package com.android.settings;

import android.R;
import android.app.Activity;
import android.app.ActivityManager;
import android.app.AlertDialog;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.pm.UserInfo;
import android.os.AsyncTask;
import android.os.Bundle;
import android.os.Process;
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.UserManager;
import android.security.KeyChain;
import android.security.KeyStore;
import android.text.Editable;
import android.text.TextUtils;
import android.text.TextWatcher;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;
import android.widget.Toast;
import com.android.internal.widget.LockPatternUtils;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import com.android.settings.vpn2.VpnUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: classes.dex */
public final class CredentialStorage extends Activity {

    /* renamed from: -android-security-KeyStore$StateSwitchesValues, reason: not valid java name */
    private static final /* synthetic */ int[] f12androidsecurityKeyStore$StateSwitchesValues = null;
    private Bundle mInstallBundle;
    private final KeyStore mKeyStore = KeyStore.getInstance();
    private int mRetriesRemaining = -1;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class ConfigureKeyGuardDialog implements DialogInterface.OnClickListener, DialogInterface.OnDismissListener {
        private boolean mConfigureConfirmed;

        private ConfigureKeyGuardDialog() {
            AlertDialog create = new AlertDialog.Builder(CredentialStorage.this).setTitle(R.string.dialog_alert_title).setMessage(R.string.credentials_configure_lock_screen_hint).setPositiveButton(R.string.ok, this).setNegativeButton(R.string.cancel, this).create();
            create.setOnDismissListener(this);
            create.show();
        }

        /* synthetic */ ConfigureKeyGuardDialog(CredentialStorage credentialStorage, ConfigureKeyGuardDialog configureKeyGuardDialog) {
            this();
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            this.mConfigureConfirmed = i == -1;
        }

        @Override // android.content.DialogInterface.OnDismissListener
        public void onDismiss(DialogInterface dialogInterface) {
            if (!this.mConfigureConfirmed) {
                CredentialStorage.this.finish();
                return;
            }
            this.mConfigureConfirmed = false;
            Intent intent = new Intent("android.app.action.SET_NEW_PASSWORD");
            intent.putExtra("minimum_quality", 65536);
            CredentialStorage.this.startActivity(intent);
        }
    }

    /* loaded from: classes.dex */
    private class ResetDialog implements DialogInterface.OnClickListener, DialogInterface.OnDismissListener {
        private boolean mResetConfirmed;

        private ResetDialog() {
            AlertDialog create = new AlertDialog.Builder(CredentialStorage.this).setTitle(R.string.dialog_alert_title).setMessage(R.string.credentials_reset_hint).setPositiveButton(R.string.ok, this).setNegativeButton(R.string.cancel, this).create();
            create.setOnDismissListener(this);
            create.show();
        }

        /* synthetic */ ResetDialog(CredentialStorage credentialStorage, ResetDialog resetDialog) {
            this();
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            this.mResetConfirmed = i == -1;
        }

        @Override // android.content.DialogInterface.OnDismissListener
        public void onDismiss(DialogInterface dialogInterface) {
            if (this.mResetConfirmed) {
                this.mResetConfirmed = false;
                if (CredentialStorage.this.confirmKeyGuard(2)) {
                    return;
                }
            }
            CredentialStorage.this.finish();
        }
    }

    /* loaded from: classes.dex */
    private class ResetKeyStoreAndKeyChain extends AsyncTask<Void, Void, Boolean> {
        private ResetKeyStoreAndKeyChain() {
        }

        /* synthetic */ ResetKeyStoreAndKeyChain(CredentialStorage credentialStorage, ResetKeyStoreAndKeyChain resetKeyStoreAndKeyChain) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Boolean doInBackground(Void... voidArr) {
            new LockPatternUtils(CredentialStorage.this).resetKeyStore(UserHandle.myUserId());
            try {
                KeyChain.KeyChainConnection bind = KeyChain.bind(CredentialStorage.this);
                try {
                    try {
                        return Boolean.valueOf(bind.getService().reset());
                    } catch (RemoteException e) {
                        return false;
                    }
                } finally {
                    bind.close();
                }
            } catch (InterruptedException e2) {
                Thread.currentThread().interrupt();
                return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(Boolean bool) {
            if (bool.booleanValue()) {
                Toast.makeText(CredentialStorage.this, R.string.credentials_erased, 0).show();
                CredentialStorage.this.clearLegacyVpnIfEstablished();
            } else {
                Toast.makeText(CredentialStorage.this, R.string.credentials_not_erased, 0).show();
            }
            CredentialStorage.this.finish();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class UnlockDialog implements TextWatcher, DialogInterface.OnClickListener, DialogInterface.OnDismissListener {
        private final Button mButton;
        private final TextView mError;
        private final TextView mOldPassword;
        private boolean mUnlockConfirmed;

