package com.android.server.locksettings;

import android.annotation.NonNull;
import android.content.Context;
import android.content.pm.UserInfo;
import android.net.ConnectivityManager;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkRequest;
import android.os.Handler;
import android.os.PowerManager;
import android.os.SystemClock;
import android.os.SystemProperties;
import android.os.UserManager;
import android.provider.DeviceConfig;
import android.provider.Settings;
import android.util.Slog;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.FrameworkStatsLog;
import com.android.internal.util.IndentingPrintWriter;
import com.android.internal.widget.RebootEscrowListener;
import com.android.server.pm.UserManagerInternal;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import javax.crypto.SecretKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager.class */
public class RebootEscrowManager {
    private static final String TAG = "RebootEscrowManager";

    @VisibleForTesting
    public static final String REBOOT_ESCROW_ARMED_KEY = "reboot_escrow_armed_count";
    static final String REBOOT_ESCROW_KEY_ARMED_TIMESTAMP = "reboot_escrow_key_stored_timestamp";
    static final String REBOOT_ESCROW_KEY_PROVIDER = "reboot_escrow_key_provider";
    static final String VBMETA_DIGEST_PROP_NAME = "ro.boot.vbmeta.digest";
    static final String OTHER_VBMETA_DIGEST_PROP_NAME = "ota.other.vbmeta_digest";
    static final String REBOOT_ESCROW_KEY_VBMETA_DIGEST = "reboot_escrow_key_vbmeta_digest";
    static final String REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST = "reboot_escrow_key_other_vbmeta_digest";
    private static final int BOOT_COUNT_TOLERANCE = 5;
    private static final int DEFAULT_LOAD_ESCROW_DATA_RETRY_COUNT = 3;
    private static final int DEFAULT_LOAD_ESCROW_DATA_RETRY_INTERVAL_SECONDS = 30;
    private static final int DEFAULT_LOAD_ESCROW_BASE_TIMEOUT_MILLIS = 180000;
    private static final int DEFAULT_LOAD_ESCROW_TIMEOUT_EXTENSION_MILLIS = 5000;
    static final int ERROR_NONE = 0;
    static final int ERROR_UNKNOWN = 1;
    static final int ERROR_NO_PROVIDER = 2;
    static final int ERROR_LOAD_ESCROW_KEY = 3;
    static final int ERROR_RETRY_COUNT_EXHAUSTED = 4;
    static final int ERROR_UNLOCK_ALL_USERS = 5;
    static final int ERROR_PROVIDER_MISMATCH = 6;
    static final int ERROR_KEYSTORE_FAILURE = 7;
    static final int ERROR_NO_NETWORK = 8;
    static final int ERROR_TIMEOUT_EXHAUSTED = 9;
    private int mLoadEscrowDataErrorCode;
    private final RebootEscrowEventLog mEventLog;
    private boolean mRebootEscrowWanted;
    private boolean mRebootEscrowReady;
    private RebootEscrowListener mRebootEscrowListener;
    private boolean mRebootEscrowTimedOut;
    private boolean mLoadEscrowDataWithRetry;
    private final Object mKeyGenerationLock;

    @GuardedBy({"mKeyGenerationLock"})
    private RebootEscrowKey mPendingRebootEscrowKey;
    private final UserManager mUserManager;
    private final Injector mInjector;
    private final LockSettingsStorage mStorage;
    private final Callbacks mCallbacks;
    private final RebootEscrowKeyStoreManager mKeyStoreManager;
    private final Handler mHandler;
    PowerManager.WakeLock mWakeLock;
    private ConnectivityManager.NetworkCallback mNetworkCallback;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager$Callbacks.class */
    public interface Callbacks {
        boolean isUserSecure(int i);

        void onRebootEscrowRestored(byte b, byte[] bArr, int i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager$Injector.class */
    public static class Injector {
        protected Context mContext;
        private final RebootEscrowKeyStoreManager mKeyStoreManager = new RebootEscrowKeyStoreManager();
        private final LockSettingsStorage mStorage;
        private RebootEscrowProviderInterface mRebootEscrowProvider;
        private final UserManagerInternal mUserManagerInternal;

