package com.microsoft.omadm.apppolicy;

import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.ConditionVariable;
import androidx.core.app.NotificationCompat;
import androidx.localbroadcastmanager.content.LocalBroadcastManager;
import com.microsoft.intune.common.configuration.datacomponent.abstraction.IRemoteConfigRepository;
import com.microsoft.intune.common.configuration.datacomponent.implementation.MAMAgentFeatureFlag;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentStateSettings;
import com.microsoft.intune.common.googleplayservices.androidapicomponent.implementation.GooglePlayServicesAvailability;
import com.microsoft.intune.common.notifications.NotificationChannels;
import com.microsoft.intune.common.notifications.Notifier;
import com.microsoft.intune.common.settings.DiagnosticSettings;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.common.taskscheduling.AndroidTask;
import com.microsoft.intune.common.utils.ApkUtils;
import com.microsoft.intune.common.utils.SovereignConstants;
import com.microsoft.intune.mam.agent.clock.ClockStatusStateStore;
import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.data.WipeAppDataStatus;
import com.microsoft.intune.mam.client.app.startup.ADALConnectionDetails;
import com.microsoft.intune.mam.client.fileencryption.MAMKeyAccessNotAllowedException;
import com.microsoft.intune.mam.client.fileencryption.MAMKeyRetrievalException;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.identity.MAMIdentityManagerImpl;
import com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint;
import com.microsoft.intune.mam.client.ipc.PolicyUpdateType;
import com.microsoft.intune.mam.client.ipc.PrimaryUserInfo;
import com.microsoft.intune.mam.client.ipcclient.FeatureFlag;
import com.microsoft.intune.mam.client.ipcclient.MAMFeatureFlag;
import com.microsoft.intune.mam.client.telemetry.TelemetryEvent;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.log.MAMLogScrubber;
import com.microsoft.intune.mam.log.MAMLogScrubberImpl;
import com.microsoft.intune.mam.log.UserLogLevel;
import com.microsoft.intune.mam.policy.AgentUpdateInfo;
import com.microsoft.intune.mam.policy.DeviceAttestationAgentResult;
import com.microsoft.intune.mam.policy.DeviceAttestationEvaluationType;
import com.microsoft.intune.mam.policy.DeviceAttestationInfo;
import com.microsoft.intune.mam.policy.InternalAppPolicy;
import com.microsoft.intune.mam.policy.MAMEnrollmentManager;
import com.microsoft.intune.mam.policy.MAMServiceLookupThread;
import com.microsoft.intune.mam.policy.MTDComplianceAMSCommandResult;
import com.microsoft.intune.mam.policy.MTDComplianceAgentResult;
import com.microsoft.intune.mam.policy.WipeReason;
import com.microsoft.intune.mam.policy.clock.ClockStatusInfo;
import com.microsoft.intune.mam.policy.notification.AbstractAppPolicyNotifier;
import com.microsoft.omadm.OMADMConstants;
import com.microsoft.omadm.R;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.apppolicy.MAMKeyManager;
import com.microsoft.omadm.apppolicy.appconfig.AppConfigHelper;
import com.microsoft.omadm.apppolicy.data.AppPolicyManager;
import com.microsoft.omadm.apppolicy.data.CPFreshnessCache;
import com.microsoft.omadm.apppolicy.data.CheckinAttemptResult;
import com.microsoft.omadm.apppolicy.data.MAMAdalConnectionDetails;
import com.microsoft.omadm.apppolicy.data.MAMKey;
import com.microsoft.omadm.apppolicy.data.MAMServiceAutoEnrollmentDetails;
import com.microsoft.omadm.apppolicy.data.MAMServiceEnrollment;
import com.microsoft.omadm.apppolicy.data.MAMUserStatus;
import com.microsoft.omadm.apppolicy.data.MTDCompliance;
import com.microsoft.omadm.apppolicy.data.ManagementState;
import com.microsoft.omadm.apppolicy.data.SafetyNetCache;
import com.microsoft.omadm.apppolicy.mamservice.MAMPlayProtectResults;
import com.microsoft.omadm.apppolicy.mamservice.MAMPolicySchema;
import com.microsoft.omadm.apppolicy.mamservice.MAMSafetyNetTaskStatus;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceEnrollmentTask;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceLicenseCheckTask;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceLookupDatabaseCache;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceReason;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceTokenManager;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceUnenrollTask;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceUserStatusTask;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceUtils;
import com.microsoft.omadm.client.tasks.TaskType;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.logging.MAMTelemetryLogger;
import com.microsoft.omadm.logging.telemetry.MAMTrackedOccurrence;
import com.microsoft.omadm.origindetection.DeviceOrigin;
import com.microsoft.omadm.platforms.android.appmgr.signatures.data.ApplicationSignature;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.utils.CertUtils;
import com.microsoft.omadm.utils.DeviceInfo;
import com.microsoft.omadm.utils.FirebaseAppInit;
import com.microsoft.omadm.utils.PackageUtils;
import com.microsoft.omadm.utils.SSPUtils;
import dagger.Lazy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.lang3.StringUtils;

@Singleton
/* loaded from: classes3.dex */
public class MDMAppPolicyEndpoint extends AbstractAppPolicyEndpoint {
    static final long CLOCK_STATUS_CACHE_TTL_MS = 5000;
    private static final int DEFAULT_PIN_RETRIES = 5;
    private static final String NATIVE_CRASH_THREAD_NAME = "native";
    private final AppConfigHelper appConfigHelper;
    private final AppPolicyManager appPolicyManager;
    private final AppPolicyNotifier appPolicyNotifier;
    private final Context context;
    private final IDeploymentSettings deploymentSettings;
    private final DeviceOrigin deviceOrigin;
    private final EnrollmentStateSettings enrollmentStateSettings;
    private final GooglePlayServicesAvailability googlePlayServicesAvailability;
    private final MAMLogScrubber mLogScrubber;
    private final Notifier mNotifier;
    private final MAMIdentityManagerImpl mamIdentityManager;
    private final MAMKeyManager mamKeyManager;
    private final MAMTelemetryLogger mamTelemetryLogger;
    private final MDMPolicySettings policySettings;
    private final Lazy<IRemoteConfigRepository> remoteConfigRepository;
    private final TableRepository tableRepository;
    private final MAMServiceTokenManager tokenManager;
    private static final Logger LOGGER = Logger.getLogger(MDMAppPolicyEndpoint.class.getName());
    private static Object sEnrollLock = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.omadm.apppolicy.MDMAppPolicyEndpoint$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult;

