package com.microsoft.intune.mam.client.ipc;

import android.annotation.SuppressLint;
import android.app.admin.DevicePolicyManager;
import android.app.usage.UsageStatsManager;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.ProviderInfo;
import android.content.pm.ResolveInfo;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.ParcelFileDescriptor;
import android.text.TextUtils;
import android.util.Base64;
import com.google.android.gms.common.GoogleApiAvailability;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.tasks.Tasks;
import com.microsoft.identity.common.java.WarningType;
import com.microsoft.identity.common.java.eststelemetry.SchemaConstants;
import com.microsoft.intune.mam.DeviceBuildUtils;
import com.microsoft.intune.mam.agent.AbstractVpnController;
import com.microsoft.intune.mam.agent.clock.ClockStatusStateStore;
import com.microsoft.intune.mam.agent.knox.IKnoxAttestationManager;
import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.app.startup.auth.MAMServiceTokenSource;
import com.microsoft.intune.mam.client.content.pm.PackageManagerCompat;
import com.microsoft.intune.mam.client.identity.FileIdentityMetadataAgent;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManagerImpl;
import com.microsoft.intune.mam.client.ipcclient.ExperimentationKey;
import com.microsoft.intune.mam.client.ipcclient.MAMFeatureFlag;
import com.microsoft.intune.mam.client.ipcclient.MAMIntExperimentationKey;
import com.microsoft.intune.mam.client.ipcclient.MAMStringExperimentationKey;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.client.util.BiometricsUtils;
import com.microsoft.intune.mam.client.util.DeviceLockDetector;
import com.microsoft.intune.mam.internal.R;
import com.microsoft.intune.mam.policy.AgentUpdateAvailability;
import com.microsoft.intune.mam.policy.AgentUpdateInfo;
import com.microsoft.intune.mam.policy.BundleAppPolicy;
import com.microsoft.intune.mam.policy.DeviceAttestationAgentResult;
import com.microsoft.intune.mam.policy.DeviceAttestationEnforcementType;
import com.microsoft.intune.mam.policy.DeviceAttestationEvaluationType;
import com.microsoft.intune.mam.policy.DeviceAttestationInfo;
import com.microsoft.intune.mam.policy.InternalAppPolicy;
import com.microsoft.intune.mam.policy.KnoxAttestationFailureAction;
import com.microsoft.intune.mam.policy.MinimumRequiredDeviceThreatProtectionLevel;
import com.microsoft.intune.mam.policy.PINCharacterType;
import com.microsoft.intune.mam.policy.PINResetReason;
import com.microsoft.intune.mam.policy.VerifyAppsEnforcementType;
import com.microsoft.intune.mam.policy.WipeReason;
import com.microsoft.intune.mam.policy.clock.ClockStatusInfo;
import com.microsoft.intune.mam.policy.notification.AbstractAppPolicyNotifier;
import com.microsoft.intune.mam.util.time.Timestamp;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.MediaDescriptionCompat;
import kotlin.acquireTokenSilentAsyncWithAssertion;
import kotlin.setAppVersion;
import org.bouncycastle.tls.SignatureScheme;

/* loaded from: classes.dex */
public abstract class AbstractAppPolicyEndpoint implements AppPolicyEndpoint {
    private static final Logger LOGGER = Logger.getLogger(AbstractAppPolicyEndpoint.class.getName());
    public static final int MAX_PINS_ALLOWED_TO_STORE = 24;
    private static final String NOTIFICATION_TAG_WIPE = "com.microsoft.intune.mam.notification.WIPE";
    private final AbstractVpnController mAbstractVpnController;
    private final AbstractAppPolicyNotifier mAppPolicyNotifier;
    protected final ClockStatusStateStore mClockStatusCache;
    private Context mContext;
    private final DeviceLockDetector mDeviceLockDetector;
    private FileIdentityMetadataAgent mFileIdentityMetadata;
    protected final MAMIdentityManagerImpl mIdentityManager;
    private final IKnoxAttestationManager mKnoxAttestationManager;
    private Map<MAMIdentity, PolicySettingTimers> mSettingTimers;
    private PolicySettings mSettings;
    private final TelemetryLogger mTelemetryLogger;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus;
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$DeviceAttestationEnforcementType;
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$WipeReason;

