package com.microsoft.intune.mam.client.ipcclient;

import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ProviderInfo;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import androidx.annotation.Nullable;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.microsoft.intune.mam.DeviceBuildUtils;
import com.microsoft.intune.mam.InterfaceVersionUtils;
import com.microsoft.intune.mam.Version;
import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.ActivityBehaviorImpl;
import com.microsoft.intune.mam.client.app.ActivityLifecycleMonitor;
import com.microsoft.intune.mam.client.app.AndroidManifestData;
import com.microsoft.intune.mam.client.app.LocalSettings;
import com.microsoft.intune.mam.client.app.data.WipeAppDataStatus;
import com.microsoft.intune.mam.client.app.startup.MAMIllegalStateException;
import com.microsoft.intune.mam.client.clipboard.EncryptedClipboardConnection;
import com.microsoft.intune.mam.client.content.pm.PackageManagerFactory;
import com.microsoft.intune.mam.client.content.pm.PackageManagerPolicy;
import com.microsoft.intune.mam.client.content.pm.PackageManagerPolicyFactory;
import com.microsoft.intune.mam.client.content.pm.PackageManagerPolicyResolverImpl;
import com.microsoft.intune.mam.client.fileencryption.EncryptionRequirement;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager;
import com.microsoft.intune.mam.client.fileencryption.MAMKeyRetrievalException;
import com.microsoft.intune.mam.client.identity.FileIdentityMetadataClient;
import com.microsoft.intune.mam.client.identity.FileProtectionManagerBehaviorImpl;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityImpl;
import com.microsoft.intune.mam.client.identity.MAMIdentityManagerImpl;
import com.microsoft.intune.mam.client.identity.OnlineThreadIdentityOperations;
import com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint;
import com.microsoft.intune.mam.client.ipc.PolicyUpdateType;
import com.microsoft.intune.mam.client.ipc.PrimaryUserInfo;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiver;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiverRegistryInternal;
import com.microsoft.intune.mam.client.telemetry.FileCacheTelemetryConsumer;
import com.microsoft.intune.mam.client.telemetry.FileCacheTelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.OnlineTelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.SessionDurationStore;
import com.microsoft.intune.mam.client.telemetry.TelemetryEvent;
import com.microsoft.intune.mam.client.util.ActivityUtils;
import com.microsoft.intune.mam.client.util.Classes;
import com.microsoft.intune.mam.client.util.DeviceAttestationChecker;
import com.microsoft.intune.mam.client.util.DeviceLockEnabledDetector;
import com.microsoft.intune.mam.client.util.GooglePlayServicesChecker;
import com.microsoft.intune.mam.client.util.MinVersionChecker;
import com.microsoft.intune.mam.client.util.PackageUtils;
import com.microsoft.intune.mam.client.util.VerifyAppsChecker;
import com.microsoft.intune.mam.libs.MAMLibraryException;
import com.microsoft.intune.mam.libs.NativeLibLoaderClient;
import com.microsoft.intune.mam.log.MAMLogManagerImpl;
import com.microsoft.intune.mam.log.MAMLogPIIFactoryImpl;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.BundleAppPolicy;
import com.microsoft.intune.mam.policy.BundleEncryptionKey;
import com.microsoft.intune.mam.policy.DataSharingAction;
import com.microsoft.intune.mam.policy.FileEncryptionKeyLength;
import com.microsoft.intune.mam.policy.InternalAppPolicy;
import com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl;
import com.microsoft.intune.mam.policy.MAMEnrollmentStatusCache;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import com.microsoft.intune.mam.policy.PINResetReason;
import com.microsoft.intune.mam.policy.PINRetryExceededAction;
import com.microsoft.intune.mam.policy.PlayServicesMAMAction;
import com.microsoft.intune.mam.policy.SaveLocation;
import com.microsoft.intune.mam.policy.SharingLevel;
import com.microsoft.intune.mam.policy.notification.MAMNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotificationType;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.UUID;
import java.util.logging.Level;
import javax.inject.Provider;

