package com.microsoft.intune.mam.policy;

import android.content.Context;
import android.content.Intent;
import android.content.res.Resources;
import android.os.Handler;
import android.os.Looper;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.AllowedAccountsBehavior;
import com.microsoft.intune.mam.client.app.AndroidManifestData;
import com.microsoft.intune.mam.client.app.CommonApplicationOnCreateOps;
import com.microsoft.intune.mam.client.app.DefaultMAMEnrollment;
import com.microsoft.intune.mam.client.app.startup.ADALConnectionDetails;
import com.microsoft.intune.mam.client.app.startup.MAMComplianceUIBehaviorImpl;
import com.microsoft.intune.mam.client.app.startup.MAMStartupUIBehaviorImpl;
import com.microsoft.intune.mam.client.app.startup.auth.MAMServiceTokenSource;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManagerImpl;
import com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint;
import com.microsoft.intune.mam.client.ipc.PrimaryIdentityCache;
import com.microsoft.intune.mam.client.ipcclient.MAMClientImpl;
import com.microsoft.intune.mam.client.ipcclient.OnlineAuthCallbackUtils;
import com.microsoft.intune.mam.client.notification.MAMInternalNotificationReceiverRegistry;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiver;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiverRegistryInternal;
import com.microsoft.intune.mam.client.strict.MAMStrictEnforcement;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.MAMInternalError;
import com.microsoft.intune.mam.client.telemetry.events.ScenarioEvent;
import com.microsoft.intune.mam.http.KnownClouds;
import com.microsoft.intune.mam.internal.R;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.MAMEnrollmentManager;
import com.microsoft.intune.mam.policy.MAMServiceTokenValidator;
import com.microsoft.intune.mam.policy.cache.MAMEnrolledIdentitiesCache;
import com.microsoft.intune.mam.policy.notification.MAMComplianceNotificationImpl;
import com.microsoft.intune.mam.policy.notification.MAMEnrollmentNotification;
import com.microsoft.intune.mam.policy.notification.MAMEnrollmentNotificationImpl;
import com.microsoft.intune.mam.policy.notification.MAMInternalNotification;
import com.microsoft.intune.mam.policy.notification.MAMInternalNotificationReceiver;
import com.microsoft.intune.mam.policy.notification.MAMInternalNotificationType;
import com.microsoft.intune.mam.policy.notification.MAMNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotificationType;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Proxy;
import java.util.UUID;
import java.util.concurrent.Executor;
import kotlin.forcePrompt;
import kotlin.getBrokerInteractiveTokenParameters;
import kotlin.shouldDisplayAccountList;
import kotlin.writeMessageNoTag;

@shouldDisplayAccountList
/* loaded from: classes4.dex */
public class MAMEnrollmentManagerImpl extends AbstractEnrollmentManager implements MAMComplianceManager {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(MAMEnrollmentManagerImpl.class);
    static final String MAM_TEST_SERVICE_SETTINGS = "MAMTestService";
    static final String MAM_TEST_SERVICE_SETTINGS_URL = "MAM_TEST_SERVICE_URI";
    private final AndroidManifestData mActivityData;
    private final AllowedAccountsBehavior mAllowedAccounts;
    private final AppPolicyEndpoint mAppPolicyEndpoint;
    private final Executor mAsyncExectuor;
    private final MAMClientImpl mClientImpl;
    private final CommonApplicationOnCreateOps mCommonApplicationOnCreateOps;
    private final Context mContext;
    private final forcePrompt<DefaultMAMEnrollment> mDefaultEnrollmentProvider;
    private final MAMEnrolledIdentitiesCache mEnrolledIdentitiesCache;
    private final MAMInternalNotificationReceiverRegistry mInternalNotificationReceiverRegistry;
    private final MAMIdentityManagerImpl mMAMIdentityManager;
    private final MAMLogPIIFactory mMAMLogPIIFactory;
    private final MAMServiceTokenValidator mMAMServiceTokenValidator;
    private MAMWEAccountManager mMAMWEAccountManager;
    private final forcePrompt<MAMWEAccountManager> mMAMWEAccountManagerProvider;
    private final MAMNotificationReceiverRegistryInternal mNotificationReceiverRegistry;
    private final PolicyResolver mPolicyResolver;
    private final PrimaryIdentityCache mPrimaryIdentityCache;
    private final Resources mResources;
    private final MAMStrictEnforcement mStrict;
    private final TelemetryLogger mTelemetryLogger;
    private final Handler mMainHandler = new Handler(Looper.getMainLooper());
    private boolean mAppUsesOurComplianceUI = false;
    private volatile boolean mKnoxActivationRegistered = false;
    private final MAMNotificationReceiver mNotificationReceiver = new MAMNotificationReceiver() { // from class: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$$ExternalSyntheticLambda2
        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public final boolean onReceive(MAMNotification mAMNotification) {
            boolean lambda$new$0;
            lambda$new$0 = MAMEnrollmentManagerImpl.this.lambda$new$0(mAMNotification);
            return lambda$new$0;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result;
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType;