        static {
            int[] iArr = new int[WipeReason.values().length];
            $SwitchMap$com$microsoft$intune$mam$policy$WipeReason = iArr;
            try {
                iArr[WipeReason.DEVICE_NON_COMPLIANT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$WipeReason[WipeReason.MTD_NON_COMPLIANT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$WipeReason[WipeReason.DEVICE_ATTESTATION_NON_COMPLIANT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[DeviceAttestationEnforcementType.values().length];
            $SwitchMap$com$microsoft$intune$mam$policy$DeviceAttestationEnforcementType = iArr2;
            try {
                iArr2[DeviceAttestationEnforcementType.BASIC_INTEGRITY.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$DeviceAttestationEnforcementType[DeviceAttestationEnforcementType.BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$DeviceAttestationEnforcementType[DeviceAttestationEnforcementType.NOT_REQUIRED.ordinal()] = 3;
            } catch (NoSuchFieldError unused6) {
            }
            int[] iArr3 = new int[IKnoxAttestationManager.AttestationStatus.values().length];
            $SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus = iArr3;
            try {
                iArr3[IKnoxAttestationManager.AttestationStatus.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus[IKnoxAttestationManager.AttestationStatus.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus[IKnoxAttestationManager.AttestationStatus.STALE.ordinal()] = 3;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus[IKnoxAttestationManager.AttestationStatus.UNKNOWN.ordinal()] = 4;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    public AbstractAppPolicyEndpoint(Context context, PolicySettings policySettings, TelemetryLogger telemetryLogger, MAMIdentityManagerImpl mAMIdentityManagerImpl, AbstractVpnController abstractVpnController, ClockStatusStateStore clockStatusStateStore, DeviceLockDetector deviceLockDetector, IKnoxAttestationManager iKnoxAttestationManager, AbstractAppPolicyNotifier abstractAppPolicyNotifier) {
        this(context, policySettings, telemetryLogger, mAMIdentityManagerImpl, abstractVpnController, clockStatusStateStore, new HashMap(), deviceLockDetector, iKnoxAttestationManager, abstractAppPolicyNotifier);
    }

    protected AbstractAppPolicyEndpoint(Context context, PolicySettings policySettings, TelemetryLogger telemetryLogger, MAMIdentityManagerImpl mAMIdentityManagerImpl, AbstractVpnController abstractVpnController, ClockStatusStateStore clockStatusStateStore, Map<MAMIdentity, PolicySettingTimers> map, DeviceLockDetector deviceLockDetector, IKnoxAttestationManager iKnoxAttestationManager, AbstractAppPolicyNotifier abstractAppPolicyNotifier) {
        this.mContext = context;
        this.mSettings = policySettings;
        this.mSettingTimers = map;
        this.mFileIdentityMetadata = new FileIdentityMetadataAgent(this.mContext);
        this.mIdentityManager = mAMIdentityManagerImpl;
        this.mTelemetryLogger = telemetryLogger;
        this.mAbstractVpnController = abstractVpnController;
        this.mClockStatusCache = clockStatusStateStore;
        this.mDeviceLockDetector = deviceLockDetector;
        this.mKnoxAttestationManager = iKnoxAttestationManager;
        this.mAppPolicyNotifier = abstractAppPolicyNotifier;
    }

    private int checkGooglePlayProtectPolicyState(InternalAppPolicy internalAppPolicy, String str) {
        int i = 0;
        boolean z = internalAppPolicy.getSafetyNetVerifyAppsEnforcementType() == VerifyAppsEnforcementType.REQUIRE_ENABLED;
        DeviceAttestationEnforcementType safetyNetDeviceAttestEnforcementType = internalAppPolicy.getSafetyNetDeviceAttestEnforcementType();
        boolean z2 = safetyNetDeviceAttestEnforcementType == DeviceAttestationEnforcementType.BASIC_INTEGRITY || safetyNetDeviceAttestEnforcementType == DeviceAttestationEnforcementType.BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION;
        if (!z && !z2) {
            return 0;
        }
        if (!isPlayServicesAvailable()) {
            int i2 = z ? 5120 : 4096;
            return z2 ? i2 | 2048 : i2;
        }
        if (z && !isVerifyAppsEnabled()) {
            i = 1024;
        }
        if (!z2) {
            return i;
        }
        DeviceAttestationInfo attestationResult = getAttestationResult(str);
        if (attestationResult == null) {
            LOGGER.severe("device attestation result was null, but it is required by policy");
            return i | 2048;
        }
        DeviceAttestationEvaluationType safetyNetDeviceAttestEvaluationType = internalAppPolicy.getSafetyNetDeviceAttestEvaluationType();
        DeviceAttestationEvaluationType deviceAttestationEvaluationType = attestationResult.getDeviceAttestationEvaluationType();
        DeviceAttestationAgentResult deviceAttestationAgentResult = attestationResult.getDeviceAttestationAgentResult();
        if (deviceAttestationAgentResult == DeviceAttestationAgentResult.AUTHENTICATION_NEEDED) {
            return 33554432 | i;
        }
        if (deviceAttestationAgentResult == DeviceAttestationAgentResult.UNKNOWN) {
            return 16777216 | i;
        }
        DeviceAttestationEvaluationType deviceAttestationEvaluationType2 = DeviceAttestationEvaluationType.HARDWARE_BACKED;
        if (safetyNetDeviceAttestEvaluationType == deviceAttestationEvaluationType2 && deviceAttestationEvaluationType != deviceAttestationEvaluationType2) {
            i |= 2048;
        }
        Logger logger = LOGGER;
        logger.info("checking if we are already compliant with: " + safetyNetDeviceAttestEnforcementType);
        int i3 = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$DeviceAttestationEnforcementType[safetyNetDeviceAttestEnforcementType.ordinal()];
        if (i3 != 1) {
            if (i3 != 2) {
                if (i3 == 3) {
                    logger.info("no device attestation action is required");
                    return i;
                }
                throw new AssertionError("enforcementType not understood: " + safetyNetDeviceAttestEnforcementType);
            }
            if (deviceAttestationAgentResult != DeviceAttestationAgentResult.NON_COMPLIANT && deviceAttestationAgentResult != DeviceAttestationAgentResult.DEVICE_INTEGRITY) {
                return i;
            }
        } else if (deviceAttestationAgentResult != DeviceAttestationAgentResult.NON_COMPLIANT) {
            return i;
        }
        return i | 2048;
    }