/* loaded from: classes.dex */
public final class MAMClientImpl implements EncryptedClipboardConnection, AppPolicyServiceWrapper, WipeAppDataEndpoint, MAMUserInfoInternal {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) MAMClientImpl.class);
    private final AndroidManifestData mActivityData;
    private final AppPolicyEndpoint mAppPolicyEndpoint;
    MAMClientPolicyImpl mClientPolicyImpl;
    private final Provider<MAMClientPolicyImpl> mClientPolicyImplProvider;
    private Context mContext;
    private DeviceAttestationChecker mDeviceAttestationChecker;
    private final DexFileCache mDexCache;
    private final Provider<MAMEnrollmentManagerImpl> mEnrollmentManagerProvider;
    MAMEnrollmentStatusCache mEnrollmentStatusCache;
    private FileEncryptionManager mFileEncryptionManager;
    private final Provider<FileEncryptionManager> mFileEncryptionManagerProvider;
    private FileProtectionManagerBehaviorImpl mFileProtectionManager;
    private final Provider<FileProtectionManagerBehaviorImpl> mFileProtectionManagerProvider;
    private GooglePlayServicesChecker mGooglePlayChecker;
    private final HeartbeatThread mHeartbeatThread;
    IdentityResolver mIdentityResolver;
    private final Provider<IdentityResolver> mIdentityResolverProvider;
    private final ActivityLifecycleMonitor mLifecycleMonitor;
    LocalSettings mLocalSettings;
    private final MAMIdentityManagerImpl mMAMIdentityManager;
    private final MAMLogManagerImpl mMAMLogManager;
    private final MAMLogPIIFactoryImpl mMAMLogPIIFactory;
    private MinVersionChecker mMinVersionChecker;
    private final NativeLibLoaderClient mNativeLibs;
    MAMNotificationReceiverRegistryInternal mNotificationReceiverRegistry;
    private final PackageManagerPolicyFactory mPackageManagerPolicyFactory;
    private PackageManagerPolicyResolverImpl mPackageManagerPolicyResolver;
    private final Provider<PackageManagerPolicyResolverImpl> mPackageManagerPolicyResolverProvider;
    SessionDurationStore mSessionDurationStore;
    private final Provider<MAMSystemServices> mSystemServicesProvider;
    private final OnlineTelemetryLogger mTelemetryLogger;
    private VerifyAppsChecker mVerifyAppsChecker;
    private final Handler mMainHandler = new Handler(Looper.getMainLooper());
    private final MAMNotificationReceiver mNotificationReceiver = new MAMNotificationReceiver() { // from class: com.microsoft.intune.mam.client.ipcclient.-$$Lambda$MAMClientImpl$IlTARB28WhUlS5CUgmfY6sL8wGw
        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public final boolean onReceive(MAMNotification mAMNotification) {
            return MAMClientImpl.lambda$new$1(MAMClientImpl.this, mAMNotification);
        }
    };
    PolicyUpdateType mPolicyUpdateType = PolicyUpdateType.INITIAL_UPDATE;
    private volatile MAMIdentity mPrimaryUser = null;
    private volatile boolean mPrimaryUserIsMDMUser = false;
    private final Object mPrimaryUserLock = new Object();
    private boolean mFirstPolicyCheck = true;
    private boolean mForceConditionalLaunchCheck = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.ipcclient.MAMClientImpl$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType = new int[MAMNotificationType.values().length];

        static {
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType[MAMNotificationType.REFRESH_POLICY.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAMClientImpl(MAMNotificationReceiverRegistryInternal mAMNotificationReceiverRegistryInternal, Provider<FileEncryptionManager> provider, Provider<FileProtectionManagerBehaviorImpl> provider2, MAMLogPIIFactoryImpl mAMLogPIIFactoryImpl, AndroidManifestData androidManifestData, Provider<IdentityResolver> provider3, ActivityLifecycleMonitor activityLifecycleMonitor, AppPolicyEndpoint appPolicyEndpoint, DexFileCache dexFileCache, NativeLibLoaderClient nativeLibLoaderClient, Provider<PackageManagerPolicyResolverImpl> provider4, PackageManagerPolicyFactory packageManagerPolicyFactory, OnlineTelemetryLogger onlineTelemetryLogger, MAMLogManagerImpl mAMLogManagerImpl, MAMIdentityManagerImpl mAMIdentityManagerImpl, Context context, MinVersionChecker minVersionChecker, Provider<MAMSystemServices> provider5, Provider<MAMClientPolicyImpl> provider6, Provider<MAMEnrollmentManagerImpl> provider7, VerifyAppsChecker verifyAppsChecker, GooglePlayServicesChecker googlePlayServicesChecker, DeviceAttestationChecker deviceAttestationChecker) {
        this.mNotificationReceiverRegistry = mAMNotificationReceiverRegistryInternal;
        this.mFileEncryptionManagerProvider = provider;
        this.mFileProtectionManagerProvider = provider2;
        this.mMAMLogPIIFactory = mAMLogPIIFactoryImpl;
        this.mActivityData = androidManifestData;
        this.mIdentityResolverProvider = provider3;
        this.mLifecycleMonitor = activityLifecycleMonitor;
        this.mAppPolicyEndpoint = appPolicyEndpoint;
        this.mDexCache = dexFileCache;
        this.mNativeLibs = nativeLibLoaderClient;
        this.mPackageManagerPolicyResolverProvider = provider4;
        this.mPackageManagerPolicyFactory = packageManagerPolicyFactory;
        this.mTelemetryLogger = onlineTelemetryLogger;
        this.mMAMLogManager = mAMLogManagerImpl;
        this.mMAMIdentityManager = mAMIdentityManagerImpl;
        this.mContext = context;
        this.mMinVersionChecker = minVersionChecker;
        this.mSystemServicesProvider = provider5;
        this.mClientPolicyImplProvider = provider6;
        this.mEnrollmentManagerProvider = provider7;
        this.mVerifyAppsChecker = verifyAppsChecker;
        this.mGooglePlayChecker = googlePlayServicesChecker;
        this.mDeviceAttestationChecker = deviceAttestationChecker;
        this.mHeartbeatThread = new HeartbeatThread(this.mContext.getPackageName(), this.mAppPolicyEndpoint, 30000);
    }

