package com.microsoft.omadm.database.signed;

import com.microsoft.intune.common.configuration.datacomponent.abstraction.IRemoteConfigRepository;
import com.microsoft.intune.common.configuration.datacomponent.implementation.MAMAgentFeatureFlag;
import com.microsoft.intune.common.database.DataObjectKey;
import com.microsoft.intune.mam.log.ExceptionUtils;
import com.microsoft.omadm.database.signed.SignedDataObject;
import com.microsoft.omadm.database.signed.TableSignatureObject;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.logging.MAMTelemetryLogger;
import com.microsoft.omadm.logging.telemetry.MAMTrackedOccurrence;
import dagger.Lazy;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.concurrent.ConcurrentException;
import org.apache.commons.lang3.concurrent.LazyInitializer;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class CacheInitializer<K extends DataObjectKey, O extends SignedDataObject<K>> extends LazyInitializer<TableManifest<K, O>> {
    private static final Logger LOGGER = Logger.getLogger(CacheInitializer.class.getName());
    private final Lazy<IRemoteConfigRepository> remoteConfig;
    private final TableSignatureTable signatureTable;
    private final ISignableTable<K, O> signedTable;
    private final Lazy<ITableDataSigner> signer;
    private final MAMTelemetryLogger telemetryLogger;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CacheInitializer(ISignableTable<K, O> iSignableTable, TableSignatureTable tableSignatureTable, Lazy<ITableDataSigner> lazy, MAMTelemetryLogger mAMTelemetryLogger, Lazy<IRemoteConfigRepository> lazy2) {
        this.signedTable = iSignableTable;
        this.signatureTable = tableSignatureTable;
        this.signer = lazy;
        this.telemetryLogger = mAMTelemetryLogger;
        this.remoteConfig = lazy2;
    }

    private void logValidationFailure(MAMTrackedOccurrence mAMTrackedOccurrence, String str) {
        logValidationFailure(mAMTrackedOccurrence, str, null);
    }

    private void logValidationFailure(MAMTrackedOccurrence mAMTrackedOccurrence, String str, Exception exc) {
        LOGGER.log(Level.WARNING, str + " Table: " + this.signedTable.getTableName(), (Throwable) exc);
        this.telemetryLogger.logTrackedOccurrence(null, mAMTrackedOccurrence, exc != null ? ExceptionUtils.describeException(exc) : "");
    }

    @Override // org.apache.commons.lang3.concurrent.LazyInitializer
    public TableManifest<K, O> get() {
        try {
            return (TableManifest) super.get();
        } catch (ConcurrentException e) {
            throw new RuntimeException("Unexpected exception during SignedTableCache initialization.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.commons.lang3.concurrent.LazyInitializer
    public TableManifest<K, O> initialize() {
        TableSignatureObject tableSignatureObject = this.signatureTable.get(new TableSignatureObject.Key(this.signedTable.getTableName()));
        List<O> all = this.signedTable.getAll();
        TableManifest<K, O> validateManifest = validateManifest(all, tableSignatureObject);
        return validateManifest == null ? new TableManifest<>(this.signedTable.getTableName(), this.signedTable.getHashVersion(), new RowTracker(all)) : validateManifest;
    }

    protected TableManifest<K, O> validateManifest(List<O> list, TableSignatureObject tableSignatureObject) {
        if (!this.remoteConfig.get().isMAMFeatureEnabled(MAMAgentFeatureFlag.DATABASE_HARDENING_ENABLED)) {
            LOGGER.fine("Database hardening is disabled, skipping manifest validation.");
            return null;
        }
        if (tableSignatureObject == null) {
            if (list.isEmpty()) {
                LOGGER.info(String.format("Signature for %s not found, but table is empty. This is expected for first time access.", this.signedTable.getTableName()));
            } else {
                logValidationFailure(MAMTrackedOccurrence.DB_HARDENING_TABLE_HAS_ROWS_BUT_NO_SIGNATURE, "Signature not found, but the table contains rows.");
            }
            return null;
        }
        try {
            if (!this.signer.get().verifySignature(tableSignatureObject.signedData, tableSignatureObject.signature)) {
                logValidationFailure(MAMTrackedOccurrence.DB_HARDENING_SIGNATURE_MISMATCH, "Signature mismatch, contents will not be trusted.");
                return null;
            }
            try {
                TableManifest<K, O> fromJson = TableManifest.fromJson(tableSignatureObject.signedData, this.signedTable.getTableName(), this.signedTable.getHashVersion(), list);
                if (this.signedTable.getTableName().equalsIgnoreCase(fromJson.getTableName())) {
                    return fromJson;
                }
                logValidationFailure(MAMTrackedOccurrence.DB_HARDENING_SIGNATURE_FOR_WRONG_TABLE, String.format("Incorrect signature, manifest was for wrong table [%s].", fromJson.getTableName()));
                return null;
            } catch (OMADMException e) {
                logValidationFailure(MAMTrackedOccurrence.DB_HARDENING_FAILED_TO_PARSE_MANIFEST, "Failed to parse TableManifest.", e);
                return null;
            }
        } catch (OMADMException e2) {
            logValidationFailure(MAMTrackedOccurrence.DB_HARDENING_SIGNATURE_VERIFICATION_FAILED, "Failed to verify signature.", e2);
            return null;
        }
    }
}
