package com.android.emaileas;

import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.ContentProviderOperation;
import android.content.ContentResolver;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.OperationApplicationException;
import android.database.Cursor;
import android.os.Bundle;
import android.os.RemoteException;
import com.android.emailcommon.Logging;
import com.android.emailcommon.provider.Account;
import com.android.emailcommon.provider.EmailContent;
import com.android.emailcommon.provider.Policy;
import com.android.emailcommon.utility.TextUtilities;
import com.android.emailcommon.utility.Utility;
import com.android.emaileas.provider.AccountReconciler;
import com.android.emaileas.provider.EmailProvider;
import com.android.emaileas.service.EmailBroadcastProcessorService;
import com.android.emaileas.service.EmailServiceUtils;
import com.android.mail.utils.LogUtils;
import java.util.ArrayList;
import org.apache.commons.httpclient.auth.NTLMScheme;

/* loaded from: classes.dex */
public class SecurityPolicy {
    public static final int DEVICE_ADMIN_MESSAGE_DISABLED = 2;
    public static final int DEVICE_ADMIN_MESSAGE_ENABLED = 1;
    public static final int DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED = 3;
    public static final int DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING = 4;
    public static final String HAS_PASSWORD_EXPIRATION = "passwordExpirationDays>0";
    public static final int INACTIVE_NEED_ACTIVATION = 1;
    public static final int INACTIVE_NEED_CONFIGURATION = 2;
    public static final int INACTIVE_NEED_ENCRYPTION = 8;
    public static final int INACTIVE_NEED_PASSWORD = 4;
    public static final int INACTIVE_PROTOCOL_POLICIES = 16;
    public static final String TAG = "Email";
    public static SecurityPolicy sInstance;
    public final ComponentName mAdminName;
    public Context mContext;
    public DevicePolicyManager mDPM = null;
    public Policy mAggregatePolicy = null;

    /* loaded from: classes.dex */
    public static class PolicyAdmin extends DeviceAdminReceiver {
        @Override // android.app.admin.DeviceAdminReceiver
        public CharSequence onDisableRequested(Context context, Intent intent) {
            return context.getString(R.string.disable_admin_warning);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onDisabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.processDevicePolicyMessage(context, 2);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onEnabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.processDevicePolicyMessage(context, 1);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordChanged(Context context, Intent intent) {
            EmailBroadcastProcessorService.processDevicePolicyMessage(context, 3);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordExpiring(Context context, Intent intent) {
            EmailBroadcastProcessorService.processDevicePolicyMessage(context, 4);
        }
    }

    public SecurityPolicy(Context context) {
        this.mContext = context.getApplicationContext();
        this.mAdminName = new ComponentName(context, (Class<?>) PolicyAdmin.class);
    }

    public static void clearAccountPolicy(Context context, Account account) {
        setAccountPolicy(context, account, (Policy) null, (String) null);
    }

    public static long findShortestExpiration(Context context) {
        long longValue = Utility.getFirstRowLong(context, Policy.CONTENT_URI, EmailContent.ID_PROJECTION, HAS_PASSWORD_EXPIRATION, null, "passwordExpirationDays ASC", 0, -1L).longValue();
        if (longValue < 0) {
            return -1L;
        }
        return Policy.getAccountIdWithPolicyKey(context, longValue);
    }

    public static synchronized SecurityPolicy getInstance(Context context) {
        SecurityPolicy securityPolicy;
        synchronized (SecurityPolicy.class) {
            if (sInstance == null) {
                sInstance = new SecurityPolicy(context.getApplicationContext());
            }
            securityPolicy = sInstance;
        }
        return securityPolicy;
    }

    public static void onDeviceAdminReceiverMessage(Context context, int i) {
        SecurityPolicy securityPolicy = getInstance(context);
        if (i == 1) {
            securityPolicy.onAdminEnabled(true);
            return;
        }
        if (i == 2) {
            securityPolicy.onAdminEnabled(false);
            return;
        }
        if (i == 3) {
            Account.clearSecurityHoldOnAllAccounts(context);
            NotificationControllerCreatorHolder.getInstance(context).cancelPasswordExpirationNotifications();
        } else {
            if (i != 4) {
                return;
            }
            securityPolicy.onPasswordExpiring(securityPolicy.mContext);
        }
    }