    private int checkKnoxAttestation(InternalAppPolicy internalAppPolicy, String str) {
        if (internalAppPolicy.getKnoxAttestationFailureAction() == KnoxAttestationFailureAction.NONE) {
            return 0;
        }
        if (!this.mKnoxAttestationManager.isLicenseActivated()) {
            LOGGER.info("Knox license activation required");
            return 1073741824;
        }
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus[this.mKnoxAttestationManager.getAttestationStatus().ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 268435456;
        }
        if (i == 3) {
            requestFreshKnoxAttestation(str);
            return 0;
        }
        if (i != 4) {
            LOGGER.severe("Invalid AttestationStatus");
            return 0;
        }
        requestFreshKnoxAttestation(str);
        return 536870912;
    }

    private int checkMTDState(InternalAppPolicy internalAppPolicy, String str) {
        if (internalAppPolicy.getMTDThreatProtectionLevel() == MinimumRequiredDeviceThreatProtectionLevel.NOT_SET) {
            return 0;
        }
        return getMTDComplianceResult(str, internalAppPolicy.getMTDPackageName(), internalAppPolicy.getMTDSignatureHash(), false).getCode();
    }

    private int checkPolicyTimers(InternalAppPolicy internalAppPolicy, MAMIdentity mAMIdentity, String str) {
        boolean z;
        long launchOnlineTimeout = internalAppPolicy.getLaunchOnlineTimeout();
        if (launchOnlineTimeout == 0) {
            launchOnlineTimeout = 1;
        }
        PolicySettingTimers timers = getTimers(mAMIdentity);
        int i = 0;
        if (internalAppPolicy.getIsPinRequired()) {
            SettingEventTimer pinTimer = timers.getPinTimer();
            TimeUnit timeUnit = TimeUnit.SECONDS;
            boolean hasTimePassed = pinTimer.hasTimePassed(launchOnlineTimeout, timeUnit);
            if (internalAppPolicy.getFingerprintPlusBiometricEnabled() && internalAppPolicy.getNonBioPassRequiredAfterTimeout()) {
                z = timers.getPinTimer().hasTimePassed(internalAppPolicy.getNonBioPassTimeout() != 0 ? internalAppPolicy.getNonBioPassTimeout() : 1L, timeUnit);
            } else {
                z = false;
            }
            if (hasTimePassed) {
                LOGGER.info("Global PIN timeout expired.");
                i = 1;
            }
            if (z) {
                LOGGER.info("Non-bio PIN timeout expired.");
                i |= SignatureScheme.rsa_pkcs1_sha1;
            }
            if (i == 0) {
                LOGGER.info("No PIN timeouts expired.");
            }
        }
        if (internalAppPolicy.getRequiresAuthentication() && timers.getAuthTimer().hasTimePassed(launchOnlineTimeout, TimeUnit.SECONDS)) {
            LOGGER.info("ADAL timer expired");
            i |= 2;
        }
        if (internalAppPolicy.getAppRequiresCompliance() && timers.getComplianceTimer().hasTimePassed(launchOnlineTimeout, TimeUnit.SECONDS)) {
            LOGGER.info("Compliance timer expired");
            i |= 4;
        }
        updateOfflineGracePeriodTimer(str);
        if (!isOfflineGracePeriodExceeded(str, mAMIdentity)) {
            return i;
        }
        LOGGER.info("OGP timer expired");
        return i | 32;
    }

    private final HashMap<String, String> convertDefaultPackageStringIntoHashMap() {
        List<String> defaultPackageList = getDefaultPackageList();
        HashMap<String, String> hashMap = new HashMap<>();
        for (int i = 0; i < defaultPackageList.size() - 1; i += 2) {
            hashMap.put(defaultPackageList.get(i), defaultPackageList.get(i + 1));
        }
        return hashMap;
    }

    private List<String> getDefaultPackageList() {
        String str = this.mSettings.defaultPackage().get();
        return str == null ? new ArrayList() : new ArrayList(Arrays.asList(str.split(SchemaConstants.SEPARATOR_COMMA)));
    }

    private List<String> getPreviousPinsList(MAMIdentity mAMIdentity) {
        String str = this.mSettings.previousPins(mAMIdentity).get();
        return str == null ? new ArrayList() : new ArrayList(Arrays.asList(str.split(SchemaConstants.SEPARATOR_COMMA)));
    }

