package com.android.systemui.statusbar.policy;

import android.annotation.Nullable;
import android.app.admin.DeviceAdminInfo;
import android.app.admin.DevicePolicyManager;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.UserInfo;
import android.graphics.drawable.Drawable;
import android.net.ConnectivityManager;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkRequest;
import android.net.VpnManager;
import android.os.Handler;
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.UserManager;
import android.security.KeyChain;
import android.util.ArrayMap;
import android.util.Log;
import android.util.Pair;
import android.util.SparseArray;
import androidx.annotation.NonNull;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.systemui.broadcast.BroadcastDispatcher;
import com.android.systemui.dagger.SysUISingleton;
import com.android.systemui.dagger.qualifiers.Background;
import com.android.systemui.dagger.qualifiers.Main;
import com.android.systemui.dump.DumpManager;
import com.android.systemui.res.R;
import com.android.systemui.settings.UserTracker;
import com.android.systemui.statusbar.policy.SecurityController;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.Executor;
import javax.inject.Inject;
import org.xmlpull.v1.XmlPullParserException;

@SysUISingleton
/* loaded from: input_file:com/android/systemui/statusbar/policy/SecurityControllerImpl.class */
public class SecurityControllerImpl implements SecurityController {
    private static final String TAG = "SecurityController";
    private static final boolean DEBUG = Log.isLoggable(TAG, 3);
    private static final NetworkRequest REQUEST = new NetworkRequest.Builder().clearCapabilities().addTransportType(4).build();
    private static final int NO_NETWORK = -1;
    private static final String VPN_BRANDED_META_DATA = "com.android.systemui.IS_BRANDED";
    private static final int CA_CERT_LOADING_RETRY_TIME_IN_MS = 30000;
    private final Context mContext;
    private final UserTracker mUserTracker;
    private final ConnectivityManager mConnectivityManager;
    private final VpnManager mVpnManager;
    private final DevicePolicyManager mDevicePolicyManager;
    private final PackageManager mPackageManager;
    private final UserManager mUserManager;
    private final Executor mMainExecutor;
    private final Executor mBgExecutor;
    private int mCurrentUserId;
    private int mVpnUserId;

    @GuardedBy({"mCallbacks"})
    private final ArrayList<SecurityController.SecurityControllerCallback> mCallbacks = new ArrayList<>();
    private SparseArray<VpnConfig> mCurrentVpns = new SparseArray<>();

    @GuardedBy({"mNetworkProperties"})
    private final SparseArray<NetworkProperties> mNetworkProperties = new SparseArray<>();
    private ArrayMap<Integer, Boolean> mHasCACerts = new ArrayMap<>();
    private final UserTracker.Callback mUserChangedCallback = new UserTracker.Callback() { // from class: com.android.systemui.statusbar.policy.SecurityControllerImpl.1
        @Override // com.android.systemui.settings.UserTracker.Callback
        public void onUserChanged(int i, @NonNull Context context) {
            SecurityControllerImpl.this.onUserSwitched(i);
        }
    };
    private final ConnectivityManager.NetworkCallback mNetworkCallback = new ConnectivityManager.NetworkCallback() { // from class: com.android.systemui.statusbar.policy.SecurityControllerImpl.2
        @Override // android.net.ConnectivityManager.NetworkCallback
        public void onAvailable(Network network) {
            if (SecurityControllerImpl.DEBUG) {
                Log.d(SecurityControllerImpl.TAG, "onAvailable " + network.getNetId());
            }
            SecurityControllerImpl.this.updateState();
            SecurityControllerImpl.this.fireCallbacks();
        }

        @Override // android.net.ConnectivityManager.NetworkCallback
        public void onLost(Network network) {
            if (SecurityControllerImpl.DEBUG) {
                Log.d(SecurityControllerImpl.TAG, "onLost " + network.getNetId());
            }
            synchronized (SecurityControllerImpl.this.mNetworkProperties) {
                SecurityControllerImpl.this.mNetworkProperties.delete(network.getNetId());
            }
            SecurityControllerImpl.this.updateState();
            SecurityControllerImpl.this.fireCallbacks();
        }