        static {
            int[] iArr = new int[MAMNotificationType.values().length];
            $SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType = iArr;
            try {
                iArr[MAMNotificationType.MAM_ENROLLMENT_RESULT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            int[] iArr2 = new int[MAMEnrollmentManager.Result.values().length];
            $SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result = iArr2;
            try {
                iArr2[MAMEnrollmentManager.Result.NOT_LICENSED.ordinal()] = 1;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.AUTHORIZATION_NEEDED.ordinal()] = 2;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.ENROLLMENT_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.WRONG_USER.ordinal()] = 4;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* loaded from: classes4.dex */
    class StrictAuthenticationCallbackWrapper implements MAMServiceAuthenticationCallbackExtended {
        private final MAMServiceAuthenticationCallbackExtended mCallback;

        StrictAuthenticationCallbackWrapper(MAMServiceAuthenticationCallbackExtended mAMServiceAuthenticationCallbackExtended) {
            this.mCallback = mAMServiceAuthenticationCallbackExtended;
        }

        private String validateToken(String str, String str2, String str3) {
            if (str == null) {
                return str;
            }
            MAMServiceTokenValidator.Result validateToken = MAMEnrollmentManagerImpl.this.mMAMServiceTokenValidator.validateToken(str, str2, str3, "acquireToken");
            if (validateToken.isValid()) {
                return str;
            }
            MAMEnrollmentManagerImpl.this.mStrict.checkValidMAMServiceToken(validateToken);
            MAMEnrollmentManagerImpl.LOGGER.error(MAMInternalError.AUTHENTICATION_CALLBACK_INVALID_TOKEN, "Dropping invalid token returned from app's authentication callback: " + validateToken.description(), new Object[0]);
            return null;
        }

        @Override // com.microsoft.intune.mam.policy.MAMServiceAuthenticationCallbackExtended, com.microsoft.intune.mam.policy.MAMServiceAuthenticationCallback
        public String acquireToken(String str, String str2, String str3) {
            return validateToken(this.mCallback.acquireToken(str, str2, str3), str, str3);
        }

        @Override // com.microsoft.intune.mam.policy.MAMServiceAuthenticationCallbackExtended
        public String acquireToken(String str, String str2, String str3, String str4, String str5) {
            return validateToken(this.mCallback.acquireToken(str, str2, str3, str4, str5), str, str5);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class UnenrollmentThread extends Thread {
        final MAMIdentity mIdentity;
        final String mSessionId;
        private final WipeReason mWipeReason;

        UnenrollmentThread(MAMIdentity mAMIdentity, String str, WipeReason wipeReason) {
            this.mIdentity = mAMIdentity;
            this.mSessionId = str;
            this.mWipeReason = wipeReason;
            setName("Intune MAM unenroll");
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            MAMEnrollmentManager.Result unenrollPackageForMAM = MAMEnrollmentManagerImpl.this.mAppPolicyEndpoint.unenrollPackageForMAM(MAMEnrollmentManagerImpl.this.mContext.getPackageName(), this.mIdentity, this.mWipeReason);
            MAMEnrollmentManagerImpl.LOGGER.info("MAM Service unenrollment for {0}, identity {1}, returned result: {2}, wipe reason {3}", MAMEnrollmentManagerImpl.this.mContext.getPackageName(), MAMEnrollmentManagerImpl.this.mMAMLogPIIFactory.getPIIUPN(this.mIdentity), unenrollPackageForMAM.name(), this.mWipeReason);
            MAMEnrollmentManagerImpl.this.mEnrolledIdentitiesCache.remove(this.mIdentity);
            if (unenrollPackageForMAM == MAMEnrollmentManager.Result.PENDING) {
                return;
            }
            MAMEnrollmentManagerImpl.this.mMainHandler.postAtFrontOfQueue(new UnenrollmentThreadRunnable(unenrollPackageForMAM, this.mIdentity, this.mSessionId));
        }
    }

    /* loaded from: classes4.dex */
    class UnenrollmentThreadRunnable implements Runnable {
        MAMIdentity mIdentity;
        MAMEnrollmentManager.Result mResult;
        String mSessionId;

        UnenrollmentThreadRunnable(MAMEnrollmentManager.Result result, MAMIdentity mAMIdentity, String str) {
            this.mResult = result;
            this.mIdentity = mAMIdentity;
            this.mSessionId = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            MAMEnrollmentManagerImpl.this.mClientImpl.tryUpdatePolicy();
            MAMEnrollmentManagerImpl.this.mNotificationReceiverRegistry.sendNotification(new MAMEnrollmentNotificationImpl(MAMNotificationType.MAM_ENROLLMENT_RESULT, this.mIdentity, this.mResult, MAMWEError.NONE_KNOWN, this.mSessionId, false));
        }
    }

