package com.microsoft.workaccount.workplacejoin.core;

import android.app.Activity;
import android.app.AlertDialog;
import android.app.admin.DevicePolicyManager;
import android.app.enterprise.EnterpriseDeviceManager;
import android.app.enterprise.SecurityPolicy;
import android.app.enterprise.license.EnterpriseLicenseManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.IntentFilter;
import android.preference.PreferenceManager;
import android.text.TextUtils;
import android.widget.Toast;
import com.microsoft.omadm.platforms.safe.SafeMDMLicense;
import com.microsoft.omadm.utils.PackageUtils;
import com.microsoft.workaccount.R;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.WorkPlaceJoinSettings;
import com.microsoft.workaccount.workplacejoin.core.JoinActivity;
import com.sec.enterprise.knox.EnterpriseKnoxManager;
import com.sec.enterprise.knox.certificate.CertificatePolicy;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import org.spongycastle.asn1.cmp.PKIFailureInfo;

/* loaded from: classes.dex */
public class SamsungDeviceControlledAPI implements IDeviceControlledAPI {
    public static final String PREF_KEY_ELM_ACTIVATED = "ELM Activated";
    private static final int SECURE_PORT = 443;
    private static final String TAG = SamsungDeviceControlledAPI.class.getSimpleName() + "#";
    private DevicePolicyManager mDPM = null;
    private ComponentName mWPJComp = null;
    private SamsungBroadcastReceiver samsungBroadcastReceiver = null;

    private void activateAdminComponent(Context context) {
        if (this.mDPM == null) {
            this.mDPM = (DevicePolicyManager) context.getSystemService("device_policy");
        }
        if (this.mWPJComp == null) {
            if (WorkPlaceJoinSettings.INSTANCE.getAdminReceiverExt() == null) {
                Logger.i(TAG + "activateAdminComponent", "SamsungDeviceControlledAPI : admin listener is not set");
                this.mWPJComp = new ComponentName(context, (Class<?>) WPJAdminReceiver.class);
            } else {
                Logger.i(TAG + "activateAdminComponent", "SamsungDeviceControlledAPI : admin listener is set externally");
                this.mWPJComp = WorkPlaceJoinSettings.INSTANCE.getAdminReceiverExt();
            }
        }
    }

    private boolean addPermissionApplicationPrivateKey(CertificatePolicy certificatePolicy, Object obj) {
        boolean z = false;
        if (obj == null || certificatePolicy == null) {
            return false;
        }
        try {
            z = ((Boolean) certificatePolicy.getClass().getDeclaredMethod("addPermissionApplicationPrivateKey", obj.getClass()).invoke(certificatePolicy, obj)).booleanValue();
            Logger.v(TAG + "addPermissionApplicationPrivateKey", "addPermissionApplicationPrivateKey result: " + z);
            return z;
        } catch (IllegalAccessException e) {
            Logger.w(TAG + "addPermissionApplicationPrivateKey", "addPermissionApplicationPrivateKey is not accessible" + e, WorkplaceJoinFailure.SAMSUNG);
            return z;
        } catch (IllegalArgumentException e2) {
            Logger.w(TAG + "addPermissionApplicationPrivateKey", "addPermissionApplicationPrivateKey's arguments are different" + e2, WorkplaceJoinFailure.SAMSUNG);
            return z;
        } catch (NoSuchMethodException e3) {
            Logger.w(TAG + "addPermissionApplicationPrivateKey", "addPermissionApplicationPrivateKey does not exist" + e3, WorkplaceJoinFailure.SAMSUNG);
            return z;
        } catch (SecurityException e4) {
            Logger.w(TAG + "addPermissionApplicationPrivateKey", "SecurityException: " + e4, WorkplaceJoinFailure.SAMSUNG);
            return z;
        } catch (InvocationTargetException e5) {
            Logger.w(TAG + "addPermissionApplicationPrivateKey", "Error in invoking addPermissionApplicationPrivateKey method" + e5, WorkplaceJoinFailure.SAMSUNG);
            return z;
        }
    }

