package com.android.keychain;

import android.app.IntentService;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.ParceledListSlice;
import android.database.Cursor;
import android.database.DatabaseUtils;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import android.os.Binder;
import android.os.IBinder;
import android.os.UserHandle;
import android.os.UserManager;
import android.security.IKeyChainService;
import android.security.KeyStore;
import android.util.Log;
import com.android.internal.util.ParcelableString;
import com.android.org.conscrypt.TrustedCertificateStore;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class KeyChainService extends IntentService {
    public DatabaseHelper mDatabaseHelper;
    private final IKeyChainService.Stub mIKeyChainService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class DatabaseHelper extends SQLiteOpenHelper {
        public DatabaseHelper(Context context) {
            super(context, "grants.db", (SQLiteDatabase.CursorFactory) null, 1);
        }

        @Override // android.database.sqlite.SQLiteOpenHelper
        public void onCreate(SQLiteDatabase sQLiteDatabase) {
            sQLiteDatabase.execSQL("CREATE TABLE grants (  alias STRING NOT NULL,  uid INTEGER NOT NULL,  UNIQUE (alias,uid))");
        }

        @Override // android.database.sqlite.SQLiteOpenHelper
        public void onUpgrade(SQLiteDatabase sQLiteDatabase, int i, int i2) {
            Log.e("KeyChain", "upgrade from version " + i + " to version " + i2);
            if (i == 1) {
                int i3 = i + 1;
            }
        }
    }

    public KeyChainService() {
        super(KeyChainService.class.getSimpleName());
        this.mIKeyChainService = new IKeyChainService.Stub() { // from class: com.android.keychain.KeyChainService.1
            private final KeyStore mKeyStore = KeyStore.getInstance();
            private final TrustedCertificateStore mTrustedCertificateStore = new TrustedCertificateStore();

            private void checkArgs(String str) {
                if (str == null) {
                    throw new NullPointerException("alias == null");
                }
                if (!this.mKeyStore.isUnlocked()) {
                    throw new IllegalStateException("keystore is " + this.mKeyStore.state().toString());
                }
                int callingUid = getCallingUid();
                if (!KeyChainService.this.hasGrantInternal(KeyChainService.this.mDatabaseHelper.getReadableDatabase(), callingUid, str)) {
                    throw new IllegalStateException("uid " + callingUid + " doesn't have permission to access the requested alias");
                }
            }

            private String checkCaller(String str) {
                String nameForUid = KeyChainService.this.getPackageManager().getNameForUid(getCallingUid());
                if (str.equals(nameForUid)) {
                    return null;
                }
                return nameForUid;
            }

            private void checkCertInstallerOrSystemCaller() {
                if (checkCaller("com.android.certinstaller") == null) {
                    return;
                }
                checkSystemCaller();
            }

            private void checkSystemCaller() {
                String checkCaller = checkCaller("android.uid.system:1000");
                if (checkCaller != null) {
                    throw new IllegalStateException(checkCaller);
                }
            }

            private void checkUserRestriction() {
                if (((UserManager) KeyChainService.this.getSystemService("user")).hasUserRestriction("no_config_credentials")) {
                    throw new SecurityException("User cannot modify credentials");
                }
            }

            private boolean deleteCertificateEntry(String str) {
                try {
                    this.mTrustedCertificateStore.deleteCertificateEntry(str);
                    return true;
                } catch (IOException e) {
                    Log.w("KeyChain", "Problem removing CA certificate " + str, e);
                    return false;
                } catch (CertificateException e2) {
                    Log.w("KeyChain", "Problem removing CA certificate " + str, e2);
                    return false;
                }
            }

            private ParceledListSlice<ParcelableString> makeAliasesParcelableSynchronised(Set<String> set) {
                ArrayList arrayList = new ArrayList(set.size());
                for (String str : set) {
                    ParcelableString parcelableString = new ParcelableString();
                    parcelableString.string = str;
                    arrayList.add(parcelableString);
                }
                return new ParceledListSlice<>(arrayList);
            }

            private X509Certificate parseCertificate(byte[] bArr) throws CertificateException {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            }

            public boolean containsCaAlias(String str) {
                return this.mTrustedCertificateStore.containsAlias(str);
            }