    @getBrokerInteractiveTokenParameters
    public MAMEnrollmentManagerImpl(Context context, MAMClientImpl mAMClientImpl, PolicyResolver policyResolver, AppPolicyEndpoint appPolicyEndpoint, MAMIdentityManagerImpl mAMIdentityManagerImpl, MAMNotificationReceiverRegistryInternal mAMNotificationReceiverRegistryInternal, MAMInternalNotificationReceiverRegistry mAMInternalNotificationReceiverRegistry, TelemetryLogger telemetryLogger, MAMLogPIIFactory mAMLogPIIFactory, AndroidManifestData androidManifestData, Resources resources, forcePrompt<MAMWEAccountManager> forceprompt, forcePrompt<DefaultMAMEnrollment> forceprompt2, AllowedAccountsBehavior allowedAccountsBehavior, MAMStrictEnforcement mAMStrictEnforcement, MAMEnrolledIdentitiesCache mAMEnrolledIdentitiesCache, Executor executor, CommonApplicationOnCreateOps commonApplicationOnCreateOps, MAMServiceTokenValidator mAMServiceTokenValidator, PrimaryIdentityCache primaryIdentityCache) {
        this.mContext = context;
        this.mClientImpl = mAMClientImpl;
        this.mPolicyResolver = policyResolver;
        this.mAppPolicyEndpoint = appPolicyEndpoint;
        this.mMAMIdentityManager = mAMIdentityManagerImpl;
        this.mNotificationReceiverRegistry = mAMNotificationReceiverRegistryInternal;
        this.mInternalNotificationReceiverRegistry = mAMInternalNotificationReceiverRegistry;
        this.mTelemetryLogger = telemetryLogger;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mActivityData = androidManifestData;
        this.mResources = resources;
        this.mMAMWEAccountManagerProvider = forceprompt;
        this.mDefaultEnrollmentProvider = forceprompt2;
        this.mAllowedAccounts = allowedAccountsBehavior;
        this.mStrict = mAMStrictEnforcement;
        this.mEnrolledIdentitiesCache = mAMEnrolledIdentitiesCache;
        this.mAsyncExectuor = executor;
        this.mCommonApplicationOnCreateOps = commonApplicationOnCreateOps;
        this.mMAMServiceTokenValidator = mAMServiceTokenValidator;
        this.mPrimaryIdentityCache = primaryIdentityCache;
    }

    private void attemptMamEnrollment(final MAMIdentity mAMIdentity, final MAMServiceTokenSource mAMServiceTokenSource, final boolean z) {
        this.mStrict.checkConfigOnlyNotEnrollingForCompliance(z);
        MAMLogger mAMLogger = LOGGER;
        mAMLogger.info("attempting MAM-WE V2 enrollment for: {0}; MAM-CA flow: {1}", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity), Boolean.valueOf(z));
        if (this.mAuthenticationCallback == null && mAMServiceTokenSource.needsValidAppAcquiredToken()) {
            mAMLogger.severe("MAM-WE V2 enrollment attempt without a registered instance of MAMServiceAuthenticationCallback.", new Object[0]);
        }
        this.mMAMWEAccountManager.removeScheduledRetries(mAMIdentity);
        final String uuid = UUID.randomUUID().toString();
        this.mTelemetryLogger.logMAMScenarioStart(ScenarioEvent.Scenario.ENROLLMENT, this.mContext.getPackageName(), uuid);
        this.mAsyncExectuor.execute(new Runnable() { // from class: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$$ExternalSyntheticLambda3
            @Override // java.lang.Runnable
            public final void run() {
                MAMEnrollmentManagerImpl.this.lambda$attemptMamEnrollment$2(mAMIdentity, uuid, z, mAMServiceTokenSource);
            }
        });
    }