    private void checkAlert(Activity activity) {
        AlertDialog.Builder builder = new AlertDialog.Builder(activity);
        builder.setTitle(activity.getResources().getString(R.string.cert_init_dialog_title));
        builder.setMessage(activity.getResources().getString(R.string.cert_store_init_msg_for_screen_lock));
        builder.setNeutralButton("OK", new DialogInterface.OnClickListener() { // from class: com.microsoft.workaccount.workplacejoin.core.SamsungDeviceControlledAPI.1
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                SamsungDeviceControlledAPI.this.mDPM.lockNow();
            }
        });
        builder.setCancelable(false);
        builder.show();
    }

    public static boolean checkSupportedSamsungVersion(Context context) {
        boolean z = false;
        EnterpriseDeviceManager enterpriseDeviceManager = (EnterpriseDeviceManager) context.getSystemService("enterprise_policy");
        EnterpriseKnoxManager enterpriseKnoxManager = (EnterpriseKnoxManager) context.getSystemService("knox_enterprise_policy");
        if (enterpriseDeviceManager != null) {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : edm not null");
            EnterpriseDeviceManager.EnterpriseSdkVersion enterpriseSdkVer = enterpriseDeviceManager.getEnterpriseSdkVer();
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : EnterpriseSdkVersion = " + enterpriseSdkVer.toString());
            if (enterpriseSdkVer.compareTo(EnterpriseDeviceManager.EnterpriseSdkVersion.ENTERPRISE_SDK_VERSION_2) != 0 && enterpriseSdkVer.compareTo(EnterpriseDeviceManager.EnterpriseSdkVersion.ENTERPRISE_SDK_VERSION_2_1) != 0 && enterpriseSdkVer.compareTo(EnterpriseDeviceManager.EnterpriseSdkVersion.ENTERPRISE_SDK_VERSION_2_2) != 0 && enterpriseSdkVer.compareTo(EnterpriseDeviceManager.EnterpriseSdkVersion.ENTERPRISE_SDK_VERSION_3) != 0 && enterpriseSdkVer.compareTo(EnterpriseDeviceManager.EnterpriseSdkVersion.ENTERPRISE_SDK_VERSION_4) >= 0) {
                z = true;
            }
        } else {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : edm is null, not able to check version");
        }
        if (enterpriseKnoxManager != null) {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : ekm not null");
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : EnterpriseKnoxSdkVersion = " + enterpriseKnoxManager.getVersion().toString());
        } else {
            Logger.d(TAG + "checkSupportedSamsungVersion", "SamsungDeviceControlledAPI : ekm is null, not able to check version");
        }
        return z;
    }

    private Object getPermissionAppPrivateKey(String str, String str2, int i, String str3) {
        try {
            Constructor<?> constructor = Class.forName("com.sec.enterprise.knox.certificate.PermissionApplicationPrivateKey").getConstructor(String.class, String.class, Integer.TYPE, String.class);
            constructor.setAccessible(true);
            return constructor.newInstance(str, str2, Integer.valueOf(i), str3);
        } catch (ClassNotFoundException e) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "PermissionApplicationPrivateKey.class is not available", WorkplaceJoinFailure.SAMSUNG);
            return null;
        } catch (IllegalAccessException e2) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "PermissionApplicationPrivateKey.class is not accessible", WorkplaceJoinFailure.SAMSUNG);
            return null;
        } catch (IllegalArgumentException e3) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "PermissionApplicationPrivateKey argument is invalid", WorkplaceJoinFailure.SAMSUNG);
            return null;
        } catch (InstantiationException e4) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "PermissionApplicationPrivateKey is not instantiated", WorkplaceJoinFailure.SAMSUNG);
            return null;
        } catch (NoSuchMethodException e5) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "PermissionApplicationPrivateKey's constructor is different", WorkplaceJoinFailure.SAMSUNG);
            return null;
        } catch (InvocationTargetException e6) {
            Logger.w(TAG + "getPermissionAppPrivateKey", "Exception invoking PermissionApplicationPrivateKey.class", WorkplaceJoinFailure.SAMSUNG);
            return null;
        }
    }