        Injector(Context context, LockSettingsStorage lockSettingsStorage, UserManagerInternal userManagerInternal) {
            this.mContext = context;
            this.mStorage = lockSettingsStorage;
            this.mUserManagerInternal = userManagerInternal;
        }

        private RebootEscrowProviderInterface createRebootEscrowProvider() {
            RebootEscrowProviderInterface rebootEscrowProviderHalImpl;
            if (serverBasedResumeOnReboot()) {
                Slog.i(RebootEscrowManager.TAG, "Using server based resume on reboot");
                rebootEscrowProviderHalImpl = new RebootEscrowProviderServerBasedImpl(this.mContext, this.mStorage);
            } else {
                Slog.i(RebootEscrowManager.TAG, "Using HAL based resume on reboot");
                rebootEscrowProviderHalImpl = new RebootEscrowProviderHalImpl();
            }
            if (rebootEscrowProviderHalImpl.hasRebootEscrowSupport()) {
                return rebootEscrowProviderHalImpl;
            }
            return null;
        }

        void post(Handler handler, Runnable runnable) {
            handler.post(runnable);
        }

        void postDelayed(Handler handler, Runnable runnable, long j) {
            handler.postDelayed(runnable, j);
        }

        public boolean serverBasedResumeOnReboot() {
            if (this.mContext.getPackageManager().hasSystemFeature("android.hardware.reboot_escrow")) {
                return DeviceConfig.getBoolean("ota", "server_based_ror_enabled", false);
            }
            return true;
        }

        public boolean isNetworkConnected() {
            NetworkCapabilities networkCapabilities;
            ConnectivityManager connectivityManager = (ConnectivityManager) this.mContext.getSystemService(ConnectivityManager.class);
            return connectivityManager != null && (networkCapabilities = connectivityManager.getNetworkCapabilities(connectivityManager.getActiveNetwork())) != null && networkCapabilities.hasCapability(12) && networkCapabilities.hasCapability(16);
        }

        public boolean requestNetworkWithInternet(ConnectivityManager.NetworkCallback networkCallback) {
            ConnectivityManager connectivityManager = (ConnectivityManager) this.mContext.getSystemService(ConnectivityManager.class);
            if (connectivityManager == null) {
                return false;
            }
            connectivityManager.requestNetwork(new NetworkRequest.Builder().addCapability(12).build(), networkCallback, getLoadEscrowTimeoutMillis());
            return true;
        }

        public void stopRequestingNetwork(ConnectivityManager.NetworkCallback networkCallback) {
            ConnectivityManager connectivityManager = (ConnectivityManager) this.mContext.getSystemService(ConnectivityManager.class);
            if (connectivityManager == null) {
                return;
            }
            connectivityManager.unregisterNetworkCallback(networkCallback);
        }

        public Context getContext() {
            return this.mContext;
        }

        public UserManager getUserManager() {
            return (UserManager) this.mContext.getSystemService("user");
        }

        public UserManagerInternal getUserManagerInternal() {
            return this.mUserManagerInternal;
        }

        public RebootEscrowKeyStoreManager getKeyStoreManager() {
            return this.mKeyStoreManager;
        }

        public RebootEscrowProviderInterface createRebootEscrowProviderIfNeeded() {
            if (this.mRebootEscrowProvider == null) {
                this.mRebootEscrowProvider = createRebootEscrowProvider();
            }
            return this.mRebootEscrowProvider;
        }

        PowerManager.WakeLock getWakeLock() {
            return ((PowerManager) this.mContext.getSystemService(PowerManager.class)).newWakeLock(1, RebootEscrowManager.TAG);
        }

        public RebootEscrowProviderInterface getRebootEscrowProvider() {
            return this.mRebootEscrowProvider;
        }

        public void clearRebootEscrowProvider() {
            this.mRebootEscrowProvider = null;
        }

        public int getBootCount() {
            return Settings.Global.getInt(this.mContext.getContentResolver(), "boot_count", 0);
        }

        public long getCurrentTimeMillis() {
            return System.currentTimeMillis();
        }

        public int getLoadEscrowDataRetryLimit() {
            return DeviceConfig.getInt("ota", "load_escrow_data_retry_count", 3);
        }

        public int getLoadEscrowDataRetryIntervalSeconds() {
            return DeviceConfig.getInt("ota", "load_escrow_data_retry_interval_seconds", 30);
        }

        @VisibleForTesting
        public int getLoadEscrowTimeoutMillis() {
            return RebootEscrowManager.DEFAULT_LOAD_ESCROW_BASE_TIMEOUT_MILLIS;
        }

