package com.microsoft.omadm;

import android.content.Context;
import com.microsoft.intune.common.configuration.datacomponent.abstraction.IRemoteConfigRepository;
import com.microsoft.intune.common.enrollment.domain.IEnrollmentSettingsRepository;
import com.microsoft.intune.common.enrollment.domain.IEnrollmentStateRepository;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.utils.SSPUtils;
import com.microsoft.windowsintune.telemetry.state.TelemetryHistory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import org.apache.commons.lang3.time.DateUtils;

/* loaded from: classes2.dex */
public final class EnrollmentRenewal {
    private static final int LOG_ENROLLMENT_RENEWAL_NOT_ATTEMPTED_DAYS = 10;
    private static final Logger LOGGER = Logger.getLogger(EnrollmentRenewal.class.getName());
    private static final long MILLISECONDS_PER_DAY = TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS);

    private EnrollmentRenewal() {
    }

    public static boolean areEnrollmentCertsExpired(IEnrollmentSettingsRepository iEnrollmentSettingsRepository) {
        Date deviceCertificateExpiration = iEnrollmentSettingsRepository.getDeviceCertificateExpiration();
        if (deviceCertificateExpiration == null) {
            return false;
        }
        boolean after = new Date().after(deviceCertificateExpiration);
        Logger logger = LOGGER;
        StringBuilder sb = new StringBuilder();
        sb.append("Enrollment certificates are ");
        sb.append(after ? "expired" : "not expired");
        logger.info(sb.toString());
        return after;
    }

    private static boolean needStorageDowngrade(Context context, CertificateKeyStore certificateKeyStore) {
        if (certificateKeyStore.isUseOfAndroidKeyStoreEnabled() || !certificateKeyStore.isAndroidStore()) {
            return false;
        }
        if (certificateKeyStore.hasEnrollmentCertificate()) {
            LOGGER.fine("Requesting key store downgrade. Android key store usage should be disabled but is already in use.");
            return true;
        }
        LOGGER.warning("Key store downgrade is needed but is skipped since the enrollment certificate is not found or is not accessible.");
        return false;
    }

    private static boolean needStorageUpgrade(Context context, CertificateKeyStore certificateKeyStore) {
        if (!certificateKeyStore.isUseOfAndroidKeyStoreEnabled()) {
            LOGGER.fine("Skipping key store upgrade. Usage of Android key store is disabled.");
            return false;
        }
        if (certificateKeyStore.isAndroidStore()) {
            LOGGER.fine("Skipping key store upgrade. Already using Android key store.");
            return false;
        }
        try {
            KeyStore.getInstance(CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            return true;
        } catch (KeyStoreException unused) {
            LOGGER.fine("Skipping key store upgrade. Cannot use Android key store.");
            return false;
        }
    }

    public static void renewIfNeeded(Context context, IEnrollmentSettingsRepository iEnrollmentSettingsRepository, CertificateKeyStore certificateKeyStore, IEnrollmentStateRepository iEnrollmentStateRepository, IRemoteConfigRepository iRemoteConfigRepository) {
        boolean withinRenewalWindow = withinRenewalWindow(iEnrollmentSettingsRepository, iEnrollmentStateRepository);
        boolean areEnrollmentCertsExpired = areEnrollmentCertsExpired(iEnrollmentSettingsRepository);
        if (withinRenewalWindow) {
            LOGGER.info("Enrollment certificate requires renewal and is within the renewal window, starting enrollment renewal service.");
            sendRenewalWindowTelemetry();
            SSPUtils.renewEnrollmentCertificate();
            Services.get().getEnrollmentTelemetry().logEnrollmentRenewalBroadcastSent();
            return;
        }
        if (needStorageDowngrade(context, certificateKeyStore)) {
            LOGGER.info("Starting enrollment renewal service for key store downgrade.");
            SSPUtils.renewEnrollmentCertificate();
            Services.get().getEnrollmentTelemetry().logEnrollmentRenewalBroadcastSent();
        } else if (needStorageUpgrade(context, certificateKeyStore)) {
            LOGGER.info("Starting enrollment key store upgrade.");
            SSPUtils.upgradeEnrollmentCertificateStorage();
        } else {
            if (!areEnrollmentCertsExpired || !iRemoteConfigRepository.shouldRenewExpiredCert()) {
                LOGGER.info("Enrollment Cert Renewal not needed.");
                return;
            }
            LOGGER.info("Cert is expired but renewal with expired cert is turned on. Renewing...");
            SSPUtils.renewEnrollmentCertificate();
            Services.get().getEnrollmentTelemetry().logEnrollmentRenewalBroadcastSent();
        }
    }

    public static void renewNow() {
        LOGGER.info("Enrollment renewal now triggered. Renewing...");
        SSPUtils.renewEnrollmentCertificate();
    }

    private static void sendRenewalWindowTelemetry() {
        Services.get().getEnrollmentTelemetry().logEnrollmentCertWithinRenewalWindow();
        Date date = new Date();
        Date date2 = Services.get().getTelemetryHistory().getDate(TelemetryHistory.ENROLLMENT_CERT_WITHIN_RENEWAL_WINDOW_FIRST_DETECTED, null);
        if (date2 == null) {
            Services.get().getEnrollmentTelemetry().setEnrollmentRenewalFirstWindowDetected(date);
        } else if (date.after(DateUtils.addDays(date2, 10))) {
            LOGGER.info(MessageFormat.format("Enrollment cert has not been renewed for more than 10 days. We detected the device has been in the window since {0}", date2.toString()));
            Services.get().getEnrollmentTelemetry().logEnrollmentRenewalNotAttemptedIn10Days();
        }
    }

    private static boolean withinRenewalWindow(IEnrollmentSettingsRepository iEnrollmentSettingsRepository, IEnrollmentStateRepository iEnrollmentStateRepository) {
        if (!iEnrollmentStateRepository.getCurrentState().blockingFirst().isEnrolled()) {
            LOGGER.info("Skipping enrollment renewal. Device is not enrolled.");
            return false;
        }
        if (areEnrollmentCertsExpired(iEnrollmentSettingsRepository)) {
            LOGGER.info("Skipping enrollment renewal. Certificates are expired.");
            return false;
        }
        long renewalPeriod = iEnrollmentSettingsRepository.getRenewalPeriod();
        Date deviceCertificateExpiration = iEnrollmentSettingsRepository.getDeviceCertificateExpiration();
        if (renewalPeriod == 0 || deviceCertificateExpiration == null) {
            LOGGER.info("Skipping enrollment renewal. Invalid renewal window or certificate expiration dates.");
            return false;
        }
        return Services.get().getNtpTimeClient().tryGetCurrentDate().after(new Date(deviceCertificateExpiration.getTime() - (renewalPeriod * MILLISECONDS_PER_DAY)));
    }
}