    private void onPasswordExpiring(Context context) {
        long findShortestExpiration = findShortestExpiration(context);
        if (findShortestExpiration == -1) {
            return;
        }
        boolean z = getDPM().getPasswordExpiration(this.mAdminName) - System.currentTimeMillis() < 0;
        NotificationController notificationControllerCreatorHolder = NotificationControllerCreatorHolder.getInstance(context);
        if (!z) {
            notificationControllerCreatorHolder.showPasswordExpiringNotificationSynchronous(findShortestExpiration);
        } else if (wipeExpiredAccounts(context)) {
            notificationControllerCreatorHolder.showPasswordExpiredNotificationSynchronous(findShortestExpiration);
        }
    }

    public static void setAccountHoldFlag(Context context, long j, boolean z) {
        Account restoreAccountWithId = Account.restoreAccountWithId(context, j);
        if (restoreAccountWithId != null) {
            setAccountHoldFlag(context, restoreAccountWithId, z);
            if (z) {
                NotificationControllerCreatorHolder.getInstance(context).showSecurityNeededNotification(restoreAccountWithId);
            }
        }
    }

    public static void setAccountHoldFlag(Context context, Account account, boolean z) {
        if (z) {
            account.mFlags |= 32;
        } else {
            account.mFlags &= -33;
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("flags", Integer.valueOf(account.mFlags));
        account.update(context, contentValues);
    }

    public static void setAccountPolicy(Context context, Account account, Policy policy, String str) {
        ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
        if (policy != null) {
            String str2 = "the sync key is  - > " + str;
            policy.normalize();
            arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.toContentValues()).build());
            arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)).withValueBackReference(EmailContent.AccountColumns.POLICY_KEY, 0).withValue(EmailContent.AccountColumns.SECURITY_SYNC_KEY, str).build());
        } else {
            arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)).withValue(EmailContent.AccountColumns.SECURITY_SYNC_KEY, null).withValue(EmailContent.AccountColumns.POLICY_KEY, 0).build());
        }
        long j = account.mPolicyKey;
        if (j > 0) {
            arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, j)).build());
        }
        try {
            context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
            account.refresh(context);
            syncAccount(context, account);
        } catch (OperationApplicationException unused) {
        } catch (RemoteException unused2) {
            throw new IllegalStateException("Exception setting account policy.");
        }
    }

    public static void syncAccount(Context context, Account account) {
        android.accounts.Account account2 = new android.accounts.Account(account.mEmailAddress, EmailServiceUtils.getServiceInfo(context, account.getProtocol(context)).accountType);
        Bundle bundle = new Bundle(3);
        bundle.putBoolean("force", true);
        bundle.putBoolean("do_not_retry", true);
        bundle.putBoolean("expedited", true);
        ContentResolver.requestSync(account2, EmailContent.AUTHORITY, bundle);
        LogUtils.i("Email", "requestSync SecurityPolicy syncAccount %s, %s", account.toString(), bundle.toString());
    }

    public static boolean wipeExpiredAccounts(Context context) {
        Account restoreAccountWithId;
        Cursor query = context.getContentResolver().query(Policy.CONTENT_URI, EmailContent.ID_PROJECTION, HAS_PASSWORD_EXPIRATION, null, null);
        if (query == null) {
            return false;
        }
        boolean z = false;
        while (query.moveToNext()) {
            try {
                long accountIdWithPolicyKey = Policy.getAccountIdWithPolicyKey(context, query.getLong(0));
                if (accountIdWithPolicyKey >= 0 && (restoreAccountWithId = Account.restoreAccountWithId(context, accountIdWithPolicyKey)) != null) {
                    setAccountHoldFlag(context, restoreAccountWithId, true);
                    context.getContentResolver().delete(EmailProvider.uiUri("uiaccountdata", accountIdWithPolicyKey), null, null);
                    z = true;
                }
            } finally {
                query.close();
            }
        }
        return z;
    }

    public void clearNotification() {
        NotificationControllerCreatorHolder.getInstance(this.mContext).cancelSecurityNeededNotification();
    }