    private PolicySettingTimers getTimers(MAMIdentity mAMIdentity) {
        PolicySettingTimers policySettingTimers;
        if (mAMIdentity == null || !mAMIdentity.hasValidAadId()) {
            LOGGER.log(Level.SEVERE, "Invalid identity for policy settings", (Throwable) new IllegalArgumentException("Invalid identity for policy settings"));
            mAMIdentity = MAMIdentity.EMPTY;
        }
        synchronized (this) {
            policySettingTimers = this.mSettingTimers.get(mAMIdentity);
            if (policySettingTimers == null) {
                policySettingTimers = new PolicySettingTimers(this.mSettings, mAMIdentity);
                this.mSettingTimers.put(mAMIdentity, policySettingTimers);
            }
        }
        return policySettingTimers;
    }

    private final boolean isPinExpired(String str, MAMIdentity mAMIdentity) {
        InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, PolicyUpdateType.NOT_INITIAL_UPDATE, 0);
        if (policyForPackage == null || !policyForPackage.getIsPinRequired()) {
            return false;
        }
        long pinExpiryDays = policyForPackage.getPinExpiryDays();
        return pinExpiryDays != 0 && getTimers(mAMIdentity).getPinExpiryTimer().hasTimePassed(pinExpiryDays, TimeUnit.DAYS);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: lambda$requestFreshKnoxAttestation$0, reason: merged with bridge method [inline-methods] */
    public /* synthetic */ acquireTokenSilentAsyncWithAssertion lambda$requestFreshKnoxAttestation$0$AbstractAppPolicyEndpoint(String str, IKnoxAttestationManager.AttestationStatus attestationStatus) {
        onFreshKnoxAttestationStatus(str, attestationStatus);
        return acquireTokenSilentAsyncWithAssertion.BcTlsStreamVerifier;
    }

    private void onFreshKnoxAttestationStatus(String str, IKnoxAttestationManager.AttestationStatus attestationStatus) {
        Logger logger = LOGGER;
        logger.info("Got fresh attestation status");
        if (attestationStatus == IKnoxAttestationManager.AttestationStatus.FAILED) {
            logger.warning("Knox attestation failed");
            this.mAppPolicyNotifier.notifyKnoxAttestationFailed(str);
        }
    }

    private final boolean processBiometricAuthenticationResult(int i) {
        if (i == -2) {
            LOGGER.info("Device Android version is not compatible with the specified biometric options.");
            return false;
        }
        if (i == -1) {
            LOGGER.info("Unable to determine whether the device can perform biometric authentication.");
            return false;
        }
        if (i == 0) {
            return true;
        }
        if (i != 1) {
            if (i == 11) {
                LOGGER.info("No biometrics are registered for this user.");
                return false;
            }
            if (i != 12) {
                if (i == 15) {
                    LOGGER.info("Device requires a security update to enable biometric authentication.");
                    return false;
                }
                LOGGER.severe("Unexpected value: " + i);
                return false;
            }
        }
        LOGGER.info("Device does not have biometric hardware present.");
        return false;
    }

    private void requestFreshKnoxAttestation(final String str) {
        this.mKnoxAttestationManager.getFreshAttestation(new setAppVersion() { // from class: com.microsoft.intune.mam.client.ipc.-$$Lambda$AbstractAppPolicyEndpoint$3Ks0HVpnq_MF9gSkiS0Xn9lzr_4
            @Override // kotlin.setAppVersion
            public final Object invoke(Object obj) {
                return AbstractAppPolicyEndpoint.this.lambda$requestFreshKnoxAttestation$0$AbstractAppPolicyEndpoint(str, (IKnoxAttestationManager.AttestationStatus) obj);
            }
        });
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean biometricAuthSupportedAndRegistered(boolean z) {
        int i = Build.VERSION.SDK_INT;
        if (i < 28) {
            return false;
        }
        MediaDescriptionCompat.AnonymousClass1 MediaBrowserCompat$ConnectionCallback$ConnectionCallbackInternal = MediaDescriptionCompat.AnonymousClass1.MediaBrowserCompat$ConnectionCallback$ConnectionCallbackInternal(this.mContext);
        if (z) {
            if (i >= 30) {
                return processBiometricAuthenticationResult(MediaBrowserCompat$ConnectionCallback$ConnectionCallbackInternal.isEmpty(15));
            }
            if (!BiometricsUtils.canSecretKeyBeCreatedAndInitialized()) {
                return false;
            }
        }
        return processBiometricAuthenticationResult(MediaBrowserCompat$ConnectionCallback$ConnectionCallbackInternal.IResultReceiver$Default());
    }

