
            fileOutputStream2 = fileOutputStream;
            IoStreamUtils.closeSilently(fileOutputStream2);
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            IoStreamUtils.closeSilently(fileOutputStream2);
            throw th;
        }
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public void addAccount(Bundle bundle, String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        throw new RuntimeException("The interface:addAccount without implementation, not available!");
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public boolean attachAccount(QihooAccount qihooAccount, String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str, Binder.getCallingUid(), 8, iQihooAmResponse);
        return this.mModel.attachAccount(qihooAccount, str);
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public void authClient(String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        if (Process.myUid() == Binder.getCallingUid()) {
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onResult(null);
                return;
            }
            return;
        }
        if (!isValidCallingPackage(str)) {
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onError(10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, null);
                return;
            }
            return;
        }
        if (this.mContext.getPackageName().equals(str)) {
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onResult(null);
                return;
            }
            return;
        }
        SignatureParser signatureParser = new SignatureParser(str);
        boolean verify = signatureParser.verify(this.mContext);
        if (!verify) {
        }
        if (!verify) {
            this.mPermissionMap.put(str, AppPermissionInfo.createInvalidPermission(str));
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onError(10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, Integer.toString(ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY_VERIFY));
                return;
            }
            return;
        }
        if (!signatureParser.getAppPermissionInfo().hasClientPermission()) {
            this.mPermissionMap.put(str, AppPermissionInfo.createInvalidPermission(str));
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onError(10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, Integer.toString(ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY_STATIC));
                return;
            }
            return;
        }
        AppPermissionInfo appPermissionInfo = this.mPermissionMap.get(str);
        if (appPermissionInfo == null || appPermissionInfo.hasClientPermission()) {
            this.mPermissionMap.put(str, signatureParser.getAppPermissionInfo());
            if (iQihooAmResponse != null) {
                iQihooAmResponse.onResult(null);
            }
        } else if (iQihooAmResponse != null) {
            iQihooAmResponse.onError(10002, ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY, Integer.toString(ErrorCode.ERR_CODE_AUTH_PERMISSION_DENY_DYNAMIC));
        }
        this.mHandler.obtainMessage(1, str).sendToTarget();
    }

    public final void close() {
        saveClientList(this.mContext, this.mPermissionMap);
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public boolean detachAccount(QihooAccount qihooAccount, String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str, Binder.getCallingUid(), 8, iQihooAmResponse);
        return this.mModel.detachAccount(qihooAccount, str);
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public QihooAccount[] getAccounts(String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str, Binder.getCallingUid(), 4, iQihooAmResponse);
        return this.mModel.getAccounts(str);
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public String getUserData(QihooAccount qihooAccount, String str, String str2, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str2, Binder.getCallingUid(), 4, iQihooAmResponse);
        if (!TextUtils.isEmpty(str)) {
            return this.mModel.getUserData(qihooAccount, str);
        }
        if (iQihooAmResponse == null) {
            throw new IllegalArgumentException("[getUserData] key is empty");
        }
        errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_INVALID_PARAMETER, null);
        return null;
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public void removeAccount(QihooAccount qihooAccount, String str, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str, Binder.getCallingUid(), 8, iQihooAmResponse);
        this.mModel.removeAccount(qihooAccount);
    }

    @Override // com.qihoo360.accounts.IQihooAccountManager
    public void setUserData(QihooAccount qihooAccount, String str, String str2, String str3, IQihooAmResponse iQihooAmResponse) throws RemoteException {
        checkServiceStatus();
        enforceCallingPermission(str3, Binder.getCallingUid(), 8, iQihooAmResponse);
        if (TextUtils.isEmpty(str)) {
            if (iQihooAmResponse == null) {
                throw new IllegalArgumentException("key is null!");
            }
            errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_INVALID_PARAMETER, null);
        } else if (str2 == null || str2.length() <= 128) {
            this.mModel.setUserData(qihooAccount, str, str2);
        } else if (iQihooAmResponse != null) {
            errorNotify(iQihooAmResponse, 10002, ErrorCode.ERR_CODE_USER_DATA_TOO_LENGTH, null);
        }
    }
}
