package org.sufficientlysecure.keychain.remote_api;

import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.database.Cursor;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import org.openintents.crypto.CryptoError;
import org.openintents.crypto.CryptoSignatureResult;
import org.openintents.crypto.ICryptoCallback;
import org.openintents.crypto.ICryptoService;
import org.spongycastle.asn1.x509.DisplayText;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.helper.PgpMain;
import org.sufficientlysecure.keychain.helper.Preferences;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.KeychainIntentService;
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.PausableThreadPoolExecutor;

/* loaded from: classes.dex */
public class CryptoService extends Service {
    Context mContext;
    final ArrayBlockingQueue<Runnable> mPoolQueue = new ArrayBlockingQueue<>(100);
    PausableThreadPoolExecutor mThreadPool = new PausableThreadPoolExecutor(2, 4, 10, TimeUnit.SECONDS, this.mPoolQueue);
    final Object userInputLock = new Object();
    private final ICryptoService.Stub mBinder = new ICryptoService.Stub() { // from class: org.sufficientlysecure.keychain.remote_api.CryptoService.1
        @Override // org.openintents.crypto.ICryptoService
        public void decryptAndVerify(final byte[] bArr, final ICryptoCallback iCryptoCallback) throws RemoteException {
            final AppSettings appSettings = CryptoService.this.getAppSettings();
            CryptoService.this.checkAndEnqueue(new Runnable() { // from class: org.sufficientlysecure.keychain.remote_api.CryptoService.1.4
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        CryptoService.this.decryptAndVerifySafe(bArr, iCryptoCallback, appSettings);
                    } catch (RemoteException e) {
                        Log.e(Constants.TAG, "CryptoService", e);
                    }
                }
            });
        }

        @Override // org.openintents.crypto.ICryptoService
        public void encrypt(final byte[] bArr, final String[] strArr, final boolean z, final ICryptoCallback iCryptoCallback) throws RemoteException {
            final AppSettings appSettings = CryptoService.this.getAppSettings();
            CryptoService.this.checkAndEnqueue(new Runnable() { // from class: org.sufficientlysecure.keychain.remote_api.CryptoService.1.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        CryptoService.this.encryptAndSignSafe(bArr, strArr, z, iCryptoCallback, appSettings, false);
                    } catch (RemoteException e) {
                        Log.e(Constants.TAG, "CryptoService", e);
                    }
                }
            });
        }

        @Override // org.openintents.crypto.ICryptoService
        public void encryptAndSign(final byte[] bArr, final String[] strArr, final boolean z, final ICryptoCallback iCryptoCallback) throws RemoteException {
            final AppSettings appSettings = CryptoService.this.getAppSettings();
            CryptoService.this.checkAndEnqueue(new Runnable() { // from class: org.sufficientlysecure.keychain.remote_api.CryptoService.1.2
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        CryptoService.this.encryptAndSignSafe(bArr, strArr, z, iCryptoCallback, appSettings, true);
                    } catch (RemoteException e) {
                        Log.e(Constants.TAG, "CryptoService", e);
                    }
                }
            });
        }

        @Override // org.openintents.crypto.ICryptoService
        public void sign(final byte[] bArr, boolean z, final ICryptoCallback iCryptoCallback) throws RemoteException {
            final AppSettings appSettings = CryptoService.this.getAppSettings();
            CryptoService.this.checkAndEnqueue(new Runnable() { // from class: org.sufficientlysecure.keychain.remote_api.CryptoService.1.3
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        CryptoService.this.signSafe(bArr, iCryptoCallback, appSettings);
                    } catch (RemoteException e) {
                        Log.e(Constants.TAG, "CryptoService", e);
                    }
                }
            });
        }
    };

    /* loaded from: classes.dex */
    private class MyBaseCallback implements Handler.Callback {
        public static final int CANCEL = 0;
        public static final int OKAY = 1;

        private MyBaseCallback() {
        }

        @Override // android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            return false;
        }
    }