        @VisibleForTesting
        public int getWakeLockTimeoutMillis() {
            return getLoadEscrowTimeoutMillis() + 5000;
        }

        public void reportMetric(boolean z, int i, int i2, int i3, int i4, int i5, int i6) {
            FrameworkStatsLog.write(FrameworkStatsLog.REBOOT_ESCROW_RECOVERY_REPORTED, z, i, i2, i3, i4, i5, i6);
        }

        public RebootEscrowEventLog getEventLog() {
            return new RebootEscrowEventLog();
        }

        public String getVbmetaDigest(boolean z) {
            return z ? SystemProperties.get(RebootEscrowManager.OTHER_VBMETA_DIGEST_PROP_NAME) : SystemProperties.get(RebootEscrowManager.VBMETA_DIGEST_PROP_NAME);
        }
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager$RebootEscrowErrorCode.class */
    @interface RebootEscrowErrorCode {
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager$RebootEscrowEvent.class */
    public static class RebootEscrowEvent {
        static final int FOUND_ESCROW_DATA = 1;
        static final int SET_ARMED_STATUS = 2;
        static final int CLEARED_LSKF_REQUEST = 3;
        static final int RETRIEVED_STORED_KEK = 4;
        static final int REQUESTED_LSKF = 5;
        static final int STORED_LSKF_FOR_USER = 6;
        static final int RETRIEVED_LSKF_FOR_USER = 7;
        final int mEventId;
        final Integer mUserId;
        final long mWallTime;
        final long mTimestamp;

        RebootEscrowEvent(int i) {
            this(i, null);
        }

        RebootEscrowEvent(int i, Integer num) {
            this.mEventId = i;
            this.mUserId = num;
            this.mTimestamp = SystemClock.uptimeMillis();
            this.mWallTime = System.currentTimeMillis();
        }

        String getEventDescription() {
            switch (this.mEventId) {
                case 1:
                    return "Found escrow data";
                case 2:
                    return "Set armed status";
                case 3:
                    return "Cleared request for LSKF";
                case 4:
                    return "Retrieved stored KEK";
                case 5:
                    return "Requested LSKF";
                case 6:
                    return "Stored LSKF for user";
                case 7:
                    return "Retrieved LSKF for user";
                default:
                    return "Unknown event ID " + this.mEventId;
            }
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/server/locksettings/RebootEscrowManager$RebootEscrowEventLog.class */
    public static class RebootEscrowEventLog {
        private RebootEscrowEvent[] mEntries = new RebootEscrowEvent[16];
        private int mNextIndex = 0;

        void addEntry(int i) {
            addEntryInternal(new RebootEscrowEvent(i));
        }

        void addEntry(int i, int i2) {
            addEntryInternal(new RebootEscrowEvent(i, Integer.valueOf(i2)));
        }

        private void addEntryInternal(RebootEscrowEvent rebootEscrowEvent) {
            this.mEntries[this.mNextIndex] = rebootEscrowEvent;
            this.mNextIndex = (this.mNextIndex + 1) % this.mEntries.length;
        }

        void dump(@NonNull IndentingPrintWriter indentingPrintWriter) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS", Locale.US);
            for (int i = 0; i < this.mEntries.length; i++) {
                RebootEscrowEvent rebootEscrowEvent = this.mEntries[(i + this.mNextIndex) % this.mEntries.length];
                if (rebootEscrowEvent != null) {
                    indentingPrintWriter.print("Event #");
                    indentingPrintWriter.println(i);
                    indentingPrintWriter.println(" time=" + simpleDateFormat.format(new Date(rebootEscrowEvent.mWallTime)) + " (timestamp=" + rebootEscrowEvent.mTimestamp + ")");
                    indentingPrintWriter.print(" event=");
                    indentingPrintWriter.println(rebootEscrowEvent.getEventDescription());
                    if (rebootEscrowEvent.mUserId != null) {
                        indentingPrintWriter.print(" user=");
                        indentingPrintWriter.println(rebootEscrowEvent.mUserId);
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RebootEscrowManager(Context context, Callbacks callbacks, LockSettingsStorage lockSettingsStorage, Handler handler, UserManagerInternal userManagerInternal) {
        this(new Injector(context, lockSettingsStorage, userManagerInternal), callbacks, lockSettingsStorage, handler);
    }

