package com.microsoft.omadm.logging.telemetry;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.keystore.KeyInfo;
import androidx.core.app.NotificationManagerCompat;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentStateSettings;
import com.microsoft.intune.telemetry.abstraction.ITelemetryEventBroadcaster;
import com.microsoft.intune.telemetry.domain.ITelemetrySessionTracker;
import com.microsoft.omadm.OMADMSettings;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.logging.telemetry.events.DeviceInformationEvent;
import com.microsoft.omadm.logging.telemetry.events.EncryptionStateEvent;
import com.microsoft.omadm.logging.telemetry.events.NotificationStatusEvent;
import com.microsoft.omadm.logging.telemetry.events.OriginStateEvent;
import com.microsoft.omadm.logging.telemetry.events.SecureHardwareAvailabilityEvent;
import com.microsoft.omadm.logging.telemetry.events.SecureHardwareClearedEvent;
import com.microsoft.omadm.logging.telemetry.events.SecureHardwareFailureEvent;
import com.microsoft.omadm.origindetection.DeviceOrigin;
import com.microsoft.omadm.platforms.IPolicyManager;
import com.microsoft.omadm.utils.CertUtils;
import com.microsoft.omadm.utils.DeviceInfo;
import com.microsoft.windowsintune.telemetry.CompanyPortalInfoEventType;
import com.microsoft.windowsintune.telemetry.state.TelemetryHistory;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class ConditionalTelemetry {
    static final String DEVICE_ENCRYPTION_STATUS_UPDATE = "Device_Encryption_Status_Update";
    static final String DEVICE_INFORMATION_TELEMETRY_SENT = "DeviceInformationTelemetrySent";
    private static final String ENROLLMENT_TELEMETRY_KEY_ALIAS = "EnrollmentTelemetryKey";
    protected static final int INVALID_ENCRYPTION_STATUS = -1;
    private static final Logger LOGGER = Logger.getLogger(ConditionalTelemetry.class.getName());
    static final String NOTIFICATION_STATUS_ARE_NOTIFICATIONS_ENABLED = "AreNotificationsEnabled";
    static final String SECURE_HARDWARE_AVAILABILITY = "SecureHardwareAvailability";
    private static final String SECURE_HARDWARE_CERT_ADDED = "SecureHardwareCertAdded";
    private static final String SECURE_HARDWARE_NOT_FOUND_REASON = "SecureHardwareCertNotFoundReason";
    private final ITelemetryEventBroadcaster broadcaster;
    private final CertificateKeyStore certificateKeyStore;
    private final Context context;
    private final DeviceOrigin deviceOrigin;
    private final EnrollmentSettings enrollmentSettings;
    private final EnrollmentStateSettings enrollmentStateSettings;
    private final OMADMSettings omadmSettings;
    private final IPolicyManager policyManager;
    private final ITelemetrySessionTracker sessionTracker;
    private final TelemetryHistory telemetryHistory;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public enum IsHardwareSecure {
        EnrollmentCertificateNotFoundInFileStore,
        LoadAndroidKeyStoreFailed,
        ImportCertificateFailed,
        AlgorithmIsNotBound,
        KeyFactoryNotCreated,
        InvalidKeySpec,
        KeyRetrievalException,
        KeyNotRetrieved,
        KeyIsNotInSecureHardware,
        AlgorithmIsBound,
        KeyIsInSecureHardware
    }

    public ConditionalTelemetry(Context context, IPolicyManager iPolicyManager, TelemetryHistory telemetryHistory, EnrollmentSettings enrollmentSettings, EnrollmentStateSettings enrollmentStateSettings, OMADMSettings oMADMSettings, ITelemetryEventBroadcaster iTelemetryEventBroadcaster, ITelemetrySessionTracker iTelemetrySessionTracker, CertificateKeyStore certificateKeyStore, DeviceOrigin deviceOrigin) {
        this.context = context;
        this.policyManager = iPolicyManager;
        this.telemetryHistory = telemetryHistory;
        this.enrollmentSettings = enrollmentSettings;
        this.enrollmentStateSettings = enrollmentStateSettings;
        this.omadmSettings = oMADMSettings;
        this.broadcaster = iTelemetryEventBroadcaster;
        this.sessionTracker = iTelemetrySessionTracker;
        this.certificateKeyStore = certificateKeyStore;
        this.deviceOrigin = deviceOrigin;
    }

    private static KeyStore loadKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
            return null;
        }
    }