        static {
            int[] iArr = new int[MTDComplianceAMSCommandResult.values().length];
            $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult = iArr;
            try {
                iArr[MTDComplianceAMSCommandResult.NO_COMMAND.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[MTDComplianceAMSCommandResult.AAD_DEVICE_ID_MISSING.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[MTDComplianceAMSCommandResult.NOT_SET.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[MTDComplianceAMSCommandResult.PROCESSING.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[MTDComplianceAMSCommandResult.NOT_COMPLIANT.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[MTDComplianceAMSCommandResult.COMPLIANT.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static final class MAMCheckinTaskReceiver extends BroadcastReceiver {
        public static final int MAM_CHECKIN_TIMEOUT_MS = 10000;
        private final Logger logger;
        private final ConditionVariable mCanContinue;
        private final String mPackageName;

        private MAMCheckinTaskReceiver(ConditionVariable conditionVariable, String str) {
            this.logger = Logger.getLogger(MAMCheckinTaskReceiver.class.getName());
            this.mCanContinue = conditionVariable;
            this.mPackageName = str;
        }

        /* synthetic */ MAMCheckinTaskReceiver(ConditionVariable conditionVariable, String str, AnonymousClass1 anonymousClass1) {
            this(conditionVariable, str);
        }

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (intent.getAction().equals(OMADMConstants.ACTION_MAM_CHECKIN_TASK_COMPLETED) && intent.getStringExtra(OMADMConstants.EXTRA_MAM_PACKAGE_NAME).equals(this.mPackageName)) {
                this.logger.info("broadcast to unblock heartbeat from checkin task completion received for " + this.mPackageName);
                this.mCanContinue.open();
            }
        }
    }

    @Inject
    public MDMAppPolicyEndpoint(Context context, TableRepository tableRepository, MDMPolicySettings mDMPolicySettings, AppPolicyNotifier appPolicyNotifier, MAMKeyManager mAMKeyManager, MAMServiceTokenManager mAMServiceTokenManager, EnrollmentStateSettings enrollmentStateSettings, IDeploymentSettings iDeploymentSettings, DeviceOrigin deviceOrigin, AppConfigHelper appConfigHelper, MAMIdentityManagerImpl mAMIdentityManagerImpl, MAMLogScrubber mAMLogScrubber, Lazy<IRemoteConfigRepository> lazy, MAMTelemetryLogger mAMTelemetryLogger, AppPolicyManager appPolicyManager, GooglePlayServicesAvailability googlePlayServicesAvailability, DefenderVpnController defenderVpnController, Notifier notifier, ClockStatusStateStore clockStatusStateStore) {
        super(context, mDMPolicySettings, mAMTelemetryLogger, mAMIdentityManagerImpl, defenderVpnController, clockStatusStateStore);
        this.context = context;
        this.tableRepository = tableRepository;
        this.policySettings = mDMPolicySettings;
        this.appPolicyNotifier = appPolicyNotifier;
        this.mamKeyManager = mAMKeyManager;
        this.tokenManager = mAMServiceTokenManager;
        this.enrollmentStateSettings = enrollmentStateSettings;
        this.deploymentSettings = iDeploymentSettings;
        this.appConfigHelper = appConfigHelper;
        this.deviceOrigin = deviceOrigin;
        this.mamIdentityManager = mAMIdentityManagerImpl;
        this.mLogScrubber = mAMLogScrubber;
        mAMIdentityManagerImpl.getAdditionalIdentityData();
        this.remoteConfigRepository = lazy;
        this.mamTelemetryLogger = mAMTelemetryLogger;
        this.appPolicyManager = appPolicyManager;
        this.googlePlayServicesAvailability = googlePlayServicesAvailability;
        this.mNotifier = notifier;
    }

    private static boolean cleanupEnrollment(String str, MAMIdentity mAMIdentity, MAMServiceEnrollment mAMServiceEnrollment, boolean z) {
        TableRepository tableRepository = Services.get().getTableRepository();
        boolean a2 = MAMServiceUtils.a(str, tableRepository);
        boolean z2 = false;
        if (a2 && !EnrolledUserUtils.isLocallyEnrolled()) {
            if (Services.get().getEnrollmentSettings().getString(EnrollmentSettings.AAD_USER_PRINCIPAL_NAME, "").isEmpty()) {
                SSPUtils.unenroll();
                Services.get().getAdminTelemetrySettingsRepo().setTelemetryDisabledByAdmin(false);
            }
            Services.get().getMDMPolicySettings().clear();
            Services.get().getMAMKeyManager().clearCache();
            z2 = true;
        }
        if (a2) {
            LOGGER.info("Sending broadcast to remove Managed Play user.");
            Context context = Services.get().getContext();
            Intent intent = new Intent();
            intent.setComponent(new ComponentName(context, OMADMConstants.REMOVE_MANAGED_PLAY_USER_RECEIVER));
            context.sendBroadcast(intent);
        }
        LOGGER.info("Deleting enrollment record and policies from database for package: " + str + ", identity: " + Services.get().getMAMLogScrubber().scrubUPN(mAMIdentity.rawUPN()));
        tableRepository.beginTransaction();
        try {
            Services.get().getMAMAppPolicyManager().clearMAMPolicy(str);
            tableRepository.delete(mAMServiceEnrollment.getKey());
            if (z2) {
                tableRepository.delete(MAMKey.class, null, null);
            }
            tableRepository.insertOrReplace(new MAMServiceAutoEnrollmentDetails(str, true));
            if (z) {
                Services.get().getAppConfigHelper().removeAppConfig(str, mAMIdentity);
            }
            tableRepository.setTransactionSuccessful();
            return z2;
        } finally {
            tableRepository.endTransaction();
        }
    }