    @VisibleForTesting
    RebootEscrowManager(Injector injector, Callbacks callbacks, LockSettingsStorage lockSettingsStorage, Handler handler) {
        this.mLoadEscrowDataErrorCode = 0;
        this.mRebootEscrowTimedOut = false;
        this.mLoadEscrowDataWithRetry = false;
        this.mKeyGenerationLock = new Object();
        this.mInjector = injector;
        this.mCallbacks = callbacks;
        this.mStorage = lockSettingsStorage;
        this.mUserManager = injector.getUserManager();
        this.mEventLog = injector.getEventLog();
        this.mKeyStoreManager = injector.getKeyStoreManager();
        this.mHandler = handler;
    }

    private void setLoadEscrowDataErrorCode(int i, Handler handler) {
        if (Flags.waitForInternetRor()) {
            this.mInjector.post(handler, () -> {
                this.mLoadEscrowDataErrorCode = i;
            });
        } else {
            this.mLoadEscrowDataErrorCode = i;
        }
    }

    private void compareAndSetLoadEscrowDataErrorCode(int i, int i2, Handler handler) {
        if (i == this.mLoadEscrowDataErrorCode) {
            setLoadEscrowDataErrorCode(i2, handler);
        }
    }

    private void onGetRebootEscrowKeyFailed(List<UserInfo> list, int i, Handler handler) {
        Slog.w(TAG, "Had reboot escrow data for users, but no key; removing escrow storage.");
        Iterator<UserInfo> it = list.iterator();
        while (it.hasNext()) {
            this.mStorage.removeRebootEscrow(it.next().id);
        }
        onEscrowRestoreComplete(false, i, handler);
    }

    private List<UserInfo> getUsersToUnlock(List<UserInfo> list) {
        if (this.mCallbacks.isUserSecure(0) && !this.mStorage.hasRebootEscrow(0)) {
            Slog.i(TAG, "No reboot escrow data found for system user");
            return Collections.emptyList();
        }
        HashSet hashSet = new HashSet();
        for (UserInfo userInfo : list) {
            if (this.mCallbacks.isUserSecure(userInfo.id) && !this.mStorage.hasRebootEscrow(userInfo.id)) {
                Slog.d(TAG, "No reboot escrow data found for user " + userInfo);
                hashSet.add(Integer.valueOf(userInfo.id));
            }
        }
        ArrayList arrayList = new ArrayList();
        for (UserInfo userInfo2 : list) {
            if (this.mCallbacks.isUserSecure(userInfo2.id)) {
                int i = userInfo2.id;
                if (!hashSet.contains(Integer.valueOf(i)) && !hashSet.contains(Integer.valueOf(this.mInjector.getUserManagerInternal().getProfileParentId(i)))) {
                    arrayList.add(userInfo2);
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void loadRebootEscrowDataIfAvailable(Handler handler) {
        List users = this.mUserManager.getUsers();
        List<UserInfo> usersToUnlock = getUsersToUnlock(users);
        if (usersToUnlock.isEmpty()) {
            Slog.i(TAG, "No reboot escrow data found for users, skipping loading escrow data");
            clearMetricsStorage();
            return;
        }
        this.mWakeLock = this.mInjector.getWakeLock();
        if (this.mWakeLock != null) {
            this.mWakeLock.setReferenceCounted(false);
            this.mWakeLock.acquire(this.mInjector.getWakeLockTimeoutMillis());
        }
        if (!Flags.waitForInternetRor()) {
            this.mInjector.post(handler, () -> {
                loadRebootEscrowDataWithRetry(handler, 0, users, usersToUnlock);
            });
        } else {
            this.mInjector.postDelayed(handler, () -> {
                this.mRebootEscrowTimedOut = true;
            }, this.mInjector.getLoadEscrowTimeoutMillis());
            this.mInjector.post(handler, () -> {
                loadRebootEscrowDataOnInternet(handler, users, usersToUnlock);
            });
        }
    }