    private boolean storeKeyInAndroidKeyStore() {
        if (canEnrollmentKeyBeRetrieved(false)) {
            this.telemetryHistory.setCanKeyBeRetrievedFromKeystore(true);
            return true;
        }
        if (!this.enrollmentStateSettings.getCurrentState().isEnrolled()) {
            return false;
        }
        try {
            X509Certificate enrollmentCertificate = this.certificateKeyStore.getEnrollmentCertificate();
            RSAPrivateKey enrollmentPrivateKey = this.certificateKeyStore.getEnrollmentPrivateKey();
            KeyStore loadKeyStore = loadKeyStore();
            if (loadKeyStore == null) {
                updateSecureHardwareState(IsHardwareSecure.LoadAndroidKeyStoreFailed);
                return false;
            }
            try {
                loadKeyStore.setKeyEntry(ENROLLMENT_TELEMETRY_KEY_ALIAS, enrollmentPrivateKey, null, new Certificate[]{enrollmentCertificate});
                boolean canEnrollmentKeyBeRetrieved = canEnrollmentKeyBeRetrieved(false);
                this.telemetryHistory.setCanKeyBeRetrievedFromKeystore(canEnrollmentKeyBeRetrieved);
                this.broadcaster.sendEvent(new SecureHardwareAvailabilityEvent(Boolean.toString(canEnrollmentKeyBeRetrieved), SECURE_HARDWARE_CERT_ADDED, this.sessionTracker.getSessionGuid()));
                return true;
            } catch (KeyStoreException e) {
                LOGGER.log(Level.WARNING, "Import Enrollment Certifificate failed.", (Throwable) e);
                updateSecureHardwareState(IsHardwareSecure.ImportCertificateFailed);
                return false;
            }
        } catch (OMADMException e2) {
            LOGGER.log(Level.WARNING, "Enrollment cert not found.", (Throwable) e2);
            updateSecureHardwareState(IsHardwareSecure.EnrollmentCertificateNotFoundInFileStore);
            return false;
        }
    }

    private void updateSecureHardwareState(IsHardwareSecure isHardwareSecure) {
        String isHardwareSecure2 = isHardwareSecure.toString();
        if (this.telemetryHistory.isInfoEventLogged(CompanyPortalInfoEventType.SecureHardware, SECURE_HARDWARE_AVAILABILITY, isHardwareSecure2)) {
            return;
        }
        LOGGER.info("Update secure hardware state: " + isHardwareSecure2);
        this.broadcaster.sendEvent(new SecureHardwareAvailabilityEvent(isHardwareSecure.toString(), SECURE_HARDWARE_AVAILABILITY, this.sessionTracker.getSessionGuid()));
    }

    public boolean canEnrollmentKeyBeRetrieved(boolean z) {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore == null) {
            if (z) {
                this.broadcaster.sendEvent(new SecureHardwareFailureEvent(SECURE_HARDWARE_NOT_FOUND_REASON, null, "LoadKeyStoreFailed", this.sessionTracker.getSessionGuid()));
            }
            return false;
        }
        try {
            PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(ENROLLMENT_TELEMETRY_KEY_ALIAS, null);
            if (privateKey != null) {
                if (Build.VERSION.SDK_INT >= 23) {
                    KeyFactory.getInstance(privateKey.getAlgorithm(), CertificateKeyStore.ANDROID_KEYSTORE_NAME).getKeySpec(privateKey, KeyInfo.class);
                }
                return true;
            }
            if (z) {
                this.broadcaster.sendEvent(new SecureHardwareFailureEvent(SECURE_HARDWARE_NOT_FOUND_REASON, null, "KeyNotRetrieved", this.sessionTracker.getSessionGuid()));
            }
            return false;
        } catch (Throwable th) {
            LOGGER.log(Level.WARNING, "Enrollment key is not retrieved.", th);
            if (z) {
                this.broadcaster.sendEvent(new SecureHardwareFailureEvent(SECURE_HARDWARE_NOT_FOUND_REASON, th, th.getClass().getSimpleName(), this.sessionTracker.getSessionGuid()));
            }
            return false;
        }
    }

    public void logSecureHardwareCleared(String str) {
        this.broadcaster.sendEvent(new SecureHardwareClearedEvent(str, this.sessionTracker.getSessionGuid()));
    }

    protected void sendDeviceInformation() {
        String deviceSecurityPatchLevel = DeviceInfo.getDeviceSecurityPatchLevel();
        if (StringUtils.isBlank(deviceSecurityPatchLevel) || this.telemetryHistory.isInfoEventLogged(CompanyPortalInfoEventType.DeviceInformation, DEVICE_INFORMATION_TELEMETRY_SENT, deviceSecurityPatchLevel)) {
            return;
        }
        this.broadcaster.sendEvent(new DeviceInformationEvent(deviceSecurityPatchLevel, this.sessionTracker.getSessionGuid()));
        this.telemetryHistory.saveLoggedInfoEvent(CompanyPortalInfoEventType.DeviceInformation, DEVICE_INFORMATION_TELEMETRY_SENT, deviceSecurityPatchLevel);
    }