    private void handleEnrollmentResult(MAMEnrollmentNotification mAMEnrollmentNotification) {
        MAMEnrollmentManager.Result enrollmentResult = mAMEnrollmentNotification.getEnrollmentResult();
        final MAMIdentity create = this.mMAMIdentityManager.create(mAMEnrollmentNotification.getUserIdentity(), mAMEnrollmentNotification.getUserOid());
        if (this.mMAMWEAccountManager.getAccountStatus(create) != null) {
            if (enrollmentResult == MAMEnrollmentManager.Result.AUTHORIZATION_NEEDED && isApplicationEnrolled(create)) {
                this.mAsyncExectuor.execute(new Runnable() { // from class: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$$ExternalSyntheticLambda0
                    @Override // java.lang.Runnable
                    public final void run() {
                        MAMEnrollmentManagerImpl.this.lambda$handleEnrollmentResult$1(create);
                    }
                });
                TokenNeededReason accountNeedsToken = this.mMAMWEAccountManager.getAccountNeedsToken(create);
                this.mMAMWEAccountManager.updateAccount(create, MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED, MAMWEError.NONE_KNOWN);
                if (accountNeedsToken != TokenNeededReason.ENROLLMENT) {
                    this.mMAMWEAccountManager.setAccountNeedsToken(create, accountNeedsToken);
                }
            } else {
                this.mMAMWEAccountManager.updateAccount(create, enrollmentResult, mAMEnrollmentNotification.getError());
            }
        }
        if (enrollmentResult == MAMEnrollmentManager.Result.WRONG_USER) {
            showWrongUserActivity(mAMEnrollmentNotification.getUserIdentity());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$attemptMamEnrollment$2(MAMIdentity mAMIdentity, String str, boolean z, MAMServiceTokenSource mAMServiceTokenSource) {
        if (!KnownClouds.isSupported(mAMIdentity.authority())) {
            mamEnrollmentTokenAcquisitionFailure(mAMIdentity, MAMEnrollmentManager.Result.NOT_LICENSED, MAMWEError.NONE_KNOWN, str, z);
            return;
        }
        if (mAMServiceTokenSource.needsValidAppAcquiredToken()) {
            mAMServiceTokenSource = OnlineAuthCallbackUtils.acquireMAMServiceTokenWithTelemetry(this.mAuthenticationCallback, mAMIdentity, this.mTelemetryLogger, str, this.mContext);
        }
        MAMServiceTokenSource mAMServiceTokenSource2 = mAMServiceTokenSource;
        if (mAMServiceTokenSource2.needsValidAppAcquiredToken()) {
            mamEnrollmentTokenAcquisitionFailure(mAMIdentity, MAMEnrollmentManager.Result.AUTHORIZATION_NEEDED, MAMWEError.APP_DID_NOT_PROVIDE_TOKEN, str, z);
        } else {
            mamEnrollWithToken(mAMIdentity, MAMServiceAuthentication.APIV2_AUTH_USED, mAMServiceTokenSource2, str, z);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$handleEnrollmentResult$1(MAMIdentity mAMIdentity) {
        this.mAppPolicyEndpoint.enrollPackageForMAM(this.mContext.getPackageName(), mAMIdentity, MAMServiceAuthentication.APIV2_AUTH_USED, null, UUID.randomUUID().toString(), false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ boolean lambda$new$0(MAMNotification mAMNotification) {
        if (AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$notification$MAMNotificationType[mAMNotification.getType().ordinal()] == 1) {
            handleEnrollmentResult((MAMEnrollmentNotification) mAMNotification);
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ boolean lambda$remediateCompliance$3(String str, String str2, String str3, String str4, MAMInternalNotification mAMInternalNotification) {
        showUXForKnoxActivation(str, str2, str3, str4);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$showUXForKnoxActivation$4(String str, String str2, String str3, String str4) {
        try {
            showBlockingComplianceActivity(str, str2, str3, str4, true);
        } catch (Exception e) {
            LOGGER.error(MAMInternalError.KNOX_COMPLIANCE_BLOCK_ACTIVITY_LAUNCH_FAILED, "Unable to launch compliance activity", e);
        }
    }

    private void notifyComplianceFailedIfNecessary(MAMIdentity mAMIdentity, MAMEnrollmentManager.Result result) {
        String string;
        String string2;
        if (result == MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED || result == MAMEnrollmentManager.Result.PENDING) {
            return;
        }
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$MAMEnrollmentManager$Result[result.ordinal()];
        if (i == 1) {
            string = this.mResources.getString(R.string.wg_mamca_misconfiguration_title);
            string2 = this.mResources.getString(R.string.wg_mamca_misconfiguration_message);
        } else if (i != 2) {
            string = this.mResources.getString(R.string.wg_mamca_failed_title);
            string2 = this.mResources.getString(R.string.wg_mamca_failed_message);
        } else {
            string = this.mResources.getString(R.string.wg_mamca_failed_auth_title);
            string2 = this.mResources.getString(R.string.wg_mamca_failed_auth_message);
        }
        this.mNotificationReceiverRegistry.sendNotification(new MAMComplianceNotificationImpl(MAMNotificationType.COMPLIANCE_STATUS, mAMIdentity, MAMCAComplianceStatus.CLIENT_ERROR, string, string2));
    }

    private void registerAccountForMAMInternal(String str, String str2, String str3, String str4, boolean z) {
        if (str == null || str.isEmpty()) {
            LOGGER.warning("registerAccountForMAM called with invalid UPN", new Object[0]);
            throw new IllegalArgumentException("Invalid UPN passed to registerAccountForMAM");
        }
        if (str2 == null || str2.isEmpty()) {
            LOGGER.warning("registerAccountForMAM called with invalid adalId", new Object[0]);
            throw new IllegalArgumentException("Invalid AAD id passed to registerAccountForMAM");
        }
        boolean hasUpnConflicts = this.mMAMIdentityManager.hasUpnConflicts();
        MAMIdentity insertOrUpdate = this.mMAMIdentityManager.insertOrUpdate(str2, str, str3, str4, false);
        this.mStrict.checkRegisterAccountForMAM(insertOrUpdate, this.mMAMWEAccountManager);
        if (!this.mMAMWEAccountManager.registerAccount(insertOrUpdate) && !z) {
            LOGGER.info("registerAccountForMAM skipping already registered account: {0}", this.mMAMLogPIIFactory.getPIIUPN(insertOrUpdate));
            return;
        }
        if (!hasUpnConflicts && this.mMAMIdentityManager.hasUpnConflicts()) {
            MAMIdentity primaryIdentity = this.mPrimaryIdentityCache.getPrimaryIdentity();
            if (MAMIdentity.isValid(primaryIdentity)) {
                this.mMAMIdentityManager.setPreferredOID(primaryIdentity.aadId());
            }
        }
        attemptMamEnrollment(insertOrUpdate, MAMServiceTokenSource.fromAppAcquiredToken(null), z);
    }