    /* loaded from: classes.dex */
    public class PassphraseActivityCallback extends MyBaseCallback {
        private boolean success;

        public PassphraseActivityCallback() {
            super();
            this.success = false;
        }

        @Override // org.sufficientlysecure.keychain.remote_api.CryptoService.MyBaseCallback, android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            if (message.arg1 == 1) {
                this.success = true;
            } else {
                this.success = false;
            }
            synchronized (CryptoService.this.userInputLock) {
                CryptoService.this.userInputLock.notifyAll();
            }
            CryptoService.this.mThreadPool.resume();
            return true;
        }

        public boolean isSuccess() {
            return this.success;
        }
    }

    /* loaded from: classes.dex */
    public class RegisterActivityCallback extends MyBaseCallback {
        public static final String PACKAGE_NAME = "package_name";
        private boolean allowed;
        private String packageName;

        public RegisterActivityCallback() {
            super();
            this.allowed = false;
        }

        public String getPackageName() {
            return this.packageName;
        }

        @Override // org.sufficientlysecure.keychain.remote_api.CryptoService.MyBaseCallback, android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            if (message.arg1 == 1) {
                this.allowed = true;
                this.packageName = message.getData().getString("package_name");
                if (CryptoService.this.isPackageAllowed(this.packageName, false)) {
                    synchronized (CryptoService.this.userInputLock) {
                        CryptoService.this.userInputLock.notifyAll();
                    }
                    CryptoService.this.mThreadPool.resume();
                } else {
                    Log.e(Constants.TAG, "Should not happen! Emergency shutdown!");
                    CryptoService.this.mThreadPool.shutdownNow();
                }
            } else {
                this.allowed = false;
                synchronized (CryptoService.this.userInputLock) {
                    CryptoService.this.userInputLock.notifyAll();
                }
                CryptoService.this.mThreadPool.resume();
            }
            return true;
        }

        public boolean isAllowed() {
            return this.allowed;
        }
    }

    /* loaded from: classes.dex */
    public class SelectPubKeysActivityCallback extends MyBaseCallback {
        public static final String PUB_KEY_IDS = "pub_key_ids";
        private long[] pubKeyIds;
        private boolean success;

        public SelectPubKeysActivityCallback() {
            super();
            this.success = false;
        }

        public long[] getPubKeyIds() {
            return this.pubKeyIds;
        }

        @Override // org.sufficientlysecure.keychain.remote_api.CryptoService.MyBaseCallback, android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            if (message.arg1 == 1) {
                this.success = true;
                this.pubKeyIds = message.getData().getLongArray(PUB_KEY_IDS);
            } else {
                this.success = false;
            }
            synchronized (CryptoService.this.userInputLock) {
                CryptoService.this.userInputLock.notifyAll();
            }
            CryptoService.this.mThreadPool.resume();
            return true;
        }

