package com.android.server.locksettings;

import android.content.Context;
import android.os.Binder;
import android.os.Environment;
import android.os.Handler;
import android.os.IUserManager;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemProperties;
import android.os.storage.IStorageManager;
import android.os.storage.StorageManager;
import android.provider.Settings;
import android.util.Slog;
import com.android.internal.util.HexDump;
import com.android.internal.widget.ICheckCredentialProgressCallback;
import com.android.internal.widget.LockscreenCredential;
import com.android.internal.widget.VerifyCredentialResponse;
import com.android.server.display.marvels.utils.MarvelsLog;
import com.android.server.hans.utils.HansConstants;
import com.android.server.locksettings.SyntheticPasswordManager;
import com.android.server.oplus.IElsaManager;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class OplusLockSettingsServiceUtils {
    private static boolean DEBUG = false;
    private static final String TAG = "OplusLockSettingsServiceUtils";
    private Context mContext;
    private ILockSettingsServiceExt mLockSettingsServiceExt;
    private SyntheticPasswordManager mSpManager;
    private Handler myHandler = new Handler();

    /* loaded from: classes.dex */
    public class WriteSecretToTeeRunnable implements Runnable {
        private LockscreenCredential credential;
        private int credentialType;
        private byte[] mAuthToken;
        private int userId;

        public WriteSecretToTeeRunnable(LockscreenCredential lockscreenCredential, int i, byte[] bArr, int i2) {
            this.credential = lockscreenCredential;
            this.userId = i;
            this.mAuthToken = bArr;
            this.credentialType = i2;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                OplusLockSettingsServiceUtils.this.execSync();
                LockscreenCredential lockscreenCredential = this.credential;
                if (lockscreenCredential == null || lockscreenCredential.getType() == -1) {
                    Slog.d(OplusLockSettingsServiceUtils.TAG, "credential is null and  clear tee store");
                    byte[] bArr = new byte[64];
                    byte[] bArr2 = this.mAuthToken;
                    if (bArr2 == null) {
                        Slog.d(OplusLockSettingsServiceUtils.TAG, "WriteSecretToTeeRunnable mAuthToken == null");
                        return;
                    } else if (OplusLockSettingsServiceUtils.this.writeSecretCmd(bArr, bArr.length, bArr2, bArr2.length) != 0) {
                        Slog.d(OplusLockSettingsServiceUtils.TAG, "write Secret clear tee Secret failed");
                        return;
                    } else {
                        Slog.d(OplusLockSettingsServiceUtils.TAG, "write Secret clear tee Secret success");
                        return;
                    }
                }
                byte[] secret = OplusLockSettingsServiceUtils.this.getSecret(this.credential, this.userId);
                if (secret != null && secret.length > 0) {
                    String hexString = HexDump.toHexString(secret);
                    Slog.d(OplusLockSettingsServiceUtils.TAG, "write Secret to tee by writeSecretCmd");
                    byte[] bytes = hexString.getBytes();
                    if (this.mAuthToken == null) {
                        byte[] responsePayload = OplusLockSettingsServiceUtils.this.getResponsePayload(this.credential, this.credentialType, 0L, this.userId);
                        if (responsePayload == null) {
                            Slog.d(OplusLockSettingsServiceUtils.TAG, "WriteSecretToTeeRunnable mAuthToken == null");
                            return;
                        }
                        this.mAuthToken = responsePayload;
                    }
                    OplusLockSettingsServiceUtils oplusLockSettingsServiceUtils = OplusLockSettingsServiceUtils.this;
                    int length = bytes.length;
                    byte[] bArr3 = this.mAuthToken;
                    if (oplusLockSettingsServiceUtils.writeSecretCmd(bytes, length, bArr3, bArr3.length) != 0) {
                        Slog.d(OplusLockSettingsServiceUtils.TAG, "write Secret in tee fail");
                    } else {
                        Slog.d(OplusLockSettingsServiceUtils.TAG, "write Secret to tee success");
                    }
                }
            } catch (RemoteException e) {
                Slog.d(OplusLockSettingsServiceUtils.TAG, "WriteSecretToTeeRunnable throw RemoteException");
            }
        }
    }