    public Policy computeAggregatePolicy() {
        Policy policy = new Policy();
        policy.mPasswordMinLength = Integer.MIN_VALUE;
        policy.mPasswordMode = Integer.MIN_VALUE;
        policy.mPasswordMaxFails = NTLMScheme.FAILED;
        policy.mPasswordHistory = Integer.MIN_VALUE;
        policy.mPasswordExpirationDays = NTLMScheme.FAILED;
        policy.mPasswordComplexChars = Integer.MIN_VALUE;
        policy.mMaxScreenLockTime = NTLMScheme.FAILED;
        policy.mRequireRemoteWipe = false;
        policy.mRequireEncryption = false;
        policy.mRequireEncryptionExternal = false;
        Cursor query = this.mContext.getContentResolver().query(Policy.CONTENT_URI, Policy.CONTENT_PROJECTION, null, null, null);
        Policy policy2 = new Policy();
        boolean z = false;
        while (query.moveToNext()) {
            try {
                policy2.restore(query);
                if (DebugUtils.DEBUG) {
                    LogUtils.d("Email", "Aggregate from: " + policy2, new Object[0]);
                }
                policy.mPasswordMinLength = Math.max(policy2.mPasswordMinLength, policy.mPasswordMinLength);
                policy.mPasswordMode = Math.max(policy2.mPasswordMode, policy.mPasswordMode);
                if (policy2.mPasswordMaxFails > 0) {
                    policy.mPasswordMaxFails = Math.min(policy2.mPasswordMaxFails, policy.mPasswordMaxFails);
                }
                if (policy2.mMaxScreenLockTime > 0) {
                    policy.mMaxScreenLockTime = Math.min(policy2.mMaxScreenLockTime, policy.mMaxScreenLockTime);
                }
                if (policy2.mPasswordHistory > 0) {
                    policy.mPasswordHistory = Math.max(policy2.mPasswordHistory, policy.mPasswordHistory);
                }
                if (policy2.mPasswordExpirationDays > 0) {
                    policy.mPasswordExpirationDays = Math.min(policy2.mPasswordExpirationDays, policy.mPasswordExpirationDays);
                }
                if (policy2.mPasswordComplexChars > 0) {
                    policy.mPasswordComplexChars = Math.max(policy2.mPasswordComplexChars, policy.mPasswordComplexChars);
                }
                policy.mRequireRemoteWipe |= policy2.mRequireRemoteWipe;
                policy.mRequireEncryption |= policy2.mRequireEncryption;
                policy.mDontAllowCamera |= policy2.mDontAllowCamera;
                z = true;
            } finally {
                query.close();
            }
        }
        if (!z) {
            if (DebugUtils.DEBUG) {
                LogUtils.d("Email", "Calculated Aggregate: no policy", new Object[0]);
            }
            return Policy.NO_POLICY;
        }
        if (policy.mPasswordMinLength == Integer.MIN_VALUE) {
            policy.mPasswordMinLength = 0;
        }
        if (policy.mPasswordMode == Integer.MIN_VALUE) {
            policy.mPasswordMode = 0;
        }
        if (policy.mPasswordMaxFails == Integer.MAX_VALUE) {
            policy.mPasswordMaxFails = 0;
        }
        if (policy.mMaxScreenLockTime == Integer.MAX_VALUE) {
            policy.mMaxScreenLockTime = 0;
        }
        if (policy.mPasswordHistory == Integer.MIN_VALUE) {
            policy.mPasswordHistory = 0;
        }
        if (policy.mPasswordExpirationDays == Integer.MAX_VALUE) {
            policy.mPasswordExpirationDays = 0;
        }
        if (policy.mPasswordComplexChars == Integer.MIN_VALUE) {
            policy.mPasswordComplexChars = 0;
        }
        if (DebugUtils.DEBUG) {
            LogUtils.d("Email", "Calculated Aggregate: " + policy, new Object[0]);
        }
        return policy;
    }

    public void deleteSecuredAccounts(Context context) {
        ContentResolver contentResolver = context.getContentResolver();
        Cursor query = contentResolver.query(Account.CONTENT_URI, EmailContent.ID_PROJECTION, Account.SECURITY_NONZERO_SELECTION, null, null);
        try {
            LogUtils.w("Email", "Email administration disabled; deleting " + query.getCount() + " secured account(s)", new Object[0]);
            while (query.moveToNext()) {
                contentResolver.delete(EmailProvider.uiUri("uiaccount", query.getLong(0)), null, null);
            }
            query.close();
            policiesUpdated();
            AccountReconciler.reconcileAccounts(context);
        } catch (Throwable th) {
            query.close();
            throw th;
        }
    }

    public ComponentName getAdminComponent() {
        return this.mAdminName;
    }

    public synchronized Policy getAggregatePolicy() {
        if (this.mAggregatePolicy == null) {
            this.mAggregatePolicy = computeAggregatePolicy();
        }
        return this.mAggregatePolicy;
    }