    private void showBlockingComplianceActivity(String str, String str2, String str3, String str4) {
        showBlockingComplianceActivity(str, str2, str3, str4, false);
    }

    private void showBlockingComplianceActivity(String str, String str2, String str3, String str4, boolean z) {
        Intent intent = new Intent(this.mContext, this.mActivityData.getComplianceBlockActivity());
        intent.putExtra(MAMStartupUIBehaviorImpl.EXTRA_STARTUP_UI_CORRELATION_ID, UUID.randomUUID());
        intent.putExtra(MAMComplianceUIBehaviorImpl.EXTRA_COMPLIANCE_UI_AAD_ID, str2);
        intent.putExtra(MAMComplianceUIBehaviorImpl.EXTRA_COMPLIANCE_UI_AUTHORITY, str4);
        intent.putExtra(MAMComplianceUIBehaviorImpl.EXTRA_COMPLIANCE_UI_TENANT_ID, str3);
        intent.putExtra(MAMComplianceUIBehaviorImpl.EXTRA_COMPLIANCE_UI_UPN, str);
        intent.putExtra(MAMComplianceUIBehaviorImpl.EXTRA_FOR_KNOX_ACTIVATION, z);
        intent.setFlags(268435456);
        this.mContext.startActivity(intent);
    }

    private void showUXForKnoxActivation(final String str, final String str2, final String str3, final String str4) {
        LOGGER.info("Showing our compliance UI anyway to handle Knox license activation.", new Object[0]);
        new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$$ExternalSyntheticLambda4
            @Override // java.lang.Runnable
            public final void run() {
                MAMEnrollmentManagerImpl.this.lambda$showUXForKnoxActivation$4(str, str2, str3, str4);
            }
        });
    }

    private void showWrongUserActivity(String str) {
        String enrolledUserAnyPackage = this.mAppPolicyEndpoint.getEnrolledUserAnyPackage();
        if (enrolledUserAnyPackage == null) {
            return;
        }
        Intent intent = new Intent(this.mContext, this.mActivityData.getStartupActivity());
        LOGGER.info("Sending intent to trigger wrong user startup dialog for existing user: {0}, attempted user: {1}.", this.mMAMLogPIIFactory.getPIIUPN(enrolledUserAnyPackage), this.mMAMLogPIIFactory.getPIIUPN(str));
        intent.putExtra(MAMStartupUIBehaviorImpl.EXTRA_DISPLAY_MAMSERVICE_WRONG_USER, true);
        intent.putExtra(MAMStartupUIBehaviorImpl.EXTRA_MDMLESS_WRONG_USER_EXISTING_IDENTITY, enrolledUserAnyPackage);
        intent.putExtra(MAMStartupUIBehaviorImpl.EXTRA_MDMLESS_WRONG_USER_ATTEMPTED_IDENTITY, str);
        intent.setFlags(268435456);
        this.mContext.startActivity(intent);
    }

    private MAMEnrollmentManager.Result unenrollApplication(MAMIdentity mAMIdentity, WipeReason wipeReason) {
        if (mAMIdentity == null || mAMIdentity.equals(MAMIdentity.EMPTY)) {
            LOGGER.warning("unenrollApplication called with invalid identity: {0}, failing unenrollApplication.", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity));
            return MAMEnrollmentManager.Result.UNENROLLMENT_FAILED;
        }
        LOGGER.info("Unenrolling application for identity {0}, wipe reason {1}.", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity), wipeReason);
        String uuid = UUID.randomUUID().toString();
        this.mTelemetryLogger.logMAMScenarioStart(ScenarioEvent.Scenario.UNENROLLMENT, this.mContext.getPackageName(), uuid);
        new UnenrollmentThread(mAMIdentity, uuid, wipeReason).start();
        return MAMEnrollmentManager.Result.PENDING;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.intune.mam.policy.AbstractEnrollmentManager
    public MAMServiceAuthenticationCallbackExtended adaptAuthCallback(MAMServiceAuthenticationCallback mAMServiceAuthenticationCallback) {
        if (Proxy.isProxyClass(mAMServiceAuthenticationCallback.getClass())) {
            InvocationHandler invocationHandler = Proxy.getInvocationHandler(mAMServiceAuthenticationCallback);
            if (invocationHandler instanceof writeMessageNoTag.INotificationSideChannelDefault) {
                writeMessageNoTag.INotificationSideChannelDefault iNotificationSideChannelDefault = (writeMessageNoTag.INotificationSideChannelDefault) invocationHandler;
                if (writeMessageNoTag.asBinder(iNotificationSideChannelDefault.getObject(), MAMServiceAuthenticationCallbackExtended.class)) {
                    return (MAMServiceAuthenticationCallbackExtended) writeMessageNoTag.proxy(iNotificationSideChannelDefault.getObject(), MAMServiceAuthenticationCallbackExtended.class);
                }
            }
        }
        return super.adaptAuthCallback(mAMServiceAuthenticationCallback);
    }

