package com.blackberry.security.krb5.svc;

import android.app.ActivityManager;
import android.content.Context;
import android.os.Binder;
import android.util.Log;
import com.blackberry.security.krb5.GSSExceptionImpl;
import com.blackberry.security.krb5.OidImpl;
import com.blackberry.security.krb5.i;
import com.blackberry.security.krb5.svc.exceptions.InternalException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* compiled from: BinderKerberosService.java */
/* loaded from: classes3.dex */
final class a extends i.a {
    private static final String BOGUS_PERMISSION = "kerberos_service_permission_BOGUS";
    private static final String LOG_TAG = "LDAPKrbBinder";
    private static final String dAr = "com.blackberry.security.";
    private static final String dAs = ".test";
    private com.blackberry.j.a.a.e dAp = new edu.mit.jgss.g();
    private Context mContext;
    private com.blackberry.security.b mControlledApi;
    private static final String dAq = h.class.getPackage().getName();
    private static Set<Binder> dAt = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    public a(Context context) {
        this.mContext = null;
        this.mControlledApi = null;
        this.mContext = context;
        this.mControlledApi = new com.blackberry.security.b(context, BOGUS_PERMISSION, true);
    }

    public static void Ou() {
        dAt.clear();
    }

    private static void Ov() {
        if (!KerberosUtil.aS()) {
            throw new IllegalStateException("Kerberos has not been configured");
        }
    }

    private boolean Ow() {
        if (!com.blackberry.concierge.c.fJ().aB(this.mContext)) {
            return false;
        }
        String[] packagesForUid = this.mContext.getPackageManager().getPackagesForUid(Binder.getCallingUid());
        for (int i = 0; i < packagesForUid.length; i++) {
            if (packagesForUid[i].startsWith(dAr) && packagesForUid[i].endsWith(dAs)) {
                Log.w(LOG_TAG, "Test pkg[" + i + "] = " + packagesForUid[i] + ", isCallerTestApp() returning true");
                return true;
            }
        }
        return false;
    }

    private boolean hm(int i) {
        List<ActivityManager.RunningAppProcessInfo> runningAppProcesses = ((ActivityManager) this.mContext.getSystemService("activity")).getRunningAppProcesses();
        if (runningAppProcesses != null && runningAppProcesses.size() > 0) {
            for (ActivityManager.RunningAppProcessInfo runningAppProcessInfo : runningAppProcesses) {
                if (runningAppProcessInfo.pid == i) {
                    if (runningAppProcessInfo.processName.compareTo("com.blackberry.infrastructure:" + dAq) == 0) {
                        return true;
                    }
                    Log.w(LOG_TAG, "callingPid[" + i + "] belongs to process [" + runningAppProcessInfo.processName + "] is not KerberosAuthenticator");
                }
            }
        }
        return false;
    }

    @Override // com.blackberry.security.krb5.i
    public synchronized boolean Op() {
        boolean aS;
        this.mControlledApi.No();
        aS = KerberosUtil.aS();
        Log.d(LOG_TAG, "isConfigured(), configured=" + aS);
        return aS;
    }

    @Override // com.blackberry.security.krb5.i
    public synchronized void Oq() {
        boolean z = false;
        synchronized (this) {
            this.mControlledApi.No();
            Ov();
            int callingPid = Binder.getCallingPid();
            if (!hm(callingPid)) {
                if (com.blackberry.concierge.c.fJ().aB(this.mContext)) {
                    String[] packagesForUid = this.mContext.getPackageManager().getPackagesForUid(Binder.getCallingUid());
                    int i = 0;
                    while (true) {
                        if (i < packagesForUid.length) {
                            if (packagesForUid[i].startsWith(dAr) && packagesForUid[i].endsWith(dAs)) {
                                Log.w(LOG_TAG, "Test pkg[" + i + "] = " + packagesForUid[i] + ", isCallerTestApp() returning true");
                                z = true;
                                break;
                            }
                            i++;
                        } else {
                            break;
                        }
                    }
                }
                if (!z) {
                    throw new SecurityException("Not authorized for callingPid = " + callingPid);
                }
                Log.d(LOG_TAG, "Allowing test app permission to run kdestroyAll");
            }
            try {
                KerberosUtil.aU();
                Log.d(LOG_TAG, "kdestroyAll(), by uid=" + Binder.getCallingUid());
            } catch (InternalException e) {
                Log.w(LOG_TAG, "java_kdestroy() threw unexpected exception", e);
            }
        }
    }