    protected void sendEncryptionState() {
        IPolicyManager iPolicyManager = this.policyManager;
        if (iPolicyManager == null || !iPolicyManager.isEnabled()) {
            return;
        }
        int i = -1;
        try {
            i = this.policyManager.getStorageEncryptionStatus();
        } catch (OMADMException e) {
            LOGGER.log(Level.WARNING, "Failed to retried internal encryption state", (Throwable) e);
        }
        if (this.telemetryHistory.isInfoEventLogged(CompanyPortalInfoEventType.EncryptionStatus, DEVICE_ENCRYPTION_STATUS_UPDATE, Integer.toString(i))) {
            return;
        }
        this.broadcaster.sendEvent(new EncryptionStateEvent(i, this.sessionTracker.getSessionGuid()));
    }

    protected void sendNotificationStatus() {
        boolean areNotificationsEnabled = NotificationManagerCompat.from(this.context).areNotificationsEnabled();
        if (this.telemetryHistory.isInfoEventLogged(CompanyPortalInfoEventType.NotificationStatus, NOTIFICATION_STATUS_ARE_NOTIFICATIONS_ENABLED, Boolean.toString(areNotificationsEnabled))) {
            return;
        }
        this.broadcaster.sendEvent(new NotificationStatusEvent(areNotificationsEnabled, this.sessionTracker.getSessionGuid()));
    }

    protected void sendOriginState() {
        int originState = this.deviceOrigin.getOriginState();
        if (this.telemetryHistory.isInfoEventLogged(CompanyPortalInfoEventType.OriginState, null, Integer.toString(originState))) {
            return;
        }
        this.broadcaster.sendEvent(new OriginStateEvent(originState, this.sessionTracker.getSessionGuid()));
    }

    protected void sendSecureHardwareStatus() {
        if (!this.omadmSettings.getBoolean(OMADMSettings.HAS_USER_BEEN_PRESENT_SINCE_REBOOT, false)) {
            if (!CertUtils.isKeyChainUnlocked(this.context)) {
                LOGGER.info("Skipping secure hardware telemetry. User has not unlocked device since boot.");
                return;
            }
            this.omadmSettings.setBoolean(OMADMSettings.HAS_USER_BEEN_PRESENT_SINCE_REBOOT, true);
        }
        if (this.telemetryHistory.getCanKeyBeRetrievedFromKeystore() && !canEnrollmentKeyBeRetrieved(true)) {
            LOGGER.info("The Enrollment Key was marked as retrievable but we did not find it.");
            this.telemetryHistory.setCanKeyBeRetrievedFromKeystore(false);
            logSecureHardwareCleared("ConditionalTelemetry2");
        }
        if (storeKeyInAndroidKeyStore()) {
            if (Build.VERSION.SDK_INT <= 22) {
                if (KeyChain.isBoundKeyAlgorithm("RSA")) {
                    updateSecureHardwareState(IsHardwareSecure.AlgorithmIsBound);
                    return;
                } else {
                    updateSecureHardwareState(IsHardwareSecure.AlgorithmIsNotBound);
                    return;
                }
            }
            if (Build.VERSION.SDK_INT >= 23) {
                KeyStore loadKeyStore = loadKeyStore();
                if (loadKeyStore == null) {
                    updateSecureHardwareState(IsHardwareSecure.LoadAndroidKeyStoreFailed);
                    return;
                }
                try {
                    PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(ENROLLMENT_TELEMETRY_KEY_ALIAS, null);
                    if (privateKey == null) {
                        updateSecureHardwareState(IsHardwareSecure.KeyNotRetrieved);
                        return;
                    }
                    try {
                        try {
                            KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), CertificateKeyStore.ANDROID_KEYSTORE_NAME).getKeySpec(privateKey, KeyInfo.class);
                            if (keyInfo == null || !keyInfo.isInsideSecureHardware()) {
                                updateSecureHardwareState(IsHardwareSecure.KeyIsNotInSecureHardware);
                            } else {
                                updateSecureHardwareState(IsHardwareSecure.KeyIsInSecureHardware);
                            }
                        } catch (InvalidKeySpecException e) {
                            LOGGER.log(Level.WARNING, "KeyInfo not created.", (Throwable) e);
                            updateSecureHardwareState(IsHardwareSecure.InvalidKeySpec);
                        }
                    } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                        LOGGER.log(Level.WARNING, "KeyFactory not created.", e2);
                        updateSecureHardwareState(IsHardwareSecure.KeyFactoryNotCreated);
                    }
                } catch (Throwable th) {
                    LOGGER.log(Level.WARNING, "Enrollment key not retrieved.", th);
                    updateSecureHardwareState(IsHardwareSecure.KeyRetrievalException);
                }
            }
        }
    }

    public void sendTelemetry() {
        sendOriginState();
        sendEncryptionState();
        sendSecureHardwareStatus();
        sendNotificationStatus();
        sendDeviceInformation();
    }
}
