package com.android.server.credentials;

import android.R;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.ActivityManager;
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.ContentResolver;
import android.content.Context;
import android.content.pm.PackageManager;
import android.credentials.ClearCredentialStateRequest;
import android.credentials.CreateCredentialRequest;
import android.credentials.CredentialOption;
import android.credentials.CredentialProviderInfo;
import android.credentials.GetCredentialRequest;
import android.credentials.IClearCredentialStateCallback;
import android.credentials.ICreateCredentialCallback;
import android.credentials.ICredentialManager;
import android.credentials.IGetCandidateCredentialsCallback;
import android.credentials.IGetCredentialCallback;
import android.credentials.IPrepareGetCredentialCallback;
import android.credentials.ISetEnabledProvidersCallback;
import android.credentials.PrepareGetCredentialResponseInternal;
import android.credentials.RegisterCredentialDescriptionRequest;
import android.credentials.UnregisterCredentialDescriptionRequest;
import android.os.Binder;
import android.os.CancellationSignal;
import android.os.IBinder;
import android.os.ICancellationSignal;
import android.os.RemoteException;
import android.os.UserHandle;
import android.provider.DeviceConfig;
import android.provider.Settings;
import android.service.credentials.CallingAppInfo;
import android.service.credentials.CredentialProviderInfoFactory;
import android.service.credentials.PermissionUtils;
import android.text.TextUtils;
import android.util.Pair;
import android.util.Slog;
import android.util.SparseArray;
import com.android.internal.annotations.GuardedBy;
import com.android.server.SystemService;
import com.android.server.credentials.CredentialDescriptionRegistry;
import com.android.server.credentials.RequestSession;
import com.android.server.credentials.metrics.ApiName;
import com.android.server.credentials.metrics.ApiStatus;
import com.android.server.credentials.metrics.InitialPhaseMetric;
import com.android.server.infra.AbstractMasterSystemService;
import com.android.server.infra.SecureSettingsServiceNameResolver;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;

/* loaded from: input_file:com/android/server/credentials/CredentialManagerService.class */
public final class CredentialManagerService extends AbstractMasterSystemService<CredentialManagerService, CredentialManagerServiceImpl> {
    private static final String TAG = "CredentialManager";
    private static final String PERMISSION_DENIED_ERROR = "permission_denied";
    private static final String PERMISSION_DENIED_WRITE_SECURE_SETTINGS_ERROR = "Caller is missing WRITE_SECURE_SETTINGS permission";
    private static final String DEVICE_CONFIG_ENABLE_CREDENTIAL_MANAGER = "enable_credential_manager";
    private static final String DEVICE_CONFIG_ENABLE_CREDENTIAL_DESC_API = "enable_credential_description_api";
    public static final String AUTOFILL_PLACEHOLDER_VALUE = "credential-provider";
    private final Context mContext;

    @GuardedBy({"mLock"})
    private final SparseArray<List<CredentialManagerServiceImpl>> mSystemServicesCacheList;

    @GuardedBy({"mLock"})
    private final SparseArray<Map<IBinder, RequestSession>> mRequestSessions;
    private final SessionManager mSessionManager;

    /* loaded from: input_file:com/android/server/credentials/CredentialManagerService$CredentialManagerServiceStub.class */
    final class CredentialManagerServiceStub extends ICredentialManager.Stub {
        CredentialManagerServiceStub() {
        }

        public ICancellationSignal getCandidateCredentials(GetCredentialRequest getCredentialRequest, IGetCandidateCredentialsCallback iGetCandidateCredentialsCallback, IBinder iBinder, String str) {
            Slog.i(CredentialManagerService.TAG, "starting getCandidateCredentials with callingPackage: " + str);
            ICancellationSignal createTransport = CancellationSignal.createTransport();
            int callingUserId = UserHandle.getCallingUserId();
            GetCandidateRequestSession getCandidateRequestSession = new GetCandidateRequestSession(CredentialManagerService.this.getContext(), CredentialManagerService.this.mSessionManager, CredentialManagerService.this.mLock, callingUserId, Binder.getCallingUid(), iGetCandidateCredentialsCallback, getCredentialRequest, CredentialManagerService.this.constructCallingAppInfo(str, callingUserId, getCredentialRequest.getOrigin()), getEnabledProvidersForUser(callingUserId), CancellationSignal.fromTransport(createTransport), iBinder);
            CredentialManagerService.this.addSessionLocked(callingUserId, getCandidateRequestSession);
            List<ProviderSession> initiateProviderSessions = CredentialManagerService.this.initiateProviderSessions(getCandidateRequestSession, (List) getCredentialRequest.getCredentialOptions().stream().map((v0) -> {
                return v0.getType();
            }).collect(Collectors.toList()));
            finalizeAndEmitInitialPhaseMetric(getCandidateRequestSession);
            if (initiateProviderSessions.isEmpty()) {
                try {
                    iGetCandidateCredentialsCallback.onError("android.credentials.GetCandidateCredentialsException.TYPE_NO_CREDENTIAL", "No credentials available on this device.");
                } catch (RemoteException e) {
                    Slog.i(CredentialManagerService.TAG, "Issue invoking onError on IGetCredentialCallback callback: " + e.getMessage());
                }
            }
            invokeProviderSessions(initiateProviderSessions);
            return createTransport;
        }

