package com.taobao.android.sso;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.app.Activity;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.ServiceInfo;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Parcel;
import android.os.Process;
import android.os.RemoteException;
import android.text.TextUtils;
import android.util.Log;
import com.taobao.android.sso.internal.AuthenticationService;
import com.taobao.android.sso.internal.Authenticator;
import com.taobao.android.sso.internal.PidGetterService;
import com.taobao.android.sso.internal.SignatureWhitelist;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Random;
import java.util.concurrent.TimeUnit;
import org.cybergarage.soap.SOAP;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: classes.dex */
public class SsoManager {
    private static final long KResultWaitingTimeout = 15;
    private static final String LOG_TIP_FOR_INIT_FAILURE = "\nHave you set \"manifestmerger.enabled=true\" in your \"project.properties\"?";
    private static final String PID_ADDACCOUNT = "REPORTPID_ADDACCOUNT_CONFIG";
    private static final String PID_GETAUTHTOKEN = "REPORTPID_GETAUTHTOKEN_CONFIG";
    private static final int PID_REPORT_CONFIG_NOT_READ = -2;
    private static final int PID_REPORT_CONFIG_UNKNOW = -1;
    private static final int PID_REPORT_NEED = 0;
    private static final int PID_REPORT_NOT_NEED = 1;
    private static final int RETRY_TIME = 1;
    private static final String SSO_REPORTPID_CONFIG = "SSO_REPORTPID_CONFIG";
    private static final String TAG = "SSO";
    private static final String VERSION_CODE_KEY = "com.taobao.android.sso.Version";
    private static SignatureWhitelist mWhitelist;
    private static String sDefaultAccountType;
    private static boolean sLocalEnabled;
    static int sLocalVersion;
    private static int sIsNeedPid4GetAuthToken = -2;
    private static int sIsNeedPid4AddAccount = -2;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class ConnectionReceiver implements ServiceConnection {
        private IBinder mBinder;
        private int mWaitersNum = 0;

        ConnectionReceiver() {
        }

        public synchronized IBinder getBinder() {
            IBinder iBinder;
            if (this.mBinder != null) {
                iBinder = this.mBinder;
            } else {
                try {
                    try {
                        this.mWaitersNum++;
                        wait(15000L);
                    } catch (InterruptedException e) {
                        e.printStackTrace();
                        this.mWaitersNum--;
                    }
                    iBinder = this.mBinder;
                } finally {
                    this.mWaitersNum--;
                }
            }
            return iBinder;
        }

        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            synchronized (this) {
                this.mBinder = iBinder;
                if (this.mWaitersNum > 0) {
                    notifyAll();
                }
            }
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
        }
    }

    /* loaded from: classes.dex */
    public static class UnauthorizedAccessException extends GeneralSecurityException {
        private static final long serialVersionUID = 246686276926960445L;
    }

    private static void UpgradeForVersion1(Context context) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        Account account = null;
        boolean z = false;
        Account[] accounts = getAccounts(context);
        if (Build.VERSION.SDK_INT >= 18 && (accounts == null || accounts.length == 0)) {
            account = addAccountWithToken(context, "dummy", "dummy", "dummy", null);
            z = true;
        }
        Bundle bundle = new Bundle();
        bundle.putString("request", Authenticator.REQ_ABDICATE);
        if (account == null) {
            account = accounts[0];
        }
        for (int i = 0; i <= 1; i++) {
            try {
                if (((Bundle) waitResult(AccountManager.get(context).getAuthToken(account, "", bundle, (Activity) null, (AccountManagerCallback<Bundle>) null, (Handler) null))).getInt(SOAP.ERROR_CODE) != 1) {
                    break;
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        if (Build.VERSION.SDK_INT < 18 || !z) {
            return;
        }
        removeAccount(context, account);
    }