        public boolean isSuccess() {
            return this.success;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkAndEnqueue(Runnable runnable) {
        if (isCallerAllowed(false)) {
            this.mThreadPool.execute(runnable);
            Log.d(Constants.TAG, "Enqueued runnable…");
            return;
        }
        String[] packagesForUid = getPackageManager().getPackagesForUid(Binder.getCallingUid());
        Log.e(Constants.TAG, "Not allowed to use service! Starting activity for registration!");
        Bundle bundle = new Bundle();
        bundle.putString("package_name", packagesForUid[0]);
        RegisterActivityCallback registerActivityCallback = new RegisterActivityCallback();
        pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_REGISTER, new Messenger(new Handler(getMainLooper(), registerActivityCallback)), bundle);
        if (!registerActivityCallback.isAllowed()) {
            Log.d(Constants.TAG, "User disallowed app!");
        } else {
            this.mThreadPool.execute(runnable);
            Log.d(Constants.TAG, "Enqueued runnable…");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void decryptAndVerifySafe(byte[] bArr, ICryptoCallback iCryptoCallback, AppSettings appSettings) throws RemoteException {
        boolean z;
        String str;
        boolean z2;
        long j;
        try {
            String str2 = new String(bArr);
            Log.d(Constants.TAG, "in: " + str2);
            z = false;
            Matcher matcher = PgpMain.PGP_MESSAGE.matcher(str2);
            if (matcher.matches()) {
                Log.d(Constants.TAG, "PGP_MESSAGE matched");
                bArr = matcher.group(1).replaceAll("\\xa0", " ").getBytes();
            } else {
                Matcher matcher2 = PgpMain.PGP_SIGNED_MESSAGE.matcher(str2);
                if (matcher2.matches()) {
                    z = true;
                    Log.d(Constants.TAG, "PGP_SIGNED_MESSAGE matched");
                    bArr = matcher2.group(1).replaceAll("\\xa0", " ").getBytes();
                } else {
                    Log.d(Constants.TAG, "Nothing matched! Binary?");
                }
            }
            Log.d(Constants.TAG, "in: " + new String(bArr));
            str = null;
            z2 = false;
        } catch (Exception e) {
            Log.e(Constants.TAG, "KeychainService, Exception!", e);
            try {
                iCryptoCallback.onError(new CryptoError(0, e.getMessage()));
            } catch (Exception e2) {
                Log.e(Constants.TAG, "Error returning exception to client", e2);
            }
        }
        if (!z) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                if (byteArrayInputStream.markSupported()) {
                    byteArrayInputStream.mark(DisplayText.DISPLAY_TEXT_MAXIMUM_SIZE);
                }
                j = PgpMain.getDecryptionKeyId(this, byteArrayInputStream);
            } catch (PgpMain.NoAsymmetricEncryptionException e3) {
                if (byteArrayInputStream.markSupported()) {
                    byteArrayInputStream.reset();
                }
                j = -1;
                if (!PgpMain.hasSymmetricEncryption(this, byteArrayInputStream)) {
                    throw new PgpMain.PgpGeneralException(getString(R.string.error_noKnownEncryptionFound));
                }
                z2 = true;
            }
            if (j == 0) {
                throw new PgpMain.PgpGeneralException(getString(R.string.error_noSecretKeyFound));
            }
            z2 = false;
            Log.d(Constants.TAG, "secretKeyId " + j);
            str = getCachedPassphrase(j);
            if (str == null) {
                iCryptoCallback.onError(new CryptoError(1, "No or wrong passphrase!"));
            }
        }
        InputData inputData = new InputData(new ByteArrayInputStream(bArr), bArr.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Bundle verifyText = z ? PgpMain.verifyText(this, null, inputData, byteArrayOutputStream, false) : PgpMain.decryptAndVerify(this, null, inputData, byteArrayOutputStream, str, z2);
        byteArrayOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        boolean z3 = verifyText.getBoolean(KeychainIntentService.RESULT_SIGNATURE);
        verifyText.getLong("signature_key_id");
        iCryptoCallback.onSuccess(byteArray, z3 ? new CryptoSignatureResult(verifyText.getString(KeychainIntentService.RESULT_SIGNATURE_USER_ID), z3, verifyText.getBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS), verifyText.getBoolean(KeychainIntentService.RESULT_SIGNATURE_UNKNOWN)) : null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void encryptAndSignSafe(byte[] bArr, String[] strArr, boolean z, ICryptoCallback iCryptoCallback, AppSettings appSettings, boolean z2) throws RemoteException {
        try {
            InputData inputData = new InputData(new ByteArrayInputStream(bArr), bArr.length);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            long[] keyIdsFromEmails = getKeyIdsFromEmails(strArr, appSettings.getKeyId());
            if (keyIdsFromEmails == null) {
                iCryptoCallback.onError(new CryptoError(2, "No user ids!"));
            } else {
                if (z2) {
                    String cachedPassphrase = getCachedPassphrase(appSettings.getKeyId());
                    if (cachedPassphrase == null) {
                        iCryptoCallback.onError(new CryptoError(1, "No or wrong passphrase!"));
                    } else {
                        PgpMain.encryptAndSign(this.mContext, null, inputData, byteArrayOutputStream, z, appSettings.getCompression(), keyIdsFromEmails, null, appSettings.getEncryptionAlgorithm(), appSettings.getKeyId(), appSettings.getHashAlgorithm(), true, cachedPassphrase);
                    }
                } else {
                    PgpMain.encryptAndSign(this.mContext, null, inputData, byteArrayOutputStream, z, appSettings.getCompression(), keyIdsFromEmails, null, appSettings.getEncryptionAlgorithm(), 0L, appSettings.getHashAlgorithm(), true, null);
                }
                byteArrayOutputStream.close();
                iCryptoCallback.onSuccess(byteArrayOutputStream.toByteArray(), null);
            }
        } catch (Exception e) {
            Log.e(Constants.TAG, "KeychainService, Exception!", e);
            try {
                iCryptoCallback.onError(new CryptoError(0, e.getMessage()));
            } catch (Exception e2) {
                Log.e(Constants.TAG, "Error returning exception to client", e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AppSettings getAppSettings() {
        String[] packagesForUid = getPackageManager().getPackagesForUid(Binder.getCallingUid());
        if (0 < packagesForUid.length) {
            return ProviderHelper.getApiAppSettings(this, KeychainContract.ApiApps.buildByPackageNameUri(packagesForUid[0]));
        }
        return null;
    }