    private void emitApiNecessaryStubs() {
        if (!PackageUtils.isWXPOfficePackage(this.mContext)) {
            Classes.emitAndLoadKnownMissingAndroidClasses(this.mDexCache, Activity.class);
        }
        Classes.emitDocumentsProviderStubsIfNecessary(this.mContext, this.mDexCache, this.mActivityData);
    }

    private MAMException handleMamEncryptionExceptionRethrow(MAMKeyRetrievalException mAMKeyRetrievalException, Level level) {
        String message = mAMKeyRetrievalException.getMessage() == null ? "Connection to remote policy service failed." : mAMKeyRetrievalException.getMessage();
        if (mAMKeyRetrievalException.getCause() == null) {
            LOGGER.log(level, message, (Throwable) mAMKeyRetrievalException);
        } else {
            LOGGER.log(level, message, mAMKeyRetrievalException.getCause());
        }
        return mAMKeyRetrievalException;
    }

    private boolean isApprovedDeviceManufacturer(InternalAppPolicy internalAppPolicy, boolean z) {
        List<String> allowedAndroidManufacturersElseWipe = z ? internalAppPolicy.getAllowedAndroidManufacturersElseWipe() : internalAppPolicy.getAllowedAndroidManufacturersElseBlock();
        if (allowedAndroidManufacturersElseWipe == null) {
            return true;
        }
        if (allowedAndroidManufacturersElseWipe.isEmpty()) {
            return false;
        }
        Iterator<String> it = allowedAndroidManufacturersElseWipe.iterator();
        while (it.hasNext()) {
            if (DeviceBuildUtils.isMatchingDeviceManufacturer(it.next())) {
                return true;
            }
        }
        return false;
    }

    public static /* synthetic */ void lambda$initialize$2(MAMClientImpl mAMClientImpl) {
        mAMClientImpl.mAppPolicyEndpoint.onMAMAppInstall(mAMClientImpl.mContext.getPackageName(), "android.intent.action.PACKAGE_ADDED");
        mAMClientImpl.mLocalSettings.setHasNotifiedAgentFirstLaunch();
    }

    public static /* synthetic */ boolean lambda$new$1(MAMClientImpl mAMClientImpl, MAMNotification mAMNotification) {
        if (AnonymousClass2.$SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType[mAMNotification.getType().ordinal()] == 1) {
            mAMClientImpl.mForceConditionalLaunchCheck = true;
            mAMClientImpl.tryUpdatePolicy(false);
        }
        return true;
    }

    private void restrictScreenshotsInForegroundActivity(MAMIdentity mAMIdentity, InternalAppPolicy internalAppPolicy) {
        if (internalAppPolicy == null || !internalAppPolicy.getRestrictScreenshots()) {
            return;
        }
        Activity foregroundActivity = this.mLifecycleMonitor.getForegroundActivity();
        if (foregroundActivity == null || !ActivityUtils.isHookedActivity(foregroundActivity)) {
            LOGGER.info("Not restricting screenshots in the foreground activity, because it is not a hooked activity.");
        } else if (!mAMIdentity.equals(this.mIdentityResolver.getCurrentIdentity(foregroundActivity))) {
            LOGGER.info("Not restricting screenshots in the foreground activity, because the activity's current identity is not the primary identity.");
        } else {
            LOGGER.info("Restricting screenshots in the foreground activity.");
            ActivityBehaviorImpl.restrictScreenshotsInActivity(foregroundActivity);
        }
    }

    private boolean shouldDisableAppPin(InternalAppPolicy internalAppPolicy) {
        if (!internalAppPolicy.getAppPinDisabled() || !isMDMEnrolled() || !new DeviceLockEnabledDetector(this.mContext).isDeviceSecuredByPinPasswordOrPattern()) {
            return false;
        }
        LOGGER.log(Level.INFO, "Device enrolled, device password quality is sufficient, and device lock detected. Disabling the App PIN.");
        return true;
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public boolean areEncryptionKeysAccessible() {
        return this.mClientPolicyImpl.hasAppPolicy();
    }

