package com.microsoft.omadm.apppolicy.mamservice;

import android.content.Context;
import android.os.Parcel;
import android.os.Parcelable;
import android.os.SystemClock;
import android.util.Base64;
import androidx.work.Data;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.telemetry.events.ScenarioEvent;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.omadm.safetynet.domain.SafetyNetSettingsManager;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.apppolicy.data.AppPolicyManager;
import com.microsoft.omadm.apppolicy.data.SafetyNetCache;
import com.microsoft.omadm.apppolicy.mamservice.MAMPlayProtectResults;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.logging.MAMTelemetryLogger;
import com.microsoft.omadm.utils.DeviceInfo;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes3.dex */
public class MAMSafetyNetTask extends MAMServiceTask {
    static final String KEY_FORCE = "mamsafetynettask.forcequery";
    private final boolean mForceQuery;
    private static final Logger LOGGER = Logger.getLogger(MAMSafetyNetTask.class.getName());
    public static final Parcelable.Creator<MAMSafetyNetTask> CREATOR = new Parcelable.Creator<MAMSafetyNetTask>() { // from class: com.microsoft.omadm.apppolicy.mamservice.MAMSafetyNetTask.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // android.os.Parcelable.Creator
        public MAMSafetyNetTask createFromParcel(Parcel parcel) {
            return new MAMSafetyNetTask(parcel);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // android.os.Parcelable.Creator
        public MAMSafetyNetTask[] newArray(int i) {
            return new MAMSafetyNetTask[i];
        }
    };

    public MAMSafetyNetTask(Parcel parcel) {
        super(parcel, ScenarioEvent.Scenario.SAFETYNET_TASK);
        this.mForceQuery = parcel.readByte() != 0;
    }

    public MAMSafetyNetTask(Data data) {
        super(data);
        this.mForceQuery = data.getBoolean(KEY_FORCE, false);
    }

    public MAMSafetyNetTask(String str, MAMIdentity mAMIdentity, boolean z) {
        super(str, mAMIdentity, null, null, ScenarioEvent.Scenario.SAFETYNET_TASK);
        this.mForceQuery = z;
    }

    private void handleQuerySuccess(SafetyNetResponse safetyNetResponse, ApplicationInstance applicationInstance) throws OMADMException {
        MAMPlayProtectResults result = safetyNetResponse.getResult();
        if (result == null) {
            handleFailure(safetyNetResponse);
            throw new OMADMException("MAMService did not return a play protect validation status.");
        }
        Map<MAMPlayProtectResults.PlayProtectTypes, MAMPlayProtectResults.MAMSafetyNetPayload> a2 = result.a();
        if (a2 == null || a2.isEmpty()) {
            handleFailure(safetyNetResponse);
            throw new OMADMException("Failed to parse the play protect validation result from the MAMService.");
        }
        MAMPlayProtectResults.MAMSafetyNetPayload mAMSafetyNetPayload = a2.get(MAMPlayProtectResults.PlayProtectTypes.AppsVerification);
        if (mAMSafetyNetPayload != null) {
            LOGGER.info("MAMService verifyApps context:" + mAMSafetyNetPayload.result);
        }
        MAMPlayProtectResults.MAMSafetyNetPayload mAMSafetyNetPayload2 = a2.get(MAMPlayProtectResults.PlayProtectTypes.DeviceAttestation);
        if (mAMSafetyNetPayload2 == null && mAMSafetyNetPayload == null) {
            handleFailure(safetyNetResponse);
            throw new OMADMException("MAMService did not provide SafetyNet context.");
        }
        processDeviceAttestationResults(mAMSafetyNetPayload2, applicationInstance, safetyNetResponse);
    }

    private boolean hasSafetyNetNonce(SafetyNetCache safetyNetCache) {
        if (safetyNetCache != null && !StringUtils.isBlank(safetyNetCache.b)) {
            return true;
        }
        LOGGER.severe("nonce not set");
        return false;
    }