    void scheduleLoadRebootEscrowDataOrFail(Handler handler, int i, List<UserInfo> list, List<UserInfo> list2) {
        Objects.requireNonNull(handler);
        int loadEscrowDataRetryLimit = this.mInjector.getLoadEscrowDataRetryLimit();
        int loadEscrowDataRetryIntervalSeconds = this.mInjector.getLoadEscrowDataRetryIntervalSeconds();
        if (i < loadEscrowDataRetryLimit && !this.mRebootEscrowTimedOut) {
            Slog.i(TAG, "Scheduling loadRebootEscrowData retry number: " + i);
            this.mInjector.postDelayed(handler, () -> {
                loadRebootEscrowDataWithRetry(handler, i, list, list2);
            }, loadEscrowDataRetryIntervalSeconds * 1000);
            return;
        }
        if (Flags.waitForInternetRor()) {
            if (this.mRebootEscrowTimedOut) {
                Slog.w(TAG, "Failed to load reboot escrow data within timeout");
                compareAndSetLoadEscrowDataErrorCode(0, 9, handler);
            } else {
                Slog.w(TAG, "Failed to load reboot escrow data after " + i + " attempts");
                compareAndSetLoadEscrowDataErrorCode(0, 4, handler);
            }
            onGetRebootEscrowKeyFailed(list, i, handler);
            return;
        }
        Slog.w(TAG, "Failed to load reboot escrow data after " + i + " attempts");
        if (!this.mInjector.serverBasedResumeOnReboot() || this.mInjector.isNetworkConnected()) {
            this.mLoadEscrowDataErrorCode = 4;
        } else {
            this.mLoadEscrowDataErrorCode = 8;
        }
        onGetRebootEscrowKeyFailed(list, i, handler);
    }

    void loadRebootEscrowDataOnInternet(final Handler handler, final List<UserInfo> list, final List<UserInfo> list2) {
        if (!this.mInjector.serverBasedResumeOnReboot()) {
            loadRebootEscrowDataWithRetry(handler, 0, list, list2);
            return;
        }
        this.mNetworkCallback = new ConnectivityManager.NetworkCallback() { // from class: com.android.server.locksettings.RebootEscrowManager.1
            @Override // android.net.ConnectivityManager.NetworkCallback
            public void onAvailable(Network network) {
                RebootEscrowManager.this.compareAndSetLoadEscrowDataErrorCode(8, 0, handler);
                if (RebootEscrowManager.this.mLoadEscrowDataWithRetry) {
                    return;
                }
                RebootEscrowManager.this.mLoadEscrowDataWithRetry = true;
                RebootEscrowManager.this.loadRebootEscrowDataWithRetry(handler, 0, list, list2);
            }

            @Override // android.net.ConnectivityManager.NetworkCallback
            public void onUnavailable() {
                Slog.w(RebootEscrowManager.TAG, "Failed to connect to network within timeout");
                RebootEscrowManager.this.compareAndSetLoadEscrowDataErrorCode(0, 8, handler);
                RebootEscrowManager.this.onGetRebootEscrowKeyFailed(list, 0, handler);
            }

            @Override // android.net.ConnectivityManager.NetworkCallback
            public void onLost(Network network) {
                Slog.w(RebootEscrowManager.TAG, "Network lost, still attempting to load escrow key.");
                RebootEscrowManager.this.compareAndSetLoadEscrowDataErrorCode(0, 8, handler);
            }
        };
        if (this.mInjector.requestNetworkWithInternet(this.mNetworkCallback)) {
            return;
        }
        loadRebootEscrowDataWithRetry(handler, 0, list, list2);
    }

    void loadRebootEscrowDataWithRetry(Handler handler, int i, List<UserInfo> list, List<UserInfo> list2) {
        SecretKey keyStoreEncryptionKey = this.mKeyStoreManager.getKeyStoreEncryptionKey();
        if (keyStoreEncryptionKey == null) {
            Slog.i(TAG, "Failed to load the key for resume on reboot from key store.");
        }
        try {
            RebootEscrowKey andClearRebootEscrowKey = getAndClearRebootEscrowKey(keyStoreEncryptionKey, handler);
            if (andClearRebootEscrowKey == null) {
                if (this.mLoadEscrowDataErrorCode == 0) {
                    if ((this.mInjector.serverBasedResumeOnReboot() ? 1 : 0) != this.mStorage.getInt(REBOOT_ESCROW_KEY_PROVIDER, -1, 0)) {
                        setLoadEscrowDataErrorCode(6, handler);
                    } else {
                        setLoadEscrowDataErrorCode(3, handler);
                    }
                }
                onGetRebootEscrowKeyFailed(list, i + 1, handler);
                return;
            }
            this.mEventLog.addEntry(1);
            boolean z = true;
            Iterator<UserInfo> it = list2.iterator();
            while (it.hasNext()) {
                z &= restoreRebootEscrowForUser(it.next().id, andClearRebootEscrowKey, keyStoreEncryptionKey);
            }
            if (!z) {
                compareAndSetLoadEscrowDataErrorCode(0, 5, handler);
            }
            onEscrowRestoreComplete(z, i + 1, handler);
        } catch (IOException e) {
            Slog.i(TAG, "Failed to load escrow key, scheduling retry.", e);
            scheduleLoadRebootEscrowDataOrFail(handler, i + 1, list, list2);
        }
    }