    public synchronized DevicePolicyManager getDPM() {
        if (this.mDPM == null) {
            this.mDPM = (DevicePolicyManager) this.mContext.getSystemService("device_policy");
        }
        return this.mDPM;
    }

    public int getInactiveReasons(Policy policy) {
        Policy policy2 = Policy.NO_POLICY;
        if (policy2 == null) {
            policy2 = getAggregatePolicy();
        }
        int i = 0;
        if (policy2 == Policy.NO_POLICY) {
            return 0;
        }
        DevicePolicyManager dpm = getDPM();
        if (!isActiveAdmin()) {
            return 1;
        }
        if (policy2.mPasswordMinLength > 0 && dpm.getPasswordMinimumLength(this.mAdminName) < policy2.mPasswordMinLength) {
            i = 4;
        }
        if (policy2.mPasswordMode > 0) {
            if (dpm.getPasswordQuality(this.mAdminName) < policy2.getDPManagerPasswordQuality()) {
                i |= 4;
            }
            if (!dpm.isActivePasswordSufficient()) {
                i |= 4;
            }
        }
        if (policy2.mMaxScreenLockTime > 0 && dpm.getMaximumTimeToLock(this.mAdminName) > policy2.mMaxScreenLockTime * 1000) {
            i |= 2;
        }
        if (policy2.mPasswordHistory > 0 && dpm.getPasswordHistoryLength(this.mAdminName) < policy2.mPasswordHistory) {
            i |= 2;
        }
        if (policy2.mPasswordComplexChars > 0 && dpm.getPasswordMinimumNonLetter(this.mAdminName) < policy2.mPasswordComplexChars) {
            i |= 4;
        }
        if (policy2.mRequireEncryption && getDPM().getStorageEncryptionStatus() != 3) {
            i |= 8;
        }
        return policy2.mProtocolPoliciesUnsupported != null ? i | 16 : i;
    }

    public boolean isActive(Policy policy) {
        int inactiveReasons = getInactiveReasons(policy);
        if (DebugUtils.DEBUG && inactiveReasons != 0) {
            StringBuilder sb = new StringBuilder("isActive for " + policy + ": ");
            sb.append("FALSE -> ");
            if ((inactiveReasons & 1) != 0) {
                sb.append("no_admin ");
            }
            if ((inactiveReasons & 2) != 0) {
                sb.append("config ");
            }
            if ((inactiveReasons & 4) != 0) {
                sb.append("password ");
            }
            if ((inactiveReasons & 8) != 0) {
                sb.append("encryption ");
            }
            if ((inactiveReasons & 16) != 0) {
                sb.append("protocol ");
            }
            LogUtils.d("Email", sb.toString(), new Object[0]);
        }
        return inactiveReasons == 0;
    }

    public boolean isActiveAdmin() {
        return true;
    }

    public void onAdminEnabled(boolean z) {
        if (z) {
            return;
        }
        deleteSecuredAccounts(this.mContext);
    }

    public void policiesRequired(long j) {
        Policy restorePolicyWithId;
        Account restoreAccountWithId = Account.restoreAccountWithId(this.mContext, j);
        if (restoreAccountWithId == null) {
            return;
        }
        long j2 = restoreAccountWithId.mPolicyKey;
        if (j2 == 0 || (restorePolicyWithId = Policy.restorePolicyWithId(this.mContext, j2)) == null) {
            return;
        }
        if (DebugUtils.DEBUG) {
            LogUtils.d("Email", "policiesRequired for " + restoreAccountWithId.mDisplayName + ": " + restorePolicyWithId, new Object[0]);
        }
        setAccountHoldFlag(this.mContext, restoreAccountWithId, true);
        try {
            NotificationController notificationControllerCreatorHolder = NotificationControllerCreatorHolder.getInstance(this.mContext);
            if (restorePolicyWithId.mProtocolPoliciesUnsupported == null) {
                notificationControllerCreatorHolder.showSecurityNeededNotification(restoreAccountWithId);
            } else {
                notificationControllerCreatorHolder.showSecurityUnsupportedNotification(restoreAccountWithId);
            }
        } catch (Exception e) {
            LogMe.i("Exchange", "Catched in Security Policy -> " + e.toString());
        }
    }