        @Override // android.net.ConnectivityManager.NetworkCallback
        public void onCapabilitiesChanged(Network network, NetworkCapabilities networkCapabilities) {
            NetworkProperties networkProperties;
            boolean hasCapability;
            if (SecurityControllerImpl.DEBUG) {
                Log.d(SecurityControllerImpl.TAG, "onCapabilitiesChanged " + network.getNetId());
            }
            synchronized (SecurityControllerImpl.this.mNetworkProperties) {
                networkProperties = SecurityControllerImpl.this.mNetworkProperties.get(network.getNetId());
            }
            if (networkProperties == null || networkProperties.validated == (hasCapability = networkCapabilities.hasCapability(16))) {
                return;
            }
            networkProperties.validated = hasCapability;
            SecurityControllerImpl.this.fireCallbacks();
        }

        @Override // android.net.ConnectivityManager.NetworkCallback
        public void onLinkPropertiesChanged(Network network, LinkProperties linkProperties) {
            if (SecurityControllerImpl.DEBUG) {
                Log.d(SecurityControllerImpl.TAG, "onLinkPropertiesChanged " + network.getNetId());
            }
            String interfaceName = linkProperties.getInterfaceName();
            if (interfaceName == null) {
                Log.w(SecurityControllerImpl.TAG, "onLinkPropertiesChanged event with null interface");
                return;
            }
            synchronized (SecurityControllerImpl.this.mNetworkProperties) {
                NetworkProperties networkProperties = SecurityControllerImpl.this.mNetworkProperties.get(network.getNetId());
                if (networkProperties == null) {
                    SecurityControllerImpl.this.mNetworkProperties.put(network.getNetId(), new NetworkProperties(interfaceName, false));
                } else {
                    networkProperties.interfaceName = interfaceName;
                }
            }
        }
    };
    private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() { // from class: com.android.systemui.statusbar.policy.SecurityControllerImpl.3
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            int intExtra;
            if ("android.security.action.TRUST_STORE_CHANGED".equals(intent.getAction())) {
                SecurityControllerImpl.this.refreshCACerts(getSendingUserId());
            } else {
                if (!"android.intent.action.USER_UNLOCKED".equals(intent.getAction()) || (intExtra = intent.getIntExtra("android.intent.extra.user_handle", -10000)) == -10000) {
                    return;
                }
                SecurityControllerImpl.this.refreshCACerts(intExtra);
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/systemui/statusbar/policy/SecurityControllerImpl$NetworkProperties.class */
    public static class NetworkProperties {
        public String interfaceName;
        public boolean validated;

        NetworkProperties(@NonNull String str, boolean z) {
            this.interfaceName = str;
            this.validated = z;
        }
    }

    @Inject
    public SecurityControllerImpl(Context context, UserTracker userTracker, @Background Handler handler, BroadcastDispatcher broadcastDispatcher, @Main Executor executor, @Background Executor executor2, DumpManager dumpManager) {
        this.mContext = context;
        this.mUserTracker = userTracker;
        this.mDevicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        this.mConnectivityManager = (ConnectivityManager) context.getSystemService("connectivity");
        this.mVpnManager = (VpnManager) context.getSystemService(VpnManager.class);
        this.mPackageManager = context.getPackageManager();
        this.mUserManager = (UserManager) context.getSystemService("user");
        this.mMainExecutor = executor;
        this.mBgExecutor = executor2;
        dumpManager.registerDumpable(getClass().getSimpleName(), this);
        IntentFilter intentFilter = new IntentFilter();
        intentFilter.addAction("android.security.action.TRUST_STORE_CHANGED");
        intentFilter.addAction("android.intent.action.USER_UNLOCKED");
        broadcastDispatcher.registerReceiverWithHandler(this.mBroadcastReceiver, intentFilter, handler, UserHandle.ALL);
        this.mConnectivityManager.registerNetworkCallback(REQUEST, this.mNetworkCallback);
        onUserSwitched(this.mUserTracker.getUserId());
        this.mUserTracker.addCallback(this.mUserChangedCallback, this.mMainExecutor);
    }

