package com.acompli.accore.util;

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import bolts.Task;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACCoreService;
import com.acompli.accore.ACPersistenceManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.util.MAMEnrollmentUtil;
import com.acompli.accore.util.concurrent.OutlookExecutors;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.libcircle.log.Logger;
import com.acompli.libcircle.log.LoggerFactory;
import com.acompli.thrift.client.generated.AuthType;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.IntuneAppProtectionPolicyRequiredException;
import com.microsoft.intune.mam.client.app.MAMComponents;
import com.microsoft.intune.mam.client.identity.MAMPolicyManager;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiver;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiverRegistry;
import com.microsoft.intune.mam.policy.MAMComplianceManager;
import com.microsoft.intune.mam.policy.MAMEnrollmentManager;
import com.microsoft.intune.mam.policy.MAMServiceAuthenticationCallback;
import com.microsoft.intune.mam.policy.notification.MAMComplianceNotification;
import com.microsoft.intune.mam.policy.notification.MAMEnrollmentNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotificationType;
import com.microsoft.intune.mam.policy.notification.MAMUserNotification;
import com.microsoft.office.outlook.metrics.StrictModeProfiler;
import com.microsoft.office.outlook.olmcore.enums.AppStatus;
import com.microsoft.office.outlook.olmcore.managers.interfaces.AppSessionManager;
import com.microsoft.office.outlook.olmcore.managers.interfaces.AppStatusManager;
import com.microsoft.office.outlook.util.OSUtil;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeoutException;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes.dex */
public class MAMEnrollmentUtil implements MAMServiceAuthenticationCallback {
    private static final Logger a = LoggerFactory.a("MAMEnrollmentUtil");
    private final ACAccountManager d;
    private final ACPersistenceManager e;
    private final AppStatusManager f;
    private final AppSessionManager g;
    private final Context h;
    private final Set<String> b = new HashSet();
    private final Set<String> c = new HashSet();
    private final Map<String, String> i = new HashMap();

    /* renamed from: com.acompli.accore.util.MAMEnrollmentUtil$1, reason: invalid class name */
    /* loaded from: classes.dex */
    class AnonymousClass1 implements MAMNotificationReceiver {
        final /* synthetic */ Handler a;
        final /* synthetic */ MAMComplianceNotificationCallback b;
        final /* synthetic */ MAMNotificationReceiverRegistry c;

        AnonymousClass1(Handler handler, MAMComplianceNotificationCallback mAMComplianceNotificationCallback, MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry) {
            this.a = handler;
            this.b = mAMComplianceNotificationCallback;
            this.c = mAMNotificationReceiverRegistry;
        }

        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            if (mAMNotification.getType() != MAMNotificationType.COMPLIANCE_STATUS) {
                return true;
            }
            final MAMComplianceNotification mAMComplianceNotification = (MAMComplianceNotification) mAMNotification;
            Handler handler = this.a;
            final MAMComplianceNotificationCallback mAMComplianceNotificationCallback = this.b;
            handler.post(new Runnable() { // from class: com.acompli.accore.util.-$$Lambda$MAMEnrollmentUtil$1$TlCmNMmNLREomTaUR6xDmtdZsKk
                @Override // java.lang.Runnable
                public final void run() {
                    MAMEnrollmentUtil.MAMComplianceNotificationCallback.this.handleComplianceNotification(mAMComplianceNotification);
                }
            });
            this.c.unregisterReceiver(this, MAMNotificationType.COMPLIANCE_STATUS);
            return true;
        }
    }

    /* loaded from: classes.dex */
    private class EnrollmentNotificationReceiver implements MAMNotificationReceiver {
        private EnrollmentNotificationReceiver() {
        }

        /* synthetic */ EnrollmentNotificationReceiver(MAMEnrollmentUtil mAMEnrollmentUtil, AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            MAMEnrollmentNotification mAMEnrollmentNotification = (MAMEnrollmentNotification) mAMNotification;
            ACMailAccount a = MAMEnrollmentUtil.this.a(MAMEnrollmentUtil.this.d, mAMEnrollmentNotification.getUserIdentity(), false);
            if (a != null) {
                MAMEnrollmentUtil.this.a(a, mAMEnrollmentNotification.getEnrollmentResult());
                return true;
            }
            MAMEnrollmentUtil.a.b("Unable to find corresponding account for MAMEnrollmentNotification");
            return true;
        }
    }

    /* loaded from: classes.dex */
    public interface MAMComplianceNotificationCallback {
        void handleComplianceNotification(MAMComplianceNotification mAMComplianceNotification);
    }

