package com.airwatch.agent.google.mdm.android.work;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.os.Build;
import android.os.Bundle;
import android.os.PersistableBundle;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Pair;
import androidx.core.util.Supplier;
import com.airwatch.afw.lib.AfwApp;
import com.airwatch.agent.ConfigurationManager;
import com.airwatch.agent.analytics.AgentAnalyticsManager;
import com.airwatch.agent.analytics.AnalyticsEvent;
import com.airwatch.agent.analytics.HubAnalyticsConstants;
import com.airwatch.agent.database.AgentProfileDBAdapter;
import com.airwatch.agent.deviceadministrator.DeviceAdministratorManager;
import com.airwatch.agent.deviceadministrator.DevicePolicyManagerWrapper;
import com.airwatch.agent.google.mdm.android.work.passcode.GooglePasscodeResetter;
import com.airwatch.agent.google.mdm.android.work.passcode.PasscodeResetMode;
import com.airwatch.agent.hub.constants.FeatureFlagConstants;
import com.airwatch.agent.profile.ProfileFactory;
import com.airwatch.agent.profile.group.CertificateProfileGroup;
import com.airwatch.agent.utility.AfwUtils;
import com.airwatch.agent.utility.CertUtils;
import com.airwatch.agent.utility.StringUtils;
import com.airwatch.agent.utility.UIUtility;
import com.airwatch.agent.utility.appcompliance.SuspendAllWorkPersonalApps;
import com.airwatch.bizlib.profile.ProfileGroup;
import com.airwatch.bizlib.util.FeatureFlag;
import com.airwatch.lang.AndroidVersionException;
import com.airwatch.util.ArrayUtils;
import com.airwatch.util.Logger;
import com.microsoft.identity.common.internal.telemetry.TelemetryEventStrings;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Vector;
import org.apache.commons.codec.binary.Hex;

/* loaded from: classes3.dex */
public class AndroidWorkDeviceAdmin extends DeviceAdministratorManager {
    private static final boolean DEFAULT_ALLOW_SECURE_STARTUP = true;
    private static final String TAG = "AndroidWorkDeviceAdmin";

    public AndroidWorkDeviceAdmin(ComponentName componentName, Context context) {
        super(componentName, new a(context), context);
    }

    AndroidWorkDeviceAdmin(ComponentName componentName, DevicePolicyManagerWrapper devicePolicyManagerWrapper, Context context) {
        super(componentName, devicePolicyManagerWrapper, context);
    }

    private Supplier<Boolean> changeOrClearPasscode(final String str, final boolean z) {
        Logger.i(TAG, "Token not provided by server");
        return new Supplier() { // from class: com.airwatch.agent.google.mdm.android.work.-$$Lambda$AndroidWorkDeviceAdmin$qZWl2RtEqnnmlMLpH7nHv8Z1dWo
            @Override // androidx.core.util.Supplier
            public final Object get() {
                return AndroidWorkDeviceAdmin.this.lambda$changeOrClearPasscode$0$AndroidWorkDeviceAdmin(z, str);
            }
        };
    }

    private Supplier<Boolean> changeOrClearPasscodeWithToken(final String str, final boolean z, final byte[] bArr) {
        Logger.i(TAG, "Token provided by server");
        return new Supplier() { // from class: com.airwatch.agent.google.mdm.android.work.-$$Lambda$AndroidWorkDeviceAdmin$eb95JrN2IY-L3E9W0AT0wibXyPg
            @Override // androidx.core.util.Supplier
            public final Object get() {
                return AndroidWorkDeviceAdmin.this.lambda$changeOrClearPasscodeWithToken$1$AndroidWorkDeviceAdmin(z, str, bArr);
            }
        };
    }

    private DevicePolicyManager getDevicePolicyManager() {
        return (DevicePolicyManager) this.mContext.getSystemService("device_policy");
    }

    private List<String> getInstalledMatchPackages(String str) {
        if (StringUtils.isEmptyOrNull(str)) {
            return Collections.emptyList();
        }
        String[] split = str.split(",");
        List<ApplicationInfo> installedApplications = this.mContext.getPackageManager().getInstalledApplications(0);
        HashSet hashSet = new HashSet(installedApplications.size());
        Iterator<ApplicationInfo> it = installedApplications.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().packageName);
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : split) {
            String trim = str2.trim();
            if (hashSet.contains(trim)) {
                arrayList.add(trim);
            } else {
                Logger.i(TAG, "package " + trim + " is not installed for cert grant/revoke");
            }
        }
        return arrayList;
    }