    private void clearMetricsStorage() {
        this.mStorage.removeKey(REBOOT_ESCROW_ARMED_KEY, 0);
        this.mStorage.removeKey(REBOOT_ESCROW_KEY_ARMED_TIMESTAMP, 0);
        this.mStorage.removeKey(REBOOT_ESCROW_KEY_VBMETA_DIGEST, 0);
        this.mStorage.removeKey(REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST, 0);
        this.mStorage.removeKey(REBOOT_ESCROW_KEY_PROVIDER, 0);
    }

    private int getVbmetaDigestStatusOnRestoreComplete() {
        String vbmetaDigest = this.mInjector.getVbmetaDigest(false);
        String string = this.mStorage.getString(REBOOT_ESCROW_KEY_VBMETA_DIGEST, "", 0);
        String string2 = this.mStorage.getString(REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST, "", 0);
        if (string2.isEmpty()) {
            return vbmetaDigest.equals(string) ? 0 : 2;
        }
        if (vbmetaDigest.equals(string2)) {
            return 0;
        }
        return vbmetaDigest.equals(string) ? 1 : 2;
    }

    private void reportMetricOnRestoreComplete(boolean z, int i, Handler handler) {
        int i2 = this.mInjector.serverBasedResumeOnReboot() ? 2 : 1;
        long j = this.mStorage.getLong(REBOOT_ESCROW_KEY_ARMED_TIMESTAMP, -1L, 0);
        int i3 = -1;
        long currentTimeMillis = this.mInjector.getCurrentTimeMillis();
        if (j != -1 && currentTimeMillis > j) {
            i3 = ((int) (currentTimeMillis - j)) / 1000;
        }
        int vbmetaDigestStatusOnRestoreComplete = getVbmetaDigestStatusOnRestoreComplete();
        if (!z) {
            compareAndSetLoadEscrowDataErrorCode(0, 1, handler);
        }
        Slog.i(TAG, "Reporting RoR recovery metrics, success: " + z + ", service type: " + i2 + ", error code: " + this.mLoadEscrowDataErrorCode);
        this.mInjector.reportMetric(z, this.mLoadEscrowDataErrorCode, i2, i, i3, vbmetaDigestStatusOnRestoreComplete, -1);
        setLoadEscrowDataErrorCode(0, handler);
    }

    private void onEscrowRestoreComplete(boolean z, int i, Handler handler) {
        int i2 = this.mStorage.getInt(REBOOT_ESCROW_ARMED_KEY, -1, 0);
        int bootCount = this.mInjector.getBootCount() - i2;
        if (z || (i2 != -1 && bootCount <= 5)) {
            reportMetricOnRestoreComplete(z, i, handler);
        }
        this.mKeyStoreManager.clearKeyStoreEncryptionKey();
        this.mInjector.clearRebootEscrowProvider();
        clearMetricsStorage();
        if (this.mNetworkCallback != null) {
            this.mInjector.stopRequestingNetwork(this.mNetworkCallback);
        }
        if (this.mWakeLock != null) {
            this.mWakeLock.release();
        }
    }

    private RebootEscrowKey getAndClearRebootEscrowKey(SecretKey secretKey, Handler handler) throws IOException {
        RebootEscrowProviderInterface createRebootEscrowProviderIfNeeded = this.mInjector.createRebootEscrowProviderIfNeeded();
        if (createRebootEscrowProviderIfNeeded == null) {
            Slog.w(TAG, "Had reboot escrow data for users, but RebootEscrowProvider is unavailable");
            setLoadEscrowDataErrorCode(2, handler);
            return null;
        }
        if (createRebootEscrowProviderIfNeeded.getType() == 1 && secretKey == null) {
            setLoadEscrowDataErrorCode(7, handler);
            return null;
        }
        RebootEscrowKey andClearRebootEscrowKey = createRebootEscrowProviderIfNeeded.getAndClearRebootEscrowKey(secretKey);
        if (andClearRebootEscrowKey != null) {
            this.mEventLog.addEntry(4);
        }
        return andClearRebootEscrowKey;
    }

