package com.blackberry.email.account;

import android.accounts.AccountManager;
import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.ContentProviderOperation;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.OperationApplicationException;
import android.database.Cursor;
import android.os.Build;
import android.os.Bundle;
import android.os.RemoteException;
import com.blackberry.common.f.ah;
import com.blackberry.common.f.o;
import com.blackberry.common.f.p;
import com.blackberry.email.account.activity.setup.g;
import com.blackberry.email.account.service.EmailBroadcastProcessorService;
import com.blackberry.email.f;
import com.blackberry.email.provider.contract.Account;
import com.blackberry.email.provider.contract.EmailContent;
import com.blackberry.email.provider.contract.Policy;
import com.blackberry.email.provider.d;
import com.blackberry.email.service.EmailServiceUtils;
import com.blackberry.email.utils.ai;
import com.blackberry.email.utils.r;
import com.blackberry.l.j;
import com.google.common.annotations.VisibleForTesting;
import com.ibm.icu.text.PluralRules;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class SecurityPolicy {
    public static final int bmA = 2;
    public static final int bmB = 4;
    public static final int bmC = 8;
    public static final int bmD = 16;
    private static final int bmu = 1;
    private static final int bmv = 2;
    private static final int bmw = 3;
    private static final int bmx = 4;
    private static final String bmy = "passwordExpirationDays>0";
    public static final int bmz = 1;
    private final ComponentName bms;
    private Context mContext;
    private static final String TAG = o.bl();
    private static SecurityPolicy bmq = null;
    private DevicePolicyManager bmr = null;
    private Policy bmt = null;

    /* loaded from: classes.dex */
    public static class PolicyAdmin extends DeviceAdminReceiver {
        @Override // android.app.admin.DeviceAdminReceiver
        public CharSequence onDisableRequested(Context context, Intent intent) {
            return "WARNING: Deactivating the Email app's authority to administer your device will delete all email accounts that require it, along with their email, contacts, calendar events and other data.";
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onDisabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 2);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onEnabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 1);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordChanged(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 3);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordExpiring(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 4);
        }
    }

    protected SecurityPolicy(Context context) {
        this.mContext = context.getApplicationContext();
        this.bms = new ComponentName(context, (Class<?>) PolicyAdmin.class);
    }

    private static void a(Context context, Account account, Policy policy, String str) {
        ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
        arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.au()).build());
        arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)).withValueBackReference(EmailContent.a.bMP, 0).withValue(EmailContent.a.bMO, str).build());
        if (account.bMb > 0) {
            arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, account.bMb)).build());
        }
        try {
            context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
            account.bc(context);
            h(context, account);
        } catch (OperationApplicationException e) {
        } catch (RemoteException e2) {
            throw new IllegalStateException("Exception setting account policy.");
        }
    }

    public static void a(Context context, Account account, boolean z) {
        if (z) {
            account.mFlags |= 32;
        } else {
            account.mFlags &= -33;
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("flags", Integer.valueOf(account.mFlags));
        account.a(context, contentValues);
        g.a(context, account.mFlags, account.agl);
    }

    private static void a(Context context, Long[] lArr) {
        if (lArr != null) {
            for (Long l : lArr) {
                Account M = Account.M(context, l.longValue());
                if (M != null) {
                    h(context, M);
                }
            }
        }
    }

    private void a(Policy policy, Account account, boolean z) {
        boolean z2 = true;
        if (policy.yR()) {
            p.b(TAG, "Notify policies not supported, account:%d", Long.valueOf(account.mId));
            f.bB(this.mContext).h(account);
            this.mContext.getContentResolver().delete(d.g("uiaccountdata", account.getId()), null, null);
        } else if (!e(policy)) {
            p.b(TAG, "Notify policies are not being enforced, account:%d", Long.valueOf(account.mId));
            f.bB(this.mContext).a(account, true);
        } else if (z) {
            p.b(TAG, "Notify policies changed, account:%d", Long.valueOf(account.mId));
            f.bB(this.mContext).g(account);
            z2 = false;
        } else {
            p.b(TAG, "Policy is active and unchanged - do not notify, account:%d", Long.valueOf(account.mId));
            z2 = false;
        }
        a(this.mContext, account, z2);
    }