    @Override // com.android.systemui.Dumpable
    public void dump(PrintWriter printWriter, String[] strArr) {
        printWriter.println("SecurityController state:");
        printWriter.print("  mCurrentVpns={");
        for (int i = 0; i < this.mCurrentVpns.size(); i++) {
            if (i > 0) {
                printWriter.print(", ");
            }
            printWriter.print(this.mCurrentVpns.keyAt(i));
            printWriter.print('=');
            printWriter.print(this.mCurrentVpns.valueAt(i).user);
        }
        printWriter.println("}");
        printWriter.print("  mNetworkProperties={");
        synchronized (this.mNetworkProperties) {
            for (int i2 = 0; i2 < this.mNetworkProperties.size(); i2++) {
                if (i2 > 0) {
                    printWriter.print(", ");
                }
                printWriter.print(this.mNetworkProperties.keyAt(i2));
                printWriter.print("={");
                printWriter.print(this.mNetworkProperties.valueAt(i2).interfaceName);
                printWriter.print(", ");
                printWriter.print(this.mNetworkProperties.valueAt(i2).validated);
                printWriter.print("}");
            }
        }
        printWriter.println("}");
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isDeviceManaged() {
        return this.mDevicePolicyManager.isDeviceManaged();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public String getDeviceOwnerName() {
        return this.mDevicePolicyManager.getDeviceOwnerNameOnAnyUser();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean hasProfileOwner() {
        return this.mDevicePolicyManager.getProfileOwnerAsUser(this.mCurrentUserId) != null;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public String getProfileOwnerName() {
        for (int i : this.mUserManager.getProfileIdsWithDisabled(this.mCurrentUserId)) {
            String profileOwnerNameAsUser = this.mDevicePolicyManager.getProfileOwnerNameAsUser(i);
            if (profileOwnerNameAsUser != null) {
                return profileOwnerNameAsUser;
            }
        }
        return null;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public CharSequence getDeviceOwnerOrganizationName() {
        return this.mDevicePolicyManager.getDeviceOwnerOrganizationName();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public CharSequence getWorkProfileOrganizationName() {
        int workProfileUserId = getWorkProfileUserId(this.mCurrentUserId);
        if (workProfileUserId == -10000) {
            return null;
        }
        return this.mDevicePolicyManager.getOrganizationNameForUser(workProfileUserId);
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public String getPrimaryVpnName() {
        VpnConfig vpnConfig = this.mCurrentVpns.get(this.mVpnUserId);
        if (vpnConfig != null) {
            return getNameForVpnConfig(vpnConfig, new UserHandle(this.mVpnUserId));
        }
        return null;
    }

    private int getWorkProfileUserId(int i) {
        for (UserInfo userInfo : this.mUserManager.getProfiles(i)) {
            if (userInfo.isManagedProfile()) {
                return userInfo.id;
            }
        }
        return -10000;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean hasWorkProfile() {
        return getWorkProfileUserId(this.mCurrentUserId) != -10000;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isWorkProfileOn() {
        UserHandle of = UserHandle.of(getWorkProfileUserId(this.mCurrentUserId));
        return (of == null || this.mUserManager.isQuietModeEnabled(of)) ? false : true;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isProfileOwnerOfOrganizationOwnedDevice() {
        return this.mDevicePolicyManager.isOrganizationOwnedDeviceWithManagedProfile();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public String getWorkProfileVpnName() {
        VpnConfig vpnConfig;
        int workProfileUserId = getWorkProfileUserId(this.mVpnUserId);
        if (workProfileUserId == -10000 || (vpnConfig = this.mCurrentVpns.get(workProfileUserId)) == null) {
            return null;
        }
        return getNameForVpnConfig(vpnConfig, UserHandle.of(workProfileUserId));
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    @Nullable
    public ComponentName getDeviceOwnerComponentOnAnyUser() {
        return this.mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public int getDeviceOwnerType(@NonNull ComponentName componentName) {
        return this.mDevicePolicyManager.getDeviceOwnerType(componentName);
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isFinancedDevice() {
        return this.mDevicePolicyManager.isFinancedDevice();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isNetworkLoggingEnabled() {
        return this.mDevicePolicyManager.isNetworkLoggingEnabled(null);
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isVpnEnabled() {
        for (int i : this.mUserManager.getProfileIdsWithDisabled(this.mVpnUserId)) {
            if (this.mCurrentVpns.get(i) != null) {
                return true;
            }
        }
        return false;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isVpnRestricted() {
        return this.mUserManager.getUserInfo(this.mCurrentUserId).isRestricted() || this.mUserManager.hasUserRestriction("no_config_vpn", new UserHandle(this.mCurrentUserId));
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isVpnBranded() {
        String packageNameForVpnConfig;
        VpnConfig vpnConfig = this.mCurrentVpns.get(this.mVpnUserId);
        if (vpnConfig == null || (packageNameForVpnConfig = getPackageNameForVpnConfig(vpnConfig)) == null) {
            return false;
        }
        return isVpnPackageBranded(packageNameForVpnConfig);
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isVpnValidated() {
        VpnConfig vpnConfig = this.mCurrentVpns.get(this.mVpnUserId);
        if (vpnConfig != null) {
            return getVpnValidationStatus(vpnConfig);
        }
        for (int i : this.mUserManager.getEnabledProfileIds(this.mVpnUserId)) {
            VpnConfig vpnConfig2 = this.mCurrentVpns.get(i);
            if (vpnConfig2 != null && !getVpnValidationStatus(vpnConfig2)) {
                return false;
            }
        }
        return true;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean hasCACertInCurrentUser() {
        Boolean bool = this.mHasCACerts.get(Integer.valueOf(this.mCurrentUserId));
        return bool != null && bool.booleanValue();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean hasCACertInWorkProfile() {
        Boolean bool;
        int workProfileUserId = getWorkProfileUserId(this.mCurrentUserId);
        return (workProfileUserId == -10000 || (bool = this.mHasCACerts.get(Integer.valueOf(workProfileUserId))) == null || !bool.booleanValue()) ? false : true;
    }