    @Override // com.microsoft.intune.mam.policy.MAMWEEnroller
    public void attemptMamEnrollment(MAMIdentity mAMIdentity) {
        attemptMamEnrollment(mAMIdentity, MAMServiceTokenSource.fromAppAcquiredToken(null), false);
    }

    @Deprecated
    public MAMEnrollmentManager.Result enrollApplication(String str) {
        LOGGER.warning("MAM v1 enrollment is no longer supported. Please update to the latest version of the MAM SDK.", new Object[0]);
        return MAMEnrollmentManager.Result.ENROLLMENT_FAILED;
    }

    @Deprecated
    public MAMEnrollmentManager.Result enrollApplication(String str, String str2) {
        LOGGER.warning("MAM v1 enrollment is no longer supported. Please update to the latest version of the MAM SDK.", new Object[0]);
        return MAMEnrollmentManager.Result.ENROLLMENT_FAILED;
    }

    @Override // com.microsoft.intune.mam.policy.AbstractEnrollmentManager, com.microsoft.intune.mam.policy.MAMWEEnroller
    public String getMAMServiceTokenFromCallback(MAMIdentity mAMIdentity) {
        String mAMServiceTokenFromCallback = super.getMAMServiceTokenFromCallback(mAMIdentity);
        if (mAMServiceTokenFromCallback == null) {
            this.mMAMWEAccountManager.setAccountNeedsToken(mAMIdentity, TokenNeededReason.CHECKIN);
        }
        return mAMServiceTokenFromCallback;
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public MAMEnrollmentManager.Result getRegisteredAccountStatus(String str) {
        return getRegisteredAccountStatus(str, null);
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public MAMEnrollmentManager.Result getRegisteredAccountStatus(String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            LOGGER.warning("getRegisteredAccountStatus called without valid OID; results may be incorrect.", new Object[0]);
        }
        MAMEnrollmentManager.Result accountStatus = this.mMAMWEAccountManager.getAccountStatus(this.mMAMIdentityManager.create(str, str2));
        return accountStatus == MAMEnrollmentManager.Result.COMPANY_PORTAL_REQUIRED ? MAMEnrollmentManager.Result.PENDING : accountStatus;
    }

    public void initialize() {
        this.mMAMWEAccountManager = this.mMAMWEAccountManagerProvider.get();
        MAMNotificationReceiverRegistryInternal mAMNotificationReceiverRegistryInternal = this.mNotificationReceiverRegistry;
        MAMNotificationReceiver mAMNotificationReceiver = this.mNotificationReceiver;
        MAMNotificationType mAMNotificationType = MAMNotificationType.MAM_ENROLLMENT_RESULT;
        mAMNotificationReceiverRegistryInternal.registerReceiver(mAMNotificationReceiver, mAMNotificationType);
        MAMEnrollmentNotificationReceiver mAMEnrollmentNotificationReceiver = new MAMEnrollmentNotificationReceiver(this.mContext, this.mTelemetryLogger, false, this.mMAMLogPIIFactory, this.mMAMIdentityManager);
        this.mNotificationReceiverRegistry.registerReceiver(mAMEnrollmentNotificationReceiver, mAMNotificationType);
        this.mNotificationReceiverRegistry.registerReceiver(mAMEnrollmentNotificationReceiver, MAMNotificationType.COMPLIANCE_STATUS);
        if (MAMInfo.isDefaultMAMEnrollmentEnabled()) {
            registerAuthenticationCallback(this.mDefaultEnrollmentProvider.get());
        }
    }

    @Deprecated
    public boolean isApplicationEnrolled(MAMIdentity mAMIdentity) {
        boolean isPackageEnrolledForMAM = (MAMIdentity.isNullOrEmpty(mAMIdentity) || !mAMIdentity.hasValidAadId()) ? false : this.mAppPolicyEndpoint.isPackageEnrolledForMAM(this.mContext.getPackageName(), mAMIdentity);
        if (isPackageEnrolledForMAM) {
            LOGGER.info(this.mContext.getPackageName() + " is enrolled in MAM Service for identity {0}", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity));
        } else {
            LOGGER.info(this.mContext.getPackageName() + " is not enrolled in MAM Service for identity {0}", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity));
        }
        return isPackageEnrolledForMAM;
    }

