package com.microsoft.workaccount.workplacejoin.core;

import android.app.Activity;
import android.app.AlertDialog;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.preference.PreferenceManager;
import android.text.TextUtils;
import android.widget.Toast;
import com.microsoft.workaccount.R;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.WorkPlaceJoinSettings;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoinData;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoinDataStore;
import com.microsoft.workaccount.workplacejoin.core.DRSDiscoveryRequestHandler;
import com.microsoft.workaccount.workplacejoin.core.JoinActivity;
import com.samsung.android.knox.EnterpriseDeviceManager;
import com.samsung.android.knox.EnterpriseKnoxManager;
import com.samsung.android.knox.keystore.CertificateInfo;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import com.samsung.android.knox.keystore.PermissionApplicationPrivateKey;
import com.samsung.android.knox.license.EnterpriseLicenseManager;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;

/* loaded from: classes3.dex */
public class SamsungDeviceControlledAPI implements IDeviceControlledAPI {
    private static final String KNOX_SUPPORT_PERMISSION_SUFFIX = "knox.SUPPORT_PERMISSION";
    public static final String PREF_KEY_ELM_ACTIVATED = "ELM Activated";
    private static final int SECURE_PORT = 443;
    public static final String STATUS_ACTION = "com.samsung.android.knox.intent.action.LICENSE_STATUS";
    private static final String TAG = SamsungDeviceControlledAPI.class.getSimpleName() + "#";
    private DevicePolicyManager mDPM = null;
    private ComponentName mWPJComp = null;
    private SamsungBroadcastReceiver samsungBroadcastReceiver = null;
    private DRSDiscoveryRequestHandler mDRSDiscoveryRequestHandler = new DRSDiscoveryRequestHandler();

    private void activateAdminComponent(Context context) {
        if (this.mDPM == null) {
            this.mDPM = (DevicePolicyManager) context.getSystemService("device_policy");
        }
        if (this.mWPJComp == null) {
            if (WorkPlaceJoinSettings.INSTANCE.getAdminReceiverExt() == null) {
                Logger.i(TAG + "activateAdminComponent", "SamsungDeviceControlledAPI : admin listener is not set");
                this.mWPJComp = new ComponentName(context, (Class<?>) WPJAdminReceiver.class);
                return;
            }
            Logger.i(TAG + "activateAdminComponent", "SamsungDeviceControlledAPI : admin listener is set externally");
            this.mWPJComp = WorkPlaceJoinSettings.INSTANCE.getAdminReceiverExt();
        }
    }

    private void checkAlert(Activity activity) {
        AlertDialog.Builder builder = new AlertDialog.Builder(activity);
        builder.setTitle(activity.getResources().getString(R.string.cert_init_dialog_title));
        builder.setMessage(activity.getResources().getString(R.string.cert_store_init_msg_for_screen_lock));
        builder.setNeutralButton("OK", new DialogInterface.OnClickListener() { // from class: com.microsoft.workaccount.workplacejoin.core.SamsungDeviceControlledAPI.1
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                SamsungDeviceControlledAPI.this.mDPM.lockNow();
            }
        });
        builder.setCancelable(false);
        builder.show();
    }

    public static boolean checkSupportedSamsungVersion(Context context) {
        int aPILevel;
        try {
            aPILevel = EnterpriseDeviceManager.getAPILevel();
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : Knox API level = " + aPILevel);
        } catch (Throwable unused) {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControllerAPI: not a Knox device.");
        }
        if (!isKnoxVersion50Plus(aPILevel)) {
            return false;
        }
        if (EnterpriseDeviceManager.getInstance(context) != null) {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : edm not null");
            return true;
        }
        Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : edm is null");
        return false;
    }

    private String getIntentConverterReceiverPermissionName(Context context) {
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), 4096);
            String[] strArr = packageInfo.requestedPermissions;
            int[] iArr = packageInfo.requestedPermissionsFlags;
            for (int i = 0; i < strArr.length && i < iArr.length; i++) {
                if ((iArr[i] & 2) != 0 && strArr[i].endsWith(KNOX_SUPPORT_PERMISSION_SUFFIX)) {
                    Logger.w(TAG + "getIntentConverterReceiverPermissionName", "Samsung Knox support permission is granted with value, returning value", WorkplaceJoinFailure.SAMSUNG);
                    return strArr[i];
                }
            }
        } catch (PackageManager.NameNotFoundException e) {
            Logger.e(TAG + "getIntentConverterReceiverPermissionName", "PackageManager Name Not Found Exception", WorkplaceJoinFailure.SAMSUNG, e);
        }
        Logger.w(TAG + "getIntentConverterReceiverPermissionName", "Samsung Knox support permission is not granted or not available, returning null", WorkplaceJoinFailure.SAMSUNG);
        return null;
    }