    /* loaded from: classes.dex */
    private class ManagementRemovedReceiver implements MAMNotificationReceiver {
        private ManagementRemovedReceiver() {
        }

        /* synthetic */ ManagementRemovedReceiver(MAMEnrollmentUtil mAMEnrollmentUtil, AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            if (!MAMEnrollmentUtil.this.d.aa()) {
                return true;
            }
            if (MAMEnrollmentUtil.this.g.isAppInForeground()) {
                MAMEnrollmentUtil.a.c("ManagementRemoved: Informing user that we need to restart the app");
                MAMEnrollmentUtil.this.f.postAppStatusEvent(AppStatus.MANAGEMENT_REMOVED);
                return true;
            }
            MAMEnrollmentUtil.a.c("ManagementRemoved: app is in background, force killing it");
            OSUtil.kill();
            return true;
        }
    }

    /* loaded from: classes.dex */
    private class PolicyUpdateNotificationReceiver implements MAMNotificationReceiver {
        private PolicyUpdateNotificationReceiver() {
        }

        /* synthetic */ PolicyUpdateNotificationReceiver(MAMEnrollmentUtil mAMEnrollmentUtil, AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            MAMUserNotification mAMUserNotification = (MAMUserNotification) mAMNotification;
            if (mAMUserNotification.getType() != MAMNotificationType.REFRESH_POLICY) {
                return false;
            }
            String userIdentity = mAMUserNotification.getUserIdentity();
            ACMailAccount a = MAMEnrollmentUtil.this.a(MAMEnrollmentUtil.this.d, userIdentity, false);
            if (a == null || MAMPolicyManager.getPolicyForIdentity(userIdentity).getIsContactSyncAllowed()) {
                return true;
            }
            MAMEnrollmentUtil.this.d.p(a.getAccountID());
            return true;
        }
    }

    public MAMEnrollmentUtil(ACPersistenceManager aCPersistenceManager, ACAccountManager aCAccountManager, AppStatusManager appStatusManager, AppSessionManager appSessionManager, Context context) {
        this.e = aCPersistenceManager;
        this.d = aCAccountManager;
        this.f = appStatusManager;
        this.g = appSessionManager;
        this.h = context;
        MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry = (MAMNotificationReceiverRegistry) MAMComponents.get(MAMNotificationReceiverRegistry.class);
        AnonymousClass1 anonymousClass1 = null;
        mAMNotificationReceiverRegistry.registerReceiver(new EnrollmentNotificationReceiver(this, anonymousClass1), MAMNotificationType.MAM_ENROLLMENT_RESULT);
        mAMNotificationReceiverRegistry.registerReceiver(new PolicyUpdateNotificationReceiver(this, anonymousClass1), MAMNotificationType.REFRESH_POLICY);
        mAMNotificationReceiverRegistry.registerReceiver(new ManagementRemovedReceiver(this, anonymousClass1), MAMNotificationType.MANAGEMENT_REMOVED);
        StrictModeProfiler.INSTANCE.beginStrictModeExemption("MAMEnrollmentUtil<init>");
        MAMEnrollmentManager mAMEnrollmentManager = (MAMEnrollmentManager) MAMComponents.get(MAMEnrollmentManager.class);
        StrictModeProfiler.INSTANCE.endStrictModeExemption();
        if (mAMEnrollmentManager != null) {
            mAMEnrollmentManager.registerAuthenticationCallback(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(final ACMailAccount aCMailAccount, MAMEnrollmentManager.Result result) {
        synchronized (this.c) {
            if (result == MAMEnrollmentManager.Result.PENDING) {
                this.c.add(aCMailAccount.getO365UPN());
            } else {
                this.c.remove(aCMailAccount.getO365UPN());
            }
        }
        switch (result) {
            case AUTHORIZATION_NEEDED:
                a.b("MAM Service authorization needed.");
                if (aCMailAccount.getAuthType() == AuthType.Office365RestDirect.value) {
                    Task.a(new Callable() { // from class: com.acompli.accore.util.-$$Lambda$MAMEnrollmentUtil$5HRsaOInHaVRalordfRH1dIcW0k
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            Void d;
                            d = MAMEnrollmentUtil.this.d(aCMailAccount);
                            return d;
                        }
                    }, OutlookExecutors.c).a(TaskUtil.b());
                    return;
                }
                return;
            case NOT_LICENSED:
                a.c("The user is not licensed for MAM Service enrollment.");
                return;
            case ENROLLMENT_SUCCEEDED:
                a.c("MAM Service enrollment succeeded.");
                this.e.a(this.d.w());
                return;
            case ENROLLMENT_FAILED:
                a.d("MAM Service enrollment failed for an unknown reason.");
                return;
            case WRONG_USER:
                a.d("MAM Service enrollment failed because a different user is already enrolled.");
                a.d("The account will be removed.");
                ACCoreService.a(this.h, aCMailAccount.getAccountID(), ACAccountManager.DeleteAccountReason.INTUNE_ENROLL_WRONG_USER);
                return;
            case UNENROLLMENT_FAILED:
                a.d("MAM Service unenrollment failed for an unknown reason.");
                return;
            case UNENROLLMENT_SUCCEEDED:
                a.c("MAM Service unenrollment succeeded.");
                return;
            case PENDING:
                a.e("MAM Service enrollment pending.");
                return;
            case COMPANY_PORTAL_REQUIRED:
                this.b.add(aCMailAccount.getO365UPN().toLowerCase());
                a.e("MAM Service cannot enroll because the Company Portal is required. Enrollment will occur when the AAD token is refreshed.");
                return;
            default:
                a.d("Unhandled enrollment result " + result);
                return;
        }
    }