    private boolean installCertInternal(Activity activity, byte[] bArr, String str) {
        boolean installCertificate;
        try {
            EnterpriseDeviceManager enterpriseDeviceManager = (EnterpriseDeviceManager) activity.getSystemService("enterprise_policy");
            if (enterpriseDeviceManager == null) {
                Logger.w(TAG + "installCertInternal", "EDM is null, not a KNOX enabled device", WorkplaceJoinFailure.SAMSUNG);
                return false;
            }
            Logger.i(TAG + "installCertInternal", "EDM is not null. Getting security policy.");
            EnterpriseDeviceManager.EnterpriseSdkVersion enterpriseSdkVer = enterpriseDeviceManager.getEnterpriseSdkVer();
            Logger.i(TAG + "installCertInternal", "EnterpriseSdkVersion = " + enterpriseSdkVer.toString());
            SecurityPolicy securityPolicy = enterpriseDeviceManager.getSecurityPolicy();
            if (3 == securityPolicy.getCredentialStorageStatus()) {
                Logger.e(TAG + "installCertInternal", "KeyStore is uninitialized", WorkplaceJoinFailure.INTERNAL);
                Toast.makeText(activity, "Please Lock and Unlock the device to initialize the KeyStore", 1).show();
                return false;
            }
            if (1 != securityPolicy.getCredentialStorageStatus()) {
                Logger.e(TAG + "installCertInternal", "KeyStore has an error:" + securityPolicy.getCredentialStorageStatus(), WorkplaceJoinFailure.INTERNAL);
                Toast.makeText(activity, "Keystore Error: " + securityPolicy.getCredentialStorageStatus(), 0).show();
                return false;
            }
            uninstallCert(activity);
            if (isKnoxVersion50Plus(enterpriseSdkVer)) {
                Logger.i(TAG + "installCertInternal", "Installing certificate through KNOX with keystore api");
                installCertificate = securityPolicy.installCertificateToKeystore("PKCS12", bArr, PKCS12CertGenerator.getCertName(), str, 4);
            } else {
                Logger.i(TAG + "installCertInternal", "Installing certificate through KNOX with old api");
                installCertificate = securityPolicy.installCertificate("PKCS12", bArr, PKCS12CertGenerator.getCertName(), str);
            }
            if (!installCertificate) {
                Logger.w(TAG + "installCertInternal", "Result failure while installing certificate", WorkplaceJoinFailure.CERTIFICATE);
                return false;
            }
            Logger.i(TAG + "installCertInternal", "Certificate installed successfully!!");
            if (activity instanceof JoinActivity) {
                ((JoinActivity) activity).onActivityResult(3, -1, null);
            } else {
                ((InstallCertActivity) activity).onActivityResult(3, -1, null);
            }
            return true;
        } catch (Exception e) {
            Logger.w(TAG + "installCertInternal", "Samsung API failure. Exception: " + e.getMessage(), WorkplaceJoinFailure.CERTIFICATE);
            return false;
        }
    }

    private boolean isKeystoreInitialized(Context context) {
        EnterpriseDeviceManager enterpriseDeviceManager = (EnterpriseDeviceManager) context.getSystemService("enterprise_policy");
        if (enterpriseDeviceManager == null) {
            Logger.w(TAG + "isKeystoreInitialized", "SamsungDeviceControlledAPI : EDM is null, seems like Samsung safe API is not supported", WorkplaceJoinFailure.SAMSUNG);
            return true;
        }
        SecurityPolicy securityPolicy = enterpriseDeviceManager.getSecurityPolicy();
        if (3 == securityPolicy.getCredentialStorageStatus()) {
            Logger.w(TAG + "isKeystoreInitialized", "Keystore not initialized", WorkplaceJoinFailure.SAMSUNG);
            return false;
        }
        if (1 != securityPolicy.getCredentialStorageStatus()) {
            Logger.d(TAG + "isKeystoreInitialized", "Keystore Error");
            return false;
        }
        Logger.d(TAG + "isKeystoreInitialized", "Keystore initialized");
        return true;
    }