    private MAMEnrollmentManager.Result handleWrongUser(String str, String str2, String str3, String str4, ADALConnectionDetails aDALConnectionDetails, MAMIdentity mAMIdentity, boolean z) {
        if (z) {
            return MAMEnrollmentManager.Result.WRONG_USER;
        }
        queueLicenseCheck(str, str2, str3, str4, mAMIdentity, aDALConnectionDetails);
        return MAMEnrollmentManager.Result.PENDING;
    }

    public static MAMEnrollmentManager.Result internalUnenrollPackageForMAM(String str, MAMIdentity mAMIdentity, AppPolicyNotifier appPolicyNotifier, MAMIdentityManager mAMIdentityManager, WipeReason wipeReason) {
        TableRepository tableRepository = Services.get().getTableRepository();
        Context context = Services.get().getContext();
        synchronized (sEnrollLock) {
            Services.get().getMAMTaskQueue().cancelTasks(str, mAMIdentity);
            MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) tableRepository.get(new MAMServiceEnrollment.Key(str));
            if (mAMServiceEnrollment != null && mAMServiceEnrollment.identity.equals(mAMIdentity)) {
                boolean isManagedAppInternal = isManagedAppInternal(str, Services.get().getMAMAppPolicyManager());
                if (isManagedAppInternal) {
                    new MAMNonComplianceActions(Services.get().getMAMKeyManager(), appPolicyNotifier, Services.get().getMAMAppPolicyManager()).destroySecretsIfNecessary(str, wipeReason);
                }
                boolean isPackageInstalled = PackageUtils.isPackageInstalled(context, str);
                boolean z = Services.get().getAppConfigHelper().getAppConfigJson(str, mAMIdentity) != null;
                if (isManagedAppInternal && isPackageInstalled) {
                    LOGGER.info("Wiping user data for " + str + " because it is being unenrolled");
                    if (!appPolicyNotifier.wipeUserData(str, mAMIdentity, wipeReason)) {
                        Services.get().getMAMTelemetryLogger().logTrackedOccurrence(str, MAMTrackedOccurrence.FAILED_TO_SEND_WIPE_NOTIFICATION, "Failed to send notification for wipe reason: " + wipeReason);
                    }
                } else if (isManagedAppInternal) {
                    LOGGER.info("Not wiping user data for " + str + " being unenrolled because it is not installed");
                } else {
                    LOGGER.info("Not wiping user data for " + str + " being unenrolled because it is not managed");
                }
                queueUnenrollTask(str, mAMIdentity, mAMIdentityManager, mAMServiceEnrollment, wipeReason);
                boolean cleanupEnrollment = cleanupEnrollment(str, mAMIdentity, mAMServiceEnrollment, z);
                if (isManagedAppInternal) {
                    LOGGER.info("Sending policy refresh notification to all managed packages due to an unenrollment.");
                    appPolicyNotifier.refresh(AbstractAppPolicyNotifier.RefreshType.APP_POLICY);
                }
                if (z) {
                    LOGGER.info("Sending app config refresh notification after unenrollment. App Config should be cleared.");
                    appPolicyNotifier.refreshAppConfig(str, mAMIdentity);
                }
                if (cleanupEnrollment) {
                    LOGGER.info("Primary user was removed during MAM-WE unenroll.");
                    appPolicyNotifier.notifyPrimaryUserRemoved(mAMIdentity.toString());
                    MAMServiceUtils.c();
                }
                if (EnrolledUserUtils.isLocallyEnrolled()) {
                    Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.UpdatePolicy.getValue()).taskReason("Update MDM-MAM policy after MAM unenrollment.").skipIfRunning(false).build());
                }
                return MAMEnrollmentManager.Result.UNENROLLMENT_SUCCEEDED;
            }
            return MAMEnrollmentManager.Result.UNENROLLMENT_SUCCEEDED;
        }
    }

    private boolean isMTDInstalledAndTrusted(String str, String str2, ApkUtils.HashAlgorithm hashAlgorithm) {
        if (ApkUtils.validateSignature(this.context, str, str2, hashAlgorithm)) {
            return true;
        }
        LOGGER.info("mtd app not found or invalid signature");
        return false;
    }

    private static boolean isManagedAppInternal(String str, AppPolicyManager appPolicyManager) {
        return appPolicyManager.isPackageManaged(str);
    }

    private boolean queueCheckinIfDue(String str, MAMServiceEnrollment mAMServiceEnrollment, String str2, MAMServiceReason mAMServiceReason) {
        if (mAMServiceEnrollment == null) {
            return false;
        }
        if (mAMServiceEnrollment.lastCheckinAttemptResult == CheckinAttemptResult.NO_TOKEN && str2 != null) {
            MAMServiceUtils.a(mAMServiceEnrollment, this.context, false, str2, false, mAMServiceReason);
            return true;
        }
        if (!mAMServiceEnrollment.nextTriggeredCheckinDue() && ((!mAMServiceEnrollment.offlineTimeoutExceeded() || str2 == null) && !MAMServiceUtils.a(this.context, this.appPolicyManager, this.remoteConfigRepository.get(), mAMServiceEnrollment))) {
            return false;
        }
        MAMServiceUtils.a(mAMServiceEnrollment, this.context, false, str2, false, mAMServiceReason);
        return true;
    }

    private void queueLicenseCheck(String str, String str2, String str3, String str4, MAMIdentity mAMIdentity, ADALConnectionDetails aDALConnectionDetails) {
        MAMServiceLicenseCheckTask mAMServiceLicenseCheckTask = new MAMServiceLicenseCheckTask(str, mAMIdentity, str2, aDALConnectionDetails);
        mAMServiceLicenseCheckTask.setMamServiceToken(str3);
        mAMServiceLicenseCheckTask.setOperationSessionGuid(str4);
        Services.get().getMAMTaskQueue().queueImmediateTask(mAMServiceLicenseCheckTask, "MAMService license check");
    }