    protected abstract boolean checkIsDeviceCompliant(String str);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean checkPinCorrect(String str, MAMIdentity mAMIdentity, String str2) {
        if (!userHasPin(mAMIdentity) || userRequiresResetPin(str, mAMIdentity) == PINResetReason.RETRIES_EXCEEDED) {
            return false;
        }
        String str3 = this.mSettings.pin(mAMIdentity).get();
        PinHash fromString = str3 == null ? null : PinHash.fromString(str3);
        boolean validate = (fromString == null || str2.length() <= 0) ? false : fromString.validate(str2);
        if (validate) {
            if (!fromString.usesLatestAlgorithm()) {
                this.mSettings.pin(mAMIdentity).set(PinHash.fromPassword(str2).toString());
            }
            this.mSettings.pinRetries(mAMIdentity).set(0);
        } else {
            this.mSettings.pinRetries(mAMIdentity).set(Integer.valueOf(this.mSettings.pinRetries(mAMIdentity).get().intValue() + 1));
            getTimers(mAMIdentity).getPinTimer().expireTimer();
        }
        return validate;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean clearFileIdentityInfo(long j, long j2) {
        return this.mFileIdentityMetadata.clearFileIdentityInfo(j, j2);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    @Deprecated
    public void clearOfflineGracePeriodTimer() {
        getOfflineGracePeriodTimer().disableTimer();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void connectToVpn() {
        this.mAbstractVpnController.connectToVpn();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final byte[] createNewClipboardKeyAndIV() {
        byte[] bArr = new byte[48];
        new SecureRandom().nextBytes(bArr);
        this.mSettings.clipboardKey(MAMIdentity.EMPTY).set(Base64.encodeToString(bArr, 2));
        return bArr;
    }

    protected abstract void destroySecretsIfNecessary(String str, WipeReason wipeReason);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final Bundle getAllAppPolicy(String str, PolicyUpdateType policyUpdateType, int i) {
        LOGGER.fine("Received request for all application policies for " + str + ", " + policyUpdateType.name() + ", app policy major version = " + i);
        List<MAMIdentity> identitiesForPackage = getIdentitiesForPackage(str);
        if (identitiesForPackage == null || identitiesForPackage.isEmpty()) {
            return null;
        }
        Bundle bundle = new Bundle();
        for (MAMIdentity mAMIdentity : identitiesForPackage) {
            InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, policyUpdateType, i);
            if (policyForPackage != null) {
                bundle.putBundle(mAMIdentity.toString(), new BundleAppPolicy(policyForPackage).getBundle());
            }
        }
        return bundle;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Map<ExperimentationKey, Object> getAllExperimentationValues() {
        HashMap hashMap = new HashMap();
        for (MAMFeatureFlag mAMFeatureFlag : MAMFeatureFlag.values()) {
            hashMap.put(mAMFeatureFlag, mAMFeatureFlag.getDefault());
        }
        for (MAMStringExperimentationKey mAMStringExperimentationKey : MAMStringExperimentationKey.values()) {
            hashMap.put(mAMStringExperimentationKey, mAMStringExperimentationKey.getDefault());
        }
        for (MAMIntExperimentationKey mAMIntExperimentationKey : MAMIntExperimentationKey.values()) {
            hashMap.put(mAMIntExperimentationKey, mAMIntExperimentationKey.getDefault());
        }
        return hashMap;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final byte[] getCurrentClipboardKeyAndIV() {
        String str = this.mSettings.clipboardKey(MAMIdentity.EMPTY).get();
        if (str == null) {
            return null;
        }
        return Base64.decode(str, 2);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Timestamp getCurrentClockStatusGracePeriodStart(MAMIdentity mAMIdentity) {
        return this.mClockStatusCache.getCurrentGracePeriod(mAMIdentity);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public String getDefaultPackageName(String str) {
        return convertDefaultPackageStringIntoHashMap().get(str);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public abstract String getEnrolledUserAnyPackage();

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ParcelFileDescriptor getFileIdentityInfoFd(long j, long j2, int i) {
        return this.mFileIdentityMetadata.getFileIdentityInfoFd(j, j2, i);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ParcelFileDescriptor getFileIdentityStorageRoot(long j) {
        return this.mFileIdentityMetadata.getFileIdentityStorageRoot(j);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public List<MAMIdentity> getIdentities() {
        return this.mIdentityManager.getPersistedIdentities();
    }

    protected abstract List<MAMIdentity> getIdentitiesForPackage(String str);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Bundle getIdentityAppPolicy(String str, MAMIdentity mAMIdentity, PolicyUpdateType policyUpdateType, int i) {
        LOGGER.fine("Received request for application policy for " + str + ", " + policyUpdateType.name() + ", app policy major version = " + i);
        InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, policyUpdateType, i);
        if (policyForPackage == null) {
            return null;
        }
        return new BundleAppPolicy(policyForPackage).getBundle();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ClockStatusInfo getLastKnownClockStatus(MAMIdentity mAMIdentity) {
        return this.mClockStatusCache.getLastKnownClockStatus(mAMIdentity);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Intent getLaunchIntentForPackage(String str) {
        return this.mContext.getPackageManager().getLaunchIntentForPackage(str);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ClockStatusInfo getLiveClockStatus(String str, MAMIdentity mAMIdentity) throws MAMException {
        LOGGER.severe("getLiveClockStatus used but not implemented by agent");
        return ClockStatusInfo.pending();
    }

    @Deprecated
    protected abstract SettingEventTimer getOfflineGracePeriodTimer();