    public static Account addAccountWithToken(Context context, String str, String str2, String str3, String str4) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (str4 != null) {
            checkPrerequisite(context, getDefaultAccountType(context), true);
        }
        Bundle bundle = new Bundle();
        if (str4 != null) {
            bundle.putString("authtoken", str4);
        } else {
            bundle.putBoolean(Authenticator.KEY_EMPTY_ACCOUNT, true);
        }
        if (str2 != null) {
            bundle.putString("authAccount", str2);
            bundle.putString("accounts", str);
        } else {
            bundle.putString("authAccount", str);
        }
        AccountManager accountManager = AccountManager.get(context);
        int nextInt = new Random(System.currentTimeMillis()).nextInt();
        bundle.putInt(Authenticator.KEY_PID, Process.myPid());
        bundle.putInt("token", nextInt);
        int i = 0;
        Bundle bundle2 = null;
        while (true) {
            if (i > 1) {
                break;
            }
            ConnectionReceiver connectionReceiver = new ConnectionReceiver();
            reportPid4AddAccount(context, connectionReceiver, nextInt);
            try {
                bundle2 = (Bundle) waitResult(accountManager.addAccount(getDefaultAccountType(context), str3, null, bundle, null, null, null));
                if (bundle2.getInt(SOAP.ERROR_CODE) != 1) {
                    break;
                }
                i++;
            } finally {
                relReporter4AddAccount(context, connectionReceiver);
            }
        }
        convertErrorToException(bundle2);
        String string = bundle2.getString("authAccount");
        String string2 = bundle2.getString("accountType");
        if (string == null || string2 == null) {
            throw new AuthenticatorException("Unknown result: " + bundle2);
        }
        return new Account(string, string2);
    }

    private static boolean checkPrerequisite(Context context, String str, boolean z) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (sLocalVersion == 0) {
            ServiceInfo localAuthenticationServiceInfo = getLocalAuthenticationServiceInfo(context);
            sLocalVersion = localAuthenticationServiceInfo.metaData.getInt(VERSION_CODE_KEY);
            if (sLocalVersion == 0) {
                throw new LinkageError("com.taobao.android.sso.Version is not defined in meta-data of authentication service.\nHave you set \"manifestmerger.enabled=true\" in your \"project.properties\"?");
            }
            sLocalEnabled = localAuthenticationServiceInfo.enabled && localAuthenticationServiceInfo.applicationInfo.enabled;
        }
        AuthenticatorDescription activeAuthenticator = getActiveAuthenticator(context);
        if (activeAuthenticator == null) {
            setLocalAuthenticatorState(context, true);
            if (!z) {
                return false;
            }
            waitAuthenticator(context);
            sLocalEnabled = true;
            return true;
        }
        if (activeAuthenticator.packageName.equals(context.getPackageName())) {
            sLocalEnabled = true;
            return true;
        }
        PackageManager packageManager = context.getPackageManager();
        if (mWhitelist == null) {
            throw new IllegalStateException("Whitelist not set yet for account type: " + str);
        }
        Signature[] signatureArr = packageManager.getPackageInfo(activeAuthenticator.packageName, 64).signatures;
        if (signatureArr == null || !mWhitelist.match(signatureArr)) {
            throw new UnauthorizedAccessException();
        }
        ResolveInfo resolveService = packageManager.resolveService(new Intent("android.accounts.AccountAuthenticator").setPackage(activeAuthenticator.packageName), 128);
        int i = 0;
        if (resolveService != null && (resolveService.serviceInfo.metaData == null || (i = resolveService.serviceInfo.metaData.getInt(VERSION_CODE_KEY)) == 0)) {
            throw new AuthenticatorException("The current account authenticator installed by " + resolveService.serviceInfo.packageName + " is incompatible with SSO authenticator.");
        }
        if (i >= sLocalVersion) {
            if (!sLocalEnabled) {
                return true;
            }
            setLocalAuthenticatorState(context, false);
            sLocalEnabled = false;
            return true;
        }
        setLocalAuthenticatorState(context, true);
        if (i == 1) {
            UpgradeForVersion1(context);
        } else {
            requestSpecial(context, Authenticator.REQ_ABDICATE, null, null);
        }
        waitAuthenticator(context);
        return true;
    }

    private static Bundle convertErrorToException(Bundle bundle) throws AuthenticatorException, UnauthorizedAccessException {
        if (!bundle.containsKey(SOAP.ERROR_CODE) && !bundle.containsKey("errorMessage")) {
            return bundle;
        }
        if (bundle.getInt(SOAP.ERROR_CODE) == 101) {
            throw new UnauthorizedAccessException();
        }
        throw new AuthenticatorException(bundle.getString("errorMessage"));
    }

    private static String getAccountTypeFromXml(XmlPullParser xmlPullParser) throws XmlPullParserException, IOException {
        int eventType = xmlPullParser.getEventType();
        while (eventType != 2) {
            eventType = xmlPullParser.next();
        }
        if ("account-authenticator".equals(xmlPullParser.getName())) {
            return xmlPullParser.getAttributeValue("http://schemas.android.com/apk/res/android", "accountType");
        }
        throw new IllegalStateException("Invalid xml");
    }