    private boolean isKnoxVersion50Plus(EnterpriseDeviceManager.EnterpriseSdkVersion enterpriseSdkVersion) {
        switch (enterpriseSdkVersion) {
            case ENTERPRISE_SDK_VERSION_2:
            case ENTERPRISE_SDK_VERSION_2_1:
            case ENTERPRISE_SDK_VERSION_2_2:
            case ENTERPRISE_SDK_VERSION_3:
            case ENTERPRISE_SDK_VERSION_4:
            case ENTERPRISE_SDK_VERSION_4_0_1:
            case ENTERPRISE_SDK_VERSION_4_1:
                return false;
            default:
                return true;
        }
    }

    private void preventBrowserPrompt(Context context) {
        if (WorkplaceJoinApplication.mDRSMetadata == null) {
            Logger.w(TAG + "preventBrowserPrompt", "DRS metadata is null", WorkplaceJoinFailure.SAMSUNG);
            return;
        }
        String identityProviderAuthUrl = WorkplaceJoinApplication.mDRSMetadata.getIdentityProviderAuthUrl();
        try {
            URL url = new URL(identityProviderAuthUrl);
            preventBrowserPromptForPackage(context, PackageUtils.CHROME, url.getHost());
            preventBrowserPromptForPackage(context, "com.google.android.browser", url.getHost());
        } catch (MalformedURLException e) {
            Logger.w(TAG + "preventBrowserPrompt", "MalformedURLException for url:" + identityProviderAuthUrl, WorkplaceJoinFailure.SAMSUNG);
        }
    }

    private void preventBrowserPromptForPackage(Context context, String str, String str2) {
        Logger.v(TAG + "preventBrowserPromptForPackage", "Asking to prevent prompt for " + str + " host:" + str2);
        Object permissionAppPrivateKey = getPermissionAppPrivateKey(str, str2, SECURE_PORT, PKCS12CertGenerator.getCertName());
        if (permissionAppPrivateKey != null) {
            Logger.v(TAG + "preventBrowserPromptForPackage", "It has permission app private key. Package:" + str + " host:" + str2);
            addPermissionApplicationPrivateKey(CertificatePolicy.getInstance(context), permissionAppPrivateKey);
        }
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean activateAdmin(Activity activity) {
        activateAdminComponent(activity);
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : activate admin called");
        if (isActiveAdmin(activity)) {
            Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : admin is active");
            return true;
        }
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : about to activate admin");
        Intent intent = new Intent("android.app.action.ADD_DEVICE_ADMIN");
        intent.putExtra("android.app.extra.DEVICE_ADMIN", this.mWPJComp);
        intent.putExtra("android.app.extra.ADD_EXPLANATION", activity.getResources().getString(R.string.activating_admin));
        Logger.i(TAG + "activateAdmin", "SamsungDeviceControlledAPI : sending intent for activate admin ");
        activity.startActivityForResult(intent, WorkplaceJoinApplication.ADMIN_ACTIVATION_REQUEST);
        return false;
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void activateLicense(Context context, JoinActivity.OnLicenseActivatedListener onLicenseActivatedListener) {
        String string = PreferenceManager.getDefaultSharedPreferences(context).getString(PREF_KEY_ELM_ACTIVATED, "");
        Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Activate status:" + string);
        if (!TextUtils.isEmpty(string)) {
            Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Licence is active:" + string);
            onLicenseActivatedListener.onLicenseActivatedHandler(true);
            return;
        }
        EnterpriseLicenseManager enterpriseLicenseManager = EnterpriseLicenseManager.getInstance(context);
        Logger.i(TAG + "activateLicense", "SamsungDeviceControlledAPI : Register receiver");
        this.samsungBroadcastReceiver = new SamsungBroadcastReceiver(onLicenseActivatedListener);
        context.registerReceiver(this.samsungBroadcastReceiver, new IntentFilter(SafeMDMLicense.STATUS_ACTION));
        enterpriseLicenseManager.activateLicense(JoinInfo.INSTANCE.fTEgertFRGRGRe());
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void installCert(Activity activity, CertificateData certificateData, String str) {
        if (installCertInternal(activity, certificateData.getPKCS12Cert(), str)) {
            Logger.v(TAG + "installCert", "Samsung install cert is successfull. It will try to add permission to prevent chrome prompt");
            preventBrowserPrompt(activity);
        } else {
            Logger.v(TAG + "installCert", "Use default certificate Installer");
            WorkplaceJoinService.installPKCS12CertDefault(activity, certificateData, str);
        }
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean isActiveAdmin(Context context) {
        activateAdminComponent(context);
        Logger.i(TAG + "isActiveAdmin", "admin: " + this.mDPM.isAdminActive(this.mWPJComp));
        return this.mDPM.isAdminActive(this.mWPJComp);
    }