        public ICancellationSignal executeGetCredential(GetCredentialRequest getCredentialRequest, IGetCredentialCallback iGetCredentialCallback, String str) {
            long nanoTime = System.nanoTime();
            Slog.i(CredentialManagerService.TAG, "starting executeGetCredential with callingPackage: " + str);
            ICancellationSignal createTransport = CancellationSignal.createTransport();
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            CredentialManagerService.this.enforceCallingPackage(str, callingUid);
            CredentialManagerService.this.validateGetCredentialRequest(getCredentialRequest);
            GetRequestSession getRequestSession = new GetRequestSession(CredentialManagerService.this.getContext(), CredentialManagerService.this.mSessionManager, CredentialManagerService.this.mLock, callingUserId, callingUid, iGetCredentialCallback, getCredentialRequest, CredentialManagerService.this.constructCallingAppInfo(str, callingUserId, getCredentialRequest.getOrigin()), getEnabledProvidersForUser(callingUserId), CancellationSignal.fromTransport(createTransport), nanoTime);
            CredentialManagerService.this.addSessionLocked(callingUserId, getRequestSession);
            List<ProviderSession> prepareProviderSessions = prepareProviderSessions(getCredentialRequest, getRequestSession);
            if (prepareProviderSessions.isEmpty()) {
                try {
                    iGetCredentialCallback.onError("android.credentials.GetCredentialException.TYPE_NO_CREDENTIAL", "No credentials available on this device.");
                } catch (RemoteException e) {
                    Slog.e(CredentialManagerService.TAG, "Issue invoking onError on IGetCredentialCallback callback: " + e.getMessage());
                }
            }
            invokeProviderSessions(prepareProviderSessions);
            return createTransport;
        }

        public ICancellationSignal executePrepareGetCredential(GetCredentialRequest getCredentialRequest, IPrepareGetCredentialCallback iPrepareGetCredentialCallback, IGetCredentialCallback iGetCredentialCallback, String str) {
            long nanoTime = System.nanoTime();
            ICancellationSignal createTransport = CancellationSignal.createTransport();
            if (getCredentialRequest.getOrigin() != null) {
                CredentialManagerService.this.mContext.enforceCallingPermission("android.permission.CREDENTIAL_MANAGER_SET_ORIGIN", null);
            }
            CredentialManagerService.this.enforcePermissionForAllowedProviders(getCredentialRequest);
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            CredentialManagerService.this.enforceCallingPackage(str, callingUid);
            List<ProviderSession> prepareProviderSessions = prepareProviderSessions(getCredentialRequest, new PrepareGetRequestSession(CredentialManagerService.this.getContext(), CredentialManagerService.this.mSessionManager, CredentialManagerService.this.mLock, callingUserId, callingUid, iGetCredentialCallback, getCredentialRequest, CredentialManagerService.this.constructCallingAppInfo(str, callingUserId, getCredentialRequest.getOrigin()), getEnabledProvidersForUser(callingUserId), CancellationSignal.fromTransport(createTransport), nanoTime, iPrepareGetCredentialCallback));
            if (prepareProviderSessions.isEmpty()) {
                try {
                    iPrepareGetCredentialCallback.onResponse(new PrepareGetCredentialResponseInternal(PermissionUtils.hasPermission(CredentialManagerService.this.mContext, str, "android.permission.CREDENTIAL_MANAGER_QUERY_CANDIDATE_CREDENTIALS"), (Set) null, false, false, (PendingIntent) null));
                } catch (RemoteException e) {
                    Slog.e(CredentialManagerService.TAG, "Issue invoking onError on IGetCredentialCallback callback: " + e.getMessage());
                }
            }
            invokeProviderSessions(prepareProviderSessions);
            return createTransport;
        }

        private List<ProviderSession> prepareProviderSessions(GetCredentialRequest getCredentialRequest, GetRequestSession getRequestSession) {
            List<ProviderSession> initiateProviderSessions;
            if (CredentialManagerService.isCredentialDescriptionApiEnabled()) {
                List<CredentialOption> list = getCredentialRequest.getCredentialOptions().stream().filter(credentialOption -> {
                    return credentialOption.getCredentialRetrievalData().getStringArrayList("android.credentials.GetCredentialOption.SUPPORTED_ELEMENT_KEYS") != null;
                }).toList();
                List<CredentialOption> list2 = getCredentialRequest.getCredentialOptions().stream().filter(credentialOption2 -> {
                    return credentialOption2.getCredentialRetrievalData().getStringArrayList("android.credentials.GetCredentialOption.SUPPORTED_ELEMENT_KEYS") == null;
                }).toList();
                List<ProviderSession> initiateProviderSessionsWithActiveContainers = CredentialManagerService.this.initiateProviderSessionsWithActiveContainers(getRequestSession, CredentialManagerService.this.getFilteredResultFromRegistry(list));
                List<ProviderSession> initiateProviderSessions2 = CredentialManagerService.this.initiateProviderSessions(getRequestSession, (List) list2.stream().map((v0) -> {
                    return v0.getType();
                }).collect(Collectors.toList()));
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                linkedHashSet.addAll(initiateProviderSessions2);
                linkedHashSet.addAll(initiateProviderSessionsWithActiveContainers);
                initiateProviderSessions = new ArrayList(linkedHashSet);
            } else {
                initiateProviderSessions = CredentialManagerService.this.initiateProviderSessions(getRequestSession, (List) getCredentialRequest.getCredentialOptions().stream().map((v0) -> {
                    return v0.getType();
                }).collect(Collectors.toList()));
            }
            finalizeAndEmitInitialPhaseMetric(getRequestSession);
            return initiateProviderSessions;
        }