    private boolean restoreRebootEscrowForUser(int i, RebootEscrowKey rebootEscrowKey, SecretKey secretKey) {
        if (!this.mStorage.hasRebootEscrow(i)) {
            return false;
        }
        try {
            byte[] readRebootEscrow = this.mStorage.readRebootEscrow(i);
            this.mStorage.removeRebootEscrow(i);
            RebootEscrowData fromEncryptedData = RebootEscrowData.fromEncryptedData(rebootEscrowKey, readRebootEscrow, secretKey);
            this.mCallbacks.onRebootEscrowRestored(fromEncryptedData.getSpVersion(), fromEncryptedData.getSyntheticPassword(), i);
            Slog.i(TAG, "Restored reboot escrow data for user " + i);
            this.mEventLog.addEntry(7, i);
            return true;
        } catch (IOException e) {
            Slog.w(TAG, "Could not load reboot escrow data for user " + i, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void callToRebootEscrowIfNeeded(int i, byte b, byte[] bArr) {
        if (this.mRebootEscrowWanted) {
            if (this.mInjector.createRebootEscrowProviderIfNeeded() == null) {
                Slog.w(TAG, "Not storing escrow data, RebootEscrowProvider is unavailable");
                return;
            }
            RebootEscrowKey generateEscrowKeyIfNeeded = generateEscrowKeyIfNeeded();
            if (generateEscrowKeyIfNeeded == null) {
                Slog.e(TAG, "Could not generate escrow key");
                return;
            }
            SecretKey generateKeyStoreEncryptionKeyIfNeeded = this.mKeyStoreManager.generateKeyStoreEncryptionKeyIfNeeded();
            if (generateKeyStoreEncryptionKeyIfNeeded == null) {
                Slog.e(TAG, "Failed to generate encryption key from keystore.");
                return;
            }
            try {
                this.mStorage.writeRebootEscrow(i, RebootEscrowData.fromSyntheticPassword(generateEscrowKeyIfNeeded, b, bArr, generateKeyStoreEncryptionKeyIfNeeded).getBlob());
                this.mEventLog.addEntry(6, i);
                setRebootEscrowReady(true);
            } catch (IOException e) {
                setRebootEscrowReady(false);
                Slog.w(TAG, "Could not escrow reboot data", e);
            }
        }
    }

    private RebootEscrowKey generateEscrowKeyIfNeeded() {
        synchronized (this.mKeyGenerationLock) {
            if (this.mPendingRebootEscrowKey != null) {
                return this.mPendingRebootEscrowKey;
            }
            try {
                RebootEscrowKey generate = RebootEscrowKey.generate();
                this.mPendingRebootEscrowKey = generate;
                return generate;
            } catch (IOException e) {
                Slog.w(TAG, "Could not generate reboot escrow key");
                return null;
            }
        }
    }