    public OplusLockSettingsServiceUtils(SyntheticPasswordManager syntheticPasswordManager, ILockSettingsServiceExt iLockSettingsServiceExt, Context context) {
        this.mSpManager = null;
        this.mLockSettingsServiceExt = null;
        this.mSpManager = syntheticPasswordManager;
        this.mLockSettingsServiceExt = iLockSettingsServiceExt;
        this.mContext = context;
        DEBUG = SystemProperties.getBoolean(MarvelsLog.LOG_TOOL_RUNNING, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void execSync() {
        try {
            Slog.d(TAG, "locksetting execSync thread start");
            SystemProperties.set("ctl.start", "oplussync");
            Slog.d(TAG, "locksetting execSync thread end");
        } catch (Exception e) {
            Slog.e(TAG, "Error in execSync : " + e);
        }
    }

    private long getSyntheticPasswordHandle(int i) {
        ILockSettingsServiceExt iLockSettingsServiceExt = this.mLockSettingsServiceExt;
        if (iLockSettingsServiceExt != null) {
            return iLockSettingsServiceExt.getSyntheticPasswordHandle(i);
        }
        Slog.w(TAG, "getSyntheticPasswordHandle, mLockSettingsService null!!");
        return 0L;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isBootFromOTA() {
        boolean z;
        File file = new File("/cache/recovery/intent");
        boolean z2 = false;
        String str = IElsaManager.EMPTY_PACKAGE;
        if (file.exists() && file.canRead()) {
            Slog.i(TAG, "/cache/recovery/intent file is exist!!!");
            BufferedReader bufferedReader = null;
            try {
                try {
                    try {
                        bufferedReader = new BufferedReader(new FileReader(file));
                        str = bufferedReader.readLine();
                    } catch (Throwable th) {
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e) {
                                Slog.e(TAG, "readOTAUpdateResult close the reader failed!!!", e);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e2) {
                    Slog.e(TAG, "readOTAUpdateResult failed!!!", e2);
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                }
                if (!"0".equals(str)) {
                    if (!"2".equals(str)) {
                        z = false;
                        z2 = z;
                        bufferedReader.close();
                    }
                }
                z = true;
                z2 = z;
                bufferedReader.close();
            } catch (IOException e3) {
                Slog.e(TAG, "readOTAUpdateResult close the reader failed!!!", e3);
            }
        }
        if (DEBUG) {
            Slog.d(TAG, "isBootFromOTA::resultStr = " + str + ", result = " + z2);
        }
        return z2;
    }

    public static boolean isMemoryLow() {
        return Environment.getDataDirectory().getUsableSpace() < 10485760;
    }

    private boolean isSyntheticPasswordBasedCredential(int i) {
        ILockSettingsServiceExt iLockSettingsServiceExt = this.mLockSettingsServiceExt;
        if (iLockSettingsServiceExt != null) {
            return iLockSettingsServiceExt.isSyntheticPasswordBasedCredential(i);
        }
        Slog.w(TAG, "isSyntheticPasswordBasedCredential, type case failed!!");
        return false;
    }