    private static void queueUnenrollTask(String str, MAMIdentity mAMIdentity, MAMIdentityManager mAMIdentityManager, MAMServiceEnrollment mAMServiceEnrollment, WipeReason wipeReason) {
        TableRepository tableRepository = Services.get().getTableRepository();
        MAMLogScrubberImpl mAMLogScrubberImpl = new MAMLogScrubberImpl(mAMIdentityManager, !Services.get().getIDeploymentSettings().isProductionBuild().booleanValue());
        Map<String, String> mAMServiceUrls = new MAMServiceLookupDatabaseCache(tableRepository, mAMIdentityManager).getMAMServiceUrls(mAMIdentity.canonicalUPN());
        String str2 = mAMServiceUrls != null ? mAMServiceUrls.get(MAMServiceLookupThread.MAMSERVICE_URL_KEY) : null;
        if (str2 == null) {
            LOGGER.warning("Unable to queue MAMService unenroll task for package: " + str + ", identity: " + mAMLogScrubberImpl.scrubUPN(mAMIdentity.rawUPN()) + "; no valid service URI found in cache.");
            return;
        }
        MAMServiceUnenrollTask mAMServiceUnenrollTask = new MAMServiceUnenrollTask(mAMServiceEnrollment.packageName, mAMServiceEnrollment.identity, mAMServiceEnrollment.refreshToken, str2, mAMServiceEnrollment.enrollmentId, mAMServiceEnrollment.deviceId, wipeReason);
        LOGGER.info("Queueing MAMService unenroll task for package: " + str + ", identity: " + mAMLogScrubberImpl.scrubUPN(mAMIdentity.rawUPN()));
        Services.get().getMAMTaskQueue().queueDeferrableTask(mAMServiceUnenrollTask, "MAMService unenroll task");
    }

    private void recordADALConnectionDetails(String str, MAMIdentity mAMIdentity, ADALConnectionDetails aDALConnectionDetails) {
        MAMAdalConnectionDetails mAMAdalConnectionDetails = (MAMAdalConnectionDetails) this.tableRepository.get(new MAMAdalConnectionDetails.Key(str));
        if (mAMAdalConnectionDetails == null || !mAMAdalConnectionDetails.get().equals(aDALConnectionDetails)) {
            LOGGER.info("Recording ADAL connection details for " + this.mLogScrubber.scrubUPN(mAMIdentity.rawUPN()) + " : " + aDALConnectionDetails.toString());
            this.tableRepository.insertOrReplace(new MAMAdalConnectionDetails(str, aDALConnectionDetails.getClientId(), aDALConnectionDetails.getAuthority(), aDALConnectionDetails.getNonBrokerRedirectUri(), Boolean.valueOf(aDALConnectionDetails.getSkipBroker())));
        }
    }

    private void updateSovereignState(MAMIdentity mAMIdentity) {
        Services.get().getEnrollmentSettings().setBoolean(EnrollmentSettings.MAM_PRIMARY_USER_IS_US_GOV, Boolean.valueOf(mAMIdentity != null ? StringUtils.containsIgnoreCase(mAMIdentity.authority(), SovereignConstants.AAD_USGOV_LOGIN_AUTHORITY) : false).booleanValue());
        Services.get().getEnrollmentSettings().setBoolean(EnrollmentSettings.MAM_PRIMARY_USER_IS_CHINA, Boolean.valueOf(mAMIdentity != null ? Boolean.valueOf(StringUtils.containsIgnoreCase(mAMIdentity.authority(), SovereignConstants.AAD_CHINA_LOGIN_AUTHORITY) || StringUtils.containsIgnoreCase(mAMIdentity.authority(), SovereignConstants.AAD_CHINA_ALTERNATIVE_LOGIN_AUTHORITY)).booleanValue() : false).booleanValue());
    }