    @Override // com.blackberry.security.krb5.i
    public com.blackberry.security.krb5.f a(com.blackberry.security.krb5.h hVar, OidImpl oidImpl, com.blackberry.security.krb5.g gVar, int i, GSSExceptionImpl gSSExceptionImpl) {
        this.mControlledApi.No();
        Ov();
        g gVar2 = (g) hVar;
        f fVar = (f) gVar;
        try {
            e eVar = new e(this.dAp.a(gVar2.dAx, c.a(oidImpl), fVar.dAw, i));
            dAt.add(eVar);
            Log.d(LOG_TAG, "createContext(), uid=" + Binder.getCallingUid() + ", peer=" + gVar2.toString() + ", cred=" + fVar.toString() + ": ctxBdr=" + eVar.toString());
            return eVar;
        } catch (com.blackberry.j.a.a.d e) {
            Log.w(LOG_TAG, "createContext caught exception", e);
            c.a(gSSExceptionImpl, e);
            return null;
        }
    }

    @Override // com.blackberry.security.krb5.i
    public com.blackberry.security.krb5.g a(com.blackberry.security.krb5.h hVar, int i, OidImpl oidImpl, int i2, GSSExceptionImpl gSSExceptionImpl) {
        this.mControlledApi.No();
        Ov();
        g gVar = (g) hVar;
        try {
            f fVar = new f(this.dAp.a(Binder.getCallingUid(), gVar.dAx, i, c.a(oidImpl), i2));
            dAt.add(fVar);
            Log.d(LOG_TAG, "createCredential(), uid=" + Binder.getCallingUid() + ", nameBdr=" + gVar.toString() + ": credBdr=" + fVar.toString());
            return fVar;
        } catch (com.blackberry.j.a.a.d e) {
            Log.w(LOG_TAG, "createCredential caught exception", e);
            c.a(gSSExceptionImpl, e);
            return null;
        }
    }

    @Override // com.blackberry.security.krb5.i
    public com.blackberry.security.krb5.h a(byte[] bArr, OidImpl oidImpl, OidImpl oidImpl2, GSSExceptionImpl gSSExceptionImpl) {
        this.mControlledApi.No();
        Ov();
        try {
            g gVar = new g(this.dAp.a(bArr, c.a(oidImpl), c.a(oidImpl2)));
            dAt.add(gVar);
            Log.d(LOG_TAG, "createName(), uid=" + Binder.getCallingUid() + ": nameBdr=" + gVar.toString());
            return gVar;
        } catch (com.blackberry.j.a.a.d e) {
            Log.w(LOG_TAG, "createName caught exception", e);
            c.a(gSSExceptionImpl, e);
            return null;
        }
    }

    @Override // com.blackberry.security.krb5.i
    public synchronized String bf(String str, String str2) {
        String i;
        this.mControlledApi.No();
        Ov();
        int callingUid = Binder.getCallingUid();
        i = KerberosUtil.i(callingUid, str, str2);
        Log.d(LOG_TAG, "kinit(), uid=" + callingUid);
        return i;
    }

    @Override // com.blackberry.security.krb5.i
    public synchronized String h(int i, String str, String str2) {
        String i2;
        this.mControlledApi.No();
        Ov();
        int callingPid = Binder.getCallingPid();
        if (!hm(callingPid)) {
            throw new SecurityException("Not authorized for callingPid = " + callingPid);
        }
        i2 = KerberosUtil.i(i, str, str2);
        Log.d(LOG_TAG, "kinit(), uid=" + i);
        return i2;
    }

    @Override // com.blackberry.security.krb5.i
    public synchronized void kp(String str) {
        this.mControlledApi.No();
        Ov();
        int callingPid = Binder.getCallingPid();
        if (!hm(callingPid)) {
            throw new SecurityException("Not authorized for callingPid = " + callingPid);
        }
        try {
            KerberosUtil.D(str);
            Log.d(LOG_TAG, "kdestroyForUser(), uid=" + Binder.getCallingUid());
        } catch (InternalException | IllegalArgumentException e) {
            Log.w(LOG_TAG, "java_kdestroy() for username threw unexpected exception", e);
        }
    }
}