    private boolean installCertInternal(Activity activity, byte[] bArr, String str) {
        try {
            EnterpriseDeviceManager enterpriseDeviceManager = EnterpriseDeviceManager.getInstance(activity);
            if (enterpriseDeviceManager == null) {
                Logger.w(TAG + "installCertInternal", "EDM is null, not a KNOX enabled device", WorkplaceJoinFailure.SAMSUNG);
                return false;
            }
            Logger.i(TAG + "installCertInternal", "EDM is not null. Getting security policy.");
            int aPILevel = EnterpriseDeviceManager.getAPILevel();
            Logger.d(TAG + "installCertInternal", "SamsungDeviceControlledAPI : Knox API level = " + aPILevel);
            CertificateProvisioning certificateProvisioning = enterpriseDeviceManager.getCertificateProvisioning();
            if (3 == certificateProvisioning.getCredentialStorageStatus()) {
                Logger.e(TAG + "installCertInternal", "KeyStore is uninitialized", WorkplaceJoinFailure.INTERNAL);
                Toast.makeText(activity, "Please Lock and Unlock the device to initialize the KeyStore", 1).show();
                return false;
            }
            if (1 != certificateProvisioning.getCredentialStorageStatus()) {
                Logger.e(TAG + "installCertInternal", "KeyStore has an error:" + certificateProvisioning.getCredentialStorageStatus(), WorkplaceJoinFailure.INTERNAL);
                Toast.makeText(activity, "Keystore Error: " + certificateProvisioning.getCredentialStorageStatus(), 0).show();
                return false;
            }
            uninstallCert(activity);
            Logger.i(TAG + "installCertInternal", "Installing certificate through KNOX with keystore api");
            if (!certificateProvisioning.installCertificateToKeystore(CertificateProvisioning.TYPE_PKCS12, bArr, WorkplaceJoinCertHelper.getCertName(), str, 4)) {
                Logger.w(TAG + "installCertInternal", "Result failure while installing certificate", WorkplaceJoinFailure.CERTIFICATE);
                return false;
            }
            Logger.i(TAG + "installCertInternal", "Certificate installed successfully!!");
            if (activity instanceof JoinActivity) {
                ((JoinActivity) activity).onActivityResult(3, -1, null);
            } else {
                ((InstallCertActivity) activity).onActivityResult(3, -1, null);
            }
            return true;
        } catch (Exception e) {
            Logger.w(TAG + "installCertInternal", "Samsung API failure. Exception: " + e.getMessage(), WorkplaceJoinFailure.CERTIFICATE);
            return false;
        }
    }

    private boolean isKeystoreInitialized(Context context) {
        EnterpriseDeviceManager enterpriseDeviceManager = EnterpriseDeviceManager.getInstance(context);
        if (enterpriseDeviceManager == null) {
            Logger.w(TAG + "isKeystoreInitialized", "SamsungDeviceControlledAPI : EDM is null, seems like Samsung safe API is not supported", WorkplaceJoinFailure.SAMSUNG);
            return true;
        }
        CertificateProvisioning certificateProvisioning = enterpriseDeviceManager.getCertificateProvisioning();
        if (3 == certificateProvisioning.getCredentialStorageStatus()) {
            Logger.w(TAG + "isKeystoreInitialized", "Keystore not initialized", WorkplaceJoinFailure.SAMSUNG);
            return false;
        }
        if (1 != certificateProvisioning.getCredentialStorageStatus()) {
            Logger.d(TAG + "isKeystoreInitialized", "Keystore Error");
            return false;
        }
        Logger.d(TAG + "isKeystoreInitialized", "Keystore initialized");
        return true;
    }

    private static boolean isKnoxVersion50Plus(int i) {
        return i >= 11;
    }