    public boolean checkPinCorrect(String str) {
        return this.mAppPolicyEndpoint.checkPinCorrect(this.mContext.getPackageName(), str);
    }

    public void checkPolicy(RestrictionCallbacks restrictionCallbacks, RestrictionState restrictionState, MAMIdentity mAMIdentity) {
        boolean z;
        MinVersionChecker.Result checkMinVersions;
        boolean hasAppPolicy = this.mClientPolicyImpl.hasAppPolicy();
        if (mAMIdentity == null) {
            mAMIdentity = this.mIdentityResolver.getCurrentIdentity(null);
        }
        if (hasAppPolicy) {
            MAMIdentity primaryIdentity = getPrimaryIdentity();
            if (primaryIdentity != null) {
                z = !MAMInfo.isMultiIdentityEnabled() || primaryIdentity.equals(mAMIdentity);
                if (!this.mLocalSettings.getManagedDialogDismissed() && z) {
                    restrictionCallbacks.showManagedDialog();
                    return;
                }
                InternalAppPolicy appPolicy = this.mClientPolicyImpl.getAppPolicy(mAMIdentity);
                if (!hasAppPolicy && !isSupportedPolicyVersion(appPolicy)) {
                    restrictionCallbacks.onUnsupportedVersion();
                    return;
                }
                if (hasAppPolicy && MAMInfo.isPolicyRequired()) {
                    restrictionCallbacks.onRequiresPolicy();
                    return;
                }
                if (hasAppPolicy || !(this.mForceConditionalLaunchCheck || this.mLifecycleMonitor.hasAppForegroundBeenInterrupted(mAMIdentity))) {
                    restrictionCallbacks.onAppPolicyCompliance();
                }
                if (!z) {
                    LOGGER.info("Skipping mustCheckPolicies for unmanaged identity: " + mAMIdentity);
                    restrictionCallbacks.onAppPolicyCompliance();
                    return;
                }
                int mustCheckPolicies = mustCheckPolicies();
                this.mForceConditionalLaunchCheck = false;
                if (mustCheckPolicies == 0) {
                    restrictionCallbacks.onAppPolicyCompliance();
                    return;
                }
                if ((mustCheckPolicies & 32) != 0) {
                    restrictionCallbacks.onNetworkConnectivityRequired();
                    return;
                }
                if ((mustCheckPolicies & 128) != 0 && !isApprovedDeviceManufacturer(appPolicy, true)) {
                    restrictionCallbacks.onUnsupportedDeviceManufacturer(true);
                    return;
                }
                if ((mustCheckPolicies & 256) != 0 && !isApprovedDeviceManufacturer(appPolicy, false)) {
                    restrictionCallbacks.onUnsupportedDeviceManufacturer(false);
                    return;
                }
                if ((mustCheckPolicies & 16) != 0 && this.mAppPolicyEndpoint.isCheckinTimeoutExceeded(this.mContext.getPackageName())) {
                    restrictionCallbacks.onCheckinTimeoutExceeded();
                    return;
                }
                if ((mustCheckPolicies & 8) != 0 && (checkMinVersions = this.mMinVersionChecker.checkMinVersions(appPolicy, restrictionState)) != null) {
                    restrictionCallbacks.onUnsupportedMinVersion(checkMinVersions.getType(), checkMinVersions.getAction());
                    return;
                }
                if ((mustCheckPolicies & 4) != 0 && appPolicy.getAppRequiresCompliance() && !isDeviceCompliant()) {
                    restrictionCallbacks.onDeviceNonCompliance(appPolicy.getDeviceComplianceFailureAction());
                    return;
                }
                if ((mustCheckPolicies & 4096) != 0) {
                    GooglePlayServicesChecker.Result isActionRequired = this.mGooglePlayChecker.isActionRequired(PlayServicesMAMAction.fromPolicy(appPolicy), restrictionState);
                    if (isActionRequired.requiresPrompt()) {
                        restrictionCallbacks.onSafetyNetActionRequired(isActionRequired);
                        return;
                    }
                }
                if ((mustCheckPolicies & 1024) != 0 && this.mVerifyAppsChecker.isActionRequired(appPolicy.getSafetyNetVerifyAppsFailedAction(), restrictionState)) {
                    restrictionCallbacks.onVerifyAppsNotEnabled(appPolicy.getSafetyNetVerifyAppsFailedAction());
                    return;
                }
                if ((mustCheckPolicies & 2048) != 0 && this.mDeviceAttestationChecker.isActionRequired(this.mContext.getPackageName(), appPolicy, restrictionState)) {
                    restrictionCallbacks.onDeviceAttestationError(appPolicy.getSafetyNetDeviceAttestEnforcementType(), appPolicy.getSafetyNetDeviceAttestFailedAction());
                    return;
                }
                if (!((mustCheckPolicies & 1) != 0) || !appPolicy.getIsPinRequired() || restrictionState.isUserPinCorrect() || shouldDisableAppPin(appPolicy)) {
                    if ((mustCheckPolicies & 2) != 0 && appPolicy.getRequiresAuthentication() && !restrictionState.isUserAuthenticated()) {
                        restrictionCallbacks.onRequiresAuthentication();
                        return;
                    }
                    if (appPolicy.getIsPinRequired()) {
                        this.mLocalSettings.setShouldWipeOnPINReset(true);
                    }
                    this.mFirstPolicyCheck = false;
                    restrictionCallbacks.onAppPolicyCompliance();
                    return;
                }
                if (!this.mAppPolicyEndpoint.userHasPin() || userRequiresResetPin() != PINResetReason.RETRIES_EXCEEDED || restrictionState.isUserAuthenticated()) {
                    restrictionCallbacks.onRequiresPinEntry((mustCheckPolicies & 512) != 0);
                    return;
                }
                PINRetryExceededAction pINRetryExceededAction = appPolicy.getPINRetryExceededAction();
                if (pINRetryExceededAction == PINRetryExceededAction.WIPE_DATA && !this.mLocalSettings.shouldWipeOnPINReset()) {
                    pINRetryExceededAction = PINRetryExceededAction.RESET_PIN;
                }
                restrictionCallbacks.onPINRetriesExceeded(pINRetryExceededAction);
                return;
            }
            LOGGER.severe("MAMClientImpl has internalAppPolicy, but IPC returned null primary identity. This is inconsistent. Not showing managed dialog.");
        }
        z = false;
        InternalAppPolicy appPolicy2 = this.mClientPolicyImpl.getAppPolicy(mAMIdentity);
        if (!hasAppPolicy) {
        }
        if (hasAppPolicy) {
        }
        if (hasAppPolicy) {
        }
        restrictionCallbacks.onAppPolicyCompliance();
    }

