package com.android.se.security;

import android.os.Build;
import android.util.Log;
import com.android.se.security.ChannelAccess;
import com.android.se.security.gpac.AID_REF_DO;
import com.android.se.security.gpac.AR_DO;
import com.android.se.security.gpac.Hash_REF_DO;
import com.android.se.security.gpac.PKG_REF_DO;
import com.android.se.security.gpac.REF_DO;
import java.io.PrintWriter;
import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class AccessRuleCache {
    private static final boolean DEBUG = Build.IS_DEBUGGABLE;
    private final String mTag = "SecureElement-AccessRuleCache";
    private byte[] mRefreshTag = null;
    private Map<REF_DO, ChannelAccess> mRuleCache = new HashMap();
    private ArrayList<REF_DO> mCarrierPrivilegeCache = new ArrayList<>();

    private ChannelAccess findAccessRuleInternal(byte[] bArr, List<byte[]> list) throws AccessControlException {
        AID_REF_DO aidRefDo = getAidRefDo(bArr);
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            REF_DO ref_do = new REF_DO(aidRefDo, new Hash_REF_DO(it.next()));
            if (this.mRuleCache.containsKey(ref_do)) {
                if (DEBUG) {
                    Log.i("SecureElement-AccessRuleCache", "findAccessRule() Case A " + ref_do.toString() + ", " + this.mRuleCache.get(ref_do).toString());
                }
                return this.mRuleCache.get(ref_do);
            }
        }
        if (searchForRulesWithSpecificAidButOtherHash(aidRefDo) != null) {
            if (DEBUG) {
                Log.i("SecureElement-AccessRuleCache", "Conflict Resolution Case A returning access rule 'NEVER'.");
            }
            ChannelAccess channelAccess = new ChannelAccess();
            channelAccess.setApduAccess(ChannelAccess.ACCESS.DENIED);
            channelAccess.setAccess(ChannelAccess.ACCESS.DENIED, "AID has a specific access rule with a different hash. (Case A)");
            channelAccess.setNFCEventAccess(ChannelAccess.ACCESS.DENIED);
            return channelAccess;
        }
        REF_DO ref_do2 = new REF_DO(getAidRefDo(bArr), new Hash_REF_DO());
        if (this.mRuleCache.containsKey(ref_do2)) {
            if (DEBUG) {
                Log.i("SecureElement-AccessRuleCache", "findAccessRule() Case B " + ref_do2.toString() + ", " + this.mRuleCache.get(ref_do2).toString());
            }
            return this.mRuleCache.get(ref_do2);
        }
        AID_REF_DO aid_ref_do = new AID_REF_DO(79);
        Iterator<byte[]> it2 = list.iterator();
        while (it2.hasNext()) {
            REF_DO ref_do3 = new REF_DO(aid_ref_do, new Hash_REF_DO(it2.next()));
            if (this.mRuleCache.containsKey(ref_do3)) {
                if (DEBUG) {
                    Log.i("SecureElement-AccessRuleCache", "findAccessRule() Case C " + ref_do3.toString() + ", " + this.mRuleCache.get(ref_do3).toString());
                }
                return this.mRuleCache.get(ref_do3);
            }
        }
        if (searchForRulesWithAllAidButOtherHash() != null) {
            if (DEBUG) {
                Log.i("SecureElement-AccessRuleCache", "Conflict Resolution Case C returning access rule 'NEVER'.");
            }
            ChannelAccess channelAccess2 = new ChannelAccess();
            channelAccess2.setApduAccess(ChannelAccess.ACCESS.DENIED);
            channelAccess2.setAccess(ChannelAccess.ACCESS.DENIED, "An access rule with a different hash and all AIDs was found. (Case C)");
            channelAccess2.setNFCEventAccess(ChannelAccess.ACCESS.DENIED);
            return channelAccess2;
        }
        REF_DO ref_do4 = new REF_DO(new AID_REF_DO(79), new Hash_REF_DO());
        if (!this.mRuleCache.containsKey(ref_do4)) {
            if (!DEBUG) {
                return null;
            }
            Log.i("SecureElement-AccessRuleCache", "findAccessRule() not found");
            return null;
        }
        if (DEBUG) {
            Log.i("SecureElement-AccessRuleCache", "findAccessRule() Case D " + ref_do4.toString() + ", " + this.mRuleCache.get(ref_do4).toString());
        }
        return this.mRuleCache.get(ref_do4);
    }

    private static AID_REF_DO getAidRefDo(byte[] bArr) {
        return (bArr == null || Arrays.equals(bArr, new byte[]{0, 0, 0, 0, 0})) ? new AID_REF_DO(AID_REF_DO.TAG_DEFAULT_APPLICATION) : new AID_REF_DO(79, bArr);
    }