        private void invokeProviderSessions(List<ProviderSession> list) {
            list.forEach((v0) -> {
                v0.invokeSession();
            });
        }

        public ICancellationSignal executeCreateCredential(CreateCredentialRequest createCredentialRequest, ICreateCredentialCallback iCreateCredentialCallback, String str) {
            long nanoTime = System.nanoTime();
            Slog.i(CredentialManagerService.TAG, "starting executeCreateCredential with callingPackage: " + str);
            ICancellationSignal createTransport = CancellationSignal.createTransport();
            if (createCredentialRequest.getOrigin() != null) {
                CredentialManagerService.this.mContext.enforceCallingPermission("android.permission.CREDENTIAL_MANAGER_SET_ORIGIN", null);
            }
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            CredentialManagerService.this.enforceCallingPackage(str, callingUid);
            CreateRequestSession createRequestSession = new CreateRequestSession(CredentialManagerService.this.getContext(), CredentialManagerService.this.mSessionManager, CredentialManagerService.this.mLock, callingUserId, callingUid, createCredentialRequest, iCreateCredentialCallback, CredentialManagerService.this.constructCallingAppInfo(str, callingUserId, createCredentialRequest.getOrigin()), getEnabledProvidersForUser(callingUserId), CredentialManagerService.getPrimaryProvidersForUserId(CredentialManagerService.this.getContext(), callingUserId), CancellationSignal.fromTransport(createTransport), nanoTime);
            CredentialManagerService.this.addSessionLocked(callingUserId, createRequestSession);
            processCreateCredential(createCredentialRequest, iCreateCredentialCallback, createRequestSession);
            return createTransport;
        }

        private void processCreateCredential(CreateCredentialRequest createCredentialRequest, ICreateCredentialCallback iCreateCredentialCallback, CreateRequestSession createRequestSession) {
            List<ProviderSession> initiateProviderSessions = CredentialManagerService.this.initiateProviderSessions(createRequestSession, List.of(createCredentialRequest.getType()));
            if (initiateProviderSessions.isEmpty()) {
                try {
                    iCreateCredentialCallback.onError("android.credentials.CreateCredentialException.TYPE_NO_CREATE_OPTIONS", "No create options available.");
                } catch (RemoteException e) {
                    Slog.e(CredentialManagerService.TAG, "Issue invoking onError on ICreateCredentialCallback callback: ", e);
                }
            }
            finalizeAndEmitInitialPhaseMetric(createRequestSession);
            initiateProviderSessions.forEach((v0) -> {
                v0.invokeSession();
            });
        }

        private void finalizeAndEmitInitialPhaseMetric(GetCandidateRequestSession getCandidateRequestSession) {
            InitialPhaseMetric initialPhaseMetric = getCandidateRequestSession.mRequestSessionMetric.getInitialPhaseMetric();
            initialPhaseMetric.setAutofillSessionId(getCandidateRequestSession.getAutofillSessionId());
            initialPhaseMetric.setAutofillRequestId(getCandidateRequestSession.getAutofillRequestId());
            finalizeAndEmitInitialPhaseMetric((RequestSession) getCandidateRequestSession);
        }

        private void finalizeAndEmitInitialPhaseMetric(RequestSession requestSession) {
            try {
                InitialPhaseMetric initialPhaseMetric = requestSession.mRequestSessionMetric.getInitialPhaseMetric();
                initialPhaseMetric.setCredentialServiceBeginQueryTimeNanoseconds(System.nanoTime());
                MetricUtilities.logApiCalledInitialPhase(initialPhaseMetric, requestSession.mRequestSessionMetric.returnIncrementSequence());
            } catch (Exception e) {
                Slog.i(CredentialManagerService.TAG, "Unexpected error during metric logging: ", e);
            }
        }