    public static void b(Context context, int i) {
        SecurityPolicy bE = bE(context);
        switch (i) {
            case 1:
                bE.ah(true);
                return;
            case 2:
                bE.ah(false);
                return;
            case 3:
                Long[] cH = Account.cH(context);
                if (cH != null) {
                    for (Long l : cH) {
                        Account M = Account.M(context, l.longValue());
                        if (M != null) {
                            h(context, M);
                        }
                    }
                }
                f.bB(context).ri();
                return;
            case 4:
                Context context2 = bE.mContext;
                p.c(TAG, "Password has expired...", new Object[0]);
                long longValue = ai.a(context2, Policy.CONTENT_URI, Policy.jw, bmy, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
                long X = longValue < 0 ? -1L : Policy.X(context2, longValue);
                if (X != -1) {
                    if (!(bE.rs().getPasswordExpiration(bE.bms) - System.currentTimeMillis() < 0)) {
                        f.bB(bE.mContext).ae(X);
                        return;
                    }
                    p.c(TAG, "The password has expired for one of the accounts", new Object[0]);
                    if (bI(context2)) {
                        f.bB(bE.mContext).af(X);
                        return;
                    }
                    return;
                }
                return;
            default:
                return;
        }
    }

    public static void b(Context context, long j, boolean z) {
        Account M = Account.M(context, j);
        if (M != null) {
            a(context, M, z);
            if (z) {
                f.bB(context).a(M, true);
            }
        }
    }

    public static synchronized SecurityPolicy bE(Context context) {
        SecurityPolicy securityPolicy;
        synchronized (SecurityPolicy.class) {
            if (bmq == null) {
                bmq = new SecurityPolicy(context.getApplicationContext());
            }
            securityPolicy = bmq;
        }
        return securityPolicy;
    }

    private void bG(Context context) {
        p.c(TAG, "Password has expired...", new Object[0]);
        long longValue = ai.a(context, Policy.CONTENT_URI, Policy.jw, bmy, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
        long X = longValue < 0 ? -1L : Policy.X(context, longValue);
        if (X == -1) {
            return;
        }
        if (!(rs().getPasswordExpiration(this.bms) - System.currentTimeMillis() < 0)) {
            f.bB(this.mContext).ae(X);
            return;
        }
        p.c(TAG, "The password has expired for one of the accounts", new Object[0]);
        if (bI(context)) {
            f.bB(this.mContext).af(X);
        }
    }

    @VisibleForTesting
    static long bH(Context context) {
        long longValue = ai.a(context, Policy.CONTENT_URI, Policy.jw, bmy, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
        if (longValue < 0) {
            return -1L;
        }
        return Policy.X(context, longValue);
    }

    @VisibleForTesting
    static boolean bI(Context context) {
        Account M;
        p.d(TAG, "Wiping expired account now.", new Object[0]);
        Cursor query = context.getContentResolver().query(Policy.CONTENT_URI, Policy.jw, bmy, null, null);
        if (query == null) {
            p.e(TAG, "%s - null database cursor", p.fo());
            return false;
        }
        boolean z = false;
        while (query.moveToNext()) {
            try {
                long X = Policy.X(context, query.getLong(0));
                if (X >= 0 && (M = Account.M(context, X)) != null) {
                    p.c(TAG, "Erase data and enable security hold, account:%d", Long.valueOf(X));
                    a(context, M, true);
                    context.getContentResolver().delete(d.g("uiaccountdata", X), null, null);
                    z = true;
                }
            } finally {
                query.close();
            }
        }
        return z;
    }