        private UnlockDialog() {
            View inflate = View.inflate(CredentialStorage.this, R.layout.credentials_dialog, null);
            ((TextView) inflate.findViewById(R.id.hint)).setText(CredentialStorage.this.mRetriesRemaining == -1 ? CredentialStorage.this.getResources().getText(R.string.credentials_unlock_hint) : CredentialStorage.this.mRetriesRemaining > 3 ? CredentialStorage.this.getResources().getText(R.string.credentials_wrong_password) : CredentialStorage.this.mRetriesRemaining == 1 ? CredentialStorage.this.getResources().getText(R.string.credentials_reset_warning) : CredentialStorage.this.getString(R.string.credentials_reset_warning_plural, new Object[]{Integer.valueOf(CredentialStorage.this.mRetriesRemaining)}));
            this.mOldPassword = (TextView) inflate.findViewById(R.id.old_password);
            this.mOldPassword.setVisibility(0);
            this.mOldPassword.addTextChangedListener(this);
            this.mError = (TextView) inflate.findViewById(R.id.error);
            AlertDialog create = new AlertDialog.Builder(CredentialStorage.this).setView(inflate).setTitle(R.string.credentials_unlock).setPositiveButton(R.string.ok, this).setNegativeButton(R.string.cancel, this).create();
            create.setOnDismissListener(this);
            create.show();
            this.mButton = create.getButton(-1);
            this.mButton.setEnabled(false);
        }

        /* synthetic */ UnlockDialog(CredentialStorage credentialStorage, UnlockDialog unlockDialog) {
            this();
        }

        @Override // android.text.TextWatcher
        public void afterTextChanged(Editable editable) {
            boolean z = true;
            Button button = this.mButton;
            if (this.mOldPassword != null && this.mOldPassword.getText().length() <= 0) {
                z = false;
            }
            button.setEnabled(z);
        }

        @Override // android.text.TextWatcher
        public void beforeTextChanged(CharSequence charSequence, int i, int i2, int i3) {
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            this.mUnlockConfirmed = i == -1;
        }

        @Override // android.content.DialogInterface.OnDismissListener
        public void onDismiss(DialogInterface dialogInterface) {
            if (!this.mUnlockConfirmed) {
                CredentialStorage.this.finish();
                return;
            }
            this.mUnlockConfirmed = false;
            this.mError.setVisibility(0);
            CredentialStorage.this.mKeyStore.unlock(this.mOldPassword.getText().toString());
            int lastError = CredentialStorage.this.mKeyStore.getLastError();
            if (lastError == 1) {
                CredentialStorage.this.mRetriesRemaining = -1;
                Toast.makeText(CredentialStorage.this, R.string.credentials_enabled, 0).show();
                CredentialStorage.this.ensureKeyGuard();
            } else if (lastError == 3) {
                CredentialStorage.this.mRetriesRemaining = -1;
                Toast.makeText(CredentialStorage.this, R.string.credentials_erased, 0).show();
                CredentialStorage.this.handleUnlockOrInstall();
            } else if (lastError >= 10) {
                CredentialStorage.this.mRetriesRemaining = (lastError - 10) + 1;
                CredentialStorage.this.handleUnlockOrInstall();
            }
        }

        @Override // android.text.TextWatcher
        public void onTextChanged(CharSequence charSequence, int i, int i2, int i3) {
        }
    }

    /* renamed from: -getandroid-security-KeyStore$StateSwitchesValues, reason: not valid java name */
    private static /* synthetic */ int[] m165getandroidsecurityKeyStore$StateSwitchesValues() {
        if (f12androidsecurityKeyStore$StateSwitchesValues != null) {
            return f12androidsecurityKeyStore$StateSwitchesValues;
        }
        int[] iArr = new int[KeyStore.State.values().length];
        try {
            iArr[KeyStore.State.LOCKED.ordinal()] = 1;
        } catch (NoSuchFieldError e) {
        }
        try {
            iArr[KeyStore.State.UNINITIALIZED.ordinal()] = 2;
        } catch (NoSuchFieldError e2) {
        }
        try {
            iArr[KeyStore.State.UNLOCKED.ordinal()] = 3;
        } catch (NoSuchFieldError e3) {
        }
        f12androidsecurityKeyStore$StateSwitchesValues = iArr;
        return iArr;
    }

    private boolean checkCallerIsCertInstallerOrSelfInProfile() {
        if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
            return getPackageManager().checkSignatures(getCallingPackage(), getPackageName()) == 0;
        }
        try {
            int launchedFromUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
            if (launchedFromUid == -1) {
                Log.e("CredentialStorage", "com.android.credentials.INSTALL must be started with startActivityForResult");
                return false;
            }
            if (!UserHandle.isSameApp(launchedFromUid, Process.myUid())) {
                return false;
            }
            UserInfo profileParent = ((UserManager) getSystemService("user")).getProfileParent(UserHandle.getUserId(launchedFromUid));
            return profileParent != null && profileParent.id == UserHandle.myUserId();
        } catch (RemoteException e) {
            return false;
        }
    }