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public PINCharacterType getPINCharacterType(MAMIdentity mAMIdentity) {
        return PINCharacterType.fromCode(this.mSettings.pinCharacterType(mAMIdentity).get().intValue());
    }

    protected abstract InternalAppPolicy getPolicyForPackage(String str, MAMIdentity mAMIdentity, PolicyUpdateType policyUpdateType, int i);

    public abstract HashSet<Signature> getSignaturesForPackage(String str);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final int getUserDeviceLockComplexity() {
        return ((DevicePolicyManager) this.mContext.getSystemService("device_policy")).getPasswordComplexity();
    }

    protected abstract int getUserPINMaxRetries(MAMIdentity mAMIdentity);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean hasChangeInBiometricsOccurred() {
        if (Build.VERSION.SDK_INT < 28) {
            return false;
        }
        return BiometricsUtils.hasChangeInBiometricsOccurred();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    @SuppressLint({WarningType.NewApi})
    public boolean isAgentInRestrictedBucket() {
        return DeviceBuildUtils.isAndroidPOrHigher() && ((UsageStatsManager) this.mContext.getSystemService("usagestats")).getAppStandbyBucket() == 45;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean isDeviceCompliant(String str) {
        boolean checkIsDeviceCompliant = (!isXposeDetected()) & checkIsDeviceCompliant(str);
        if (!checkIsDeviceCompliant) {
            Iterator<PolicySettingTimers> it = this.mSettingTimers.values().iterator();
            while (it.hasNext()) {
                it.next().getComplianceTimer().expireTimer();
            }
            destroySecretsIfNecessary(str, WipeReason.DEVICE_NON_COMPLIANT);
        }
        return checkIsDeviceCompliant;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isDeviceInIdentityDatabase(long j) {
        return this.mFileIdentityMetadata.isDeviceInIdentityDatabase(j);
    }

    protected abstract boolean isDeviceWorkplaceJoined();

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isPackageInstalled(String str) {
        try {
            this.mContext.getPackageManager().getPackageInfo(str, 0);
            return true;
        } catch (PackageManager.NameNotFoundException unused) {
            return false;
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean isPlayServiceErrorUserResolvable() {
        GoogleApiAvailability googleApiAvailability = GoogleApiAvailability.getInstance();
        return googleApiAvailability.isUserResolvableError(googleApiAvailability.isGooglePlayServicesAvailable(this.mContext));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean isPlayServicesAvailable() {
        if (GoogleApiAvailability.getInstance().isGooglePlayServicesAvailable(this.mContext) == 0) {
            return true;
        }
        LOGGER.info("google play services not available needs user intervention");
        return false;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean isVerifyAppsEnabled() {
        try {
            return ((SafetyNetApi.VerifyAppsUserResponse) Tasks.await(SafetyNet.getClient(this.mContext).isVerifyAppsEnabled(), 1L, TimeUnit.SECONDS)).isVerifyAppsEnabled();
        } catch (InterruptedException e) {
            e = e;
            LOGGER.log(Level.WARNING, "could not obtain verify apps status", e);
            return false;
        } catch (ExecutionException e2) {
            e = e2;
            LOGGER.log(Level.WARNING, "could not obtain verify apps status", e);
            return false;
        } catch (TimeoutException e3) {
            LOGGER.log(Level.WARNING, "fetching verify apps status timed out", (Throwable) e3);
            this.mTelemetryLogger.logTrackedOccurrence(this.mContext.getPackageName(), TrackedOccurrence.VERIFY_APPS_TIMED_OUT, "");
            return false;
        }
    }

    protected abstract boolean isXposeDetected();

