package com.google.android.apps.enterprise.dmagent.certificates;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.net.Uri;
import android.util.Base64;
import android.util.Log;
import com.google.android.apps.enterprise.dmagent.C0391b;
import com.google.android.apps.enterprise.dmagent.V;
import com.google.android.apps.enterprise.dmagent.b.m;
import com.google.android.apps.enterprise.dmagent.b.t;
import com.google.android.apps.enterprise.dmagent.bt;
import com.google.android.apps.enterprise.dmagent.certificates.CertificateSilentAccessAppWhitelist;
import com.google.android.apps.enterprise.dmagent.receivers.DMServiceReceiver;
import com.google.g.b.B;
import com.google.g.b.I;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* loaded from: classes.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    private static c f3484a;

    /* renamed from: b, reason: collision with root package name */
    private MessageDigest f3485b;

    private c() {
        try {
            this.f3485b = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e2) {
            this.f3485b = null;
            String valueOf = String.valueOf(e2.toString());
            Log.e(DMServiceReceiver.LOG_TAG, valueOf.length() != 0 ? "Unable to perform encoding for selecting a private key: ".concat(valueOf) : new String("Unable to perform encoding for selecting a private key: "));
        }
    }

    public static synchronized c a() {
        c cVar;
        synchronized (c.class) {
            if (f3484a == null) {
                f3484a = new c();
            }
            cVar = f3484a;
        }
        return cVar;
    }

    public final String b(Context context, int i, Uri uri) {
        Map unmodifiableMap;
        CertificateSilentAccessAppWhitelist certificateSilentAccessAppWhitelist;
        Iterator<String> it;
        Charset charset = V.f3166a;
        bt m = new C0391b(context).m();
        m a2 = com.google.android.apps.enterprise.dmagent.a.a.a(context);
        if (m == null || this.f3485b == null || !m.dp() || !(a2.e() || a2.c())) {
            Log.v(DMServiceReceiver.LOG_TAG, "Unable to select an alias.");
            return null;
        }
        t l = com.google.android.apps.enterprise.dmagent.a.a.l(context);
        String[] c2 = l.c(i);
        if (c2 == null) {
            unmodifiableMap = null;
        } else {
            HashMap hashMap = new HashMap();
            for (String str : c2) {
                try {
                    for (Signature signature : l.b(str, 64).signatures) {
                        hashMap.put(new String(Base64.encode(this.f3485b.digest(signature.toByteArray()), 11)), str);
                    }
                } catch (PackageManager.NameNotFoundException e2) {
                    String valueOf = String.valueOf(str);
                    Log.v(DMServiceReceiver.LOG_TAG, valueOf.length() != 0 ? "Unable to get details about package ".concat(valueOf) : new String("Unable to get details about package "));
                }
            }
            unmodifiableMap = Collections.unmodifiableMap(hashMap);
        }
        if (unmodifiableMap == null) {
            Log.v(DMServiceReceiver.LOG_TAG, "No packages associated private key alias caller's uid.");
            return null;
        }
        Iterator<CertificateSilentAccessAppWhitelist> it2 = m.ff().iterator();
        while (true) {
            if (!it2.hasNext()) {
                certificateSilentAccessAppWhitelist = null;
                break;
            }
            certificateSilentAccessAppWhitelist = it2.next();
            String valueOf2 = String.valueOf(certificateSilentAccessAppWhitelist.getAppPackageName());
            Log.v(DMServiceReceiver.LOG_TAG, valueOf2.length() != 0 ? "Check if private key policy applies: ".concat(valueOf2) : new String("Check if private key policy applies: "));
            String replaceAll = certificateSilentAccessAppWhitelist.getAppSigningKey().replaceAll("=+$", "");
            if (unmodifiableMap.containsKey(replaceAll) && certificateSilentAccessAppWhitelist.getAppPackageName().equals(unmodifiableMap.get(replaceAll))) {
                String valueOf3 = String.valueOf(certificateSilentAccessAppWhitelist.getAppPackageName());
                Log.v(DMServiceReceiver.LOG_TAG, valueOf3.length() != 0 ? "Found private key policy for ".concat(valueOf3) : new String("Found private key policy for "));
            }
        }
        if (certificateSilentAccessAppWhitelist == null) {
            Log.v(DMServiceReceiver.LOG_TAG, "The app requesting access to a private key is not whitelisted.");
            return null;
        }
        if (uri == null || uri.getHost() == null) {
            Log.v(DMServiceReceiver.LOG_TAG, "No host specified. Certificate access can not be granted silently.");
            return null;
        }
        String host = uri.getHost();
        try {
            it = B.a(':').c().d().e(host).iterator();
            I.p(it);
            I.i(true, "numberToAdvance must be nonnegative");
        } catch (IllegalArgumentException | IndexOutOfBoundsException e3) {
            Log.v(DMServiceReceiver.LOG_TAG, "Failed to strip port number from uri.", e3);
        }
        if (!it.hasNext()) {
            StringBuilder sb = new StringBuilder(91);
            sb.append("position (");
            sb.append(0);
            sb.append(") must be less than the number of elements that remained (");
            sb.append(0);
            sb.append(")");
            throw new IndexOutOfBoundsException(sb.toString());
        }
        host = it.next();
        for (CertificateSilentAccessAppWhitelist.CertificateAccess certificateAccess : certificateSilentAccessAppWhitelist.getCertificateAccessWhitelist()) {
            if (certificateAccess.hostRegex().matcher(host).matches()) {
                return certificateAccess.alias();
            }
        }
        Log.v(DMServiceReceiver.LOG_TAG, "The host is not whitelisted.");
        return null;
    }
}