    @Override // com.android.systemui.statusbar.policy.CallbackController
    public void removeCallback(@NonNull SecurityController.SecurityControllerCallback securityControllerCallback) {
        synchronized (this.mCallbacks) {
            if (securityControllerCallback == null) {
                return;
            }
            if (DEBUG) {
                Log.d(TAG, "removeCallback " + securityControllerCallback);
            }
            this.mCallbacks.remove(securityControllerCallback);
        }
    }

    @Override // com.android.systemui.statusbar.policy.CallbackController
    public void addCallback(@NonNull SecurityController.SecurityControllerCallback securityControllerCallback) {
        synchronized (this.mCallbacks) {
            if (securityControllerCallback != null) {
                if (!this.mCallbacks.contains(securityControllerCallback)) {
                    if (DEBUG) {
                        Log.d(TAG, "addCallback " + securityControllerCallback);
                    }
                    this.mCallbacks.add(securityControllerCallback);
                }
            }
        }
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public void onUserSwitched(int i) {
        this.mCurrentUserId = i;
        UserInfo userInfo = this.mUserManager.getUserInfo(i);
        if (userInfo.isRestricted()) {
            this.mVpnUserId = userInfo.restrictedProfileParentId;
        } else {
            this.mVpnUserId = this.mCurrentUserId;
        }
        fireCallbacks();
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public boolean isParentalControlsEnabled() {
        return getProfileOwnerOrDeviceOwnerSupervisionComponent() != null;
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public DeviceAdminInfo getDeviceAdminInfo() {
        return getDeviceAdminInfo(getProfileOwnerOrDeviceOwnerComponent());
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public Drawable getIcon(DeviceAdminInfo deviceAdminInfo) {
        if (deviceAdminInfo == null) {
            return null;
        }
        return deviceAdminInfo.loadIcon(this.mPackageManager);
    }

    @Override // com.android.systemui.statusbar.policy.SecurityController
    public CharSequence getLabel(DeviceAdminInfo deviceAdminInfo) {
        if (deviceAdminInfo == null) {
            return null;
        }
        return deviceAdminInfo.loadLabel(this.mPackageManager);
    }

    private ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent() {
        return this.mDevicePolicyManager.getProfileOwnerOrDeviceOwnerSupervisionComponent(new UserHandle(this.mCurrentUserId));
    }

    private ComponentName getProfileOwnerOrDeviceOwnerComponent() {
        return getProfileOwnerOrDeviceOwnerSupervisionComponent();
    }

    private DeviceAdminInfo getDeviceAdminInfo(ComponentName componentName) {
        try {
            ResolveInfo resolveInfo = new ResolveInfo();
            resolveInfo.activityInfo = this.mPackageManager.getReceiverInfo(componentName, 128);
            return new DeviceAdminInfo(this.mContext, resolveInfo);
        } catch (PackageManager.NameNotFoundException | IOException | XmlPullParserException e) {
            return null;
        }
    }