    public synchronized void policiesUpdated() {
        this.mAggregatePolicy = null;
        setActivePolicies();
    }

    public void reducePolicies() {
        if (DebugUtils.DEBUG) {
            LogUtils.d("Email", "reducePolicies", new Object[0]);
        }
        policiesUpdated();
    }

    public void remoteWipe() {
        DevicePolicyManager dpm = getDPM();
        if (dpm.isAdminActive(this.mAdminName)) {
            dpm.wipeData(1);
        } else {
            LogUtils.d(Logging.LOG_TAG, "Could not remote wipe because not device admin.", new Object[0]);
        }
    }

    public void setAccountPolicy(long j, Policy policy, String str, boolean z) {
        Account restoreAccountWithId = Account.restoreAccountWithId(this.mContext, j);
        if (restoreAccountWithId == null) {
            return;
        }
        long j2 = restoreAccountWithId.mPolicyKey;
        Policy restorePolicyWithId = j2 > 0 ? Policy.restorePolicyWithId(this.mContext, j2) : null;
        if (restorePolicyWithId != null && str != null && (restorePolicyWithId.mDontAllowAttachments != policy.mDontAllowAttachments || restorePolicyWithId.mMaxAttachmentSize != policy.mMaxAttachmentSize)) {
            Policy.setAttachmentFlagsForNewPolicy(this.mContext, restoreAccountWithId, policy);
        }
        boolean z2 = true;
        boolean z3 = restorePolicyWithId == null || !restorePolicyWithId.equals(policy);
        if (z3 || !TextUtilities.stringOrNullEquals(str, restoreAccountWithId.mSecuritySyncKey)) {
            setAccountPolicy(this.mContext, restoreAccountWithId, policy, str);
            policiesUpdated();
        } else {
            LogUtils.d(Logging.LOG_TAG, "setAccountPolicy; policy unchanged", new Object[0]);
        }
        if (policy.mProtocolPoliciesUnsupported != null) {
            LogUtils.d(Logging.LOG_TAG, "Notify policies for " + restoreAccountWithId.mDisplayName + " not supported.", new Object[0]);
            this.mContext.getContentResolver().delete(EmailProvider.uiUri("uiaccountdata", j), null, null);
        } else if (isActive(policy)) {
            if (z3) {
                LogUtils.d(Logging.LOG_TAG, "Notify policies for " + restoreAccountWithId.mDisplayName + " changed.", new Object[0]);
            } else {
                LogUtils.d(Logging.LOG_TAG, "Policy is active and unchanged; do not notify.", new Object[0]);
            }
            z2 = false;
        } else {
            LogUtils.d(Logging.LOG_TAG, "Notify policies for " + restoreAccountWithId.mDisplayName + " are not being enforced.", new Object[0]);
        }
        setAccountHoldFlag(this.mContext, restoreAccountWithId, z2);
    }

    public void setActivePolicies() {
        DevicePolicyManager dpm = getDPM();
        getAggregatePolicy();
        Policy policy = Policy.NO_POLICY;
        if (policy != policy) {
            if (isActiveAdmin()) {
                if (DebugUtils.DEBUG) {
                    LogUtils.d("Email", "setActivePolicies: " + policy, new Object[0]);
                }
                dpm.setPasswordQuality(this.mAdminName, policy.getDPManagerPasswordQuality());
                dpm.setPasswordMinimumLength(this.mAdminName, policy.mPasswordMinLength);
                dpm.setMaximumTimeToLock(this.mAdminName, policy.mMaxScreenLockTime * 1000);
                dpm.setPasswordHistoryLength(this.mAdminName, policy.mPasswordHistory);
                dpm.setPasswordMinimumSymbols(this.mAdminName, 0);
                dpm.setPasswordMinimumNumeric(this.mAdminName, 0);
                dpm.setPasswordMinimumNonLetter(this.mAdminName, policy.mPasswordComplexChars);
                dpm.setStorageEncryption(this.mAdminName, policy.mRequireEncryption);
                return;
            }
            return;
        }
        if (DebugUtils.DEBUG) {
            LogUtils.d("Email", "setActivePolicies: none, remove admin", new Object[0]);
        }
        try {
            dpm.removeActiveAdmin(this.mAdminName);
        } catch (SecurityException unused) {
        }
    }

    public void setContext(Context context) {
        this.mContext = context;
    }

    public void syncAccount(Account account) {
        syncAccount(this.mContext, account);
    }
}