        public void setEnabledProviders(List<String> list, List<String> list2, int i, ISetEnabledProvidersCallback iSetEnabledProvidersCallback) {
            int callingUid = Binder.getCallingUid();
            if (!CredentialManagerService.this.hasWriteSecureSettingsPermission()) {
                try {
                    MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.FAILURE, callingUid);
                    iSetEnabledProvidersCallback.onError(CredentialManagerService.PERMISSION_DENIED_ERROR, CredentialManagerService.PERMISSION_DENIED_WRITE_SECURE_SETTINGS_ERROR);
                    return;
                } catch (RemoteException e) {
                    MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.FAILURE, callingUid);
                    Slog.e(CredentialManagerService.TAG, "Issue with invoking response: ", e);
                    return;
                }
            }
            int handleIncomingUser = ActivityManager.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(), i, false, false, "setEnabledProviders", null);
            HashSet hashSet = new HashSet(list2);
            hashSet.addAll(list);
            boolean putStringForUser = Settings.Secure.putStringForUser(CredentialManagerService.this.getContext().getContentResolver(), "credential_service", String.join(":", hashSet), handleIncomingUser);
            boolean putStringForUser2 = Settings.Secure.putStringForUser(CredentialManagerService.this.getContext().getContentResolver(), "credential_service_primary", String.join(":", list), handleIncomingUser);
            if (!putStringForUser || !putStringForUser2) {
                Slog.e(CredentialManagerService.TAG, "Failed to store setting containing enabled or primary providers");
                try {
                    MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.FAILURE, callingUid);
                    iSetEnabledProvidersCallback.onError("failed_setting_store", "Failed to store setting containing enabled or primary providers");
                } catch (RemoteException e2) {
                    MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.FAILURE, callingUid);
                    Slog.e(CredentialManagerService.TAG, "Issue with invoking error response: ", e2);
                    return;
                }
            }
            try {
                MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.SUCCESS, callingUid);
                iSetEnabledProvidersCallback.onResponse();
            } catch (RemoteException e3) {
                MetricUtilities.logApiCalledSimpleV2(ApiName.SET_ENABLED_PROVIDERS, ApiStatus.FAILURE, callingUid);
                Slog.e(CredentialManagerService.TAG, "Issue with invoking response: ", e3);
            }
        }

        public boolean isEnabledCredentialProviderService(ComponentName componentName, String str) {
            Slog.i(CredentialManagerService.TAG, "isEnabledCredentialProviderService with componentName: " + componentName.flattenToString());
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            CredentialManagerService.this.enforceCallingPackage(str, callingUid);
            if (componentName == null) {
                Slog.w(CredentialManagerService.TAG, "isEnabledCredentialProviderService componentName is null");
                MetricUtilities.logApiCalledSimpleV2(ApiName.IS_ENABLED_CREDENTIAL_PROVIDER_SERVICE, ApiStatus.FAILURE, callingUid);
                return false;
            }
            if (!componentName.getPackageName().equals(str)) {
                Slog.w(CredentialManagerService.TAG, "isEnabledCredentialProviderService component name does not match requested component");
                MetricUtilities.logApiCalledSimpleV2(ApiName.IS_ENABLED_CREDENTIAL_PROVIDER_SERVICE, ApiStatus.FAILURE, callingUid);
                throw new IllegalArgumentException("provided component name does not match does not match requesting component");
            }
            Set<ComponentName> enabledProvidersForUser = getEnabledProvidersForUser(callingUserId);
            MetricUtilities.logApiCalledSimpleV2(ApiName.IS_ENABLED_CREDENTIAL_PROVIDER_SERVICE, ApiStatus.SUCCESS, callingUid);
            if (enabledProvidersForUser == null) {
                return false;
            }
            return enabledProvidersForUser.contains(componentName);
        }

        public List<CredentialProviderInfo> getCredentialProviderServices(int i, int i2) {
            CredentialManagerService.this.verifyGetProvidersPermission();
            MetricUtilities.logApiCalledSimpleV2(ApiName.GET_CREDENTIAL_PROVIDER_SERVICES, ApiStatus.SUCCESS, Binder.getCallingUid());
            return CredentialProviderInfoFactory.getCredentialProviderServices(CredentialManagerService.this.mContext, i, i2, getEnabledProvidersForUser(i), CredentialManagerService.getPrimaryProvidersForUserId(CredentialManagerService.this.mContext, i));
        }

        public List<CredentialProviderInfo> getCredentialProviderServicesForTesting(int i) {
            CredentialManagerService.this.verifyGetProvidersPermission();
            int callingUserId = UserHandle.getCallingUserId();
            return CredentialProviderInfoFactory.getCredentialProviderServicesForTesting(CredentialManagerService.this.mContext, callingUserId, i, getEnabledProvidersForUser(callingUserId), CredentialManagerService.getPrimaryProvidersForUserId(CredentialManagerService.this.mContext, callingUserId));
        }