    public static Account[] getAccounts(Context context) {
        return AccountManager.get(context).getAccountsByType(getDefaultAccountType(context));
    }

    static AuthenticatorDescription getActiveAuthenticator(Context context) {
        String defaultAccountType = getDefaultAccountType(context);
        for (AuthenticatorDescription authenticatorDescription : AccountManager.get(context).getAuthenticatorTypes()) {
            if (defaultAccountType.equals(authenticatorDescription.type)) {
                return authenticatorDescription;
            }
        }
        return null;
    }

    private static String getDefaultAccountType(Context context) {
        if (sDefaultAccountType != null) {
            return sDefaultAccountType;
        }
        try {
            ServiceInfo localAuthenticationServiceInfo = getLocalAuthenticationServiceInfo(context);
            String accountTypeFromXml = getAccountTypeFromXml(context.getPackageManager().getResourcesForApplication(localAuthenticationServiceInfo.packageName).getXml(localAuthenticationServiceInfo.metaData.getInt("android.accounts.AccountAuthenticator")));
            sDefaultAccountType = accountTypeFromXml;
            return accountTypeFromXml;
        } catch (Exception e) {
            throw new LinkageError("Failed to parse /res/xml/authenticator.xml\nHave you set \"manifestmerger.enabled=true\" in your \"project.properties\"?");
        }
    }

    private static ServiceInfo getLocalAuthenticationServiceInfo(Context context) throws LinkageError {
        try {
            return context.getPackageManager().getServiceInfo(new ComponentName(context, (Class<?>) AuthenticationService.class), 640);
        } catch (PackageManager.NameNotFoundException e) {
            throw new LinkageError("Authentication service not found.\nHave you set \"manifestmerger.enabled=true\" in your \"project.properties\"?");
        }
    }

    public static void invalidateToken(Context context, String str) {
        AccountManager.get(context).invalidateAuthToken(getDefaultAccountType(context), str);
    }

    public static String peekToken(Context context, Account account, String str) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (!checkPrerequisite(context, account.type, false)) {
            return null;
        }
        AccountManager accountManager = AccountManager.get(context);
        Bundle bundle = new Bundle();
        bundle.putBoolean(Authenticator.KEY_PEEK_ONLY, true);
        int nextInt = new Random(System.currentTimeMillis()).nextInt();
        bundle.putInt(Authenticator.KEY_PID, Process.myPid());
        bundle.putInt("token", nextInt);
        int i = 0;
        Bundle bundle2 = null;
        while (true) {
            if (i > 1) {
                break;
            }
            ConnectionReceiver connectionReceiver = new ConnectionReceiver();
            reportPid4GetAuthToken(context, connectionReceiver, nextInt);
            try {
                bundle2 = (Bundle) waitResult(accountManager.getAuthToken(account, str, bundle, (Activity) null, (AccountManagerCallback<Bundle>) null, (Handler) null));
                if (bundle2.getInt(SOAP.ERROR_CODE) != 1) {
                    break;
                }
                i++;
                relReporter4GetAuthToken(context, connectionReceiver);
            } finally {
                relReporter4GetAuthToken(context, connectionReceiver);
            }
        }
        convertErrorToException(bundle2);
        return bundle2.getString("authtoken");
    }

    private static void relReporter4AddAccount(Context context, ConnectionReceiver connectionReceiver) {
        if (sIsNeedPid4AddAccount == 1) {
            return;
        }
        if (sIsNeedPid4AddAccount == -1) {
            IBinder binder = connectionReceiver.getBinder();
            Parcel obtain = Parcel.obtain();
            Parcel obtain2 = Parcel.obtain();
            if (binder != null) {
                try {
                    if (binder.transact(3, obtain2, obtain, 0)) {
                        boolean[] zArr = new boolean[1];
                        obtain.readBooleanArray(zArr);
                        SharedPreferences.Editor edit = context.getSharedPreferences(SSO_REPORTPID_CONFIG, 0).edit();
                        if (zArr[0]) {
                            Log.v("SSO", "accountmanager has pid in AddAccount");
                            edit.putInt(PID_ADDACCOUNT, 1);
                            sIsNeedPid4AddAccount = 1;
                        } else {
                            Log.v("SSO", "accountmanager does not have pid in AddAccount");
                            edit.putInt(PID_ADDACCOUNT, 0);
                            sIsNeedPid4AddAccount = 0;
                        }
                        if (Build.VERSION.SDK_INT >= 9) {
                            edit.apply();
                        } else {
                            edit.commit();
                        }
                    }
                } catch (RemoteException e) {
                    e.printStackTrace();
                } finally {
                    obtain.recycle();
                    obtain2.recycle();
                }
            }
        }
        releasePidReporter(context, connectionReceiver);
    }