            public boolean deleteCaCertificate(String str) {
                boolean deleteCertificateEntry;
                checkSystemCaller();
                checkUserRestriction();
                synchronized (this.mTrustedCertificateStore) {
                    deleteCertificateEntry = deleteCertificateEntry(str);
                }
                KeyChainService.this.broadcastStorageChange();
                return deleteCertificateEntry;
            }

            public List<String> getCaCertificateChainAliases(String str, boolean z) {
                ArrayList arrayList;
                synchronized (this.mTrustedCertificateStore) {
                    try {
                        List certificateChain = this.mTrustedCertificateStore.getCertificateChain((X509Certificate) this.mTrustedCertificateStore.getCertificate(str, z));
                        arrayList = new ArrayList(certificateChain.size());
                        int size = certificateChain.size();
                        for (int i = 0; i < size; i++) {
                            String certificateAlias = this.mTrustedCertificateStore.getCertificateAlias((Certificate) certificateChain.get(i), true);
                            if (certificateAlias != null) {
                                arrayList.add(certificateAlias);
                            }
                        }
                    } catch (CertificateException e) {
                        Log.w("KeyChain", "Error retrieving cert chain for root " + str);
                        return Collections.emptyList();
                    }
                }
                return arrayList;
            }

            public byte[] getCertificate(String str) {
                checkArgs(str);
                return this.mKeyStore.get("USRCERT_" + str);
            }

            public byte[] getEncodedCaCertificate(String str, boolean z) {
                synchronized (this.mTrustedCertificateStore) {
                    X509Certificate x509Certificate = (X509Certificate) this.mTrustedCertificateStore.getCertificate(str, z);
                    if (x509Certificate == null) {
                        Log.w("KeyChain", "Could not find CA certificate " + str);
                        return null;
                    }
                    try {
                        return x509Certificate.getEncoded();
                    } catch (CertificateEncodingException e) {
                        Log.w("KeyChain", "Error while encoding CA certificate " + str);
                        return null;
                    }
                }
            }

            public ParceledListSlice<ParcelableString> getSystemCaAliases() {
                ParceledListSlice<ParcelableString> makeAliasesParcelableSynchronised;
                synchronized (this.mTrustedCertificateStore) {
                    makeAliasesParcelableSynchronised = makeAliasesParcelableSynchronised(this.mTrustedCertificateStore.allSystemAliases());
                }
                return makeAliasesParcelableSynchronised;
            }

            public ParceledListSlice<ParcelableString> getUserCaAliases() {
                ParceledListSlice<ParcelableString> makeAliasesParcelableSynchronised;
                synchronized (this.mTrustedCertificateStore) {
                    makeAliasesParcelableSynchronised = makeAliasesParcelableSynchronised(this.mTrustedCertificateStore.userAliases());
                }
                return makeAliasesParcelableSynchronised;
            }

            public boolean hasGrant(int i, String str) {
                checkSystemCaller();
                return KeyChainService.this.hasGrantInternal(KeyChainService.this.mDatabaseHelper.getReadableDatabase(), i, str);
            }

            public void installCaCertificate(byte[] bArr) {
                checkCertInstallerOrSystemCaller();
                checkUserRestriction();
                try {
                    synchronized (this.mTrustedCertificateStore) {
                        this.mTrustedCertificateStore.installCertificate(parseCertificate(bArr));
                    }
                    KeyChainService.this.broadcastStorageChange();
                } catch (IOException e) {
                    throw new IllegalStateException(e);
                } catch (CertificateException e2) {
                    throw new IllegalStateException(e2);
                }
            }

            public boolean installKeyPair(byte[] bArr, byte[] bArr2, String str) {
                checkCertInstallerOrSystemCaller();
                if (!this.mKeyStore.importKey("USRPKEY_" + str, bArr, -1, 1)) {
                    Log.e("KeyChain", "Failed to import private key " + str);
                    return false;
                }
                if (this.mKeyStore.put("USRCERT_" + str, bArr2, -1, 1)) {
                    KeyChainService.this.broadcastStorageChange();
                    return true;
                }
                Log.e("KeyChain", "Failed to import user certificate " + bArr2);
                if (!this.mKeyStore.delete("USRPKEY_" + str)) {
                    Log.e("KeyChain", "Failed to delete private key after certificate importing failed");
                }
                return false;
            }