        public boolean isServiceEnabled() {
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                boolean z = DeviceConfig.getBoolean("credential_manager", CredentialManagerService.DEVICE_CONFIG_ENABLE_CREDENTIAL_MANAGER, true);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return z;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        private Set<ComponentName> getEnabledProvidersForUser(int i) {
            int handleIncomingUser = ActivityManager.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(), i, false, false, "getEnabledProvidersForUser", null);
            HashSet hashSet = new HashSet();
            String stringForUser = Settings.Secure.getStringForUser(CredentialManagerService.this.mContext.getContentResolver(), "credential_service", handleIncomingUser);
            if (!TextUtils.isEmpty(stringForUser)) {
                for (String str : stringForUser.split(":")) {
                    ComponentName unflattenFromString = ComponentName.unflattenFromString(str);
                    if (unflattenFromString != null) {
                        hashSet.add(unflattenFromString);
                    }
                }
            }
            return hashSet;
        }

        public ICancellationSignal clearCredentialState(ClearCredentialStateRequest clearCredentialStateRequest, IClearCredentialStateCallback iClearCredentialStateCallback, String str) {
            long nanoTime = System.nanoTime();
            Slog.i(CredentialManagerService.TAG, "starting clearCredentialState with callingPackage: " + str);
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            CredentialManagerService.this.enforceCallingPackage(str, callingUid);
            ICancellationSignal createTransport = CancellationSignal.createTransport();
            ClearRequestSession clearRequestSession = new ClearRequestSession(CredentialManagerService.this.getContext(), CredentialManagerService.this.mSessionManager, CredentialManagerService.this.mLock, callingUserId, callingUid, iClearCredentialStateCallback, clearCredentialStateRequest, CredentialManagerService.this.constructCallingAppInfo(str, callingUserId, null), getEnabledProvidersForUser(callingUserId), CancellationSignal.fromTransport(createTransport), nanoTime);
            CredentialManagerService.this.addSessionLocked(callingUserId, clearRequestSession);
            List<ProviderSession> initiateProviderSessions = CredentialManagerService.this.initiateProviderSessions(clearRequestSession, List.of());
            if (initiateProviderSessions.isEmpty()) {
                try {
                    iClearCredentialStateCallback.onError("UNKNOWN", "No credentials available on this device");
                } catch (RemoteException e) {
                    Slog.e(CredentialManagerService.TAG, "Issue invoking onError on IClearCredentialStateCallback callback: ", e);
                }
            }
            finalizeAndEmitInitialPhaseMetric(clearRequestSession);
            initiateProviderSessions.forEach((v0) -> {
                v0.invokeSession();
            });
            return createTransport;
        }

        public void registerCredentialDescription(RegisterCredentialDescriptionRequest registerCredentialDescriptionRequest, String str) throws IllegalArgumentException, NonCredentialProviderCallerException {
            Slog.i(CredentialManagerService.TAG, "registerCredentialDescription with callingPackage: " + str);
            if (!CredentialManagerService.isCredentialDescriptionApiEnabled()) {
                throw new UnsupportedOperationException("Feature not supported");
            }
            CredentialManagerService.this.enforceCallingPackage(str, Binder.getCallingUid());
            CredentialDescriptionRegistry.forUser(UserHandle.getCallingUserId()).executeRegisterRequest(registerCredentialDescriptionRequest, str);
        }

        public void unregisterCredentialDescription(UnregisterCredentialDescriptionRequest unregisterCredentialDescriptionRequest, String str) throws IllegalArgumentException {
            Slog.i(CredentialManagerService.TAG, "unregisterCredentialDescription with callingPackage: " + str);
            if (!CredentialManagerService.isCredentialDescriptionApiEnabled()) {
                throw new UnsupportedOperationException("Feature not supported");
            }
            CredentialManagerService.this.enforceCallingPackage(str, Binder.getCallingUid());
            CredentialDescriptionRegistry.forUser(UserHandle.getCallingUserId()).executeUnregisterRequest(unregisterCredentialDescriptionRequest, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/credentials/CredentialManagerService$SessionManager.class */
    public class SessionManager implements RequestSession.SessionLifetime {
        private SessionManager() {
        }

        @Override // com.android.server.credentials.RequestSession.SessionLifetime
        @GuardedBy({"mLock"})
        public void onFinishRequestSession(int i, IBinder iBinder) {
            if (CredentialManagerService.this.mRequestSessions.get(i) != null) {
                CredentialManagerService.this.mRequestSessions.get(i).remove(iBinder);
            }
        }

        @GuardedBy({"mLock"})
        public void addSession(int i, IBinder iBinder, RequestSession requestSession) {
            if (CredentialManagerService.this.mRequestSessions.get(i) == null) {
                CredentialManagerService.this.mRequestSessions.put(i, new HashMap());
            }
            CredentialManagerService.this.mRequestSessions.get(i).put(iBinder, requestSession);
        }
    }

    /* loaded from: input_file:com/android/server/credentials/CredentialManagerService$SettingsWrapper.class */
    public static class SettingsWrapper {
        private final Context mContext;

        public SettingsWrapper(@NonNull Context context) {
            this.mContext = context;
        }