    private String getCachedPassphrase(long j) {
        String cachedPassphrase = PassphraseCacheService.getCachedPassphrase(this.mContext, j);
        if (cachedPassphrase == null) {
            Log.d(Constants.TAG, "No passphrase! Activity required!");
            Bundle bundle = new Bundle();
            bundle.putLong("secret_key_id", j);
            PassphraseActivityCallback passphraseActivityCallback = new PassphraseActivityCallback();
            pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_CACHE_PASSPHRASE, new Messenger(new Handler(getMainLooper(), passphraseActivityCallback)), bundle);
            if (!passphraseActivityCallback.isSuccess()) {
                Log.d(Constants.TAG, "Passphrase dialog canceled!");
                return null;
            }
            Log.d(Constants.TAG, "New passphrase entered!");
            cachedPassphrase = PassphraseCacheService.getCachedPassphrase(this.mContext, j);
        }
        return cachedPassphrase;
    }

    private long[] getKeyIdsFromEmails(String[] strArr, long j) {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        boolean z2 = false;
        ArrayList<String> arrayList2 = new ArrayList<>();
        ArrayList<String> arrayList3 = new ArrayList<>();
        for (String str : strArr) {
            Cursor query = getContentResolver().query(KeychainContract.KeyRings.buildPublicKeyRingsByEmailsUri(str), null, null, null, null);
            if (query.moveToFirst()) {
                arrayList.add(Long.valueOf(query.getLong(query.getColumnIndex("master_key_id"))));
            } else {
                z = true;
                arrayList2.add(str);
                Log.d(Constants.TAG, "user id missing");
            }
            if (query.moveToNext()) {
                z2 = true;
                arrayList3.add(str);
                Log.d(Constants.TAG, "more than one user id with the same email");
            }
        }
        arrayList.add(Long.valueOf(j));
        long[] jArr = new long[arrayList.size()];
        for (int i = 0; i < jArr.length; i++) {
            jArr[i] = ((Long) arrayList.get(i)).longValue();
        }
        if (z || z2) {
            SelectPubKeysActivityCallback selectPubKeysActivityCallback = new SelectPubKeysActivityCallback();
            Messenger messenger = new Messenger(new Handler(getMainLooper(), selectPubKeysActivityCallback));
            Bundle bundle = new Bundle();
            bundle.putLongArray("master_key_ids", jArr);
            bundle.putStringArrayList(CryptoServiceActivity.EXTRA_MISSING_USER_IDS, arrayList2);
            bundle.putStringArrayList(CryptoServiceActivity.EXTRA_DUBLICATE_USER_IDS, arrayList3);
            pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_SELECT_PUB_KEYS, messenger, bundle);
            if (!selectPubKeysActivityCallback.isSuccess()) {
                Log.d(Constants.TAG, "Pub key selection canceled!");
                return null;
            }
            Log.d(Constants.TAG, "New selection of pub keys!");
            jArr = selectPubKeysActivityCallback.getPubKeyIds();
        }
        if (jArr.length == 0) {
            return null;
        }
        return jArr;
    }

