package com.microsoft.omadm.platforms.safe.policy;

import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.os.Environment;
import com.microsoft.intune.common.androidapi.abstraction.IEnterpriseDeviceManagerFactory;
import com.microsoft.intune.common.encryption.abstraction.ILimitPasswordSettings;
import com.microsoft.intune.common.notifications.Notifier;
import com.microsoft.omadm.client.notification.NotificationType;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.IPolicyManager;
import com.microsoft.omadm.platforms.android.NativeSettings;
import com.microsoft.omadm.platforms.android.policy.DeviceEncryptionPolicy;
import com.microsoft.omadm.platforms.safe.IllegalEdmStateException;
import com.microsoft.omadm.platforms.safe.SafeSettings;
import com.samsung.android.knox.devicesecurity.DeviceSecurityPolicy;
import java.io.File;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes3.dex */
public class SafeEncryptionPolicy extends DeviceEncryptionPolicy {
    private static final Logger LOGGER = Logger.getLogger(SafeEncryptionPolicy.class.getName());
    private final Context context;
    private final IEnterpriseDeviceManagerFactory enterpriseDeviceManagerFactory;
    private final ILimitPasswordSettings limitPasswordSettings;
    private final Notifier notifier;
    private final IPolicyManager pm;
    private final SafeSettings settings;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public SafeEncryptionPolicy(Context context, SafeSettings safeSettings, IPolicyManager iPolicyManager, Notifier notifier, ILimitPasswordSettings iLimitPasswordSettings, IEnterpriseDeviceManagerFactory iEnterpriseDeviceManagerFactory) {
        this.context = context;
        this.settings = safeSettings;
        this.pm = iPolicyManager;
        this.notifier = notifier;
        this.enterpriseDeviceManagerFactory = iEnterpriseDeviceManagerFactory;
        this.limitPasswordSettings = iLimitPasswordSettings;
    }

    private boolean isExternalEncryptable() {
        boolean z;
        String externalStorageState = Environment.getExternalStorageState();
        boolean isExternalStorageEmulated = Environment.isExternalStorageEmulated();
        LOGGER.info(MessageFormat.format("getExternalStorageState {0}, isExternalStorageEmulated {1}", externalStorageState, Boolean.valueOf(isExternalStorageEmulated)));
        boolean z2 = "mounted".equals(externalStorageState) && !isExternalStorageEmulated;
        if (z2) {
            z = false;
        } else {
            LinkedList<File> linkedList = new LinkedList();
            String str = System.getenv("SECONDARY_STORAGE");
            for (String str2 : str != null ? str.split(":") : new String[0]) {
                if (StringUtils.isNotBlank(str2)) {
                    linkedList.add(new File(str2));
                }
            }
            File[] externalMediaDirs = this.context.getExternalMediaDirs();
            if (externalMediaDirs != null) {
                linkedList.addAll(Arrays.asList(externalMediaDirs));
            }
            z = false;
            for (File file : linkedList) {
                if (file != null && "mounted".equals(Environment.getExternalStorageState(file)) && !Environment.isExternalStorageEmulated(file)) {
                    LOGGER.info("Found physical external storage file: " + file.getAbsolutePath());
                    z = true;
                }
            }
        }
        return z2 || z;
    }

    private boolean isExternalEncryptionCompliant() throws IllegalEdmStateException {
        return (this.settings.getBoolean(SafeSettings.EXTERNAL_ENCRYPTION_REQUIRED, false) && isExternalEncryptable() && !this.enterpriseDeviceManagerFactory.getInstance().getDeviceSecurityPolicy().isExternalStorageEncrypted()) ? false : true;
    }

    private boolean isInternalEncryptionCompliant() throws IllegalEdmStateException {
        return !this.settings.getBoolean(NativeSettings.INTERNAL_ENCRYPTION_REQUIRED, false) || this.enterpriseDeviceManagerFactory.getInstance().getDeviceSecurityPolicy().isInternalStorageEncrypted();
    }

    @Override // com.microsoft.omadm.utils.OMADMPolicy
    public void enforce() throws OMADMException {
        this.pm.logInternalEncryptionStates(this.context);
        boolean isActivePasswordSufficient = Build.VERSION.SDK_INT > 28 ? this.enterpriseDeviceManagerFactory.getInstance().getBasePasswordPolicy().isActivePasswordSufficient() : this.limitPasswordSettings.getIsActivePasswordSufficient((DevicePolicyManager) this.context.getSystemService("device_policy"));
        if ((!isActivePasswordSufficient || this.pm.isStartupPasswordNeeded(this.context) || isInternalEncryptionCompliant()) ? false : true) {
            Notifier notifier = this.notifier;
            Context context = this.context;
            notifier.notifyIfNotPosted(context, NotificationType.ENCRYPTION_POLICY_TAG, 0, getEncryptionNotification(context, new Intent(context, (Class<?>) SafeEncryptionActivationActivity.class)));
        } else {
            this.notifier.cancel(this.context, NotificationType.ENCRYPTION_POLICY_TAG, 0);
        }
        boolean z = this.settings.getBoolean(SafeSettings.EXTERNAL_ENCRYPTION_REQUIRED, false);
        boolean z2 = z && isActivePasswordSufficient && isExternalEncryptable();
        boolean z3 = !z;
        DeviceSecurityPolicy deviceSecurityPolicy = this.enterpriseDeviceManagerFactory.getInstance().getDeviceSecurityPolicy();
        if (z2) {
            deviceSecurityPolicy.setRequireStorageCardEncryption(this.pm.getComponentName(), true);
            deviceSecurityPolicy.setExternalStorageEncryption(true);
        }
        if (z3) {
            deviceSecurityPolicy.setRequireStorageCardEncryption(this.pm.getComponentName(), false);
        }
    }

    @Override // com.microsoft.omadm.utils.OMADMPolicy
    public boolean isCompliant() throws OMADMException {
        return isInternalEncryptionCompliant() && isExternalEncryptionCompliant();
    }
}