    private static ChannelAccess mapArDo2ChannelAccess(AR_DO ar_do) {
        ChannelAccess channelAccess = new ChannelAccess();
        if (ar_do.getApduArDo() != null) {
            if (ar_do.getApduArDo().isApduAllowed()) {
                channelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
                ArrayList<byte[]> apduHeaderList = ar_do.getApduArDo().getApduHeaderList();
                ArrayList<byte[]> filterMaskList = ar_do.getApduArDo().getFilterMaskList();
                if (apduHeaderList == null || filterMaskList == null || apduHeaderList.size() <= 0 || apduHeaderList.size() != filterMaskList.size()) {
                    channelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
                } else {
                    ApduFilter[] apduFilterArr = new ApduFilter[apduHeaderList.size()];
                    for (int i = 0; i < apduHeaderList.size(); i++) {
                        apduFilterArr[i] = new ApduFilter(apduHeaderList.get(i), filterMaskList.get(i));
                    }
                    channelAccess.setUseApduFilter(true);
                    channelAccess.setApduFilter(apduFilterArr);
                }
            } else {
                channelAccess.setAccess(ChannelAccess.ACCESS.DENIED, "NEVER is explicitly specified as the APDU access rule policy");
                channelAccess.setApduAccess(ChannelAccess.ACCESS.DENIED);
            }
        }
        if (ar_do.getNfcArDo() != null) {
            channelAccess.setNFCEventAccess(ar_do.getNfcArDo().isNfcAllowed() ? ChannelAccess.ACCESS.ALLOWED : ChannelAccess.ACCESS.DENIED);
        }
        return channelAccess;
    }

    private Object searchForRulesWithAllAidButOtherHash() {
        AID_REF_DO aid_ref_do = new AID_REF_DO(79);
        for (REF_DO ref_do : this.mRuleCache.keySet()) {
            if (aid_ref_do.equals(ref_do.getAidDo()) && ref_do.getHashDo() != null && ref_do.getHashDo().getHash().length > 0) {
                return ref_do;
            }
        }
        return null;
    }

    private REF_DO searchForRulesWithSpecificAidButOtherHash(AID_REF_DO aid_ref_do) {
        if (aid_ref_do == null) {
            return null;
        }
        if (aid_ref_do.getTag() == 79 && aid_ref_do.getAid().length == 0) {
            return null;
        }
        for (REF_DO ref_do : this.mRuleCache.keySet()) {
            if (aid_ref_do.equals(ref_do.getAidDo()) && ref_do.getHashDo() != null && ref_do.getHashDo().getHash().length > 0) {
                return ref_do;
            }
        }
        return null;
    }

    public boolean checkCarrierPrivilege(String str, List<byte[]> list) {
        for (byte[] bArr : list) {
            Iterator<REF_DO> it = this.mCarrierPrivilegeCache.iterator();
            while (it.hasNext()) {
                REF_DO next = it.next();
                Hash_REF_DO hashDo = next.getHashDo();
                PKG_REF_DO pkgDo = next.getPkgDo();
                if (Hash_REF_DO.equals(hashDo, new Hash_REF_DO(bArr)) && (pkgDo == null || str.equals(pkgDo.getPackageName()))) {
                    return true;
                }
            }
        }
        return false;
    }

    public void clearCache() {
        this.mRuleCache.clear();
        this.mCarrierPrivilegeCache.clear();
    }

    public void dump(PrintWriter printWriter) {
        printWriter.println("SecureElement-AccessRuleCache:");
        printWriter.print("Current refresh tag is: ");
        byte[] bArr = this.mRefreshTag;
        int i = 0;
        if (bArr == null) {
            printWriter.print("<null>");
        } else {
            for (byte b : bArr) {
                printWriter.printf("%02X:", Byte.valueOf(b));
            }
        }
        printWriter.println();
        printWriter.println("Rules:");
        int i2 = 0;
        for (Map.Entry<REF_DO, ChannelAccess> entry : this.mRuleCache.entrySet()) {
            i2++;
            printWriter.print("rule " + i2 + ": ");
            printWriter.println(entry.getKey().toString() + " -> " + entry.getValue().toString());
        }
        printWriter.println();
        printWriter.println("Carrier Privilege:");
        Iterator<REF_DO> it = this.mCarrierPrivilegeCache.iterator();
        while (it.hasNext()) {
            REF_DO next = it.next();
            i++;
            printWriter.print("carrier privilege " + i + ": ");
            printWriter.println(next.toString());
        }
        printWriter.println();
    }

    public ChannelAccess findAccessRule(byte[] bArr, List<byte[]> list) throws AccessControlException {
        ChannelAccess findAccessRuleInternal = findAccessRuleInternal(bArr, list);
        if (findAccessRuleInternal != null) {
            if (findAccessRuleInternal.getApduAccess() == ChannelAccess.ACCESS.UNDEFINED && !findAccessRuleInternal.isUseApduFilter()) {
                findAccessRuleInternal.setAccess(ChannelAccess.ACCESS.DENIED, "No APDU access rule is available");
                findAccessRuleInternal.setApduAccess(ChannelAccess.ACCESS.DENIED);
            }
            if (findAccessRuleInternal.getNFCEventAccess() == ChannelAccess.ACCESS.UNDEFINED) {
                if (findAccessRuleInternal.isUseApduFilter()) {
                    findAccessRuleInternal.setNFCEventAccess(ChannelAccess.ACCESS.ALLOWED);
                } else {
                    findAccessRuleInternal.setNFCEventAccess(findAccessRuleInternal.getApduAccess());
                }
            }
        }
        return findAccessRuleInternal;
    }