    @Override // com.microsoft.intune.mam.client.clipboard.EncryptedClipboardConnection
    public byte[] createNewClipboardKey() {
        return this.mAppPolicyEndpoint.createNewClipboardKeyAndIV();
    }

    public void earlyInit() {
        this.mIdentityResolver = this.mIdentityResolverProvider.get();
        this.mPackageManagerPolicyResolver = this.mPackageManagerPolicyResolverProvider.get();
        this.mClientPolicyImpl = this.mClientPolicyImplProvider.get();
        OnlineThreadIdentityOperations onlineThreadIdentityOperations = new OnlineThreadIdentityOperations();
        this.mEnrollmentStatusCache = new MAMEnrollmentStatusCache(this.mContext, this.mMAMLogPIIFactory, onlineThreadIdentityOperations);
        this.mSessionDurationStore = new SessionDurationStore(this.mContext, onlineThreadIdentityOperations);
        this.mLocalSettings = new LocalSettings(this.mContext);
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public SharedPreferences getAppPrivateSharedPreferences(String str) {
        return getRealApplicationContext().getSharedPreferences(str, 0);
    }

    @Override // com.microsoft.intune.mam.client.clipboard.EncryptedClipboardConnection
    public byte[] getCurrentClipboardKey() {
        return this.mAppPolicyEndpoint.getCurrentClipboardKeyAndIV();
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public BundleEncryptionKey getCurrentFileEncryptionKey() throws MAMException {
        try {
            Bundle currentFileEncryptionKey = this.mAppPolicyEndpoint.getCurrentFileEncryptionKey();
            if (currentFileEncryptionKey != null) {
                return new BundleEncryptionKey(currentFileEncryptionKey);
            }
            LOGGER.severe("Unable to get current file encryption key from agent");
            throw new MAMException("Failed to get master file encryption key");
        } catch (MAMKeyRetrievalException e) {
            throw handleMamEncryptionExceptionRethrow(e, Level.SEVERE);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public BundleEncryptionKey getFileEncryptionKey(UUID uuid) throws MAMException {
        if (!this.mClientPolicyImpl.hasAppPolicy()) {
            LOGGER.warning("Cannot retrieve file encryption key because app is not managed.");
            throw new MAMException("Encryption keys only available to managed apps");
        }
        try {
            Bundle fileEncryptionKey = this.mAppPolicyEndpoint.getFileEncryptionKey(uuid);
            if (fileEncryptionKey != null) {
                return new BundleEncryptionKey(fileEncryptionKey);
            }
            String uuid2 = uuid.toString();
            LOGGER.severe("Unable to get file encryption key {0} from agent", uuid2);
            throw new MAMException(String.format("Failed to get master file encryption key with id %s", uuid2));
        } catch (MAMKeyRetrievalException e) {
            throw handleMamEncryptionExceptionRethrow(e, Level.WARNING);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public FileEncryptionKeyLength getFileEncryptionKeyLength(MAMIdentity mAMIdentity) {
        return this.mClientPolicyImpl.getAppPolicy(mAMIdentity).getFileEncryptionKeyLength();
    }