    private void clearRebootEscrowIfNeeded() {
        this.mRebootEscrowWanted = false;
        setRebootEscrowReady(false);
        RebootEscrowProviderInterface createRebootEscrowProviderIfNeeded = this.mInjector.createRebootEscrowProviderIfNeeded();
        if (createRebootEscrowProviderIfNeeded == null) {
            Slog.w(TAG, "RebootEscrowProvider is unavailable for clear request");
        } else {
            createRebootEscrowProviderIfNeeded.clearRebootEscrowKey();
        }
        this.mInjector.clearRebootEscrowProvider();
        clearMetricsStorage();
        Iterator it = this.mUserManager.getUsers().iterator();
        while (it.hasNext()) {
            this.mStorage.removeRebootEscrow(((UserInfo) it.next()).id);
        }
        this.mEventLog.addEntry(3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int armRebootEscrowIfNeeded() {
        RebootEscrowKey rebootEscrowKey;
        if (!this.mRebootEscrowReady) {
            return 2;
        }
        RebootEscrowProviderInterface rebootEscrowProvider = this.mInjector.getRebootEscrowProvider();
        if (rebootEscrowProvider == null) {
            Slog.w(TAG, "Not storing escrow key, RebootEscrowProvider is unavailable");
            clearRebootEscrowIfNeeded();
            return 3;
        }
        int i = this.mInjector.serverBasedResumeOnReboot() ? 1 : 0;
        int type = rebootEscrowProvider.getType();
        if (i != type) {
            Slog.w(TAG, "Expect reboot escrow provider " + i + ", but the RoR is prepared with " + type + ". Please prepare the RoR again.");
            clearRebootEscrowIfNeeded();
            return 4;
        }
        synchronized (this.mKeyGenerationLock) {
            rebootEscrowKey = this.mPendingRebootEscrowKey;
        }
        if (rebootEscrowKey == null) {
            Slog.e(TAG, "Escrow key is null, but escrow was marked as ready");
            clearRebootEscrowIfNeeded();
            return 5;
        }
        SecretKey keyStoreEncryptionKey = this.mKeyStoreManager.getKeyStoreEncryptionKey();
        if (keyStoreEncryptionKey == null) {
            Slog.e(TAG, "Failed to get encryption key from keystore.");
            clearRebootEscrowIfNeeded();
            return 6;
        }
        if (!rebootEscrowProvider.storeRebootEscrowKey(rebootEscrowKey, keyStoreEncryptionKey)) {
            return 7;
        }
        this.mStorage.setInt(REBOOT_ESCROW_ARMED_KEY, this.mInjector.getBootCount(), 0);
        this.mStorage.setLong(REBOOT_ESCROW_KEY_ARMED_TIMESTAMP, this.mInjector.getCurrentTimeMillis(), 0);
        this.mStorage.setString(REBOOT_ESCROW_KEY_VBMETA_DIGEST, this.mInjector.getVbmetaDigest(false), 0);
        this.mStorage.setString(REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST, this.mInjector.getVbmetaDigest(true), 0);
        this.mStorage.setInt(REBOOT_ESCROW_KEY_PROVIDER, type, 0);
        this.mEventLog.addEntry(2);
        return 0;
    }

    private void setRebootEscrowReady(boolean z) {
        if (this.mRebootEscrowReady != z) {
            this.mHandler.post(() -> {
                this.mRebootEscrowListener.onPreparedForReboot(z);
            });
        }
        this.mRebootEscrowReady = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean prepareRebootEscrow() {
        clearRebootEscrowIfNeeded();
        if (this.mInjector.createRebootEscrowProviderIfNeeded() == null) {
            Slog.w(TAG, "No reboot escrow provider, skipping resume on reboot preparation.");
            return false;
        }
        this.mRebootEscrowWanted = true;
        this.mEventLog.addEntry(5);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean clearRebootEscrow() {
        clearRebootEscrowIfNeeded();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRebootEscrowListener(RebootEscrowListener rebootEscrowListener) {
        this.mRebootEscrowListener = rebootEscrowListener;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dump(@NonNull IndentingPrintWriter indentingPrintWriter) {
        boolean z;
        indentingPrintWriter.print("mRebootEscrowWanted=");
        indentingPrintWriter.println(this.mRebootEscrowWanted);
        indentingPrintWriter.print("mRebootEscrowReady=");
        indentingPrintWriter.println(this.mRebootEscrowReady);
        indentingPrintWriter.print("mRebootEscrowListener=");
        indentingPrintWriter.println(this.mRebootEscrowListener);
        indentingPrintWriter.print("mLoadEscrowDataErrorCode=");
        indentingPrintWriter.println(this.mLoadEscrowDataErrorCode);
        synchronized (this.mKeyGenerationLock) {
            z = this.mPendingRebootEscrowKey != null;
        }
        indentingPrintWriter.print("mPendingRebootEscrowKey is ");
        indentingPrintWriter.println(z ? "set" : "not set");
        RebootEscrowProviderInterface rebootEscrowProvider = this.mInjector.getRebootEscrowProvider();
        indentingPrintWriter.print("RebootEscrowProvider type is " + (rebootEscrowProvider == null ? "null" : String.valueOf(rebootEscrowProvider.getType())));
        indentingPrintWriter.println();
        indentingPrintWriter.println("Event log:");
        indentingPrintWriter.increaseIndent();
        this.mEventLog.dump(indentingPrintWriter);
        indentingPrintWriter.println();
        indentingPrintWriter.decreaseIndent();
    }
}