    private static void h(Context context, Account account) {
        android.accounts.Account account2 = new android.accounts.Account(account.Xk, EmailServiceUtils.ac(context, account.cG(context)).accountType);
        Bundle bundle = new Bundle(4);
        bundle.putBoolean("force", true);
        bundle.putBoolean("do_not_retry", true);
        bundle.putBoolean("expedited", true);
        bundle.putBoolean(Policy.bPP, true);
        com.blackberry.pimbase.idle.a.a(account2, j.AUTHORITY, bundle, r.gM(j.AUTHORITY), context);
        p.c(TAG, "requestSync SecurityPolicy syncAccount %d, %s", Long.valueOf(account.mId), bundle.toString());
    }

    public void a(long j, Policy policy, String str) {
        Account M = Account.M(this.mContext, j);
        if (M == null) {
            p.e(TAG, "Unable to find account to set policies on, account:%d", Long.valueOf(j));
            return;
        }
        Policy W = M.bMb > 0 ? Policy.W(this.mContext, M.bMb) : null;
        if (W != null && (W.bPV != policy.bPV || W.bPX != policy.bPX)) {
            Policy.a(this.mContext, M, policy);
        }
        policy.b(this.mContext.getResources());
        boolean z = W == null || !W.equals(policy);
        if (z || !ah.I(str, M.aSR)) {
            Context context = this.mContext;
            ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
            arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.au()).build());
            arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, M.mId)).withValueBackReference(EmailContent.a.bMP, 0).withValue(EmailContent.a.bMO, str).build());
            if (M.bMb > 0) {
                arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, M.bMb)).build());
            }
            try {
                context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
                M.bc(context);
                h(context, M);
            } catch (OperationApplicationException e) {
            } catch (RemoteException e2) {
                throw new IllegalStateException("Exception setting account policy.");
            }
            rt();
        } else {
            p.b(TAG, "setAccountPolicy: policy unchanged, account:%d", Long.valueOf(j));
        }
        boolean z2 = false;
        if (policy.yR()) {
            p.b(TAG, "Notify policies not supported, account:%d", Long.valueOf(M.mId));
            z2 = true;
            f.bB(this.mContext).h(M);
            this.mContext.getContentResolver().delete(d.g("uiaccountdata", M.getId()), null, null);
        } else if (!e(policy)) {
            z2 = true;
            p.b(TAG, "Notify policies are not being enforced, account:%d", Long.valueOf(M.mId));
            f.bB(this.mContext).a(M, true);
        } else if (z) {
            p.b(TAG, "Notify policies changed, account:%d", Long.valueOf(M.mId));
            f.bB(this.mContext).g(M);
        } else {
            p.b(TAG, "Policy is active and unchanged - do not notify, account:%d", Long.valueOf(M.mId));
        }
        a(this.mContext, M, z2);
    }

    void ah(boolean z) {
        p.c(TAG, "Email admin " + (z ? "enabled." : "disabled."), new Object[0]);
        if (z) {
            return;
        }
        bF(this.mContext);
    }

    public void ao(long j) {
        Policy W;
        Account M = Account.M(this.mContext, j);
        if (M == null) {
            rw();
            return;
        }
        if (M.bMb == 0 || (W = Policy.W(this.mContext, M.bMb)) == null) {
            return;
        }
        p.b(TAG, "policiesRequired for account %d: %s", Long.valueOf(j), W);
        a(this.mContext, M, true);
        if (W.yR()) {
            f.bB(this.mContext).h(M);
        } else {
            f.bB(this.mContext).a(M, false);
        }
    }

    public void ap(long j) {
        f.bB(this.mContext).ah(j);
    }

    void bF(Context context) {
        Cursor query = context.getContentResolver().query(Account.CONTENT_URI, EmailContent.jw, Account.bMy, null, null);
        if (query != null) {
            try {
                p.d(TAG, "Deleting " + query.getCount() + " secured account(s)", new Object[0]);
                while (query.moveToNext()) {
                    long j = query.getLong(0);
                    Account M = Account.M(context, j);
                    if (M == null) {
                        p.e(TAG, "Unable to find account to delete, account: %d", Long.valueOf(j));
                        return;
                    }
                    AccountManager.get(context).removeAccount(new android.accounts.Account(M.Xk, EmailServiceUtils.ac(context, M.cG(context)).accountType), null, null);
                }
            } finally {
                query.close();
            }
        } else {
            p.e(TAG, "%s - null database cursor", p.fo());
        }
        rt();
    }

