package com.microsoft.onlineid.internal.sso;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import com.microsoft.onlineid.internal.Assertion;
import com.microsoft.onlineid.internal.configuration.Settings;
import com.microsoft.onlineid.internal.log.Logger;
import com.microsoft.onlineid.sts.Cryptography;
import com.microsoft.onlineid.sts.ServerConfig;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class SignatureVerifier {
    private final Context _applicationContext;
    private final ServerConfig _config;
    private final PackageManager _packageManager;

    @Deprecated
    public SignatureVerifier() {
        this._applicationContext = null;
        this._packageManager = null;
        this._config = null;
    }

    public SignatureVerifier(Context context) {
        this._applicationContext = context;
        this._packageManager = context.getPackageManager();
        this._config = new ServerConfig(context);
    }

    public boolean isPackageInUid(int i, String str) {
        String[] packagesForUid = this._packageManager.getPackagesForUid(i);
        if (packagesForUid == null || packagesForUid.length == 0) {
            return false;
        }
        return Arrays.asList(packagesForUid).contains(str);
    }

    public boolean isTrusted(String str) {
        boolean z = true;
        if (this._applicationContext.getPackageName().equalsIgnoreCase(str)) {
            return true;
        }
        Settings settings = Settings.getInstance(this._applicationContext);
        if (Settings.isDebugBuild() && !settings.isSettingEnabled(Settings.ShouldCheckSsoCertificatesInDebug)) {
            return true;
        }
        try {
            PackageInfo packageInfo = this._packageManager.getPackageInfo(str, 64);
            Set<String> stringSet = this._config.getStringSet(ServerConfig.AndroidSsoCertificates);
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            MessageDigest sha256Digester = Cryptography.getSha256Digester();
            Signature[] signatureArr = packageInfo.signatures;
            for (Signature signature : signatureArr) {
                String encodeToString = Base64.encodeToString(sha256Digester.digest(signature.toByteArray()), 2);
                arrayList.add(encodeToString);
                if (!stringSet.contains(encodeToString)) {
                    arrayList2.add(encodeToString);
                    z = false;
                }
            }
            if (z) {
                return z;
            }
            Logger.warning("Not trusting " + str + " because some hashes are not in the allowed list: " + Arrays.toString(arrayList2.toArray()));
            Logger.warning("Hashes for " + str + " are: " + Arrays.toString(arrayList.toArray()));
            Logger.warning("Allowed list is: " + Arrays.toString(stringSet.toArray()));
            return z;
        } catch (PackageManager.NameNotFoundException e) {
            String str2 = "Cannot check trust state of missing package: " + str;
            Logger.error(str2, e);
            Assertion.check(false, str2);
            return false;
        }
    }
}