    private void waitForCheckinTask(String str) {
        LocalBroadcastManager localBroadcastManager = LocalBroadcastManager.getInstance(this.context);
        IntentFilter intentFilter = new IntentFilter();
        intentFilter.addAction(OMADMConstants.ACTION_MAM_CHECKIN_TASK_COMPLETED);
        ConditionVariable conditionVariable = new ConditionVariable();
        MAMCheckinTaskReceiver mAMCheckinTaskReceiver = new MAMCheckinTaskReceiver(conditionVariable, str, null);
        localBroadcastManager.registerReceiver(mAMCheckinTaskReceiver, intentFilter);
        if (!conditionVariable.block(10000L)) {
            LOGGER.warning("did not get the checkin completion broadcast within 10000");
        }
        localBroadcastManager.unregisterReceiver(mAMCheckinTaskReceiver);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public boolean checkIsDeviceCompliant() {
        return !this.deviceOrigin.c();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    protected void destroySecretsIfNecessary(String str, WipeReason wipeReason) {
        new MAMNonComplianceActions(this.mamKeyManager, this.appPolicyNotifier, this.appPolicyManager).destroySecretsIfNecessary(str, wipeReason);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public MAMEnrollmentManager.Result enrollPackageForMAM(String str, String str2, String str3, String str4, String str5, ADALConnectionDetails aDALConnectionDetails, boolean z) {
        MAMIdentity fromString = this.mamIdentityManager.fromString(str2);
        this.tokenManager.cacheToken(str4, fromString);
        synchronized (sEnrollLock) {
            MAMIdentity deviceOwnerIdentity = EnrolledUserUtils.getDeviceOwnerIdentity();
            if (deviceOwnerIdentity != null && !deviceOwnerIdentity.equals(fromString)) {
                LOGGER.warning("The device is MDM-enrolled for user " + this.mLogScrubber.scrubUPN(deviceOwnerIdentity.rawUPN()) + " therefore user " + this.mLogScrubber.scrubUPN(fromString.rawUPN()) + " cannot be enrolled in the MAM Service. Checking license status.");
                return handleWrongUser(str, str3, str4, str5, aDALConnectionDetails, fromString, z);
            }
            MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
            if (mAMServiceEnrollment != null) {
                if (!mAMServiceEnrollment.identity.equals(fromString)) {
                    LOGGER.warning("Package " + str + " cannot be enrolled for identity " + this.mLogScrubber.scrubUPN(fromString.rawUPN()) + "; it is already enrolled with a different identity. Checking license status.");
                    return handleWrongUser(str, str3, str4, str5, aDALConnectionDetails, fromString, z);
                }
                LOGGER.info("MAM enrollment found for " + str + " and " + this.mLogScrubber.scrubUPN(fromString.rawUPN()) + "; id = " + mAMServiceEnrollment.enrollmentId);
                mAMServiceEnrollment.refreshToken = str3;
                mAMServiceEnrollment.isAutoEnrollment = false;
                this.tableRepository.insertOrReplace(mAMServiceEnrollment);
                this.tableRepository.insertOrReplace(new MAMServiceAutoEnrollmentDetails(str, true));
                recordADALConnectionDetails(str, fromString, aDALConnectionDetails);
                updateSovereignState(fromString);
                if (z) {
                    MAMServiceUtils.b(mAMServiceEnrollment, this.context, true, str4, z, MAMServiceReason.APP_ACTIVE);
                } else {
                    queueCheckinIfDue(str, mAMServiceEnrollment, str4, MAMServiceReason.APP_ACTIVE);
                }
                return MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED;
            }
            List all = this.tableRepository.getAll(MAMServiceEnrollment.class);
            if (!all.isEmpty() && !((MAMServiceEnrollment) all.get(0)).identity.equals(fromString)) {
                LOGGER.warning("Package " + str + " cannot be enrolled for identity " + this.mLogScrubber.scrubUPN(fromString.rawUPN()) + "; other packages are already enrolled with a different identity. Checking license status.");
                return handleWrongUser(str, str3, str4, str5, aDALConnectionDetails, fromString, z);
            }
            MAMExternalDPCState mAMExternalDPCState = Services.get().getMAMExternalDPCState();
            if (!mAMExternalDPCState.isCOSU() && !mAMExternalDPCState.isAOSPUserless()) {
                LOGGER.info("No MAM enrollment found for " + str + " and " + this.mLogScrubber.scrubUPN(fromString.rawUPN()) + "; queuing enrollment task.");
                recordADALConnectionDetails(str, fromString, aDALConnectionDetails);
                updateSovereignState(fromString);
                MAMServiceEnrollmentTask mAMServiceEnrollmentTask = new MAMServiceEnrollmentTask(str, fromString, str3, false, z);
                mAMServiceEnrollmentTask.setMamServiceToken(str4);
                mAMServiceEnrollmentTask.setOperationSessionGuid(str5);
                Services.get().getMAMTaskQueue().queueImmediateTask(mAMServiceEnrollmentTask, "MAMService enrollment");
                return MAMEnrollmentManager.Result.PENDING;
            }
            LOGGER.warning("Skipping MAM enrollment for COSU or AOSP Userless device");
            return MAMEnrollmentManager.Result.NOT_LICENSED;
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Map<FeatureFlag, Boolean> getAllFeatureFlagValues() {
        FirebaseAppInit.ensureFirebaseInitialized(this.context);
        HashMap hashMap = new HashMap();
        ArrayList<FeatureFlag> arrayList = new ArrayList();
        Collections.addAll(arrayList, MAMFeatureFlag.values());
        Collections.addAll(arrayList, MAMAgentFeatureFlag.values());
        for (FeatureFlag featureFlag : arrayList) {
            try {
                hashMap.put(featureFlag, Boolean.valueOf(this.remoteConfigRepository.get().isMAMFeatureEnabled(featureFlag)));
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, "Unable to determine if feature " + featureFlag + " is enabled, assuming it is not", (Throwable) e);
                hashMap.put(featureFlag, false);
            }
        }
        return hashMap;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public String getAppConfigData(String str, String str2) {
        return this.appConfigHelper.getAppConfigJson(str, this.mamIdentityManager.fromString(str2));
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public DeviceAttestationInfo getAttestationResult(String str) {
        DeviceAttestationAgentResult deviceAttestationAgentResult;
        if (!Services.get().getIRemoteConfigManager().isMAMFeatureEnabled(MAMAgentFeatureFlag.SAFETYNET_DEVICE_ATTESTATION_CL_ENABLED)) {
            return new DeviceAttestationInfo(DeviceAttestationAgentResult.UNKNOWN);
        }
        SafetyNetCache safetyNetCache = (SafetyNetCache) this.tableRepository.get(new SafetyNetCache.Key(DeviceInfo.getMAMSafetyNetAndroidID(this.context)));
        if (safetyNetCache != null && safetyNetCache.f == MAMSafetyNetTaskStatus.NEEDS_AUTHENTICATION) {
            return new DeviceAttestationInfo(DeviceAttestationAgentResult.AUTHENTICATION_NEEDED);
        }
        if (safetyNetCache == null || StringUtils.isBlank(safetyNetCache.c)) {
            if (safetyNetCache.f == MAMSafetyNetTaskStatus.PENDING) {
                LOGGER.info("Waiting for safetynet results from Google or MAMService");
            } else {
                LOGGER.info("no cached safetynet results; scheduling an immediate query.");
                MAMServiceUtils.b(str, EnrolledUserUtils.getEnrolledUser(str));
            }
            return new DeviceAttestationInfo(DeviceAttestationAgentResult.UNKNOWN);
        }
        if (safetyNetCache.c()) {
            MAMServiceUtils.b(this.context, str, EnrolledUserUtils.getEnrolledUser(str));
            this.mamTelemetryLogger.logTrackedOccurrence(str, MAMTrackedOccurrence.SAFETYNET_RESULTS_EXPIRED, "SafetyNet results have expired.");
            return new DeviceAttestationInfo(DeviceAttestationAgentResult.UNKNOWN);
        }
        MAMPlayProtectResults.MAMSafetyNetPayload a2 = MAMPlayProtectResults.a(MAMPlayProtectResults.PlayProtectTypes.DeviceAttestation, safetyNetCache.e.intValue());
        if (!a2.resultTrusted) {
            this.mamTelemetryLogger.logTrackedOccurrence(str, TrackedOccurrence.DEVICE_ATTESTATION_RESULTS_UNTRUSTED, "");
            deviceAttestationAgentResult = DeviceAttestationAgentResult.NON_COMPLIANT;
        } else if (!a2.basicIntegrityFailed && !a2.ctsProfileFailed) {
            LOGGER.info("device integrity and cts detected");
            deviceAttestationAgentResult = DeviceAttestationAgentResult.DEVICE_INTEGRITY_AND_CTS;
        } else if (a2.basicIntegrityFailed) {
            LOGGER.info("not compliant with any GPP properties");
            deviceAttestationAgentResult = DeviceAttestationAgentResult.NON_COMPLIANT;
        } else {
            LOGGER.info("device integrity detected");
            deviceAttestationAgentResult = DeviceAttestationAgentResult.DEVICE_INTEGRITY;
        }
        if (a2.usedHardwareBacked) {
            LOGGER.info("safetynet result is hardware-backed");