    protected ArrayList<Byte> cryptoengInvokeCommand(ArrayList<Byte> arrayList) {
        try {
            Method method = Class.forName("vendor.oplus.hardware.cryptoeng.V1_0.ICryptoeng").getMethod("cryptoeng_invoke_command", ArrayList.class);
            Object cryptoSerice = getCryptoSerice();
            if (cryptoSerice != null) {
                return (ArrayList) method.invoke(cryptoSerice, arrayList);
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    protected Object getCryptoSerice() {
        try {
            Class<?> cls = Class.forName("vendor.oplus.hardware.cryptoeng.V1_0.ICryptoeng");
            return cls.getMethod("getService", new Class[0]).invoke(cls, new Object[0]);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public VerifyCredentialResponse getResponse(LockscreenCredential lockscreenCredential, int i, boolean z, long j, int i2, ICheckCredentialProgressCallback iCheckCredentialProgressCallback) throws RemoteException {
        if (this.mLockSettingsServiceExt == null) {
            Slog.w(TAG, "getResponse, type case failed!!");
            return null;
        }
        if (lockscreenCredential != null && lockscreenCredential.getCredential().length != 0) {
            if (i2 == -9999 && Settings.Global.getInt(this.mContext.getContentResolver(), "device_provisioned", 0) != 0) {
                Slog.e(TAG, "getResponse FRP userCredential can only be verified prior to provisioning.");
                return null;
            }
            LockscreenCredential lockscreenCredential2 = i == -1 ? null : lockscreenCredential;
            synchronized (this.mSpManager) {
                try {
                    try {
                        if (!isSyntheticPasswordBasedCredential(i2)) {
                            return null;
                        }
                        if (i2 == -9999) {
                            return this.mSpManager.verifyFrpCredential(this.mLockSettingsServiceExt.getGateKeeperService(), lockscreenCredential2, iCheckCredentialProgressCallback);
                        }
                        SyntheticPasswordManager.AuthenticationResult unwrapPasswordBasedSyntheticPassword = this.mSpManager.unwrapPasswordBasedSyntheticPassword(this.mLockSettingsServiceExt.getGateKeeperService(), getSyntheticPasswordHandle(i2), lockscreenCredential2, i2, iCheckCredentialProgressCallback);
                        if (lockscreenCredential2.getType() == i) {
                            return unwrapPasswordBasedSyntheticPassword.gkResponse;
                        }
                        Slog.e(TAG, "getResponse Credential type mismatch.");
                        return null;
                    } catch (Throwable th) {
                        th = th;
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                    throw th;
                }
            }
        }
        Slog.d(TAG, "getResponse userCredential can't be null or empty");
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v3, types: [byte[]] */
    public byte[] getResponsePayload(LockscreenCredential lockscreenCredential, int i, long j, int i2) {
        String str = TAG;
        byte[] bArr = null;
        try {
            VerifyCredentialResponse response = getResponse(lockscreenCredential, i, true, j, i2, null);
            if (response != null) {
                ?? gatekeeperHAT = response.getGatekeeperHAT();
                bArr = gatekeeperHAT;
                str = gatekeeperHAT;
            } else {
                Slog.d(TAG, "getResponsePayload get token failed");
                str = str;
            }
        } catch (Exception e) {
            Slog.d(str, "getResponsePayload get token failed:" + e.getMessage());
        }
        return bArr;
    }

    public byte[] getSecret(LockscreenCredential lockscreenCredential, int i) throws RemoteException {
        if (i == -9999) {
            Slog.d(TAG, "userId == USER_FRP");
            return null;
        }
        synchronized (this.mSpManager) {
            SyntheticPasswordManager.AuthenticationResult unwrapPasswordBasedSyntheticPassword = this.mSpManager.unwrapPasswordBasedSyntheticPassword(this.mLockSettingsServiceExt.getGateKeeperService(), getSyntheticPasswordHandle(i), lockscreenCredential, i, (ICheckCredentialProgressCallback) null);
            if (unwrapPasswordBasedSyntheticPassword == null) {
                Slog.d(TAG, "authResult is null");
                return null;
            }
            VerifyCredentialResponse verifyCredentialResponse = unwrapPasswordBasedSyntheticPassword.gkResponse;
            if (verifyCredentialResponse == null || verifyCredentialResponse.getResponseCode() != 0) {
                Slog.d(TAG, "response.getResponseCode() != RESPONSE_OK");
                return null;
            }
            return unwrapPasswordBasedSyntheticPassword.authToken.deriveDiskEncryptionKey();
        }
    }