            public String requestPrivateKey(String str) {
                checkArgs(str);
                String str2 = "USRPKEY_" + str;
                int callingUid = Binder.getCallingUid();
                if (!this.mKeyStore.grant(str2, callingUid)) {
                    return null;
                }
                return UserHandle.getUid(UserHandle.getUserId(callingUid), 1000) + '_' + str2;
            }

            public boolean reset() {
                checkSystemCaller();
                checkUserRestriction();
                KeyChainService.this.removeAllGrants(KeyChainService.this.mDatabaseHelper.getWritableDatabase());
                boolean z = true;
                synchronized (this.mTrustedCertificateStore) {
                    for (String str : this.mTrustedCertificateStore.aliases()) {
                        if (TrustedCertificateStore.isUser(str) && !deleteCertificateEntry(str)) {
                            z = false;
                        }
                    }
                }
                KeyChainService.this.broadcastStorageChange();
                return z;
            }

            public void setGrant(int i, String str, boolean z) {
                checkSystemCaller();
                KeyChainService.this.setGrantInternal(KeyChainService.this.mDatabaseHelper.getWritableDatabase(), i, str, z);
                KeyChainService.this.broadcastStorageChange();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void broadcastStorageChange() {
        sendBroadcastAsUser(new Intent("android.security.STORAGE_CHANGED"), new UserHandle(UserHandle.myUserId()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasGrantInternal(SQLiteDatabase sQLiteDatabase, int i, String str) {
        return DatabaseUtils.longForQuery(sQLiteDatabase, "SELECT COUNT(*) FROM grants WHERE uid=? AND alias=?", new String[]{String.valueOf(i), str}) > 0;
    }

    private void purgeOldGrants() {
        PackageManager packageManager = getPackageManager();
        SQLiteDatabase writableDatabase = this.mDatabaseHelper.getWritableDatabase();
        Cursor cursor = null;
        writableDatabase.beginTransaction();
        try {
            cursor = writableDatabase.query("grants", new String[]{"uid"}, null, null, "uid", null, null);
            while (cursor.moveToNext()) {
                int i = cursor.getInt(0);
                if (!(packageManager.getPackagesForUid(i) != null)) {
                    Log.d("KeyChain", "deleting grants for UID " + i + " because its package is no longer installed");
                    writableDatabase.delete("grants", "uid=?", new String[]{Integer.toString(i)});
                }
            }
            writableDatabase.setTransactionSuccessful();
        } finally {
            if (cursor != null) {
                cursor.close();
            }
            writableDatabase.endTransaction();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeAllGrants(SQLiteDatabase sQLiteDatabase) {
        sQLiteDatabase.delete("grants", null, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setGrantInternal(SQLiteDatabase sQLiteDatabase, int i, String str, boolean z) {
        if (!z) {
            sQLiteDatabase.delete("grants", "uid=? AND alias=?", new String[]{String.valueOf(i), str});
        } else {
            if (hasGrantInternal(sQLiteDatabase, i, str)) {
                return;
            }
            ContentValues contentValues = new ContentValues();
            contentValues.put("alias", str);
            contentValues.put("uid", Integer.valueOf(i));
            sQLiteDatabase.insert("grants", "alias", contentValues);
        }
    }

    @Override // android.app.IntentService, android.app.Service
    public IBinder onBind(Intent intent) {
        if (IKeyChainService.class.getName().equals(intent.getAction())) {
            return this.mIKeyChainService;
        }
        return null;
    }

    @Override // android.app.IntentService, android.app.Service
    public void onCreate() {
        super.onCreate();
        this.mDatabaseHelper = new DatabaseHelper(this);
    }

    @Override // android.app.IntentService, android.app.Service
    public void onDestroy() {
        super.onDestroy();
        this.mDatabaseHelper.close();
        this.mDatabaseHelper = null;
    }

    @Override // android.app.IntentService
    protected void onHandleIntent(Intent intent) {
        if ("android.intent.action.PACKAGE_REMOVED".equals(intent.getAction())) {
            purgeOldGrants();
        }
    }
}
