package org.mozilla.gecko.fxa;

import android.annotation.TargetApi;
import android.content.ContentProvider;
import android.content.ContentValues;
import android.content.Context;
import android.content.UriMatcher;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.database.Cursor;
import android.database.MatrixCursor;
import android.net.Uri;
import android.os.Binder;
import android.os.Build;
import android.util.Log;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.mozilla.apache.commons.codec.digest.DigestUtils;
import org.mozilla.gecko.fxa.authenticator.AndroidFxAccount;
import org.mozilla.gecko.fxa.login.Cohabiting;
import org.mozilla.gecko.fxa.login.Married;
import org.mozilla.gecko.fxa.login.State;
import org.mozilla.gecko.fxa.login.TokensAndKeysState;

/* loaded from: classes.dex */
public class AuthStateProvider extends ContentProvider {
    static final UriMatcher URI_MATCHER = new UriMatcher(-1);
    private final String[] queryProjection = {"email", "sessionToken", "kSync", "kXSCS"};

    static {
        URI_MATCHER.addURI("org.mozilla.fennec_fdroid.fxa.auth", "state", 100);
    }

    private String getCallerPackage(PackageManager packageManager) {
        String nameForUid = packageManager.getNameForUid(Binder.getCallingUid());
        if (nameForUid == null) {
            return null;
        }
        if (Build.VERSION.SDK_INT >= 19) {
            String callingPackage = getCallingPackage();
            if (callingPackage == null) {
                Log.e("AuthStateProvider", "Manually obtained a calling package, but got null from ContentProvider.getCallingPackage()");
                return null;
            }
            if (!nameForUid.equals(callingPackage)) {
                Log.e("AuthStateProvider", "Calling package disagreement. Legacy: " + nameForUid + ", new API: " + callingPackage);
                return null;
            }
        }
        return nameForUid;
    }

    @TargetApi(28)
    private Signature getSignaturePostAPI28(PackageManager packageManager, String str) {
        try {
            PackageInfo packageInfo = packageManager.getPackageInfo(str, 134217728);
            if (packageInfo.signingInfo.hasMultipleSigners() || packageInfo.signingInfo.hasPastSigningCertificates()) {
                return null;
            }
            return packageInfo.signingInfo.getSigningCertificateHistory()[0];
        } catch (PackageManager.NameNotFoundException unused) {
            throw new IllegalStateException("Package name no longer present");
        }
    }

    private static Signature getSignaturePreAPI28(PackageManager packageManager, String str) {
        try {
            PackageInfo packageInfo = packageManager.getPackageInfo(str, 64);
            if (packageInfo.signatures.length != 1) {
                return null;
            }
            return packageInfo.signatures[0];
        } catch (PackageManager.NameNotFoundException unused) {
            throw new IllegalStateException("Package name no longer present");
        }
    }

    private boolean isTrustedCaller(Context context) {
        String str;
        PackageManager packageManager = context.getPackageManager();
        HashMap hashMap = new HashMap();
        hashMap.put("org.mozilla.fenix", "5004779088e7f988d5bc5cc5f8798febf4f8cd084a1b2a46efd4c8ee4aeaf211");
        hashMap.put("org.mozilla.fenix.nightly", "77eac4ceed36afefba76179931dd4cc195ab0cd54baf355d215e7bbdd28e402a");
        hashMap.put("mozilla.lockbox", "64d26b507078deba2fee42d6bd0bfad41d39ffc4e791f281028e5e73d3c8d2f2");
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(hashMap));
        String callerPackage = getCallerPackage(packageManager);
        if (callerPackage == null || (str = (String) unmodifiableMap.get(callerPackage)) == null) {
            return false;
        }
        Signature signaturePostAPI28 = Build.VERSION.SDK_INT >= 28 ? getSignaturePostAPI28(packageManager, callerPackage) : getSignaturePreAPI28(packageManager, callerPackage);
        if (signaturePostAPI28 == null) {
            return false;
        }
        String sha256Hex = DigestUtils.sha256Hex(signaturePostAPI28.toByteArray());
        Log.d("AuthStateProvider", "Verifying caller's signature:" + sha256Hex);
        boolean equals = str.equals(sha256Hex);
        if (equals) {
            Log.d("AuthStateProvider", "Success!");
        } else {
            Log.d("AuthStateProvider", "Failed! Signature mismatch for calling package " + callerPackage);
        }
        return equals;
    }

    @Override // android.content.ContentProvider
    public int delete(Uri uri, String str, String[] strArr) {
        throw new UnsupportedOperationException("Delete operation not supported");
    }

    @Override // android.content.ContentProvider
    public String getType(Uri uri) {
        if (URI_MATCHER.match(uri) != 100) {
            return null;
        }
        return "vnd.android.cursor.item/vnd.org.mozilla.fennec_fdroid.fxa.auth.state";
    }

    @Override // android.content.ContentProvider
    public Uri insert(Uri uri, ContentValues contentValues) {
        throw new UnsupportedOperationException("Insert operation not supported");
    }

    @Override // android.content.ContentProvider
    public boolean onCreate() {
        return true;
    }

    @Override // android.content.ContentProvider
    public Cursor query(Uri uri, String[] strArr, String str, String[] strArr2, String str2) {
        Context context = getContext();
        if (context == null) {
            return null;
        }
        if (!isTrustedCaller(context)) {
            Log.d("AuthStateProvider", "Caller must be whitelisted.");
            return null;
        }
        if (URI_MATCHER.match(uri) != 100) {
            Log.e("AuthStateProvider", "Unknown query URI " + uri);
            return null;
        }
        AndroidFxAccount fromContext = AndroidFxAccount.fromContext(getContext());
        if (fromContext == null) {
            return null;
        }
        String email = fromContext.getEmail();
        try {
            State state = fromContext.getState();
            MatrixCursor matrixCursor = new MatrixCursor(this.queryProjection, 1);
            if ((state instanceof Cohabiting) || (state instanceof Married)) {
                TokensAndKeysState tokensAndKeysState = (TokensAndKeysState) state;
                matrixCursor.addRow(new Object[]{email, tokensAndKeysState.getSessionToken(), tokensAndKeysState.getKSync(), tokensAndKeysState.getKXCS()});
            } else {
                matrixCursor.addRow(new Object[]{email, null, null, null});
            }
            return matrixCursor;
        } catch (Exception e) {
            Log.e("AuthStateProvider", "Failed to read account state", e);
            return null;
        }
    }

    @Override // android.content.ContentProvider
    public int update(Uri uri, ContentValues contentValues, String str, String[] strArr) {
        throw new UnsupportedOperationException("Update operation not supported");
    }
}