    public boolean e(Policy policy) {
        int f = f(policy);
        if (f != 0) {
            StringBuilder sb = new StringBuilder("isActive for " + policy + PluralRules.KEYWORD_RULE_SEPARATOR);
            sb.append("FALSE -> ");
            if ((f & 1) != 0) {
                sb.append("no_admin ");
            }
            if ((f & 2) != 0) {
                sb.append("config ");
            }
            if ((f & 4) != 0) {
                sb.append("password ");
            }
            if ((f & 8) != 0) {
                sb.append("encryption ");
            }
            if ((f & 16) != 0) {
                sb.append("protocol ");
            }
            p.c(TAG, sb.toString(), new Object[0]);
        }
        return f == 0;
    }

    public int f(Policy policy) {
        int i;
        if (policy == null) {
            policy = rr();
        }
        if (policy == Policy.bQR) {
            return 0;
        }
        DevicePolicyManager rs = rs();
        if (!ry()) {
            return 1;
        }
        if (policy.yN() <= 0 || rs.getPasswordMinimumLength(this.bms) >= policy.yN()) {
            i = 0;
        } else {
            p.d(TAG, "Password does not meet minumum length", new Object[0]);
            i = 4;
        }
        try {
            if (policy.yP() > 0) {
                if (rs.getPasswordQuality(this.bms) < policy.yV()) {
                    p.d(TAG, "Password quality is not sufficient, password mode: %d", Integer.valueOf(policy.yP()));
                    i = 4;
                }
                if (!rs.isActivePasswordSufficient()) {
                    p.d(TAG, "Password quality - active password is not sufficient", new Object[0]);
                    i |= 4;
                }
            }
        } catch (IllegalStateException e) {
            i |= 2;
        }
        if (policy.yK() > 0 && rs.getMaximumTimeToLock(this.bms) > policy.yK() * 1000) {
            p.d(TAG, "Password issue = max screen lock time is not sufficient", new Object[0]);
            i |= 2;
        }
        if (policy.yL() > 0) {
            long passwordExpirationTimeout = rs.getPasswordExpirationTimeout(this.bms);
            if (passwordExpirationTimeout == 0 || passwordExpirationTimeout > policy.yW()) {
                p.d(TAG, "Password issue - expiration days: current timeout: %d, policy timeout: %d", Long.valueOf(passwordExpirationTimeout), Long.valueOf(policy.yW()));
                i |= 4;
            }
            if (rs.getPasswordExpiration(this.bms) - System.currentTimeMillis() < 0) {
                p.d(TAG, "Password issue - password has expired", new Object[0]);
                i |= 4;
            }
        }
        if (policy.yO() > 0 && rs.getPasswordHistoryLength(this.bms) < policy.yO()) {
            p.d(TAG, "Password issue - password history", new Object[0]);
            i |= 2;
        }
        if (policy.yF() > 0 && rs.getPasswordMinimumNonLetter(this.bms) < policy.yF()) {
            p.d(TAG, "Password issue, min non-letter chars required: %d, policy value: %d", Integer.valueOf(rs.getPasswordMinimumNonLetter(this.bms)), Integer.valueOf(policy.yF()));
            i |= 4;
        }
        if (policy.bPR && rs().getStorageEncryptionStatus() == 1) {
            p.d(TAG, "Password issue - device encryption not enabled", new Object[0]);
            i |= 8;
        }
        if (policy.bPU && !rs.getCameraDisabled(this.bms)) {
            p.d(TAG, "Password issue - camera enabled", new Object[0]);
            i |= 2;
        }
        if (!policy.yR()) {
            return i;
        }
        p.d(TAG, "Password issue - there are unsupported policies", new Object[0]);
        return i | 16;
    }