    public FileEncryptionManager getFileEncryptionManager() {
        if (this.mFileEncryptionManager == null) {
            this.mFileEncryptionManager = this.mFileEncryptionManagerProvider.get();
        }
        return this.mFileEncryptionManager;
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public EncryptionRequirement getFileEncryptionRequirement(MAMIdentity mAMIdentity) {
        InternalAppPolicy appPolicy = this.mClientPolicyImpl.getAppPolicy(mAMIdentity);
        return !appPolicy.getRequiresFileEncryption() ? EncryptionRequirement.NONE : appPolicy.getPrivateFilesEncryptionDisabled() ? EncryptionRequirement.PARTIAL : EncryptionRequirement.FULL;
    }

    public boolean getIsSaveToLocationAllowed(Uri uri, InternalAppPolicy internalAppPolicy) {
        if (!uri.getScheme().equals(FirebaseAnalytics.Param.CONTENT) || internalAppPolicy.getAppTransferSharingLevel() == SharingLevel.UNRESTRICTED) {
            return true;
        }
        String authority = uri.getAuthority();
        PackageManagerPolicy createPolicy = this.mPackageManagerPolicyFactory.createPolicy(internalAppPolicy);
        ProviderInfo resolveContentProvider = PackageManagerFactory.createForPolicy(createPolicy, this.mContext.getPackageManager()).resolveContentProvider(authority, 0);
        if (resolveContentProvider == null) {
            return true;
        }
        return createPolicy.isPackageAllowed(resolveContentProvider.packageName, DataSharingAction.TRANSFER_ONLY);
    }

    public boolean getIsSaveToLocationAllowed(SaveLocation saveLocation, String str, InternalAppPolicy internalAppPolicy) {
        if (internalAppPolicy.getIsSaveToPersonalAllowed()) {
            return true;
        }
        MAMIdentity primaryIdentity = getPrimaryIdentity();
        if ((str != null && primaryIdentity != null && !primaryIdentity.equals(this.mMAMIdentityManager.fromString(str))) || SaveLocation.OTHER.equals(saveLocation)) {
            return false;
        }
        if (str != null || SaveLocation.LOCAL.equals(saveLocation) || !MAMInfo.isMultiIdentityEnabled()) {
            return internalAppPolicy.getManagedLocations().isLocationAllowed(saveLocation);
        }
        LOGGER.warning("A multi-identity app is trying to save to a cloud service without an associated username. Refusing save-as.");
        return false;
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper, com.microsoft.intune.mam.policy.MAMUserInfoInternal
    @Nullable
    public MAMIdentity getPrimaryIdentity() {
        return this.mPrimaryUser;
    }

    @Override // com.microsoft.intune.mam.policy.MAMUserInfo
    @Nullable
    public String getPrimaryUser() {
        MAMIdentity mAMIdentity = this.mPrimaryUser;
        if (mAMIdentity == null) {
            return null;
        }
        return mAMIdentity.rawUPN();
    }