    private void refreshCACerts(int i) {
        this.mBgExecutor.execute(() -> {
            Pair pair = null;
            try {
                try {
                    KeyChain.KeyChainConnection bindAsUser = KeyChain.bindAsUser(this.mContext, UserHandle.of(i));
                    try {
                        Pair pair2 = new Pair(Integer.valueOf(i), Boolean.valueOf(!bindAsUser.getService().getUserCaAliases().getList().isEmpty()));
                        if (bindAsUser != null) {
                            bindAsUser.close();
                        }
                        if (DEBUG) {
                            Log.d(TAG, "Refreshing CA Certs " + pair2);
                        }
                        if (pair2 == null || pair2.second == null) {
                            return;
                        }
                        this.mHasCACerts.put((Integer) pair2.first, (Boolean) pair2.second);
                        fireCallbacks();
                    } catch (Throwable th) {
                        if (bindAsUser != null) {
                            try {
                                bindAsUser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (DEBUG) {
                        Log.d(TAG, "Refreshing CA Certs " + ((Object) null));
                    }
                    if (0 != 0 && pair.second != null) {
                        this.mHasCACerts.put((Integer) pair.first, (Boolean) pair.second);
                        fireCallbacks();
                    }
                    throw th3;
                }
            } catch (RemoteException | AssertionError | IllegalStateException | InterruptedException e) {
                Log.i(TAG, "failed to get CA certs", e);
                Pair pair3 = new Pair(Integer.valueOf(i), null);
                if (DEBUG) {
                    Log.d(TAG, "Refreshing CA Certs " + pair3);
                }
                if (pair3 == null || pair3.second == null) {
                    return;
                }
                this.mHasCACerts.put((Integer) pair3.first, (Boolean) pair3.second);
                fireCallbacks();
            }
        });
    }

    private String getNameForVpnConfig(VpnConfig vpnConfig, UserHandle userHandle) {
        if (vpnConfig.legacy) {
            return this.mContext.getString(R.string.legacy_vpn_name);
        }
        String str = vpnConfig.user;
        try {
            return VpnConfig.getVpnLabel(this.mContext.createPackageContextAsUser(this.mContext.getPackageName(), 0, userHandle), str).toString();
        } catch (PackageManager.NameNotFoundException e) {
            Log.e(TAG, "Package " + str + " is not present", e);
            return null;
        }
    }

    private void fireCallbacks() {
        ArrayList arrayList;
        synchronized (this.mCallbacks) {
            arrayList = new ArrayList(this.mCallbacks);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((SecurityController.SecurityControllerCallback) it.next()).onStateChanged();
        }
    }

    private void updateState() {
        LegacyVpnInfo legacyVpnInfo;
        SparseArray<VpnConfig> sparseArray = new SparseArray<>();
        for (UserInfo userInfo : this.mUserManager.getUsers()) {
            VpnConfig vpnConfig = this.mVpnManager.getVpnConfig(userInfo.id);
            if (vpnConfig != null && (!vpnConfig.legacy || ((legacyVpnInfo = this.mVpnManager.getLegacyVpnInfo(userInfo.id)) != null && legacyVpnInfo.state == 3))) {
                sparseArray.put(userInfo.id, vpnConfig);
            }
        }
        this.mCurrentVpns = sparseArray;
    }

    private String getPackageNameForVpnConfig(VpnConfig vpnConfig) {
        if (vpnConfig.legacy) {
            return null;
        }
        return vpnConfig.user;
    }

    private boolean isVpnPackageBranded(String str) {
        try {
            ApplicationInfo applicationInfo = this.mPackageManager.getApplicationInfo(str, 128);
            if (applicationInfo == null || applicationInfo.metaData == null || !applicationInfo.isSystemApp()) {
                return false;
            }
            return applicationInfo.metaData.getBoolean(VPN_BRANDED_META_DATA, false);
        } catch (PackageManager.NameNotFoundException e) {
            return false;
        }
    }

    private boolean getVpnValidationStatus(@NonNull VpnConfig vpnConfig) {
        synchronized (this.mNetworkProperties) {
            for (int i = 0; i < this.mNetworkProperties.size(); i++) {
                if (this.mNetworkProperties.valueAt(i).interfaceName.equals(vpnConfig.interfaze)) {
                    return this.mNetworkProperties.valueAt(i).validated;
                }
            }
            return true;
        }
    }
}