    @Override // com.microsoft.intune.mam.policy.AbstractEnrollmentManager
    protected MAMLogger logger() {
        return LOGGER;
    }

    void mamEnrollWithToken(MAMIdentity mAMIdentity, String str, MAMServiceTokenSource mAMServiceTokenSource, String str2, boolean z) {
        MAMEnrollmentManager.Result enrollPackageForMAM = this.mAppPolicyEndpoint.enrollPackageForMAM(this.mContext.getPackageName(), mAMIdentity, str, mAMServiceTokenSource, str2, z);
        LOGGER.info("MAM Service enrollment for {0}, identity {1}, returned result: {2}", this.mContext.getPackageName(), this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity), enrollPackageForMAM.name());
        if (enrollPackageForMAM == MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED) {
            this.mEnrolledIdentitiesCache.put(mAMIdentity, this.mPolicyResolver.hasAppPolicy(mAMIdentity));
        } else if (enrollPackageForMAM != MAMEnrollmentManager.Result.PENDING) {
            this.mEnrolledIdentitiesCache.remove(mAMIdentity);
        }
        if (enrollPackageForMAM != MAMEnrollmentManager.Result.PENDING) {
            this.mNotificationReceiverRegistry.sendNotification(new MAMEnrollmentNotificationImpl(MAMNotificationType.MAM_ENROLLMENT_RESULT, mAMIdentity, enrollPackageForMAM, MAMWEError.NONE_KNOWN, str2, false, true));
        }
        if (z) {
            notifyComplianceFailedIfNecessary(mAMIdentity, enrollPackageForMAM);
        }
    }

    void mamEnrollmentTokenAcquisitionFailure(MAMIdentity mAMIdentity, MAMEnrollmentManager.Result result, MAMWEError mAMWEError, String str, boolean z) {
        if (z && result == MAMEnrollmentManager.Result.AUTHORIZATION_NEEDED) {
            this.mMAMWEAccountManager.setAccountNeedsToken(mAMIdentity, TokenNeededReason.COMPLIANCE);
        }
        this.mNotificationReceiverRegistry.sendNotification(new MAMEnrollmentNotificationImpl(MAMNotificationType.MAM_ENROLLMENT_RESULT, mAMIdentity, result, mAMWEError, str, false));
        if (z) {
            notifyComplianceFailedIfNecessary(mAMIdentity, result);
        }
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void registerADALConnectionDetails(String str, ADALConnectionDetails aDALConnectionDetails) {
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void registerAccountForMAM(String str, String str2, String str3) {
        registerAccountForMAMInternal(str, str2, str3, null, false);
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void registerAccountForMAM(String str, String str2, String str3, String str4) {
        registerAccountForMAMInternal(str, str2, str3, str4, false);
    }

    @Override // com.microsoft.intune.mam.policy.MAMComplianceManager
    public void remediateCompliance(final String str, final String str2, final String str3, final String str4, boolean z) {
        if (z) {
            showBlockingComplianceActivity(str, str2, str3, str4);
            this.mAppUsesOurComplianceUI = true;
            return;
        }
        synchronized (this) {
            if (!this.mAppUsesOurComplianceUI && !this.mKnoxActivationRegistered) {
                LOGGER.info("App doesn't use our compliance UI", new Object[0]);
                this.mKnoxActivationRegistered = true;
                this.mInternalNotificationReceiverRegistry.registerReceiver(new MAMInternalNotificationReceiver() { // from class: com.microsoft.intune.mam.policy.MAMEnrollmentManagerImpl$$ExternalSyntheticLambda1
                    @Override // com.microsoft.intune.mam.policy.notification.MAMInternalNotificationReceiver
                    public final boolean onReceive(MAMInternalNotification mAMInternalNotification) {
                        boolean lambda$remediateCompliance$3;
                        lambda$remediateCompliance$3 = MAMEnrollmentManagerImpl.this.lambda$remediateCompliance$3(str, str2, str3, str4, mAMInternalNotification);
                        return lambda$remediateCompliance$3;
                    }
                }, MAMInternalNotificationType.KNOX_ACTIVATION_NEEDED);
            }
        }
        registerAccountForMAMInternal(str, str2, str3, str4, true);
    }

    @Override // com.microsoft.intune.mam.policy.AbstractEnrollmentManager
    protected void scheduleEnrollmentRetriesConfigOnly() {
        this.mCommonApplicationOnCreateOps.retryEnrollmentsAsync();
    }