    static String getThumbPrint(X509Certificate x509Certificate) throws CertificateEncodingException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return new String(Hex.encodeHex(messageDigest.digest())).toUpperCase();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private void grantKeyPairToApps(String str, String str2) {
        boolean z = true;
        for (String str3 : getInstalledMatchPackages(str2)) {
            try {
                z &= getDevicePolicyManager().grantKeyPairToApp(this.mAirWatchDeviceAdmin, str, str3);
                Logger.d(TAG, "cert of " + str + " is granted to " + str3);
            } catch (Exception e) {
                Logger.e(TAG, "failed to grant cert " + str + " to " + str3, (Throwable) e);
                z = false;
            }
        }
        if (z) {
            return;
        }
        AgentAnalyticsManager.getInstance(this.mContext).reportEvent(new AnalyticsEvent(HubAnalyticsConstants.GRANT_KEYPAIR_TO_APP_FAILED, 0));
    }

    private boolean handleResetPasswordProfileAndDeviceOwner(String str, int i) {
        if (UIUtility.isAndroidOAtLeast()) {
            Logger.d(TAG, "handleResetPasswordProfileAndDeviceOwner with token support ");
            return handleResetPasswordProfileAndDeviceOwner(str, i, AfwApp.getAppContext().getAfwInjectionComponent().provideResetPasswordTokenManager().getToken());
        }
        Logger.d(TAG, "handleResetPasswordProfileAndDeviceOwner below Android O ");
        return this.mDpmw.resetPassword(str, i);
    }

    private boolean handleResetPasswordProfileAndDeviceOwner(String str, int i, byte[] bArr) {
        Logger.d(TAG, "handleResetPasswordProfileAndDeviceOwner with token support ");
        if (bArr != null && this.mDpmw.isResetPasswordTokenActive(this.mAirWatchDeviceAdmin)) {
            Logger.d(TAG, "DO, resetting password with token ");
            return this.mDpmw.resetPasswordWithToken(this.mAirWatchDeviceAdmin, str, bArr, i);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("DO, reset password with token failed, is token present ");
        sb.append(bArr != null);
        Logger.e(TAG, sb.toString());
        return false;
    }

    private boolean isChromeDisableRequestAndroidV26(String str) {
        boolean z = Build.VERSION.SDK_INT >= 26 && "com.android.chrome".equalsIgnoreCase(str);
        Logger.d(TAG, "isChromeDisableRequestAndroidV26() : " + z);
        return z;
    }

    private void revokeKeyPairFromApps(String str, String str2) {
        X509Certificate[] x509CertificateArr;
        try {
            x509CertificateArr = KeyChain.getCertificateChain(this.mContext.getApplicationContext(), str);
        } catch (KeyChainException | InterruptedException e) {
            Logger.e(TAG, "exception for get certificate for alias", e);
            if (e instanceof InterruptedException) {
                Thread.currentThread().interrupt();
            }
            x509CertificateArr = null;
        }
        if (x509CertificateArr == null) {
            return;
        }
        boolean z = true;
        for (String str3 : getInstalledMatchPackages(str2)) {
            try {
                z &= getDevicePolicyManager().revokeKeyPairFromApp(this.mAirWatchDeviceAdmin, str, str3);
                Logger.d(TAG, "cert " + str + " is revoked from " + str3);
            } catch (SecurityException e2) {
                Logger.e(TAG, "failed to revoke cert " + str + " from " + str3, (Throwable) e2);
                z = false;
            }
        }
        if (z) {
            return;
        }
        AgentAnalyticsManager.getInstance(this.mContext).reportEvent(new AnalyticsEvent(HubAnalyticsConstants.REVOKE_KEYPAIR_FROM_APP_FAILED, 0));
    }

    private boolean setApplicationEnabled(DevicePolicyManager devicePolicyManager, String str, boolean z) throws PackageManager.NameNotFoundException {
        return Build.VERSION.SDK_INT >= 29 ? setAppEnabledForQAndAbove(devicePolicyManager, str, z) : setAppEnabledForPieAndBelow(devicePolicyManager, str, z);
    }

    public boolean applyGlobalSetting(String str, String str2) {
        try {
            getDevicePolicyManager().setGlobalSetting(this.mAirWatchDeviceAdmin, str, str2);
            Logger.d(TAG, "successfully set global setting " + str + " = " + str2);
            return true;
        } catch (SecurityException e) {
            Logger.e(TAG, "applying global settings exception :- ", (Throwable) e);
            return false;
        }
    }

    public boolean applySecureSetting(String str, String str2) {
        try {
            getDevicePolicyManager().setSecureSetting(this.mAirWatchDeviceAdmin, str, str2);
            Logger.d(TAG, "successfully set secure setting " + str + " = " + str2);
            return true;
        } catch (SecurityException e) {
            Logger.e(TAG, "applying secure settings exception :- ", (Throwable) e);
            return false;
        }
    }