    public Context getRealApplicationContext() {
        return this.mContext;
    }

    public void heartbeat() {
        this.mHeartbeatThread.queueHeartbeat();
    }

    public void initialize() {
        this.mNotificationReceiverRegistry.registerReceiver(this.mNotificationReceiver, MAMNotificationType.REFRESH_POLICY);
        try {
            this.mNativeLibs.ensureLoaded();
            earlyInit();
            LOGGER.info("Running on Android API level" + Build.VERSION.SDK_INT);
            LOGGER.info("Running on device " + Build.MANUFACTURER + " " + Build.MODEL);
            try {
                PackageInfo packageInfo = this.mContext.getPackageManager().getPackageInfo(MAMInfo.getPackageName(), 0);
                LOGGER.info("Using agent build " + packageInfo.versionName + " (" + packageInfo.versionCode + ")");
            } catch (PackageManager.NameNotFoundException unused) {
                LOGGER.severe("Unable to determine agent version");
            }
            if (InterfaceVersionUtils.isSDKVersionAvailable(this.mActivityData.getInterfaceVersion())) {
                LOGGER.info("App is using MAM SDK version " + this.mActivityData.getSDKVersion());
            }
            emitApiNecessaryStubs();
            this.mMAMIdentityManager.getAdditionalIdentityData();
            FileIdentityMetadataClient.initialize(this.mAppPolicyEndpoint, this.mClientPolicyImpl, this.mContext);
            this.mFileEncryptionManager = this.mFileEncryptionManagerProvider.get();
            this.mFileProtectionManager = this.mFileProtectionManagerProvider.get();
            this.mPackageManagerPolicyResolver = this.mPackageManagerPolicyResolverProvider.get();
            this.mEnrollmentManagerProvider.get().initialize();
            this.mTelemetryLogger.init();
            this.mSystemServicesProvider.get();
            if (!this.mFileEncryptionManager.initialize()) {
                String format = String.format(Locale.US, "MAM was unable to initialize file encryption with error 0x%x", Long.valueOf(this.mFileEncryptionManager.getHookingErrorCode()));
                if (!DeviceBuildUtils.isDeviceSDKVersionNewerThanHighestSdkTested()) {
                    throw new IllegalStateException(format);
                }
                throw new MAMIllegalStateException(format);
            }
            tryUpdatePolicy(true);
            if (!this.mLocalSettings.getHasNotifiedAgentFirstLaunch()) {
                if (this.mLocalSettings.getAttemptedToNotifyAgentFirstLaunch()) {
                    LOGGER.severe("Re-attempting to call onMAMAppInstall because a previous attempt did not complete");
                } else {
                    LOGGER.info("First launch after package added, calling onMAMAppInstall.");
                    this.mLocalSettings.setAttemptedToNotifyAgentFirstLaunch();
                }
                new Thread(new Runnable() { // from class: com.microsoft.intune.mam.client.ipcclient.-$$Lambda$MAMClientImpl$czpcc6w-b8eHA1PcmPZiP3QqVNY
                    @Override // java.lang.Runnable
                    public final void run() {
                        MAMClientImpl.lambda$initialize$2(MAMClientImpl.this);
                    }
                }).start();
            }
            this.mMAMLogManager.encryptionInitializedFinished(areEncryptionKeysAccessible());
            final Version sDKVersion = InterfaceVersionUtils.isSDKVersionAvailable(this.mActivityData.getInterfaceVersion()) ? this.mActivityData.getSDKVersion() : new Version("1.0.0");
            this.mMainHandler.post(new Runnable() { // from class: com.microsoft.intune.mam.client.ipcclient.MAMClientImpl.1
                FileCacheTelemetryConsumer fileCacheTelemetryLogger;

                {
                    this.fileCacheTelemetryLogger = new FileCacheTelemetryLogger(MAMClientImpl.this.mContext, false, sDKVersion, MAMClientImpl.this.mSessionDurationStore);
                }

                @Override // java.lang.Runnable
                public void run() {
                    Iterator<TelemetryEvent> it = this.fileCacheTelemetryLogger.consumeEvents().iterator();
                    while (it.hasNext()) {
                        MAMClientImpl.this.mTelemetryLogger.logEvent(it.next());
                    }
                }
            });
        } catch (MAMLibraryException e) {
            LOGGER.log(Level.SEVERE, "Unable to load native libraries", (Throwable) e);
            throw e;
        }
    }

    boolean isDeviceCompliant() {
        return this.mAppPolicyEndpoint.isDeviceCompliant();
    }

    public boolean isMDMEnrolled() {
        return this.mPrimaryUserIsMDMUser;
    }

    public boolean isSupportedPolicyVersion(InternalAppPolicy internalAppPolicy) {
        return this.mClientPolicyImpl.isSupportedPolicyVersion(internalAppPolicy);
    }

    int mustCheckPolicies() {
        return this.mAppPolicyEndpoint.mustCheckPolicies(this.mContext.getPackageName(), this.mFirstPolicyCheck);
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.WipeAppDataEndpoint
    public void notifyAppDataWipeStatus(WipeAppDataStatus wipeAppDataStatus) throws MAMException {
        this.mAppPolicyEndpoint.notifyAppDataWipeStatus(this.mContext.getPackageName(), wipeAppDataStatus);
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public BundleEncryptionKey prefetchCurrentFileEncryptionKey() throws MAMException {
        try {
            Bundle prefetchCurrentFileEncryptionKey = this.mAppPolicyEndpoint.prefetchCurrentFileEncryptionKey(this.mContext.getPackageName());
            if (prefetchCurrentFileEncryptionKey == null) {
                return null;
            }
            return new BundleEncryptionKey(prefetchCurrentFileEncryptionKey);
        } catch (MAMKeyRetrievalException e) {
            throw handleMamEncryptionExceptionRethrow(e, Level.SEVERE);
        }
    }