    @Deprecated
    public MAMEnrollmentManager.Result unenrollApplication(String str) {
        MAMIdentity fromString = this.mMAMIdentityManager.fromString(str);
        LOGGER.info("MAM-WE unenrollApplication called for {0}, identity {1}.", this.mContext.getPackageName(), this.mMAMLogPIIFactory.getPIIUPN(fromString));
        return unenrollApplication(fromString, WipeReason.APP_UNENROLLMENT);
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void unregisterAccountForMAM(String str) {
        unregisterAccountForMAM(str, null);
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void unregisterAccountForMAM(String str, String str2) {
        if (acquireTokenInProgress()) {
            LOGGER.severe("unregisterAccountForMAM should not be called from within acquireToken!", new Object[0]);
            this.mStrict.checkFailUnsafeUnregisterAccountCall();
            return;
        }
        if (str2 == null || str2.isEmpty()) {
            if (str == null || str.isEmpty()) {
                LOGGER.warning("unregisterAccountForMAM called with invalid UPN", new Object[0]);
                throw new IllegalArgumentException("Invalid UPN and OID passed to unregisterAccountForMAM");
            }
            LOGGER.warning("unregisterAccountForMAM called without valid OID; identity may be ambiguous.", new Object[0]);
        }
        MAMIdentity create = this.mMAMIdentityManager.create(str, str2);
        MAMEnrollmentManager.Result accountStatus = this.mMAMWEAccountManager.getAccountStatus(create);
        if (accountStatus == null) {
            LOGGER.info("unregisterAccountForMAM skipping non-registered account: {0}", this.mMAMLogPIIFactory.getPIIUPN(create));
        } else {
            LOGGER.info("unregisterAccountForMAM attempting unenrollment for removed account: {0}", this.mMAMLogPIIFactory.getPIIUPN(create));
            unregisterAndUnenroll(create, accountStatus == MAMEnrollmentManager.Result.WRONG_USER ? WipeReason.WRONG_USER : !this.mAllowedAccounts.isAccountAllowed(str) ? WipeReason.ALLOWED_ACCOUNTS_NOT_ALLOWED : WipeReason.APP_UNENROLLMENT);
        }
    }

    public void unregisterAndUnenroll(MAMIdentity mAMIdentity, WipeReason wipeReason) {
        this.mMAMWEAccountManager.removeAccount(mAMIdentity);
        unenrollApplication(mAMIdentity, wipeReason);
    }

    public void updateMAMServiceToken(MAMIdentity mAMIdentity, MAMServiceTokenSource mAMServiceTokenSource) {
        boolean z = false;
        if (mAMServiceTokenSource.useAppAcquiredToken()) {
            if (!mAMServiceTokenSource.hasValidAppAcquiredToken()) {
                LOGGER.error(MAMInternalError.AUTHENTICATION_CALLBACK_INVALID_TOKEN, "Invalid token passed to updateMAMServiceToken.", new Object[0]);
                return;
            }
            MAMServiceTokenValidator.Result validateToken = this.mMAMServiceTokenValidator.validateToken(mAMServiceTokenSource.getAppAcquiredToken(), mAMIdentity, MAMServiceAuthentication.MAMSERVICE_RESOURCE_ID, "updateToken");
            if (!validateToken.isValid()) {
                this.mStrict.checkValidMAMServiceToken(validateToken);
                LOGGER.severe("Dropping invalid token passed to updateToken: " + validateToken.description(), new Object[0]);
                return;
            }
        }
        TokenNeededReason accountNeedsToken = this.mMAMWEAccountManager.getAccountNeedsToken(mAMIdentity);
        TokenNeededReason tokenNeededReason = TokenNeededReason.NOT_NEEDED;
        if (accountNeedsToken == tokenNeededReason) {
            LOGGER.info("Account passed to updateToken doesn't need a token update.", new Object[0]);
        } else {
            boolean z2 = accountNeedsToken == TokenNeededReason.COMPLIANCE;
            if (isApplicationEnrolled(mAMIdentity) && this.mMAMWEAccountManager.getAccountStatus(mAMIdentity) == MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED) {
                z = z2;
            } else {
                attemptMamEnrollment(mAMIdentity, mAMServiceTokenSource, z2);
            }
            this.mMAMWEAccountManager.setAccountNeedsToken(mAMIdentity, tokenNeededReason);
        }
        this.mAppPolicyEndpoint.updateMAMServiceToken(this.mContext.getPackageName(), mAMIdentity, mAMServiceTokenSource, z);
    }

    public void updateToken(String str, String str2, String str3, MAMServiceTokenSource mAMServiceTokenSource) {
        if (acquireTokenInProgress()) {
            LOGGER.severe("updateToken should not be called from within acquireToken!", new Object[0]);
            this.mStrict.checkFailUnsafeUpdateTokenCall();
        } else if (!str3.equals(MAMServiceAuthentication.MAMSERVICE_RESOURCE_ID)) {
            LOGGER.warning("Unknown resource ID passed to updateToken.", new Object[0]);
        } else if (mAMServiceTokenSource == null || mAMServiceTokenSource.needsValidAppAcquiredToken()) {
            LOGGER.warning("Invalid token source passed to updateToken.", new Object[0]);
        } else {
            updateMAMServiceToken(this.mMAMIdentityManager.create(str, str2), mAMServiceTokenSource);
        }
    }

    @Override // com.microsoft.intune.mam.policy.MAMEnrollmentManager
    public void updateToken(String str, String str2, String str3, String str4) {
        updateToken(str, str2, str3, MAMServiceTokenSource.fromAppAcquiredToken(str4));
    }

    @Override // com.microsoft.intune.mam.policy.AbstractEnrollmentManager
    public MAMServiceAuthenticationCallbackExtended wrapAuthenticationCallback(MAMServiceAuthenticationCallbackExtended mAMServiceAuthenticationCallbackExtended) {
        return new StrictAuthenticationCallbackWrapper(super.wrapAuthenticationCallback(mAMServiceAuthenticationCallbackExtended));
    }
}