    private boolean a(String str) {
        boolean contains;
        synchronized (this.c) {
            contains = this.c.contains(str);
        }
        return contains;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Void d(ACMailAccount aCMailAccount) throws Exception {
        AuthenticationResult a2 = ADALUtil.a(this.h, aCMailAccount, "https://outlook.office365.com/", 15000L, false);
        if (a2 == null || a2.getAccessToken() == null) {
            return null;
        }
        ((MAMEnrollmentManager) MAMComponents.get(MAMEnrollmentManager.class)).updateToken(aCMailAccount.getO365UPN(), aCMailAccount.getUserID(), "https://outlook.office365.com/", a2.getAccessToken());
        return null;
    }

    public ACMailAccount a(ACAccountManager aCAccountManager, String str, boolean z) {
        if (z && !MAMPolicyManager.getIsIdentityManaged(str)) {
            return null;
        }
        Iterator<ACMailAccount> it = aCAccountManager.b().iterator();
        while (it.hasNext()) {
            ACMailAccount next = it.next();
            if (next.isIntunePolicyEligible() && str.equalsIgnoreCase(next.getO365UPN())) {
                return next;
            }
        }
        return null;
    }

    public synchronized void a(ACMailAccount aCMailAccount, AuthenticationResult authenticationResult) {
        AuthenticationResult a2;
        String lowerCase = aCMailAccount.getO365UPN().toLowerCase();
        MAMEnrollmentManager mAMEnrollmentManager = (MAMEnrollmentManager) MAMComponents.get(MAMEnrollmentManager.class);
        if (aCMailAccount.isIntunePolicyEligible() && mAMEnrollmentManager.getRegisteredAccountStatus(lowerCase) == null) {
            mAMEnrollmentManager.registerAccountForMAM(lowerCase, aCMailAccount.getUserID(), authenticationResult != null ? authenticationResult.getTenantId() : aCMailAccount.getAADTenantId(), ADALUtil.a(aCMailAccount));
        }
        String str = this.i.get(lowerCase);
        if (str == null) {
            return;
        }
        try {
            a2 = ADALUtil.a(this.h, aCMailAccount, str, 15000L, true);
        } catch (AuthenticationException | InterruptedException | TimeoutException e) {
            a.d("Encountered exception in onAadTokenRefreshed for " + PIILogUtility.a(lowerCase), e);
        }
        if (a2 == null) {
            return;
        }
        mAMEnrollmentManager.updateToken(aCMailAccount.getO365UPN(), aCMailAccount.getUserID(), str, a2.getAccessToken());
        this.i.remove(lowerCase);
    }

    public void a(String str, String str2, String str3, String str4, boolean z) {
        a.a("Attempting to remediate compliance with Intune MAM App Protection Policy for " + PIILogUtility.a(str));
        ((MAMComplianceManager) MAMComponents.get(MAMComplianceManager.class)).remediateCompliance(str, str2, str3, str4, z);
    }

    public boolean a(ACMailAccount aCMailAccount) {
        String o365upn = aCMailAccount.getO365UPN();
        if (MAMPolicyManager.getIsIdentityManaged(o365upn)) {
            return MAMPolicyManager.getPolicyForIdentity(o365upn).getIsContactSyncAllowed();
        }
        return true;
    }