    public void k(Account account) {
        h(this.mContext, account);
    }

    @VisibleForTesting
    Policy rq() {
        boolean z;
        Policy policy = new Policy();
        policy.bPS = false;
        Cursor query = this.mContext.getContentResolver().query(Policy.CONTENT_URI, Policy.agJ, null, null, null);
        Policy policy2 = new Policy();
        if (query != null) {
            z = false;
            while (query.moveToNext()) {
                try {
                    policy2.k(query);
                    p.b(TAG, "Aggregate from: " + policy2, new Object[0]);
                    policy.j(policy2);
                    z = true;
                } finally {
                    query.close();
                }
            }
        } else {
            p.e(TAG, "%s - null database cursor", p.fo());
            z = false;
        }
        if (z) {
            p.b(TAG, "Calculated Aggregate: " + policy, new Object[0]);
            return policy;
        }
        p.b(TAG, "Calculated Aggregate: no policy", new Object[0]);
        return Policy.bQR;
    }

    public synchronized Policy rr() {
        if (this.bmt == null) {
            this.bmt = rq();
        }
        return this.bmt;
    }

    synchronized DevicePolicyManager rs() {
        if (this.bmr == null) {
            this.bmr = (DevicePolicyManager) this.mContext.getSystemService("device_policy");
        }
        return this.bmr;
    }

    public synchronized void rt() {
        this.bmt = null;
        rv();
    }

    public void ru() {
        p.b(TAG, "reducePolicies", new Object[0]);
        rt();
    }

    public void rv() {
        DevicePolicyManager rs = rs();
        Policy rr = rr();
        if (rr == Policy.bQR) {
            p.b(TAG, "setActivePolicies: none, remove admin", new Object[0]);
            rs.removeActiveAdmin(this.bms);
            return;
        }
        if (ry()) {
            p.b(TAG, "setActivePolicies: " + rr, new Object[0]);
            rs.setPasswordQuality(this.bms, rr.yV());
            rs.setPasswordMinimumLength(this.bms, rr.yN());
            rs.setMaximumTimeToLock(this.bms, rr.yK() * 1000);
            rs.setMaximumFailedPasswordsForWipe(this.bms, rr.yM());
            rs.setPasswordExpirationTimeout(this.bms, rr.yW());
            rs.setPasswordHistoryLength(this.bms, rr.yO());
            rs.setPasswordMinimumSymbols(this.bms, rr.yC());
            rs.setPasswordMinimumNumeric(this.bms, rr.yD());
            rs.setPasswordMinimumNonLetter(this.bms, rr.yF());
            rs.setPasswordMinimumUpperCase(this.bms, rr.yE());
            rs.setPasswordMinimumLetters(this.bms, rr.yG());
            rs.setPasswordMinimumLowerCase(this.bms, rr.yH());
            rs.setCameraDisabled(this.bms, rr.bPU);
            rs.setStorageEncryption(this.bms, rr.bPR);
            try {
                if (rr.yJ() && Build.PRODUCT.endsWith("att")) {
                    rs.setKeyguardDisabledFeatures(this.bms, 16);
                } else {
                    rs.setKeyguardDisabledFeatures(this.bms, 0);
                }
            } catch (SecurityException e) {
                p.d(TAG, "Security exception calling setKeyguardDisabledFeatures API:%d %s", Integer.valueOf(Build.VERSION.SDK_INT), e.getMessage());
            }
        }
    }

    public void rw() {
        f.bB(this.mContext).rj();
    }

    public void rx() {
        DevicePolicyManager rs = rs();
        if (rs.isAdminActive(this.bms)) {
            rs.wipeData(1);
        } else {
            p.b(TAG, "Could not remote wipe because not device admin.", new Object[0]);
        }
    }

    public boolean ry() {
        DevicePolicyManager rs = rs();
        return rs.isAdminActive(this.bms) && rs.hasGrantedPolicy(this.bms, 6) && rs.hasGrantedPolicy(this.bms, 7) && rs.hasGrantedPolicy(this.bms, 8);
    }

    public ComponentName rz() {
        return this.bms;
    }

    void setContext(Context context) {
        this.mContext = context;
    }
}