    public void refreshPrimaryUser() {
        synchronized (this.mPrimaryUserLock) {
            PrimaryUserInfo primaryUserInfo = this.mAppPolicyEndpoint.getPrimaryUserInfo(this.mContext.getPackageName());
            this.mPrimaryUser = this.mMAMIdentityManager.create(primaryUserInfo.mEnrolledUser, primaryUserInfo.mEnrolledUserAADId, primaryUserInfo.mEnrolledUserAuthority);
            if (MAMIdentityImpl.isNullOrEmpty(this.mPrimaryUser)) {
                this.mPrimaryUserIsMDMUser = false;
            } else {
                this.mPrimaryUserIsMDMUser = this.mPrimaryUser.equals(this.mMAMIdentityManager.create(primaryUserInfo.mDeviceOwner, primaryUserInfo.mDeviceOwnerAADId, primaryUserInfo.mDeviceOwnerAuthority));
            }
            if (this.mPrimaryUser != null && this.mPrimaryUser.canonicalUPN().isEmpty()) {
                LOGGER.severe("Primary user has empty string UPN. This should not be possible");
            }
        }
    }

    public void tryNotifyADALAuthenticationResult(boolean z) {
        this.mAppPolicyEndpoint.notifyADALAuthenticationStatus(this.mContext.getPackageName(), z);
    }

    @Override // com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper
    public synchronized void tryUpdatePolicy(boolean z) {
        LOGGER.fine("Trying to update MDM policy");
        refreshPrimaryUser();
        if (!z) {
            LOGGER.fine("Refreshing identity data");
            this.mMAMIdentityManager.getAdditionalIdentityData();
        }
        LOGGER.fine("Starting update of app policy");
        Bundle myAppPolicy = this.mAppPolicyEndpoint.getMyAppPolicy(this.mContext.getPackageName(), this.mPolicyUpdateType, this.mActivityData.getInterfaceVersion().getMajor());
        InternalAppPolicy bundleAppPolicy = myAppPolicy == null ? null : new BundleAppPolicy(myAppPolicy);
        LOGGER.info("Received policy " + bundleAppPolicy + " for package " + this.mContext.getPackageName());
        if (this.mPolicyUpdateType != PolicyUpdateType.INITIAL_UPDATE && bundleAppPolicy != null && !isSupportedPolicyVersion(bundleAppPolicy)) {
            LOGGER.warning("The new policy version is incompatible, the app will continue to use the old policy until next application launch (not just activity resume).");
            return;
        }
        this.mClientPolicyImpl.setAppPolicy(bundleAppPolicy);
        if (this.mPolicyUpdateType == PolicyUpdateType.INITIAL_UPDATE) {
            LOGGER.fine("This is the initial policy update");
            this.mPolicyUpdateType = PolicyUpdateType.NOT_INITIAL_UPDATE;
        }
        MAMIdentity primaryIdentity = getPrimaryIdentity();
        if (primaryIdentity != null) {
            this.mPackageManagerPolicyResolver.updatePolicy(primaryIdentity, this.mClientPolicyImpl.getAppPolicy(primaryIdentity));
            if (myAppPolicy != null) {
                this.mFileEncryptionManager.refreshAppEncryption(primaryIdentity);
                MAMIdentityImpl fromString = this.mMAMIdentityManager.fromString(this.mEnrollmentStatusCache.getEnrolledIdentity());
                if (primaryIdentity.equals(fromString)) {
                    this.mEnrollmentStatusCache.setWasManaged();
                } else if (fromString != null) {
                    LOGGER.warning("Policy was received for primary identity {0} which is different from last known MAM-enrolled identity {1}", new Object[]{this.mMAMLogPIIFactory.getPIIUPN(primaryIdentity.rawUPN()), this.mMAMLogPIIFactory.getPIIUPN(fromString)});
                }
                if (!this.mLocalSettings.getIsManaged()) {
                    this.mFileProtectionManager.doInitialProtection();
                }
                this.mLocalSettings.setIsManaged(true);
                restrictScreenshotsInForegroundActivity(primaryIdentity, bundleAppPolicy);
            }
        } else if (myAppPolicy != null) {
            LOGGER.severe("CompanyPortal is reporting policy without an enrolled user. This should not happen.");
        }
        if (myAppPolicy == null) {
            this.mLocalSettings.setIsManaged(false);
            this.mFileEncryptionManager.clearCachedKeys();
        }
    }

    public PINResetReason userRequiresResetPin() {
        PINResetReason userRequiresResetPin = this.mAppPolicyEndpoint.userRequiresResetPin(this.mContext.getPackageName());
        return userRequiresResetPin == null ? PINResetReason.NOT_REQUIRED : userRequiresResetPin;
    }
}