    private static void relReporter4GetAuthToken(Context context, ConnectionReceiver connectionReceiver) {
        if (sIsNeedPid4GetAuthToken == 1) {
            return;
        }
        if (sIsNeedPid4GetAuthToken == -1) {
            IBinder binder = connectionReceiver.getBinder();
            Parcel obtain = Parcel.obtain();
            Parcel obtain2 = Parcel.obtain();
            if (binder != null) {
                try {
                    if (binder.transact(2, obtain2, obtain, 0)) {
                        boolean[] zArr = new boolean[1];
                        obtain.readBooleanArray(zArr);
                        SharedPreferences.Editor edit = context.getSharedPreferences(SSO_REPORTPID_CONFIG, 0).edit();
                        if (zArr[0]) {
                            Log.v("SSO", "accountmanager has pid in GetAuthToken");
                            edit.putInt(PID_GETAUTHTOKEN, 1);
                            sIsNeedPid4GetAuthToken = 1;
                        } else {
                            Log.v("SSO", "accountmanager does not have pid in GetAuthToken");
                            edit.putInt(PID_GETAUTHTOKEN, 0);
                            sIsNeedPid4GetAuthToken = 0;
                        }
                        if (Build.VERSION.SDK_INT >= 9) {
                            edit.apply();
                        } else {
                            edit.commit();
                        }
                    }
                } catch (RemoteException e) {
                    e.printStackTrace();
                } finally {
                    obtain.recycle();
                    obtain2.recycle();
                }
            }
        }
        releasePidReporter(context, connectionReceiver);
    }

    private static void releasePidReporter(Context context, ConnectionReceiver connectionReceiver) {
        AuthenticatorDescription activeAuthenticator = getActiveAuthenticator(context);
        if (activeAuthenticator == null || TextUtils.isEmpty(activeAuthenticator.packageName)) {
            return;
        }
        context.unbindService(connectionReceiver);
        Intent intent = new Intent();
        intent.setClassName(activeAuthenticator.packageName, PidGetterService.class.getName());
        context.stopService(intent);
    }

    public static final boolean removeAccount(Context context, Account account) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        return ((Boolean) waitResult(AccountManager.get(context).removeAccount(account, null, null))).booleanValue();
    }

    private static boolean reportPid(Context context, ConnectionReceiver connectionReceiver, int i) {
        Intent intent = new Intent();
        AuthenticatorDescription activeAuthenticator = getActiveAuthenticator(context);
        if (activeAuthenticator == null || TextUtils.isEmpty(activeAuthenticator.packageName)) {
            return false;
        }
        intent.setClassName(activeAuthenticator.packageName, PidGetterService.class.getName());
        if (context.bindService(intent, connectionReceiver, 1)) {
            Parcel obtain = Parcel.obtain();
            Parcel obtain2 = Parcel.obtain();
            try {
                IBinder binder = connectionReceiver.getBinder();
                obtain2.writeInt(i);
                if (binder != null) {
                    if (binder.transact(1, obtain2, obtain, 0)) {
                        return true;
                    }
                }
            } catch (RemoteException e) {
                e.printStackTrace();
            } finally {
                obtain.recycle();
                obtain2.recycle();
            }
        }
        return false;
    }

    private static boolean reportPid4AddAccount(Context context, ConnectionReceiver connectionReceiver, int i) {
        if (sIsNeedPid4AddAccount == -2) {
            sIsNeedPid4AddAccount = context.getSharedPreferences(SSO_REPORTPID_CONFIG, 0).getInt(PID_ADDACCOUNT, -1);
        }
        if (sIsNeedPid4AddAccount == 1) {
            return true;
        }
        return reportPid(context, connectionReceiver, i);
    }

    private static boolean reportPid4GetAuthToken(Context context, ConnectionReceiver connectionReceiver, int i) {
        if (sIsNeedPid4GetAuthToken == -2) {
            sIsNeedPid4GetAuthToken = context.getSharedPreferences(SSO_REPORTPID_CONFIG, 0).getInt(PID_GETAUTHTOKEN, -1);
        }
        if (sIsNeedPid4GetAuthToken == 1) {
            return true;
        }
        return reportPid(context, connectionReceiver, i);
    }