            return new DeviceAttestationInfo(deviceAttestationAgentResult, DeviceAttestationEvaluationType.HARDWARE_BACKED);
        }
        LOGGER.info("safetynet result is not hardware-backed");
        return new DeviceAttestationInfo(deviceAttestationAgentResult, DeviceAttestationEvaluationType.BASIC);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public AgentUpdateInfo getCPUpdateInfo() {
        if (!this.googlePlayServicesAvailability.getAvailable()) {
            this.mamTelemetryLogger.logTrackedOccurrence(MAMInfo.getPackageName(), TrackedOccurrence.PLAY_SERVICE_UNAVAILABLE, "Play Services unavailable for checking Company Portal update information.");
        }
        AppUpdateUtils.fetchAppUpdateInfo(false);
        Services.get().getMAMTaskQueue().queueRepeatingTask(new AppUpdateTask(), AppUpdateTask.INITIAL_DELAY, AppUpdateTask.INTERVAL_MS, "get Company Portal update information task");
        CPFreshnessCache cPFreshnessCache = (CPFreshnessCache) this.tableRepository.get(new CPFreshnessCache.Key(MAMInfo.getPackageName()));
        if (cPFreshnessCache != null) {
            return new AgentUpdateInfo(cPFreshnessCache.updateAvailability.intValue(), cPFreshnessCache.clientVersionStalenessDays != null ? cPFreshnessCache.clientVersionStalenessDays.intValue() : 0);
        }
        LOGGER.info("No cached update information for CP.");
        return null;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public List<String> getCertificateAliases(String str) {
        ArrayList<String> arrayList = new ArrayList();
        MAMExternalDPCState mAMExternalDPCState = Services.get().getMAMExternalDPCState();
        if (mAMExternalDPCState.isCloudDPCManaged()) {
            LOGGER.info("Detected cloud DPC management. Getting aliases from CE app.");
            arrayList.addAll(CertUtils.getPotentialSMIMECertAliasesFromCE(this.context, mAMExternalDPCState));
        } else {
            LOGGER.info("Detected traditional management scenario. Getting aliases from CP app.");
            for (ScepCertificateState scepCertificateState : this.tableRepository.getAll(ScepCertificateState.class)) {
                if (scepCertificateState.status == CertStatus.CERT_ACCESS_GRANTED && !StringUtils.isEmpty(scepCertificateState.alias) && CertUtils.couldBeSMIMECert(scepCertificateState)) {
                    arrayList.add(scepCertificateState.alias);
                }
            }
        }
        if (arrayList.size() == 0) {
            LOGGER.info("no aliases returned from getCertificateAliases");
        } else {
            LOGGER.info("aliases returned from getCertificateAliases");
            for (String str2 : arrayList) {
                LOGGER.info("getCertificateAliases returning alias: " + str2);
            }
        }
        return arrayList;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Bundle getCurrentFileEncryptionKey() throws MAMKeyRetrievalException {
        try {
            return this.mamKeyManager.getCurrentKey(MAMKeyManager.KeyPurpose.FileEncryption).getBundle();
        } catch (OMADMException e) {
            if (this.deviceOrigin.getB()) {
                throw new MAMKeyAccessNotAllowedException("Non-compliant device");
            }
            throw new MAMKeyRetrievalException("Failed to get current file encryption key.", e);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public String getEnrolledUserAnyPackage() {
        MAMIdentity enrolledUserAnyPackage = EnrolledUserUtils.getEnrolledUserAnyPackage();
        if (enrolledUserAnyPackage == null) {
            return null;
        }
        return enrolledUserAnyPackage.rawUPN();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Bundle getFileEncryptionKey(UUID uuid) throws MAMKeyRetrievalException {
        try {
            LOGGER.info("Getting file encryption key for key id: " + uuid);
            return this.mamKeyManager.getKey(MAMKeyManager.KeyPurpose.FileEncryption, uuid).getBundle();
        } catch (OMADMException e) {
            if (this.deviceOrigin.getB()) {
                throw new MAMKeyAccessNotAllowedException("Non-compliant device");
            }
            throw new MAMKeyRetrievalException("Failed to get encryption key with id: " + uuid + ".", e);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public ClockStatusInfo getFreshClockStatus(String str, MAMIdentity mAMIdentity, boolean z) throws MAMException {
        if (!z) {
            ClockStatusInfo lastKnownClockStatus = this.mClockStatusCache.getLastKnownClockStatus(mAMIdentity);
            if (lastKnownClockStatus.getKnown() && !lastKnownClockStatus.getTimestamp().hasElapsed(5000L)) {
                LOGGER.info("Fulfilling clock status request from recent cache");
                return lastKnownClockStatus;
            }
        }
        if (((MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str))) == null) {
            LOGGER.warning("Cannot check clock status without enrollment");
        }
        LOGGER.info("Checking for fresh clock status");
        try {
            MAMServiceUserStatusTask mAMServiceUserStatusTask = new MAMServiceUserStatusTask(str, mAMIdentity);
            mAMServiceUserStatusTask.run();
            if (mAMServiceUserStatusTask.getMSucceeded()) {
                LOGGER.info("Obtained fresh clock status");
                return this.mClockStatusCache.getLastKnownClockStatus(mAMIdentity);
            }
            if (mAMServiceUserStatusTask.getMException() != null) {
                throw mAMServiceUserStatusTask.getMException();
            }
            throw new MAMException("Cannot get fresh clock status. Check OMADM log for detail");
        } catch (MAMException e) {
            LOGGER.log(Level.WARNING, "Attempt to get fresh clock status failed", (Throwable) e);
            throw e;
        } catch (Exception e2) {
            LOGGER.log(Level.SEVERE, "Attempt to get fresh clock status failed", (Throwable) e2);
            throw new MAMException("Cannot get fresh clock status. Check OMADM log for detail");
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public MTDComplianceAgentResult getMTDComplianceResult(String str, String str2, String str3) {
        LOGGER.fine("getMTDComplianceResult");
        MTDCompliance mTDCompliance = (MTDCompliance) this.tableRepository.get(new MTDCompliance.Key("MTDKey"));
        ApkUtils.HashAlgorithm hashAlgorithm = ApkUtils.HashAlgorithm.SHA1;
        if (mTDCompliance == null) {
            LOGGER.fine("no mtd result found");
            return MTDComplianceAgentResult.NO_COMMAND;
        }
        LOGGER.info("database mtd value:" + mTDCompliance.compliance);
        MTDComplianceAMSCommandResult fromAMSCommand = MTDComplianceAMSCommandResult.fromAMSCommand(mTDCompliance.compliance);
        LOGGER.info("getMTDComplianceResult:" + fromAMSCommand);
        if (str != null && str2 != null && str3 != null) {
            switch (AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[fromAMSCommand.ordinal()]) {
                case 1:
                    return MTDComplianceAgentResult.NO_COMMAND;
                case 2:
                    if (ADALConnectionDetails.getAppManifestConnectionDetails(str, this.context.getPackageManager()).getSkipBroker()) {
                        LOGGER.info("mtd can not run wpj due to skipbroker settings for:" + str);
                        return MTDComplianceAgentResult.NO_COMMAND;
                    }
                    try {
                        if (StringUtils.isBlank(MAMDevicePolicyUtils.getAADDeviceId())) {
                            LOGGER.info("mtd cached AADDeviceId is null or empty");
                            return MTDComplianceAgentResult.AAD_DEVICE_ID_MISSING;
                        }
                        if (isMTDInstalledAndTrusted(str2, str3, hashAlgorithm)) {
                            return MTDComplianceAgentResult.NOT_SETUP;
                        }
                        LOGGER.info("mtd found cached AADDeviceId, prompting for app installation instead of WPJ - the service is behind");
                        return MTDComplianceAgentResult.NOT_INSTALLED;
                    } catch (OMADMException unused) {
                        LOGGER.info("mtd failed to get cached AADDeviceId");
                        return MTDComplianceAgentResult.AAD_DEVICE_ID_MISSING;
                    }
                case 3:
                    return isMTDInstalledAndTrusted(str2, str3, hashAlgorithm) ? MTDComplianceAgentResult.NOT_SETUP : MTDComplianceAgentResult.NOT_INSTALLED;
                case 4:
                case 5:
                case 6:
                    if (!isMTDInstalledAndTrusted(str2, str3, hashAlgorithm)) {
                        return MTDComplianceAgentResult.NOT_INSTALLED;
                    }
                    break;
            }
        }
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$MTDComplianceAMSCommandResult[fromAMSCommand.ordinal()];
        return i != 2 ? i != 3 ? i != 4 ? i != 5 ? i != 6 ? MTDComplianceAgentResult.NO_COMMAND : MTDComplianceAgentResult.COMPLIANT : MTDComplianceAgentResult.NOT_COMPLIANT : MTDComplianceAgentResult.PROCESSING : MTDComplianceAgentResult.NOT_INSTALLED : MTDComplianceAgentResult.AAD_DEVICE_ID_MISSING;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public int getMaxPinHistoryLength() {