    private boolean checkKeyGuardQuality() {
        return new LockPatternUtils(this).getActivePasswordQuality(UserManager.get(this).getCredentialOwnerProfile(UserHandle.myUserId())) >= 65536;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearLegacyVpnIfEstablished() {
        if (VpnUtils.disconnectLegacyVpn(getApplicationContext())) {
            Toast.makeText(this, R.string.vpn_disconnected, 0).show();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean confirmKeyGuard(int i) {
        return new ChooseLockSettingsHelper(this).launchConfirmationActivity(i, getResources().getText(R.string.credentials_title), true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void ensureKeyGuard() {
        if (!checkKeyGuardQuality()) {
            new ConfigureKeyGuardDialog(this, null);
        } else {
            if (confirmKeyGuard(1)) {
                return;
            }
            finish();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void handleUnlockOrInstall() {
        UnlockDialog unlockDialog = null;
        Object[] objArr = 0;
        if (isFinishing()) {
            return;
        }
        switch (m165getandroidsecurityKeyStore$StateSwitchesValues()[this.mKeyStore.state().ordinal()]) {
            case 1:
                new UnlockDialog(this, unlockDialog);
                return;
            case 2:
                ensureKeyGuard();
                return;
            case 3:
                if (!checkKeyGuardQuality()) {
                    new ConfigureKeyGuardDialog(this, objArr == true ? 1 : 0);
                    return;
                } else {
                    installIfAvailable();
                    finish();
                    return;
                }
            default:
                return;
        }
    }

    private void installIfAvailable() {
        if (this.mInstallBundle == null || this.mInstallBundle.isEmpty()) {
            return;
        }
        Bundle bundle = this.mInstallBundle;
        this.mInstallBundle = null;
        int i = bundle.getInt("install_as_uid", -1);
        if (i != -1 && (!UserHandle.isSameUser(i, Process.myUid()))) {
            int userId = UserHandle.getUserId(i);
            UserHandle.myUserId();
            if (i != 1010) {
                Log.e("CredentialStorage", "Failed to install credentials as uid " + i + ": cross-user installs may only target wifi uids");
                return;
            } else {
                startActivityAsUser(new Intent("com.android.credentials.INSTALL").setFlags(33554432).putExtras(bundle), new UserHandle(userId));
                return;
            }
        }
        if (bundle.containsKey("user_private_key_name")) {
            String string = bundle.getString("user_private_key_name");
            byte[] byteArray = bundle.getByteArray("user_private_key_data");
            int i2 = 1;
            if (i == 1010 && isHardwareBackedKey(byteArray)) {
                Log.d("CredentialStorage", "Saving private key with FLAG_NONE for WIFI_UID");
                i2 = 0;
            }
            if (!this.mKeyStore.importKey(string, byteArray, i, i2)) {
                Log.e("CredentialStorage", "Failed to install " + string + " as uid " + i);
                return;
            }
        }
        if (bundle.containsKey("user_certificate_name")) {
            String string2 = bundle.getString("user_certificate_name");
            if (!this.mKeyStore.put(string2, bundle.getByteArray("user_certificate_data"), i, 0)) {
                Log.e("CredentialStorage", "Failed to install " + string2 + " as uid " + i);
                return;
            }
        }
        if (bundle.containsKey("ca_certificates_name")) {
            String string3 = bundle.getString("ca_certificates_name");
            if (!this.mKeyStore.put(string3, bundle.getByteArray("ca_certificates_data"), i, 0)) {
                Log.e("CredentialStorage", "Failed to install " + string3 + " as uid " + i);
                return;
            }
        }
        sendBroadcast(new Intent("android.security.action.KEYCHAIN_CHANGED"));
        setResult(-1);
    }

    private boolean isHardwareBackedKey(byte[] bArr) {
        try {
            return KeyChain.isBoundKeyAlgorithm(new AlgorithmId(new ObjectIdentifier(PrivateKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getAlgorithmId().getAlgorithm().getId())).getName());
        } catch (IOException e) {
            Log.e("CredentialStorage", "Failed to parse key data");
            return false;
        }
    }

    @Override // android.app.Activity
    public void onActivityResult(int i, int i2, Intent intent) {
        super.onActivityResult(i, i2, intent);
        if (i == 1) {
            if (i2 == -1) {
                String stringExtra = intent.getStringExtra("password");
                if (!TextUtils.isEmpty(stringExtra)) {
                    this.mKeyStore.unlock(stringExtra);
                    return;
                }
            }
            finish();
            return;
        }
        if (i == 2) {
            if (i2 == -1) {
                new ResetKeyStoreAndKeyChain(this, null).execute(new Void[0]);
            } else {
                finish();
            }
        }
    }

    @Override // android.app.Activity
    protected void onResume() {
        super.onResume();
        Intent intent = getIntent();
        String action = intent.getAction();
        if (((UserManager) getSystemService("user")).hasUserRestriction("no_config_credentials")) {
            if ("com.android.credentials.UNLOCK".equals(action) && this.mKeyStore.state() == KeyStore.State.UNINITIALIZED) {
                ensureKeyGuard();
                return;
            } else {
                finish();
                return;
            }
        }
        if ("com.android.credentials.RESET".equals(action)) {
            new ResetDialog(this, null);
            return;
        }
        if ("com.android.credentials.INSTALL".equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
            this.mInstallBundle = intent.getExtras();
        }
        handleUnlockOrInstall();
    }
}