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final int mustCheckPolicies(String str, MAMIdentity mAMIdentity, boolean z, boolean z2) {
        AgentUpdateInfo cPUpdateInfo;
        int i;
        InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, PolicyUpdateType.NOT_INITIAL_UPDATE, 0);
        if (policyForPackage == null) {
            return 0;
        }
        int i2 = isUserAccountDisabled(mAMIdentity) ? 1048576 : 0;
        if (isCheckinTimeoutExceeded(str, mAMIdentity)) {
            i2 |= 16;
        }
        if (policyForPackage.getAllowedAndroidDevicesElseWipe().isSet()) {
            i2 |= 128;
        }
        if (policyForPackage.getAllowedAndroidDevicesElseBlock().isSet()) {
            i2 |= 256;
        }
        if (this.mDeviceLockDetector.isAnyDeviceLockComplexityRequired(policyForPackage) && (Build.VERSION.SDK_INT < 31 ? !this.mDeviceLockDetector.isDeviceSecuredByPinPasswordOrPattern() : !this.mDeviceLockDetector.isDeviceLockComplexEnough(policyForPackage, getUserDeviceLockComplexity()))) {
            i2 |= 8388608;
        }
        if (!policyForPackage.getMinOSVersion().isZero() && !policyForPackage.getMinOSVersion().isOtherEqualOrNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMinOSVersionWarning().isZero() && !policyForPackage.getMinOSVersionWarning().isOtherEqualOrNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMinOSVersionWipe().isZero() && !policyForPackage.getMinOSVersionWipe().isOtherEqualOrNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMaxOSVersion().isZero() && policyForPackage.getMaxOSVersion().isOtherNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMaxOSVersionWarning().isZero() && policyForPackage.getMaxOSVersionWarning().isOtherNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMaxOSVersionWipe().isZero() && policyForPackage.getMaxOSVersionWipe().isOtherNewer(DeviceBuildUtils.getAndroidOSVersion())) {
            i2 |= 8;
        }
        if (!policyForPackage.getMinAppVersion().isZero() || !policyForPackage.getMinAppVersionWarning().isZero() || !policyForPackage.getMinAppVersionWipe().isZero()) {
            i2 |= 8;
        }
        if (!policyForPackage.getMinOSPatch().isZero() || !policyForPackage.getMinOSPatchWarning().isZero() || !policyForPackage.getMinOSPatchWipe().isZero()) {
            i2 |= 8;
        }
        if (!policyForPackage.getMinCPVersion().isZero() || !policyForPackage.getMinCPVersionWarning().isZero() || !policyForPackage.getMinCPVersionWipe().isZero()) {
            i2 |= 8;
        }
        if (z2 && !isDeviceWorkplaceJoined()) {
            i2 |= 67108864;
        }
        int minCPFreshnessDays = policyForPackage.getMinCPFreshnessDays();
        int minCPFreshnessDaysWarning = policyForPackage.getMinCPFreshnessDaysWarning();
        int minCPFreshnessDaysWipe = policyForPackage.getMinCPFreshnessDaysWipe();
        if ((minCPFreshnessDays != 0 || minCPFreshnessDaysWarning != 0 || minCPFreshnessDaysWipe != 0) && (cPUpdateInfo = getCPUpdateInfo()) != null && cPUpdateInfo.mUpdateAvailability == AgentUpdateAvailability.UPDATE_AVAILABLE.getCode() && ((i = cPUpdateInfo.mStalenessDays) >= minCPFreshnessDays || i >= minCPFreshnessDaysWarning || i >= minCPFreshnessDaysWipe)) {
            i2 |= 4194312;
        }
        int checkGooglePlayProtectPolicyState = checkGooglePlayProtectPolicyState(policyForPackage, str) | i2 | checkMTDState(policyForPackage, str);
        if (z && policyForPackage.getIsPinRequired() && policyForPackage.getFingerprintPlusBiometricEnabled() && policyForPackage.getNonBioPassRequiredOnLaunch()) {
            checkGooglePlayProtectPolicyState |= SignatureScheme.rsa_pkcs1_sha1;
        }
        int checkPolicyTimers = checkPolicyTimers(policyForPackage, mAMIdentity, str) | checkGooglePlayProtectPolicyState;
        if ((checkPolicyTimers & 1) != 0 && userRequiresResetPin(str, mAMIdentity) != PINResetReason.NOT_REQUIRED) {
            checkPolicyTimers |= 2097152;
        }
        if (isAgentInRestrictedBucket()) {
            checkPolicyTimers |= 134217728;
        }
        return checkKnoxAttestation(policyForPackage, str) | checkPolicyTimers;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final void notifyADALAuthenticationStatus(String str, MAMIdentity mAMIdentity, boolean z) {
        InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, PolicyUpdateType.NOT_INITIAL_UPDATE, 0);
        if (policyForPackage == null || !policyForPackage.getRequiresAuthentication()) {
            return;
        }
        SettingEventTimer authTimer = getTimers(mAMIdentity).getAuthTimer();
        if (z) {
            authTimer.restartTimer();
        } else {
            authTimer.expireTimer();
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void onMAMAppInstall(String str, String str2) {
        LOGGER.info(String.format(Locale.US, "onMAMAppInstall called for installed package %s and action %s. Method not implemented in this agent, doing nothing.", str, str2));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public MAMIdentity persistIdentity(MAMIdentity mAMIdentity) {
        return this.mIdentityManager.persistIdentity(mAMIdentity);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    @SuppressLint({"QueryPermissionsNeeded"})
    public List<ResolveInfo> queryIntentActivities(Intent intent, long j) {
        return PackageManagerCompat.queryIntentActivities(this.mContext.getPackageManager(), intent, j);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void reportFatalError(String str, String str2, String str3) {
        LOGGER.warning(String.format(Locale.US, "App '%s' reported (probably fatal) error on thread '%s': %s", str, str2, str3));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void resetBiometricChangeDetectionKey() {
        if (Build.VERSION.SDK_INT < 28) {
            return;
        }
        BiometricsUtils.resetKey();
        BiometricsUtils.canSecretKeyBeCreatedAndInitialized();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void resetConditionalLaunchTimers(String str, MAMIdentity mAMIdentity, boolean z) {
        Logger logger = LOGGER;
        logger.info("resetConditionalLaunchTimers");
        InternalAppPolicy policyForPackage = getPolicyForPackage(str, mAMIdentity, PolicyUpdateType.NOT_INITIAL_UPDATE, 0);
        if (policyForPackage == null) {
            logger.info("No policy, not resetting CL timers");
            return;
        }
        PolicySettingTimers timers = getTimers(mAMIdentity);
        if (policyForPackage.getRequiresAuthentication() && (z || timers.getAuthTimer().isStarted())) {
            logger.info("Resetting ADAL timer");
            timers.getAuthTimer().restartTimer();
        }
        if (policyForPackage.getIsPinRequired() && (z || timers.getPinTimer().isStarted())) {
            logger.info("Resetting PIN timer");
            timers.getPinTimer().restartTimer();
        }
        if (policyForPackage.getAppRequiresCompliance()) {
            if (z || timers.getComplianceTimer().isStarted()) {
                logger.info("Resetting compliance timer");
                timers.getComplianceTimer().restartTimer();
            }
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ProviderInfo resolveContentProvider(String str, long j) {
        return PackageManagerCompat.resolveContentProvider(this.mContext.getPackageManager(), str, j);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void setDefaultPackage(String str, String str2) {
        List<String> defaultPackageList = getDefaultPackageList();
        int indexOf = defaultPackageList.indexOf(str);
        if (indexOf == -1) {
            defaultPackageList.add(str);
            defaultPackageList.add(str2);
        } else {
            defaultPackageList.set(indexOf + 1, str2);
        }
        this.mSettings.defaultPackage().set(TextUtils.join(SchemaConstants.SEPARATOR_COMMA, defaultPackageList));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean setNewPin(MAMIdentity mAMIdentity, String str, PINCharacterType pINCharacterType) {
        this.mSettings.pin(mAMIdentity).set(PinHash.fromPassword(str).toString());
        this.mSettings.pinRetries(mAMIdentity).set(0);
        this.mSettings.pinCharacterType(mAMIdentity).set(Integer.valueOf(pINCharacterType.getCode()));
        if (getMaxPinHistoryLength(mAMIdentity) > 0) {
            List<String> previousPinsList = getPreviousPinsList(mAMIdentity);
            if (previousPinsList.size() == 24) {
                previousPinsList.remove(0);
            }
            previousPinsList.add(PinHash.fromPassword(str).toString());
            this.mSettings.previousPins(mAMIdentity).set(TextUtils.join(SchemaConstants.SEPARATOR_COMMA, previousPinsList));
        }
        getTimers(mAMIdentity).getPinExpiryTimer().restartTimer();
        return true;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean shouldEnableMAMStrictMode() {
        return false;
    }