        ContentResolver getContentResolver() {
            return this.mContext.getContentResolver();
        }

        public String getStringForUser(String str, int i) {
            return Settings.Secure.getStringForUser(getContentResolver(), str, i);
        }

        public boolean putStringForUser(String str, String str2, int i, boolean z) {
            return Settings.Secure.putStringForUser(getContentResolver(), str, str2, null, false, i, z);
        }
    }

    public CredentialManagerService(@NonNull Context context) {
        super(context, new SecureSettingsServiceNameResolver(context, "credential_service", true), null, 4);
        this.mSystemServicesCacheList = new SparseArray<>();
        this.mRequestSessions = new SparseArray<>();
        this.mSessionManager = new SessionManager();
        this.mContext = context;
    }

    @NonNull
    @GuardedBy({"mLock"})
    private List<CredentialManagerServiceImpl> constructSystemServiceListLocked(int i) {
        ArrayList arrayList = new ArrayList();
        CredentialProviderInfoFactory.getAvailableSystemServices(this.mContext, i, false, new HashSet()).forEach(credentialProviderInfo -> {
            arrayList.add(new CredentialManagerServiceImpl(this, this.mLock, i, credentialProviderInfo));
        });
        return arrayList;
    }

    @Override // com.android.server.infra.AbstractMasterSystemService
    protected String getServiceSettingsProperty() {
        return "credential_service";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.android.server.infra.AbstractMasterSystemService
    public CredentialManagerServiceImpl newServiceLocked(int i, boolean z) {
        Slog.w(TAG, "Should not be here - CredentialManagerService is configured to use multiple services");
        return null;
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        publishBinderService("credential", new CredentialManagerServiceStub());
    }

    @Override // com.android.server.infra.AbstractMasterSystemService
    @GuardedBy({"mLock"})
    protected List<CredentialManagerServiceImpl> newServiceListLocked(int i, boolean z, String[] strArr) {
        getOrConstructSystemServiceListLock(i);
        if (strArr == null || strArr.length == 0) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (!TextUtils.isEmpty(str)) {
                try {
                    arrayList.add(new CredentialManagerServiceImpl(this, this.mLock, i, str));
                } catch (PackageManager.NameNotFoundException | SecurityException e) {
                    Slog.e(TAG, "Unable to add serviceInfo : ", e);
                }
            }
        }
        return arrayList;
    }

    @Override // com.android.server.infra.AbstractMasterSystemService
    @GuardedBy({"mLock"})
    protected void handlePackageRemovedMultiModeLocked(String str, int i) {
        updateProvidersWhenPackageRemoved(new SettingsWrapper(this.mContext), str);
        List<CredentialManagerServiceImpl> peekServiceListForUserLocked = peekServiceListForUserLocked(i);
        if (peekServiceListForUserLocked == null) {
            return;
        }
        ArrayList<CredentialManagerServiceImpl> arrayList = new ArrayList();
        for (CredentialManagerServiceImpl credentialManagerServiceImpl : peekServiceListForUserLocked) {
            if (credentialManagerServiceImpl != null && str.equals(credentialManagerServiceImpl.getCredentialProviderInfo().getServiceInfo().getComponentName().getPackageName())) {
                arrayList.add(credentialManagerServiceImpl);
            }
        }
        for (CredentialManagerServiceImpl credentialManagerServiceImpl2 : arrayList) {
            removeServiceFromCache(credentialManagerServiceImpl2, i);
            removeServiceFromSystemServicesCache(credentialManagerServiceImpl2, i);
            CredentialDescriptionRegistry.forUser(i).evictProviderWithPackageName(credentialManagerServiceImpl2.getServicePackageName());
        }
    }

    @GuardedBy({"mLock"})
    private void removeServiceFromSystemServicesCache(CredentialManagerServiceImpl credentialManagerServiceImpl, int i) {
        if (this.mSystemServicesCacheList.get(i) != null) {
            this.mSystemServicesCacheList.get(i).remove(credentialManagerServiceImpl);
        }
    }

    @GuardedBy({"mLock"})
    private List<CredentialManagerServiceImpl> getOrConstructSystemServiceListLock(int i) {
        List<CredentialManagerServiceImpl> list = this.mSystemServicesCacheList.get(i);
        if (list == null || list.size() == 0) {
            list = constructSystemServiceListLocked(i);
            this.mSystemServicesCacheList.put(i, list);
        }
        return list;
    }

    private boolean hasWriteSecureSettingsPermission() {
        return hasPermission("android.permission.WRITE_SECURE_SETTINGS");
    }

    private void verifyGetProvidersPermission() throws SecurityException {
        if (!hasPermission("android.permission.QUERY_ALL_PACKAGES") && !hasPermission("android.permission.LIST_ENABLED_CREDENTIAL_PROVIDERS")) {
            throw new SecurityException("Caller is missing permission: QUERY_ALL_PACKAGES or LIST_ENABLED_CREDENTIAL_PROVIDERS");
        }
    }

    private boolean hasPermission(String str) {
        boolean z = this.mContext.checkCallingOrSelfPermission(str) == 0;
        if (!z) {
            Slog.e(TAG, "Caller does not have permission: " + str);
        }
        return z;
    }