    private void preventBrowserPrompt(final Context context) {
        WorkplaceJoinData workplaceJoinData = new WorkplaceJoinDataStore(context).getWorkplaceJoinData();
        if (workplaceJoinData != null) {
            this.mDRSDiscoveryRequestHandler.requestDeviceRegistrationDiscovery(context, workplaceJoinData.getTenantId(), UUID.randomUUID(), new DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery() { // from class: com.microsoft.workaccount.workplacejoin.core.SamsungDeviceControlledAPI.2
                @Override // com.microsoft.workaccount.workplacejoin.core.DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery
                public void onEndpointsDiscovery(DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
                    DRSMetadata dRSMetadata = dRSDiscoveryResult.getDRSMetadata();
                    if (dRSMetadata != null) {
                        SamsungDeviceControlledAPI.this.preventBrowserPrompt(context, dRSMetadata);
                        return;
                    }
                    Logger.w(SamsungDeviceControlledAPI.TAG + "preventBrowserPrompt", "DRSMetadata is null", WorkplaceJoinFailure.SAMSUNG);
                }
            });
            return;
        }
        Logger.w(TAG + "preventBrowserPrompt", "Device is not workplace joined.", WorkplaceJoinFailure.SAMSUNG);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void preventBrowserPrompt(Context context, DRSMetadata dRSMetadata) {
        List<String> webBrowserZonesTrustedEndpoints = dRSMetadata.getWebBrowserZonesTrustedEndpoints();
        if (webBrowserZonesTrustedEndpoints == null) {
            Logger.w(TAG + "preventBrowserPrompt", "DRS metadata Web Browser Zones Trusted Endpoints is null", WorkplaceJoinFailure.SAMSUNG);
            return;
        }
        for (String str : webBrowserZonesTrustedEndpoints) {
            try {
                URL url = new URL(str);
                preventBrowserPromptForPackage(context, "com.android.chrome", url.getHost());
                preventBrowserPromptForPackage(context, "com.google.android.browser", url.getHost());
            } catch (MalformedURLException unused) {
                Logger.w(TAG + "preventBrowserPrompt", "MalformedURLException for url.", str, WorkplaceJoinFailure.SAMSUNG);
            }
        }
    }