    protected abstract void showNotification(String str, String str2, String str3);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void showWipeNotification(WipeReason wipeReason) {
        String string;
        String string2 = this.mContext.getString(R.string.wg_app_wipe_title);
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$WipeReason[wipeReason.ordinal()];
        String str = "";
        if (i == 1) {
            str = this.mContext.getString(R.string.wg_app_wiped_reason_rooted);
            string = this.mContext.getString(R.string.wg_app_wiped_remediation_rooted);
        } else if (i == 2) {
            str = this.mContext.getString(R.string.wg_app_wiped_reason_mtd);
            string = this.mContext.getString(R.string.wg_app_wiped_remediation_mtd);
        } else if (i != 3) {
            LOGGER.severe("Unexpected wipe reason " + wipeReason);
            string = "";
        } else {
            str = this.mContext.getString(R.string.wg_app_wiped_reason_device_attestation);
            string = this.mContext.getString(R.string.wg_app_wiped_remediation_device_attestation);
        }
        showNotification(NOTIFICATION_TAG_WIPE, string2, this.mContext.getString(R.string.wg_apps_wiping_message, str, string));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean uniqueFromPreviousPins(MAMIdentity mAMIdentity, String str, boolean z) {
        List<String> previousPinsList = getPreviousPinsList(mAMIdentity);
        if (previousPinsList.isEmpty()) {
            return true;
        }
        Collections.reverse(previousPinsList);
        List<String> subList = previousPinsList.subList(0, Math.min(getMaxPinHistoryLength(mAMIdentity), previousPinsList.size()));
        if (!z) {
            subList = subList.subList(1, subList.size());
        }
        Iterator<String> it = subList.iterator();
        while (it.hasNext()) {
            if (PinHash.fromString(it.next()).validate(str)) {
                return false;
            }
        }
        return true;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public abstract void updateMAMServiceToken(String str, MAMIdentity mAMIdentity, MAMServiceTokenSource mAMServiceTokenSource, boolean z);

    @Deprecated
    protected abstract void updateOfflineGracePeriodTimer(String str);

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final boolean userHasPin(MAMIdentity mAMIdentity) {
        return this.mSettings.pin(mAMIdentity).get() != null;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public final PINResetReason userRequiresResetPin(String str, MAMIdentity mAMIdentity) {
        return this.mSettings.pinRetries(mAMIdentity).get().intValue() >= getUserPINMaxRetries(mAMIdentity) ? PINResetReason.RETRIES_EXCEEDED : isPinExpired(str, mAMIdentity) ? PINResetReason.EXPIRED : PINResetReason.NOT_REQUIRED;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean validateKnoxAttestation() {
        IKnoxAttestationManager.AttestationStatus freshAttestationSync = this.mKnoxAttestationManager.getFreshAttestationSync();
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$agent$knox$IKnoxAttestationManager$AttestationStatus[freshAttestationSync.ordinal()];
        if (i == 1) {
            return true;
        }
        if (i == 2) {
            LOGGER.warning("Knox attestation failed");
            return false;
        }
        LOGGER.severe("Unexpected knox attestation status " + freshAttestationSync.name());
        return false;
    }
}