    boolean checkIfAllWorkAppsSuspended() {
        if (!AfwApp.getAppContext().isFeatureEnabled(FeatureFlagConstants.ENABLE_SUSPEND_ALL_WORK_AND_PERSONAL_APPS)) {
            Logger.i(TAG, "ENABLE_SUSPEND_ALL_WORK_AND_PERSONAL_APPS FF is disabled.");
            return false;
        }
        boolean suspendValueFromProfileGroup = new SuspendAllWorkPersonalApps(AfwApp.getAppContext().getClient().getApplicationManager()).getSuspendValueFromProfileGroup(SuspendAllWorkPersonalApps.SuspendFlags.ALL_WORK_APPS_SUSPENDED);
        Logger.i(TAG, "All Work apps are in Suspended state: " + suspendValueFromProfileGroup);
        return suspendValueFromProfileGroup;
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean clearResetPasswordToken() {
        return this.mDpmw.clearResetPasswordToken(this.mAirWatchDeviceAdmin);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean disableAgentDeviceAdministration() {
        if (isDeviceOwnerApp()) {
            return false;
        }
        return super.disableAgentDeviceAdministration();
    }

    public boolean enableUserRestriction(DevicePolicyManager devicePolicyManager, String str, boolean z) {
        try {
            if (z) {
                devicePolicyManager.addUserRestriction(this.mAirWatchDeviceAdmin, str);
                Logger.d(TAG, "successfully added user restriction " + str);
            } else {
                devicePolicyManager.clearUserRestriction(this.mAirWatchDeviceAdmin, str);
                Logger.d(TAG, "successfully cleared user restriction " + str);
            }
            return true;
        } catch (SecurityException e) {
            Logger.w(TAG, "failed to add user restriction " + str + " because of security exception: ", (Throwable) e);
            return false;
        }
    }

    public boolean enableUserRestriction(String str, boolean z) {
        return enableUserRestriction(getDevicePolicyManager(), str, z);
    }

    public Bundle getApplicationRestrictions(String str) {
        return getDevicePolicyManager().getApplicationRestrictions(this.mAirWatchDeviceAdmin, str);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public long getPasswordExpiration() {
        if (AfwUtils.getAEBehavior().shouldConsultParentProfile()) {
            try {
                return getDevicePolicyManager().getParentProfileInstance(this.mAirWatchDeviceAdmin).getPasswordExpiration(this.mAirWatchDeviceAdmin);
            } catch (SecurityException e) {
                Logger.d(TAG, "Error in getting device password expiration", (Throwable) e);
                return 0L;
            }
        }
        try {
            return this.mDpmw.getPasswordExpiration(this.mAirWatchDeviceAdmin);
        } catch (AndroidVersionException e2) {
            Logger.d(TAG, "Error in getting afw device password expiration ", (Throwable) e2);
            return 0L;
        }
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public long getPasswordExpirationTimeout() {
        if (AfwUtils.getAEBehavior().shouldConsultParentProfile()) {
            try {
                return getDevicePolicyManager().getParentProfileInstance(this.mAirWatchDeviceAdmin).getPasswordExpirationTimeout(this.mAirWatchDeviceAdmin);
            } catch (SecurityException e) {
                Logger.d(TAG, "Error in getting device password expiration timeout", (Throwable) e);
                return 0L;
            }
        }
        try {
            return this.mDpmw.getPasswordExpirationTimeout(this.mAirWatchDeviceAdmin);
        } catch (AndroidVersionException e2) {
            Logger.d(TAG, "Error in getting afw device password expiration timeout", (Throwable) e2);
            return 0L;
        }
    }

    void getSystemApps(PackageManager packageManager, List<Pair<String, ApplicationInfo>> list, String str) {
        try {
            if (TelemetryEventStrings.Os.OS_NAME.equals(str)) {
                return;
            }
            ApplicationInfo applicationInfo = packageManager.getApplicationInfo(str, 8192);
            if ((applicationInfo.flags & 1) != 0) {
                Logger.d(TAG, "system package=" + str);
                list.add(new Pair<>(str, applicationInfo));
            }
        } catch (PackageManager.NameNotFoundException e) {
            Logger.e(TAG, "could not find package via name returned from package manager?", (Throwable) e);
        }
    }