    private void runForUser(@NonNull Consumer<CredentialManagerServiceImpl> consumer) {
        int callingUserId = UserHandle.getCallingUserId();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            synchronized (this.mLock) {
                Iterator<CredentialManagerServiceImpl> it = getCredentialProviderServicesLocked(callingUserId).iterator();
                while (it.hasNext()) {
                    consumer.accept(it.next());
                }
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<ComponentName> getPrimaryProvidersForUserId(Context context, int i) {
        String[] readServiceNameList = new SecureSettingsServiceNameResolver(context, "credential_service_primary", true).readServiceNameList(ActivityManager.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(), i, false, false, "getPrimaryProvidersForUserId", null));
        if (readServiceNameList == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (String str : readServiceNameList) {
            ComponentName unflattenFromString = ComponentName.unflattenFromString(str);
            if (unflattenFromString == null) {
                Slog.w(TAG, "Primary provider component name unflatten from string error: " + str);
            } else {
                hashSet.add(unflattenFromString);
            }
        }
        return hashSet;
    }

    @GuardedBy({"mLock"})
    private List<CredentialManagerServiceImpl> getCredentialProviderServicesLocked(int i) {
        ArrayList arrayList = new ArrayList();
        List<CredentialManagerServiceImpl> serviceListForUserLocked = getServiceListForUserLocked(i);
        if (serviceListForUserLocked != null && !serviceListForUserLocked.isEmpty()) {
            arrayList.addAll(serviceListForUserLocked);
        }
        arrayList.addAll(getOrConstructSystemServiceListLock(i));
        return arrayList;
    }

    public static boolean isCredentialDescriptionApiEnabled() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            return DeviceConfig.getBoolean("credential_manager", DEVICE_CONFIG_ENABLE_CREDENTIAL_DESC_API, false);
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    private List<ProviderSession> initiateProviderSessionsWithActiveContainers(GetRequestSession getRequestSession, Set<Pair<CredentialOption, CredentialDescriptionRegistry.FilterResult>> set) {
        ArrayList arrayList = new ArrayList();
        for (Pair<CredentialOption, CredentialDescriptionRegistry.FilterResult> pair : set) {
            ProviderRegistryGetSession createNewSession = ProviderRegistryGetSession.createNewSession(this.mContext, UserHandle.getCallingUserId(), getRequestSession, getRequestSession.mClientAppInfo, ((CredentialDescriptionRegistry.FilterResult) pair.second).mPackageName, (CredentialOption) pair.first);
            arrayList.add(createNewSession);
            getRequestSession.addProviderSession(createNewSession.getComponentName(), createNewSession);
        }
        return arrayList;
    }

    private List<ProviderSession> initiateProviderSessionsWithActiveContainers(PrepareGetRequestSession prepareGetRequestSession, Set<Pair<CredentialOption, CredentialDescriptionRegistry.FilterResult>> set) {
        ArrayList arrayList = new ArrayList();
        for (Pair<CredentialOption, CredentialDescriptionRegistry.FilterResult> pair : set) {
            ProviderRegistryGetSession createNewSession = ProviderRegistryGetSession.createNewSession(this.mContext, UserHandle.getCallingUserId(), prepareGetRequestSession, prepareGetRequestSession.mClientAppInfo, ((CredentialDescriptionRegistry.FilterResult) pair.second).mPackageName, (CredentialOption) pair.first);
            arrayList.add(createNewSession);
            prepareGetRequestSession.addProviderSession(createNewSession.getComponentName(), createNewSession);
        }
        return arrayList;
    }

    @NonNull
    private Set<Pair<CredentialOption, CredentialDescriptionRegistry.FilterResult>> getFilteredResultFromRegistry(List<CredentialOption> list) {
        Set<CredentialDescriptionRegistry.FilterResult> matchingProviders = CredentialDescriptionRegistry.forUser(UserHandle.getCallingUserId()).getMatchingProviders((Set) list.stream().map(credentialOption -> {
            return new HashSet(credentialOption.getCredentialRetrievalData().getStringArrayList("android.credentials.GetCredentialOption.SUPPORTED_ELEMENT_KEYS"));
        }).collect(Collectors.toSet()));
        HashSet hashSet = new HashSet();
        for (CredentialDescriptionRegistry.FilterResult filterResult : matchingProviders) {
            for (CredentialOption credentialOption2 : list) {
                if (CredentialDescriptionRegistry.checkForMatch(filterResult.mElementKeys, new HashSet(credentialOption2.getCredentialRetrievalData().getStringArrayList("android.credentials.GetCredentialOption.SUPPORTED_ELEMENT_KEYS")))) {
                    hashSet.add(new Pair(credentialOption2, filterResult));
                }
            }
        }
        return hashSet;
    }

    private List<ProviderSession> initiateProviderSessions(RequestSession requestSession, List<String> list) {
        ArrayList arrayList = new ArrayList();
        runForUser(credentialManagerServiceImpl -> {
            synchronized (this.mLock) {
                ProviderSession initiateProviderSessionForRequestLocked = credentialManagerServiceImpl.initiateProviderSessionForRequestLocked(requestSession, list);
                if (initiateProviderSessionForRequestLocked != null) {
                    arrayList.add(initiateProviderSessionForRequestLocked);
                }
            }
        });
        return arrayList;
    }