    private boolean isCallerAllowed(boolean z) {
        for (String str : getPackageManager().getPackagesForUid(Binder.getCallingUid())) {
            if (isPackageAllowed(str, z)) {
                return true;
            }
        }
        Log.d(Constants.TAG, "Caller is NOT allowed!");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPackageAllowed(String str, boolean z) {
        Log.d(Constants.TAG, "packageName: " + str);
        ArrayList<String> registeredApiApps = ProviderHelper.getRegisteredApiApps(this.mContext);
        Log.d(Constants.TAG, "allowed: " + registeredApiApps);
        if (registeredApiApps.contains(str) && !z) {
            Log.d(Constants.TAG, "Package is allowed! packageName: " + str);
            return true;
        }
        if (!Constants.PACKAGE_NAME.equals(str)) {
            return false;
        }
        Log.d(Constants.TAG, "Package is OpenPGP Keychain! -> allowed!");
        return true;
    }

    private void pauseQueueAndStartServiceActivity(String str, Messenger messenger, Bundle bundle) {
        synchronized (this.userInputLock) {
            this.mThreadPool.pause();
            Log.d(Constants.TAG, "starting activity...");
            Intent intent = new Intent(getBaseContext(), (Class<?>) CryptoServiceActivity.class);
            intent.addFlags(268435456);
            intent.setAction(str);
            bundle.putParcelable("messenger", messenger);
            intent.putExtras(bundle);
            startActivity(intent);
            try {
                this.userInputLock.wait();
            } catch (InterruptedException e) {
                Log.e(Constants.TAG, "CryptoService", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void signSafe(byte[] bArr, ICryptoCallback iCryptoCallback, AppSettings appSettings) throws RemoteException {
        try {
            Log.d(Constants.TAG, "current therad id: " + Thread.currentThread().getId());
            InputData inputData = new InputData(new ByteArrayInputStream(bArr), bArr.length);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            String cachedPassphrase = getCachedPassphrase(appSettings.getKeyId());
            if (cachedPassphrase == null) {
                iCryptoCallback.onError(new CryptoError(1, "No or wrong passphrase!"));
            } else {
                PgpMain.signText(this, null, inputData, byteArrayOutputStream, appSettings.getKeyId(), cachedPassphrase, appSettings.getHashAlgorithm(), Preferences.getPreferences(this).getForceV3Signatures());
                byteArrayOutputStream.close();
                iCryptoCallback.onSuccess(byteArrayOutputStream.toByteArray(), null);
            }
        } catch (Exception e) {
            Log.e(Constants.TAG, "KeychainService, Exception!", e);
            try {
                iCryptoCallback.onError(new CryptoError(0, e.getMessage()));
            } catch (Exception e2) {
                Log.e(Constants.TAG, "Error returning exception to client", e2);
            }
        }
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return this.mBinder;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        this.mContext = this;
        Log.d(Constants.TAG, "CryptoService, onCreate()");
    }

    @Override // android.app.Service
    public void onDestroy() {
        super.onDestroy();
        Log.d(Constants.TAG, "CryptoService, onDestroy()");
    }
}