    private void processDeviceAttestationResults(MAMPlayProtectResults.MAMSafetyNetPayload mAMSafetyNetPayload, ApplicationInstance applicationInstance, SafetyNetResponse safetyNetResponse) throws OMADMException {
        SafetyNetCache safetyNetCache;
        if (mAMSafetyNetPayload == null) {
            LOGGER.info("no device attestation context from the service");
            return;
        }
        LOGGER.info("MAMService deviceAttestation context:" + mAMSafetyNetPayload.result);
        MAMTelemetryLogger mAMTelemetryLogger = Services.get().getMAMTelemetryLogger();
        if (mAMSafetyNetPayload.resultUnknown) {
            mAMTelemetryLogger.logTrackedOccurrence(applicationInstance.mPackageName, TrackedOccurrence.DEVICE_ATTESTATION_MAM_SERVICE_NOT_PARSABLE, "");
            handleFailure(safetyNetResponse);
            throw new OMADMException("MAMService could not successfully parse the device attestation data.");
        }
        TableRepository tableRepository = Services.get().getTableRepository();
        String mAMSafetyNetAndroidID = DeviceInfo.getMAMSafetyNetAndroidID(Services.get().getContext());
        SafetyNetCache safetyNetCache2 = (SafetyNetCache) tableRepository.get(new SafetyNetCache.Key(mAMSafetyNetAndroidID));
        if (mAMSafetyNetPayload.resultTrusted && mAMSafetyNetPayload.nonceMismatch) {
            mAMTelemetryLogger.logTrackedOccurrence(applicationInstance.mPackageName, TrackedOccurrence.DEVICE_ATTESTATION_MAM_SERVICE_NONCE_MISMATCH, "");
            safetyNetCache = new SafetyNetCache(mAMSafetyNetAndroidID, safetyNetCache2.b, "", Long.valueOf(SystemClock.elapsedRealtime()), 0L, MAMSafetyNetTaskStatus.NOT_QUEUED);
        } else {
            safetyNetCache = new SafetyNetCache(mAMSafetyNetAndroidID, safetyNetCache2.b, applicationInstance.mSafetyNetInfo.mDeviceAttestationJWT, Long.valueOf(SystemClock.elapsedRealtime()), Long.valueOf(mAMSafetyNetPayload.result), MAMSafetyNetTaskStatus.COMPLETED);
        }
        tableRepository.insertOrReplace(safetyNetCache);
        Services.get().getAppPolicyNotifier().notifySafetyNetResultObtained(this.mPackageName);
    }

    private boolean verifyAppsEnabled(SafetyNetSettingsManager safetyNetSettingsManager) {
        if (safetyNetSettingsManager.a()) {
            return true;
        }
        LOGGER.info("verify apps is not enabled but we are trying to obtain reporting data");
        return false;
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected boolean canWakeOtherAppsForToken() {
        return true;
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask, com.microsoft.omadm.apppolicy.taskqueue.MAMTask
    protected void getTaskTags(Set<String> set) {
        set.add(this.mScenario.name());
        set.add("force_" + String.valueOf(this.mForceQuery));
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleException(Exception exc) {
        String str = "SafetyNet Query failed for user " + scrubUPN(this.mIdentity);
        LOGGER.log(Level.SEVERE, str, (Throwable) exc);
        logTelemetryException(exc, str);
        logTelemetryScenarioStop(MAMServiceUtils.a(exc) ? ScenarioEvent.ResultCode.NETWORK_ERROR : ScenarioEvent.ResultCode.CLIENT_EXCEPTION);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleFailure(MAMServiceResponse mAMServiceResponse) throws OMADMException {
        LOGGER.severe("SafetyNet Query failed for user " + scrubUPN(this.mIdentity) + ", HTTP status: " + String.valueOf(mAMServiceResponse.getHttpStatus()) + " " + mAMServiceResponse.getStatusMessage());
        logTelemetryScenarioStop(ScenarioEvent.ResultCode.FAILURE);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleFinally() {
        MAMServiceUtils.k();
        if (isPeriodic()) {
            return;
        }
        MAMServiceUtils.c(this.mPackageName, this.mIdentity);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleNoAccessToken() throws OMADMException {
        LOGGER.severe("SafetyNet Query for user " + scrubUPN(this.mIdentity) + "; No access token.");
        logTelemetryScenarioStop(ScenarioEvent.ResultCode.AUTH_NEEDED);
        TableRepository tableRepository = Services.get().getTableRepository();
        SafetyNetCache safetyNetCache = (SafetyNetCache) tableRepository.get(new SafetyNetCache.Key(DeviceInfo.getMAMSafetyNetAndroidID(Services.get().getContext())));
        safetyNetCache.f = MAMSafetyNetTaskStatus.NEEDS_AUTHENTICATION;
        tableRepository.insertOrReplace(safetyNetCache);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleNoServiceUri() throws OMADMException {
        LOGGER.severe("SafetyNet Query failed for user " + scrubUPN(this.mIdentity) + "; No URL for MAMService.");
        logTelemetryScenarioStop(ScenarioEvent.ResultCode.NOT_LICENSED);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    protected void handleSuccess(MAMServiceResponse mAMServiceResponse, ApplicationInstance applicationInstance) throws OMADMException {
        handleQuerySuccess((SafetyNetResponse) mAMServiceResponse, applicationInstance);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.omadm.apppolicy.taskqueue.MAMTask
    public Logger logger() {
        return LOGGER;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask
    public SafetyNetResponse runRequest(MAMServiceTransport mAMServiceTransport, ApplicationInstance applicationInstance) throws OMADMException {
        SafetyNetSettingsManager safetyNetSettingsManager = Services.get().getSafetyNetSettingsManager();
        String mAMSafetyNetAndroidID = DeviceInfo.getMAMSafetyNetAndroidID(Services.get().getContext());
        TableRepository tableRepository = Services.get().getTableRepository();
        AppPolicyManager mAMAppPolicyManager = Services.get().getMAMAppPolicyManager();
        SafetyNetCache safetyNetCache = (SafetyNetCache) tableRepository.get(new SafetyNetCache.Key(mAMSafetyNetAndroidID));
        boolean isDeviceAttestationRequired = mAMAppPolicyManager.isDeviceAttestationRequired();
        if (safetyNetCache.f == MAMSafetyNetTaskStatus.NOT_QUEUED) {
            safetyNetCache.f = MAMSafetyNetTaskStatus.PENDING;
            tableRepository.insertOrReplace(safetyNetCache);
        }
        if (isDeviceAttestationRequired && hasSafetyNetNonce(safetyNetCache)) {
            LOGGER.info("using nonce:" + safetyNetCache.b);
            try {
                applicationInstance.mSafetyNetInfo.mDeviceAttestationJWT = safetyNetSettingsManager.a(Base64.decode(safetyNetCache.b, 0), true);
                applicationInstance.mSafetyNetInfo.mDeviceAttestationErrorCode = 0;
            } catch (IllegalArgumentException e) {
                throw new OMADMException("Could not decode MAMService nonce", e);
            }
        } else {
            LOGGER.info("device attestation not configured - sending default values");
            applicationInstance.mSafetyNetInfo.mDeviceAttestationJWT = "";
            applicationInstance.mSafetyNetInfo.mDeviceAttestationErrorCode = 0;
        }
        if (mAMAppPolicyManager.isVerifyAppsRequired() && verifyAppsEnabled(safetyNetSettingsManager)) {
            applicationInstance.mSafetyNetInfo.mVerifyAppsHarmfulApps = safetyNetSettingsManager.b();
            LOGGER.info("safetynet verify apps returned:" + applicationInstance.mSafetyNetInfo.mVerifyAppsHarmfulApps);
        }
        checkIfTaskStopped();
        return mAMServiceTransport.getSafetyNetStatus(applicationInstance);
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask, com.microsoft.omadm.apppolicy.taskqueue.MAMTask
    public void serializeToData(Data.Builder builder) {
        super.serializeToData(builder);
        builder.putBoolean(KEY_FORCE, this.mForceQuery);
    }