        return this.appPolicyManager.getMaximumIntegerPolicyValue(MAMPolicySchema.PIN_HISTORY_LENGTH, 0);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public InternalAppPolicy getPolicyForPackage(String str, PolicyUpdateType policyUpdateType, int i) {
        return this.appPolicyManager.getAppPolicy(str, policyUpdateType, i);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public PrimaryUserInfo getPrimaryUserInfo(String str) {
        MAMIdentity enrolledUser = EnrolledUserUtils.getEnrolledUser(str);
        if (enrolledUser == null) {
            return new PrimaryUserInfo(null, null, null, null, null, null);
        }
        MAMIdentity deviceOwnerIdentity = EnrolledUserUtils.getDeviceOwnerIdentity();
        return new PrimaryUserInfo(enrolledUser.rawUPN(), enrolledUser.aadId(), enrolledUser.authority(), deviceOwnerIdentity == null ? null : deviceOwnerIdentity.rawUPN(), deviceOwnerIdentity == null ? null : deviceOwnerIdentity.aadId(), deviceOwnerIdentity != null ? deviceOwnerIdentity.authority() : null);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public HashSet<Signature> getSignaturesForPackage(String str) {
        HashSet<Signature> hashSet = new HashSet<>();
        for (ApplicationSignature applicationSignature : this.tableRepository.getAll(ApplicationSignature.class)) {
            if (str.equals(applicationSignature.packageName)) {
                hashSet.add(new Signature(applicationSignature.signature));
            }
        }
        return hashSet;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public UserLogLevel getUserLogLevel() {
        DiagnosticSettings diagnosticSettings = Services.get().getDiagnosticSettings();
        return !diagnosticSettings.getLoggingEnabled() ? UserLogLevel.NONE : diagnosticSettings.getVerboseLoggingEnabled() ? UserLogLevel.VERBOSE : UserLogLevel.IMPORTANT;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public int getUserPINMaxRetries(String str) {
        return this.appPolicyManager.getMinimumIntegerPolicyValue(MAMPolicySchema.PIN_NUM_RETRY, 5);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean hasAppsWithAppConfig() {
        return this.appConfigHelper.deviceHasAppsWithAppConfig();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean hasManagedApps() {
        return this.appPolicyManager.anyManagedApps();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void heartbeat(String str, boolean z) {
        boolean queueCheckinIfDue;
        LOGGER.info("received heartbeat for package: " + str);
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment == null) {
            return;
        }
        if (z && mAMServiceEnrollment.checkinAtLaunch.booleanValue()) {
            LOGGER.info("App is configured to checkin at launch. Queueing checkin task for package: " + mAMServiceEnrollment.packageName + ", identity: " + this.mLogScrubber.scrubUPN(mAMServiceEnrollment.identity.rawUPN()));
            MAMServiceUtils.a(mAMServiceEnrollment, this.context, true, null, false, MAMServiceReason.APP_ACTIVE);
            queueCheckinIfDue = true;
        } else {
            queueCheckinIfDue = queueCheckinIfDue(str, mAMServiceEnrollment, null, MAMServiceReason.APP_ACTIVE);
        }
        if (!queueCheckinIfDue || Build.VERSION.SDK_INT < 26) {
            return;
        }
        LOGGER.info("waiting for checkin task to complete");
        ProcessInfoDiagnostics.printForegroundStatus();
        waitForCheckinTask(str);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isAutoEnrolledWithToken(String str) {
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment == null || !mAMServiceEnrollment.getIsAutoEnrollment()) {
            return false;
        }
        return !MAMServiceUtils.f().isEmpty();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isCheckinTimeoutExceeded(String str) {
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment == null) {
            return false;
        }
        return mAMServiceEnrollment.offlineTimeoutExceeded();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isManagedApp(String str) {
        return isManagedAppInternal(str, this.appPolicyManager);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isPackageEnrolledForMAM(String str, String str2) {
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment != null) {
            return mAMServiceEnrollment.identity.equals(this.mamIdentityManager.fromString(str2));
        }
        return false;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isSilentCertApprovalEnabled() {
        if (MAMServiceUtils.j() != ManagementState.ANDROID_ENTERPRISE) {
            return false;
        }
        LOGGER.info("Management state supports silent cert approval.");
        return true;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isTelemetryDisabledByAdmin() {
        return Services.get().getAdminTelemetrySettingsRepo().getTelemetryDisabledByAdmin();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isUserAccountDisabled() {
        MAMUserStatus mAMUserStatus;
        MAMIdentity enrolledUserAnyPackage = EnrolledUserUtils.getEnrolledUserAnyPackage();
        if (enrolledUserAnyPackage == null || (mAMUserStatus = (MAMUserStatus) this.tableRepository.get(new MAMUserStatus.Key(enrolledUserAnyPackage.canonicalUPN()))) == null) {
            return false;
        }
        return !mAMUserStatus.enabled.booleanValue();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean isWipeInProgress(String str) {
        WipeAppDataStatus appDataWipeStatus = this.appPolicyNotifier.getAppDataWipeStatus(str);
        return appDataWipeStatus == WipeAppDataStatus.INITIATED_SELECTIVE_WIPE || appDataWipeStatus == WipeAppDataStatus.LOADING_INTERNAL_SELECTIVE_WIPE;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public boolean isXposeDetected() {
        return Services.get().getXposedCloakInstalledTest().a() != 0;
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void logTelemetryEvent(TelemetryEvent telemetryEvent) {
        if (telemetryEvent == null) {
            LOGGER.warning("Ignoring null telemetry event.");
        } else {
            Services.get().getOMADMTelemetry().sendMAMTelemetryEvent(telemetryEvent);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void notifyAppDataWipeStatus(String str, WipeAppDataStatus wipeAppDataStatus) {
        AppPolicyNotifier.notifyAppDataWipeStatus(str, wipeAppDataStatus);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void onMAMAppInstall(String str, String str2) {
        Services.get().getAppInstallationReceiver().onAppInstalled(this.context, str, str2);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public Bundle prefetchCurrentFileEncryptionKey(String str) throws MAMKeyRetrievalException {
        try {
            if (this.appPolicyManager.isFileEncryptionRequired(str)) {
                return this.mamKeyManager.getCurrentKey(MAMKeyManager.KeyPurpose.FileEncryption).getBundle();
            }
            return null;
        } catch (OMADMException e) {
            if (this.deviceOrigin.getB()) {
                throw new MAMKeyAccessNotAllowedException("Non-compliant device");
            }
            throw new MAMKeyRetrievalException("Failed to get current file encryption key.", e);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void refreshMTDStatus(String str) {
        LOGGER.info("refreshMTDStatus queueing MAM checkin");
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment == null) {
            LOGGER.info("can not refreshMTDStatus because the existing MAMServiceEnrollment is null - likely a race condition with a wipe");
        } else {
            MAMServiceUtils.a(mAMServiceEnrollment, this.context, true, null, false, MAMServiceReason.FORCED);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void reportFatalError(String str, String str2, String str3) {
        super.reportFatalError(str, str2, str3);
        if (NATIVE_CRASH_THREAD_NAME.equals(str2)) {
            this.mamTelemetryLogger.logMAMError(str, "NativeCrash", null, str3);
        }
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public boolean shouldEnableMAMStrictMode() {
        return Services.get().getDiagnosticSettings().getMAMStrictModeForced();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    protected void showNotification(String str, String str2, String str3) {
        this.mNotifier.notify(this.context, str, 0, new NotificationCompat.Builder(this.context, NotificationChannels.IMPORTANT).setSmallIcon(R.drawable.ic_widget_main).setContentTitle(str2).setContentText(str3).setStyle(new NotificationCompat.BigTextStyle().bigText(str3)).setOnlyAlertOnce(true).setAutoCancel(true).build());
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint
    public void startOfflineGracePeriodTimer(String str) {
        if (((MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str))) == null || DeviceInfo.isNetworkConnected(this.context) || this.mOfflineGracePeriodTimer.isStarted()) {
            return;
        }
        this.mOfflineGracePeriodTimer.restartTimer();
    }