    private static Bundle requestSpecial(Context context, String str, String str2, Bundle bundle) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (bundle == null) {
            bundle = new Bundle();
        }
        bundle.putString("request", str);
        int nextInt = new Random(System.currentTimeMillis()).nextInt();
        bundle.putInt(Authenticator.KEY_PID, Process.myPid());
        bundle.putInt("token", nextInt);
        int i = 0;
        Bundle bundle2 = null;
        while (true) {
            if (i > 1) {
                break;
            }
            ConnectionReceiver connectionReceiver = new ConnectionReceiver();
            reportPid4AddAccount(context, connectionReceiver, nextInt);
            try {
                bundle2 = (Bundle) waitResult(AccountManager.get(context).addAccount(getDefaultAccountType(context), str2 != null ? str2 : "", null, bundle, null, null, null));
                if (bundle2.getInt(SOAP.ERROR_CODE) != 1) {
                    break;
                }
                i++;
                relReporter4AddAccount(context, connectionReceiver);
            } finally {
                relReporter4AddAccount(context, connectionReceiver);
            }
        }
        convertErrorToException(bundle2);
        return bundle2;
    }

    public static Bundle revealActualNames(Context context, Account[] accountArr) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (!checkPrerequisite(context, getDefaultAccountType(context), true)) {
            return null;
        }
        String[] strArr = new String[accountArr.length];
        for (int i = 0; i < accountArr.length; i++) {
            strArr[i] = accountArr[i].name;
        }
        Bundle bundle = new Bundle();
        bundle.putStringArray("accounts", strArr);
        return requestSpecial(context, Authenticator.REQ_REVEAL_ACTUAL_NAME, null, bundle);
    }

    private static void setLocalAuthenticatorState(Context context, boolean z) {
        context.getPackageManager().setComponentEnabledSetting(new ComponentName(context, (Class<?>) AuthenticationService.class), z ? 1 : 2, 1);
    }

    public static void updateToken(Context context, Account account, String str, String str2) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        if (checkPrerequisite(context, account.type, true)) {
            Bundle bundle = new Bundle();
            bundle.putString("authtoken", str2);
            bundle.putString("authAccount", account.name);
            requestSpecial(context, Authenticator.REQ_UPDATE_TOKEN, str, bundle);
        }
    }

    public static boolean updateWhitelist(Context context, Signature[] signatureArr, long j) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        String defaultAccountType = getDefaultAccountType(context);
        if (mWhitelist == null) {
            mWhitelist = new SignatureWhitelist(context.getApplicationContext());
        }
        boolean update = mWhitelist.update(signatureArr, j);
        if (!checkPrerequisite(context, defaultAccountType, false)) {
            return false;
        }
        if (sLocalEnabled) {
            return update;
        }
        if (j <= requestSpecial(context, Authenticator.REQ_WHITELIST_TIMESTAMP, null, null).getLong("timestamp")) {
            return false;
        }
        Bundle bundle = new Bundle();
        bundle.putParcelableArrayList(Authenticator.KEY_SIGNATURES, new ArrayList<>(Arrays.asList(signatureArr)));
        bundle.putLong("timestamp", j);
        requestSpecial(context, Authenticator.REQ_UPDATE_WHITELIST, null, bundle);
        return true;
    }

    private static void waitAuthenticator(Context context) {
        long j = 64;
        String packageName = context.getPackageName();
        for (long j2 = 15000; j2 > 0; j2 -= j) {
            AuthenticatorDescription activeAuthenticator = getActiveAuthenticator(context);
            if (activeAuthenticator != null && activeAuthenticator.packageName.equals(packageName)) {
                return;
            }
            Log.v("SSO", "Waiting for authenticator...");
            if (j < 1000) {
                j *= 2;
            }
            try {
                Thread.sleep(j);
            } catch (InterruptedException e) {
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static <T> T waitResult(AccountManagerFuture<T> accountManagerFuture) throws UnauthorizedAccessException, AuthenticatorException, OperationCanceledException, IOException {
        T result = accountManagerFuture.getResult(KResultWaitingTimeout, TimeUnit.SECONDS);
        if ((result instanceof Bundle) && ((Bundle) result).getInt(SOAP.ERROR_CODE) != 1) {
            convertErrorToException((Bundle) result);
        }
        return result;
    }
}