    @Override // com.android.server.infra.AbstractMasterSystemService, com.android.server.SystemService
    @GuardedBy({"CredentialDescriptionRegistry.sLock"})
    public void onUserStopped(@NonNull SystemService.TargetUser targetUser) {
        super.onUserStopped(targetUser);
        CredentialDescriptionRegistry.clearUserSession(targetUser.getUserIdentifier());
    }

    private CallingAppInfo constructCallingAppInfo(String str, int i, @Nullable String str2) {
        CallingAppInfo callingAppInfo;
        try {
            callingAppInfo = new CallingAppInfo(str, getContext().getPackageManager().getPackageInfoAsUser(str, PackageManager.PackageInfoFlags.of(134217728L), i).signingInfo, str2);
        } catch (PackageManager.NameNotFoundException e) {
            Slog.e(TAG, "Issue while retrieving signatureInfo : ", e);
            callingAppInfo = new CallingAppInfo(str, null, str2);
        }
        return callingAppInfo;
    }

    private void validateGetCredentialRequest(GetCredentialRequest getCredentialRequest) {
        if (getCredentialRequest.getOrigin() != null) {
            this.mContext.enforceCallingPermission("android.permission.CREDENTIAL_MANAGER_SET_ORIGIN", null);
        }
        enforcePermissionForAllowedProviders(getCredentialRequest);
    }

    private void enforcePermissionForAllowedProviders(GetCredentialRequest getCredentialRequest) {
        if (getCredentialRequest.getCredentialOptions().stream().anyMatch(credentialOption -> {
            return (credentialOption.getAllowedProviders() == null || credentialOption.getAllowedProviders().isEmpty()) ? false : true;
        })) {
            this.mContext.enforceCallingPermission("android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS", null);
        }
    }

    private void addSessionLocked(int i, RequestSession requestSession) {
        synchronized (this.mLock) {
            this.mSessionManager.addSession(i, requestSession.mRequestId, requestSession);
        }
    }

    private void enforceCallingPackage(String str, int i) {
        try {
            if (this.mContext.createContextAsUser(UserHandle.getUserHandleForUid(i), 0).getPackageManager().getPackageUid(str, PackageManager.PackageInfoFlags.of(0L)) != i) {
                throw new SecurityException(str + " does not belong to uid " + i);
            }
        } catch (PackageManager.NameNotFoundException e) {
            throw new SecurityException(str + " not found");
        }
    }

    public static void updateProvidersWhenPackageRemoved(SettingsWrapper settingsWrapper, String str) {
        ComponentName unflattenFromString;
        Slog.i(TAG, "updateProvidersWhenPackageRemoved");
        String stringForUser = settingsWrapper.getStringForUser("credential_service_primary", UserHandle.myUserId());
        if (stringForUser == null) {
            Slog.w(TAG, "settings key is null");
            return;
        }
        Set<String> storedProviders = getStoredProviders(stringForUser, str);
        if (!settingsWrapper.putStringForUser("credential_service_primary", String.join(":", storedProviders), UserHandle.myUserId(), true)) {
            Slog.e(TAG, "Failed to remove primary package: " + str);
            return;
        }
        String stringForUser2 = settingsWrapper.getStringForUser("autofill_service", UserHandle.myUserId());
        String string = settingsWrapper.mContext.getResources().getString(R.string.config_mainBuiltInDisplayCutout);
        if (stringForUser2 != null && storedProviders.isEmpty() && !TextUtils.equals(stringForUser2, string) && (unflattenFromString = ComponentName.unflattenFromString(stringForUser2)) != null && unflattenFromString.getPackageName().equals(str) && !settingsWrapper.putStringForUser("autofill_service", "", UserHandle.myUserId(), true)) {
            Slog.e(TAG, "Failed to remove autofill package: " + str);
        }
        if (settingsWrapper.putStringForUser("credential_service", String.join(":", getStoredProviders(settingsWrapper.getStringForUser("credential_service", UserHandle.myUserId()), str)), UserHandle.myUserId(), true)) {
            return;
        }
        Slog.e(TAG, "Failed to remove secondary package: " + str);
    }

    public static Set<String> getStoredProviders(String str, String str2) {
        HashSet hashSet = new HashSet();
        if (str == null || str2 == null) {
            return hashSet;
        }
        for (String str3 : str.split(":")) {
            if (TextUtils.isEmpty(str3) || str3.equals("null")) {
                Slog.d(TAG, "provider component name is empty or null");
            } else {
                ComponentName unflattenFromString = ComponentName.unflattenFromString(str3);
                if (unflattenFromString != null && !unflattenFromString.getPackageName().equals(str2)) {
                    hashSet.add(unflattenFromString.flattenToString());
                }
            }
        }
        return hashSet;
    }
}