    @Override // com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public MAMEnrollmentManager.Result unenrollPackageForMAM(String str, String str2, WipeReason wipeReason) {
        return internalUnenrollPackageForMAM(str, this.mamIdentityManager.fromString(str2), this.appPolicyNotifier, this.mamIdentityManager, wipeReason);
    }

    @Override // com.microsoft.intune.mam.client.ipc.AbstractAppPolicyEndpoint, com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint
    public void updateMAMServiceToken(String str, MAMIdentity mAMIdentity, String str2, boolean z) {
        this.tokenManager.cacheToken(str2, mAMIdentity);
        SafetyNetCache safetyNetCache = (SafetyNetCache) this.tableRepository.get(new SafetyNetCache.Key(DeviceInfo.getMAMSafetyNetAndroidID(this.context)));
        if (safetyNetCache != null && safetyNetCache.f == MAMSafetyNetTaskStatus.NEEDS_AUTHENTICATION) {
            MAMServiceUtils.b(str, mAMIdentity);
        }
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) this.tableRepository.get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment == null) {
            return;
        }
        if (z || isCheckinTimeoutExceeded(str)) {
            MAMServiceUtils.b(mAMServiceEnrollment, this.context, true, str2, z, MAMServiceReason.APP_ACTIVE);
        } else {
            queueCheckinIfDue(str, mAMServiceEnrollment, str2, MAMServiceReason.APP_ACTIVE);
        }
    }
}
