package com.microsoft.omadm.client;

import android.app.admin.DeviceAdminReceiver;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.os.PersistableBundle;
import android.os.UserHandle;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.domain.EnrollmentStateType;
import com.microsoft.intune.common.taskscheduling.AndroidTask;
import com.microsoft.omadm.R;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.client.tasks.TaskType;
import com.microsoft.omadm.platforms.IPolicyManager;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.platforms.android.policy.NativePolicyManager;
import com.microsoft.omadm.utils.OMADMPolicy;
import com.microsoft.omadm.utils.PackageUtils;
import java.text.MessageFormat;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: classes3.dex */
public class PolicyManagerReceiver extends DeviceAdminReceiver {
    private static final long DEVICE_POLICY_MANAGER_REFRESH_WAIT_TIME = 500;
    private static final Logger LOGGER = Logger.getLogger(PolicyManagerReceiver.class.getName());
    private static Set<String> sOutlookPackages;

    private synchronized void initializeOutlookPackages() {
        if (sOutlookPackages != null) {
            return;
        }
        HashSet hashSet = new HashSet();
        sOutlookPackages = hashSet;
        hashSet.add("com.microsoft.office.outlook");
        if (!Services.get().getIDeploymentSettings().isProductionBuild().booleanValue()) {
            sOutlookPackages.add("com.microsoft.office.outlook.dev");
            sOutlookPackages.add("com.microsoft.office.outlook.wip");
            sOutlookPackages.add("com.microsoft.office.outlook.dawg");
        }
    }

    private void onPasswordChangedHelper(Context context) {
        Services.get().getPolicyManagerTelemetry().logPasswordChanged();
        Services.get().getIPolicyManager().onPasswordChanged();
        Set<OMADMPolicy> policies = Services.get().getPolicies();
        try {
            Thread.sleep(500L);
        } catch (InterruptedException e) {
            LOGGER.log(Level.FINEST, "Failed to wait for DevicePolicyManager to propagate the values. ", (Throwable) e);
        }
        Iterator<OMADMPolicy> it = policies.iterator();
        while (it.hasNext()) {
            try {
                it.next().enforce();
            } catch (Exception e2) {
                LOGGER.log(Level.WARNING, "Failed to immediately enforce updated password policy.", (Throwable) e2);
            }
        }
        Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.UpdatePolicy.getValue()).taskReason("password changed").skipIfRunning(false).build());
    }

    private boolean validateOutlookSignature(String str) {
        initializeOutlookPackages();
        if (sOutlookPackages.contains(str)) {
            return Services.get().getPackageInfo().validatePackageSignatureWithKnownSigningCert(str);
        }
        return false;
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public String onChoosePrivateKeyAlias(Context context, Intent intent, int i, Uri uri, String str) {
        boolean z;
        LOGGER.info("onChoosePrivateKeyAlias called with uid " + String.valueOf(i) + " for alias: " + str);
        String[] packagesForUid = context.getPackageManager().getPackagesForUid(i);
        int i2 = 0;
        while (true) {
            if (i2 >= packagesForUid.length) {
                z = false;
                break;
            }
            LOGGER.info("found package " + packagesForUid[i2] + " for uid " + String.valueOf(i));
            if (PackageUtils.isOutlookPackage(packagesForUid[i2]) && validateOutlookSignature(packagesForUid[i2])) {
                LOGGER.info("package and signature are correct, approving certificate access");
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            LOGGER.warning("calling package was not valid; denying certificate access");
            return null;
        }
        List list = Services.get().getTableRepository().get(ScepCertificateState.class, "Alias = ?", new String[]{str});
        if (list == null || list.size() == 0) {
            LOGGER.info("no certificate found for given alias");
            return null;
        }
        if (((ScepCertificateState) list.get(0)).status == CertStatus.CERT_ACCESS_GRANTED) {
            return str;
        }
        LOGGER.info("certificate not fully installed; status = " + ((ScepCertificateState) list.get(0)).status.toString());
        return null;
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public CharSequence onDisableRequested(Context context, Intent intent) {
        LOGGER.info("Received device admin disablement request");
        return context.getString(R.string.device_admin_disable_warning);
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public void onDisabled(Context context, Intent intent) {
        LOGGER.info("Device admin is disabled.");
        Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.DeviceAdminDisabled.getValue()).taskReason("device admin disabled").runInForeground(true).build());
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public void onEnabled(Context context, Intent intent) {
        LOGGER.info("Device admin is enabled.");
        IPolicyManager iPolicyManager = Services.get().getIPolicyManager();
        if (iPolicyManager.isProfileOwner()) {
            LOGGER.warning("DA should not be enabled in work profile. Ignore this DA enabled broadcast and proceed work profile enrollment.");
            LOGGER.warning(MessageFormat.format("CP is DA: {0}. CP is PO: {1}", Boolean.valueOf(iPolicyManager.isDeviceAdmin()), Boolean.valueOf(iPolicyManager.isProfileOwner())));
        } else if (Services.get().getEnrollmentStateSettings().getCurrentState() == EnrollmentStateType.EnrollmentPostponed) {
            LOGGER.warning("DA should not be enabled when enrollment was postponed. Ignore this DA enabled broadcast.");
        } else {
            Services.get().getOmadmTelemetry().logDeviceAdminAccepted();
            Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.DeviceAdminEnabled.getValue()).taskReason("device admin enabled").runInForeground(true).build());
        }
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public void onPasswordChanged(Context context, Intent intent) {
        LOGGER.info("Received password changed.");
        onPasswordChangedHelper(context);
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public void onPasswordChanged(Context context, Intent intent, UserHandle userHandle) {
        LOGGER.info("Received password changed on API26+.");
        onPasswordChangedHelper(context);
    }

    @Override // android.app.admin.DeviceAdminReceiver
    public void onProfileProvisioningComplete(Context context, Intent intent) {
        if (Build.VERSION.SDK_INT >= 26) {
            LOGGER.info("Received notification that the Managed Profile is created on Android O+, ignoring because provisioning is handled by the WorkProfileProvisionedActivity");
            return;
        }
        LOGGER.info("Received notification that the Managed Profile is created and we're now in the Work OMADM Client.");
        Bundle extras = intent.getExtras();
        PersistableBundle persistableBundle = extras != null ? (PersistableBundle) extras.get(NativePolicyManager.AFW_CROSS_PROFILE_BUNDLE_KEY) : null;
        if (persistableBundle == null) {
            LOGGER.warning("Work OMADM Client did not receive a PersistableBundle from the personal profile; will require reauth.");
        }
        if (!Services.get().getIPolicyManager().isProfileOwner()) {
            LOGGER.severe("Ignoring ACTION_PROFILE_PROVISIONING_COMPLETE intent received in the Personal Profile.  This is an Android problem!");
            return;
        }
        LOGGER.info("Managed profile provisioning complete, though the profile is not yet visible to the user.");
        Services.get().getEnrollmentSettings().setBoolean(EnrollmentSettings.HAS_ENSURED_WORKING_ENVIRONMENT, false);
        Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.ManagedProfileProvisioned.getValue()).taskReason("managed profile provisioned").persistableBundle(persistableBundle).runInForeground(true).build());
    }
}
