package com.microsoft.intune.mam.client.util;

import com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint;
import com.microsoft.intune.mam.client.ipcclient.RestrictionState;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.DeviceAttestationAction;
import com.microsoft.intune.mam.policy.DeviceAttestationAgentResult;
import com.microsoft.intune.mam.policy.DeviceAttestationEnforcementType;
import com.microsoft.intune.mam.policy.InternalAppPolicy;

/* loaded from: classes.dex */
public class DeviceAttestationChecker {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) DeviceAttestationChecker.class);
    private final AppPolicyEndpoint mAppPolicyEndpoint;

    public DeviceAttestationChecker(AppPolicyEndpoint appPolicyEndpoint) {
        this.mAppPolicyEndpoint = appPolicyEndpoint;
    }

    public boolean isActionRequired(String str, InternalAppPolicy internalAppPolicy, RestrictionState restrictionState) {
        if (internalAppPolicy.getSafetyNetDeviceAttestFailedAction() == DeviceAttestationAction.WARN && restrictionState.isDeviceAttestationWarned()) {
            LOGGER.info("already warned user about device attestation issues");
            return false;
        }
        DeviceAttestationEnforcementType safetyNetDeviceAttestEnforcementType = internalAppPolicy.getSafetyNetDeviceAttestEnforcementType();
        if (safetyNetDeviceAttestEnforcementType == DeviceAttestationEnforcementType.NOT_REQUIRED) {
            return false;
        }
        DeviceAttestationAgentResult attestationResult = this.mAppPolicyEndpoint.getAttestationResult(str);
        LOGGER.info("attestationResult:" + attestationResult);
        if (attestationResult == DeviceAttestationAgentResult.UNKNOWN) {
            LOGGER.info("no cached attestation results are available yet");
            return false;
        }
        if (attestationResult == DeviceAttestationAgentResult.NON_COMPLIANT) {
            return true;
        }
        LOGGER.info("enforcing that policy matches:" + safetyNetDeviceAttestEnforcementType);
        switch (safetyNetDeviceAttestEnforcementType) {
            case BASIC_INTEGRITY:
                return (attestationResult == DeviceAttestationAgentResult.DEVICE_INTEGRITY || attestationResult == DeviceAttestationAgentResult.DEVICE_INTEGRITY_AND_CTS) ? false : true;
            case BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION:
                return attestationResult != DeviceAttestationAgentResult.DEVICE_INTEGRITY_AND_CTS;
            case NOT_REQUIRED:
                LOGGER.info("no device attestation action is required");
                return false;
            default:
                throw new AssertionError("enforcementType not understood:" + safetyNetDeviceAttestEnforcementType);
        }
    }
}