    public boolean setPasswordQuality(Activity activity) {
        if (!isActiveAdmin(activity)) {
            return false;
        }
        this.mDPM.getPasswordQuality(this.mWPJComp);
        if (this.mDPM.getPasswordQuality(this.mWPJComp) == 0) {
            this.mDPM.setPasswordQuality(this.mWPJComp, PKIFailureInfo.notAuthorized);
        }
        if (!this.mDPM.isActivePasswordSufficient()) {
            activity.startActivityForResult(new Intent("android.app.action.SET_NEW_PASSWORD"), WorkplaceJoinApplication.REQUEST_PASSWORD);
            return true;
        }
        if (isKeystoreInitialized(activity)) {
            return false;
        }
        checkAlert(activity);
        return false;
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public boolean uninstallCert(Context context) {
        EnterpriseDeviceManager enterpriseDeviceManager = (EnterpriseDeviceManager) context.getSystemService("enterprise_policy");
        if (enterpriseDeviceManager == null) {
            Logger.w(TAG + "uninstallCert", "EDM is null, not a KNOX enabled device", WorkplaceJoinFailure.CERTIFICATE);
            Toast.makeText(context, " Certificate uninstall fail \nRemove the certificate using Clear Credentials from Security Setting", 0).show();
            return false;
        }
        try {
            boolean removeCertificate = enterpriseDeviceManager.getSecurityPolicy().removeCertificate(PKCS12CertGenerator.getCertName(), DeviceControlledAPI.USER_CERTIFICATE);
            if (removeCertificate) {
                Logger.v(TAG + "uninstallCert", "Certificate named '" + PKCS12CertGenerator.getCertName() + "' removal succeeded.");
            } else {
                Logger.w(TAG + "uninstallCert", "Certificate named '" + PKCS12CertGenerator.getCertName() + "' removal failed.", WorkplaceJoinFailure.CERTIFICATE);
            }
            return removeCertificate;
        } catch (Exception e) {
            Logger.e(TAG + "uninstallCert", "Cert uninstall failed with exception", WorkplaceJoinFailure.CERTIFICATE, e);
            return false;
        }
    }

    @Override // com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI
    public void unregisterLicenseListener(Context context) {
        if (this.samsungBroadcastReceiver != null) {
            Logger.i(TAG + "unregisterLicenseListener", "Unregistering license listener");
            context.unregisterReceiver(this.samsungBroadcastReceiver);
            this.samsungBroadcastReceiver = null;
        }
    }
}