    @Override // com.microsoft.omadm.taskexecutor.ExecutorTask
    public boolean shouldRunRequest() {
        Context context = Services.get().getContext();
        if (!DeviceInfo.isNetworkConnected(context)) {
            LOGGER.warning("Skipping query: network is unavailable.");
            return false;
        }
        if (!Services.get().getGooglePlayServicesAvailability().getAvailable()) {
            return false;
        }
        TableRepository tableRepository = Services.get().getTableRepository();
        AppPolicyManager mAMAppPolicyManager = Services.get().getMAMAppPolicyManager();
        SafetyNetSettingsManager safetyNetSettingsManager = Services.get().getSafetyNetSettingsManager();
        SafetyNetCache safetyNetCache = (SafetyNetCache) tableRepository.get(new SafetyNetCache.Key(DeviceInfo.getMAMSafetyNetAndroidID(context)));
        if (safetyNetCache == null) {
            if (mAMAppPolicyManager.isDeviceAttestationRequired() || mAMAppPolicyManager.isVerifyAppsRequired()) {
                LOGGER.severe("no safetynet cache found but policy requires it");
            }
            return false;
        }
        boolean z = mAMAppPolicyManager.isDeviceAttestationRequired() && hasSafetyNetNonce(safetyNetCache);
        boolean z2 = mAMAppPolicyManager.isVerifyAppsRequired() && verifyAppsEnabled(safetyNetSettingsManager);
        if (z || z2) {
            return safetyNetCache.b() || this.mForceQuery;
        }
        return false;
    }

    @Override // com.microsoft.omadm.apppolicy.mamservice.MAMServiceTask, android.os.Parcelable
    public void writeToParcel(Parcel parcel, int i) {
        super.writeToParcel(parcel, i);
        parcel.writeByte(this.mForceQuery ? (byte) 1 : (byte) 0);
    }
}