    public boolean a(AuthenticationException authenticationException, boolean z, MAMComplianceNotificationCallback mAMComplianceNotificationCallback) {
        if (authenticationException.getCode() != ADALError.AUTH_FAILED_INTUNE_POLICY_REQUIRED || !(authenticationException instanceof IntuneAppProtectionPolicyRequiredException)) {
            return false;
        }
        a.a("attempting to handle IntuneAppProtectionPolicyRequiredException");
        IntuneAppProtectionPolicyRequiredException intuneAppProtectionPolicyRequiredException = (IntuneAppProtectionPolicyRequiredException) authenticationException;
        String accountUpn = intuneAppProtectionPolicyRequiredException.getAccountUpn();
        String accountUserId = intuneAppProtectionPolicyRequiredException.getAccountUserId();
        String tenantId = intuneAppProtectionPolicyRequiredException.getTenantId();
        String authorityURL = intuneAppProtectionPolicyRequiredException.getAuthorityURL();
        if (mAMComplianceNotificationCallback != null) {
            Handler handler = new Handler(Looper.getMainLooper());
            MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry = (MAMNotificationReceiverRegistry) MAMComponents.get(MAMNotificationReceiverRegistry.class);
            mAMNotificationReceiverRegistry.registerReceiver(new AnonymousClass1(handler, mAMComplianceNotificationCallback, mAMNotificationReceiverRegistry), MAMNotificationType.COMPLIANCE_STATUS);
        }
        a(accountUpn, accountUserId, tenantId, authorityURL, z);
        return true;
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceAuthenticationCallback
    public synchronized String acquireToken(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        String lowerCase = str.toLowerCase();
        boolean z = false;
        for (ACMailAccount aCMailAccount : this.d.g()) {
            if (lowerCase.equalsIgnoreCase(aCMailAccount.getO365UPN())) {
                z = true;
                try {
                    AuthenticationResult a2 = ADALUtil.a(this.h, aCMailAccount, str3, 15000L, true);
                    if (a2 != null) {
                        this.i.remove(lowerCase);
                        return a2.getAccessToken();
                    }
                    continue;
                } catch (AuthenticationException | InterruptedException | TimeoutException e) {
                    a.d("Encountered exception acquiring token for MAM-WE for account " + PIILogUtility.a(lowerCase), e);
                }
            }
        }
        if (!z) {
            try {
                AuthenticationResult a3 = ADALUtil.a(this.h, str2, "https://login.windows.net/common/oauth2/token", str3, 15000L, true);
                if (a3 != null) {
                    this.i.remove(lowerCase);
                    return a3.getAccessToken();
                }
            } catch (AuthenticationException | InterruptedException | TimeoutException e2) {
                a.d("Encountered exception acquiring token for MAM-WE for account " + PIILogUtility.a(lowerCase), e2);
            }
        }
        this.i.put(lowerCase, str3);
        return null;
    }

    public void b(ACMailAccount aCMailAccount) {
        if (!aCMailAccount.isIntunePolicyEligible()) {
            a.a("Not enrolling account " + aCMailAccount.getAccountID() + " of type " + aCMailAccount.getAuthType() + " in MAM because it is not an O365 account");
            return;
        }
        String o365upn = aCMailAccount.getO365UPN();
        if (o365upn == null || o365upn.isEmpty()) {
            a.d("O365 account " + aCMailAccount.getAccountID() + " has null/empty UPN, cannot enroll in MAM");
            return;
        }
        if (this.b.contains(o365upn.toLowerCase())) {
            a.a("Not enrolling account " + PIILogUtility.a(o365upn) + " because we already know the Company Portal is required (but not present)");
            return;
        }
        if (a(o365upn)) {
            a.d("Enrollment already pending for O365 account " + PIILogUtility.a(o365upn) + ".");
            return;
        }
        a.a("Attempting to enroll O365 account " + PIILogUtility.a(o365upn) + " in MAM");
        ((MAMEnrollmentManager) MAMComponents.get(MAMEnrollmentManager.class)).registerAccountForMAM(o365upn, aCMailAccount.getUserID(), aCMailAccount.getAADTenantId(), ADALUtil.a(aCMailAccount));
    }

    public void c(ACMailAccount aCMailAccount) {
        if (aCMailAccount.isIntunePolicyEligible()) {
            String o365upn = aCMailAccount.getO365UPN();
            if (o365upn == null || o365upn.isEmpty()) {
                a.d("O365 account " + PIILogUtility.a(o365upn) + " has null/empty UPN, cannot unenroll from MAM");
                return;
            }
            a.a("Attempting to unenroll O365 account " + PIILogUtility.a(o365upn) + " from MAM");
            ((MAMEnrollmentManager) MAMComponents.get(MAMEnrollmentManager.class)).unregisterAccountForMAM(o365upn);
        }
    }
}