    private void preventBrowserPromptForPackage(Context context, String str, String str2) {
        Logger.v(TAG + "preventBrowserPromptForPackage", "Asking to prevent prompt.", "for " + str + " host:" + str2);
        try {
            if (EnterpriseKnoxManager.getInstance(context).getCertificatePolicy().addPermissionApplicationPrivateKey(new PermissionApplicationPrivateKey(str, str2, SECURE_PORT, WorkplaceJoinCertHelper.getCertName()))) {
                Logger.v(TAG + "preventBrowserPromptForPackage", "Permission granted to app private key.", "Package:" + str + " host:" + str2);
            } else {
                Logger.v(TAG + "preventBrowserPromptForPackage", "Permission denied to app private key.", "Package:" + str + " host:" + str2);
            }
        } catch (SecurityException unused) {
            Logger.v(TAG + "preventBrowserPromptForPackage", "Security exception when attempting to grant access to private key.", "Package:" + str + " host:" + str2);
        }
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean activateAdmin(Activity activity) {
        activateAdminComponent(activity);
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : activate admin called");
        if (isActiveAdmin(activity)) {
            Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : admin is active");
            return true;
        }
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : about to activate admin");
        Intent intent = new Intent("android.app.action.ADD_DEVICE_ADMIN");
        intent.putExtra("android.app.extra.DEVICE_ADMIN", this.mWPJComp);
        intent.putExtra("android.app.extra.ADD_EXPLANATION", activity.getResources().getString(R.string.activating_admin));
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : sending intent for activate admin ");
        activity.startActivityForResult(intent, WorkplaceJoinApplication.ADMIN_ACTIVATION_REQUEST);
        return false;
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void activateLicense(Context context, JoinActivity.OnLicenseActivatedListener onLicenseActivatedListener) {
        String string = PreferenceManager.getDefaultSharedPreferences(context).getString(PREF_KEY_ELM_ACTIVATED, "");
        Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Activate status:" + string);
        if (!TextUtils.isEmpty(string)) {
            Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Licence is active:" + string);
            onLicenseActivatedListener.onLicenseActivatedHandler(true);
            return;
        }
        String intentConverterReceiverPermissionName = getIntentConverterReceiverPermissionName(context);
        if (intentConverterReceiverPermissionName == null) {
            Logger.i(TAG + "activateLicense", "Licence will not be activated, no broadcastPermission is available for dynamic receiver");
            onLicenseActivatedListener.onLicenseActivatedHandler(false);
            return;
        }
        EnterpriseLicenseManager enterpriseLicenseManager = EnterpriseLicenseManager.getInstance(context);
        Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Register receiver");
        SamsungBroadcastReceiver samsungBroadcastReceiver = new SamsungBroadcastReceiver(onLicenseActivatedListener);
        this.samsungBroadcastReceiver = samsungBroadcastReceiver;
        context.registerReceiver(samsungBroadcastReceiver, new IntentFilter("com.samsung.android.knox.intent.action.LICENSE_STATUS"), intentConverterReceiverPermissionName, null);
        enterpriseLicenseManager.activateLicense(JoinInfo.INSTANCE.fTEgertFRGRGRe());
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void installCert(Activity activity, CertificateData certificateData) {
        if (installCertInternal(activity, certificateData.getPkcs12(), certificateData.getPkcs12Password())) {
            Logger.v(TAG + "installCert", "Samsung install cert is successfull. It will try to add permission to prevent chrome prompt");
            preventBrowserPrompt(activity);
            return;
        }
        Logger.v(TAG + "installCert", "Use default certificate Installer");
        WorkplaceJoinService.installWPJCertToDevice(activity, certificateData);
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean isActiveAdmin(Context context) {
        activateAdminComponent(context);
        Logger.i(TAG + "isActiveAdmin", "admin: " + this.mDPM.isAdminActive(this.mWPJComp));
        return this.mDPM.isAdminActive(this.mWPJComp);
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean uninstallCert(Context context) {
        EnterpriseDeviceManager enterpriseDeviceManager = EnterpriseDeviceManager.getInstance(context);
        if (enterpriseDeviceManager == null) {
            Logger.w(TAG + "uninstallCert", "EDM is null, not a KNOX enabled device", WorkplaceJoinFailure.CERTIFICATE);
            Toast.makeText(context, " Certificate uninstall fail \nRemove the certificate using Clear Credentials from Security Setting", 0).show();
            return false;
        }
        try {
            CertificateProvisioning certificateProvisioning = enterpriseDeviceManager.getCertificateProvisioning();
            String certName = WorkplaceJoinCertHelper.getCertName();
            ArrayList arrayList = new ArrayList();
            for (CertificateInfo certificateInfo : certificateProvisioning.getCertificatesFromKeystore(4)) {
                if (WorkplaceJoinCertHelper.isExpectedCertificateIssuer(certificateInfo.getCertificate().getEncoded()) && certificateInfo.getAlias().equals(certName)) {
                    arrayList.add(certificateInfo);
                }
            }
            if (arrayList.isEmpty()) {
                Logger.v(TAG + "uninstallCert", "Certificate named '" + WorkplaceJoinCertHelper.getCertName() + "' attempted to be removed but could not be found. Considering this a success.");
                return true;
            }
            Iterator it = arrayList.iterator();
            int i = 0;
            while (it.hasNext()) {
                if (certificateProvisioning.deleteCertificateFromKeystore((CertificateInfo) it.next(), 4)) {
                    Logger.v(TAG + "uninstallCert", "Certificate named '" + WorkplaceJoinCertHelper.getCertName() + "' removal succeeded.");
                    i++;
                } else {
                    Logger.w(TAG + "uninstallCert", "Certificate named '" + WorkplaceJoinCertHelper.getCertName() + "' removal failed.", WorkplaceJoinFailure.CERTIFICATE);
                }
            }
            Logger.v(TAG + "uninstallCert", "Removed: " + i + ",with name: '" + certName + "', and issuer CN: '" + WorkplaceJoinCertHelper.ISSUER_CN_VALUE + "'");
            return i == arrayList.size();
        } catch (Exception e) {
            Logger.e(TAG + "uninstallCert", "Cert uninstall failed with exception", WorkplaceJoinFailure.CERTIFICATE, e);
            return false;
        }
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void unregisterLicenseListener(Context context) {
        if (this.samsungBroadcastReceiver != null) {
            Logger.i(TAG + "unregisterLicenseListener", "Unregistering license listener");
            context.unregisterReceiver(this.samsungBroadcastReceiver);
            this.samsungBroadcastReceiver = null;
        }
    }
}