    public void notifyVoldDecryptAEKey(final int i, byte[] bArr, final byte[] bArr2) {
        String nameForUid = this.mContext.getPackageManager().getNameForUid(Binder.getCallingUid());
        if (DEBUG) {
            Slog.w(TAG, "notifyVoldDecryptAEKey calling by " + nameForUid);
        }
        if (StorageManager.isUserKeyUnlocked(i) && nameForUid != null && nameForUid.contains("systemui")) {
            this.myHandler.post(new Runnable() { // from class: com.android.server.locksettings.OplusLockSettingsServiceUtils.1
                @Override // java.lang.Runnable
                public void run() {
                    if (OplusLockSettingsServiceUtils.DEBUG) {
                        Slog.v(OplusLockSettingsServiceUtils.TAG, "start notify Vold when vold success");
                    }
                    try {
                        IStorageManager.Stub.asInterface(ServiceManager.getService("mount")).unlockUserKey(i, IUserManager.Stub.asInterface(ServiceManager.getService("user")).getUserInfo(i).serialNumber, bArr2);
                        if (OplusLockSettingsServiceUtils.DEBUG) {
                            Slog.v(OplusLockSettingsServiceUtils.TAG, "notify Vold end");
                        }
                    } catch (RemoteException | RuntimeException e) {
                        Slog.w(OplusLockSettingsServiceUtils.TAG, "Failed to unlock: " + e.getMessage());
                    }
                }
            });
        }
    }

    protected int writeSecretCmd(byte[] bArr, int i, byte[] bArr2, int i2) {
        ArrayList<Byte> cryptoengInvokeCommand;
        Slog.d(TAG, "writeSecretCmd  length:" + i + " tokenLenght:" + i2);
        ArrayList<Byte> arrayList = new ArrayList<>();
        arrayList.add((byte) 8);
        arrayList.add((byte) 0);
        arrayList.add((byte) 0);
        arrayList.add((byte) 0);
        arrayList.add(Byte.valueOf((byte) (i & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i >> 8) & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i >> 16) & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i >> 24) & HansConstants.APP_TYPE_OTHER)));
        for (byte b : bArr) {
            arrayList.add(Byte.valueOf(b));
        }
        arrayList.add(Byte.valueOf((byte) (i2 & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i2 >> 8) & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i2 >> 16) & HansConstants.APP_TYPE_OTHER)));
        arrayList.add(Byte.valueOf((byte) ((i2 >> 24) & HansConstants.APP_TYPE_OTHER)));
        for (byte b2 : bArr2) {
            arrayList.add(Byte.valueOf(b2));
        }
        return (getCryptoSerice() != null && (cryptoengInvokeCommand = cryptoengInvokeCommand(arrayList)) != null && cryptoengInvokeCommand.size() >= 4 && cryptoengInvokeCommand.get(0).byteValue() == 0 && cryptoengInvokeCommand.get(1).byteValue() == 0 && cryptoengInvokeCommand.get(2).byteValue() == 0 && cryptoengInvokeCommand.get(3).byteValue() == 0) ? 0 : -1;
    }

    public void writeSecretToTee(VerifyCredentialResponse verifyCredentialResponse, LockscreenCredential lockscreenCredential, int i, int i2) {
        if (this.mLockSettingsServiceExt == null || this.mSpManager == null) {
            Slog.d(TAG, "init failed");
            return;
        }
        if (verifyCredentialResponse == null || verifyCredentialResponse.getResponseCode() != 0) {
            this.myHandler.post(new WriteSecretToTeeRunnable(lockscreenCredential, i2, null, i));
            return;
        }
        if (DEBUG) {
            Slog.d(TAG, "spBasedSetLockCredentialInternalLocked  getResponse ok");
        }
        this.myHandler.post(new WriteSecretToTeeRunnable(lockscreenCredential, i2, verifyCredentialResponse.getGatekeeperHAT(), i));
    }
}