    public byte[] getRefreshTag() {
        return this.mRefreshTag;
    }

    public boolean isRefreshTagEqual(byte[] bArr) {
        byte[] bArr2;
        if (bArr == null || (bArr2 = this.mRefreshTag) == null) {
            return false;
        }
        return Arrays.equals(bArr, bArr2);
    }

    public void putWithMerge(REF_DO ref_do, ChannelAccess channelAccess) {
        if (ref_do.isCarrierPrivilegeRefDo()) {
            this.mCarrierPrivilegeCache.add(ref_do);
            return;
        }
        if (!this.mRuleCache.containsKey(ref_do)) {
            if (DEBUG) {
                Log.i("SecureElement-AccessRuleCache", "Add Access Rule: " + ref_do.toString() + ", " + channelAccess.toString());
            }
            this.mRuleCache.put(ref_do, channelAccess);
            return;
        }
        ChannelAccess channelAccess2 = this.mRuleCache.get(ref_do);
        if (channelAccess2.getAccess() != ChannelAccess.ACCESS.DENIED) {
            if (channelAccess.getAccess() == ChannelAccess.ACCESS.DENIED) {
                channelAccess2.setAccess(ChannelAccess.ACCESS.DENIED, channelAccess.getReason());
            } else if (channelAccess.getAccess() == ChannelAccess.ACCESS.ALLOWED) {
                channelAccess2.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
            }
        }
        if (channelAccess2.getNFCEventAccess() != ChannelAccess.ACCESS.DENIED) {
            if (channelAccess.getNFCEventAccess() == ChannelAccess.ACCESS.DENIED) {
                channelAccess2.setNFCEventAccess(ChannelAccess.ACCESS.DENIED);
            } else if (channelAccess.getNFCEventAccess() == ChannelAccess.ACCESS.ALLOWED) {
                channelAccess2.setNFCEventAccess(ChannelAccess.ACCESS.ALLOWED);
            }
        }
        if (channelAccess2.getApduAccess() != ChannelAccess.ACCESS.DENIED) {
            if (channelAccess.getApduAccess() == ChannelAccess.ACCESS.DENIED) {
                channelAccess2.setApduAccess(ChannelAccess.ACCESS.DENIED);
            } else if (!channelAccess2.isUseApduFilter() && !channelAccess.isUseApduFilter() && channelAccess.getApduAccess() == ChannelAccess.ACCESS.ALLOWED) {
                channelAccess2.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
            }
        }
        int i = 0;
        if (channelAccess2.getApduAccess() == ChannelAccess.ACCESS.DENIED) {
            channelAccess2.setUseApduFilter(false);
            channelAccess2.setApduFilter(null);
        } else if (channelAccess.isUseApduFilter()) {
            Log.i("SecureElement-AccessRuleCache", "Merged Access Rule:  APDU filter together");
            channelAccess2.setUseApduFilter(true);
            ApduFilter[] apduFilter = channelAccess2.getApduFilter();
            ApduFilter[] apduFilter2 = channelAccess.getApduFilter();
            if (apduFilter == null || apduFilter.length == 0) {
                channelAccess2.setApduFilter(apduFilter2);
            } else if (apduFilter2 == null || apduFilter2.length == 0) {
                channelAccess2.setApduFilter(apduFilter);
            } else {
                ApduFilter[] apduFilterArr = new ApduFilter[apduFilter.length + apduFilter2.length];
                int length = apduFilter.length;
                int i2 = 0;
                int i3 = 0;
                while (i2 < length) {
                    apduFilterArr[i3] = apduFilter[i2];
                    i2++;
                    i3++;
                }
                int length2 = apduFilter2.length;
                while (i < length2) {
                    apduFilterArr[i3] = apduFilter2[i];
                    i++;
                    i3++;
                }
                channelAccess2.setApduFilter(apduFilterArr);
            }
        }
        if (DEBUG) {
            Log.i("SecureElement-AccessRuleCache", "Merged Access Rule: " + ref_do.toString() + ", " + channelAccess2.toString());
        }
    }

    public void putWithMerge(REF_DO ref_do, AR_DO ar_do) {
        if (ref_do.isCarrierPrivilegeRefDo()) {
            this.mCarrierPrivilegeCache.add(ref_do);
        } else {
            putWithMerge(ref_do, mapArDo2ChannelAccess(ar_do));
        }
    }

    public void reset() {
        this.mRefreshTag = null;
        this.mRuleCache.clear();
        this.mCarrierPrivilegeCache.clear();
    }

    public void setRefreshTag(byte[] bArr) {
        this.mRefreshTag = bArr;
    }
}