    public List<Pair<String, ApplicationInfo>> getSystemPackages(Intent intent, PackageManager packageManager) {
        LinkedList linkedList = new LinkedList();
        Iterator<ResolveInfo> it = packageManager.queryIntentActivities(intent, 8192).iterator();
        while (it.hasNext()) {
            getSystemApps(packageManager, linkedList, it.next().activityInfo.packageName);
        }
        return linkedList;
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public long getWorkAppPasswordExpiration() {
        try {
            return this.mDpmw.getPasswordExpiration(this.mAirWatchDeviceAdmin);
        } catch (AndroidVersionException e) {
            Logger.d(TAG, "Method - getPasswordExpiration: ", (Throwable) e);
            return 0L;
        }
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public long getWorkAppPasswordExpirationTimeout() {
        try {
            return this.mDpmw.getPasswordExpirationTimeout(this.mAirWatchDeviceAdmin);
        } catch (AndroidVersionException e) {
            Logger.d(TAG, "Method - getPasswordExpirationTimeout: ", (Throwable) e);
            return 0L;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:27:0x0159  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean grantKeyPairToApp(byte[] r9, char[] r10, java.lang.String r11, java.lang.String r12) {
        /*
            Method dump skipped, instructions count: 362
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.airwatch.agent.google.mdm.android.work.AndroidWorkDeviceAdmin.grantKeyPairToApp(byte[], char[], java.lang.String, java.lang.String):boolean");
    }

    public boolean handleRestPasscode(String str, int i) {
        try {
            if (!isDeviceOwnerApp() && !isProfileOwnerApp()) {
                Logger.d(TAG, "handleRestPasscode calling for Device Admin case");
                return this.mDpmw.resetPassword(str, i);
            }
            Logger.d(TAG, "handleRestPasscode calling for profileOwner and device Owner ");
            return handleResetPasswordProfileAndDeviceOwner(str, i);
        } catch (IllegalArgumentException | IllegalStateException | SecurityException e) {
            Logger.e(TAG, "handleRestPasscode Exception ", e);
            return false;
        }
    }

    public boolean installCert(byte[] bArr, char[] cArr, String str, String str2) {
        Logger.i(TAG, "Cert alias name:" + str);
        boolean z = false;
        boolean z2 = cArr == null || cArr.length == 0;
        boolean isEmptyOrNull = StringUtils.isEmptyOrNull(str);
        try {
        } catch (Exception e) {
            Logger.e(TAG, "Could not install cert", (Throwable) e);
        }
        if (z2) {
            z = getDevicePolicyManager().installCaCert(this.mAirWatchDeviceAdmin, bArr);
        } else {
            if (isEmptyOrNull) {
                if (!isEmptyOrNull && UIUtility.isAndroidRAndAbove() && AfwApp.getAppContext().isFeatureEnabled(FeatureFlag.ENABLE_GRANT_KEYPAIR_TO_APP) && z && !z2) {
                    grantKeyPairToApps(str, str2);
                }
                return z;
            }
            z = installKeyPair(bArr, cArr, str);
        }
        if (!isEmptyOrNull) {
            grantKeyPairToApps(str, str2);
        }
        return z;
    }

    boolean installKeyPair(byte[] bArr, char[] cArr, String str) throws SecurityException, GeneralSecurityException, IOException {
        DevicePolicyManager devicePolicyManager = getDevicePolicyManager();
        KeyStore.PrivateKeyEntry privateKeyEntry = CertUtils.getPrivateKeyEntry(bArr, cArr);
        if (privateKeyEntry == null) {
            Logger.i(TAG, "Failed to extract cert from PKCS12 cert data for " + str);
            return false;
        }
        if (Build.VERSION.SDK_INT >= 24) {
            return devicePolicyManager.installKeyPair(this.mAirWatchDeviceAdmin, privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain(), str, true);
        }
        boolean installKeyPair = devicePolicyManager.installKeyPair(this.mAirWatchDeviceAdmin, privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificate(), str);
        for (Certificate certificate : privateKeyEntry.getCertificateChain()) {
            if ("X.509".equals(certificate.getType())) {
                X509Certificate CertificateToX509 = CertificateProfileGroup.CertificateToX509(certificate);
                if (CertificateToX509.getBasicConstraints() > -1) {
                    installKeyPair &= getDevicePolicyManager().installCaCert(this.mAirWatchDeviceAdmin, CertificateToX509.getEncoded());
                }
            }
        }
        return installKeyPair;
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean isActivePasswordSufficient() {
        return isDevicePasswordSufficient() && isWorkAppPasswordSufficient();
    }

    public boolean isAppEnabled(String str) {
        return !getDevicePolicyManager().isApplicationHidden(this.mAirWatchDeviceAdmin, str);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean isDeviceOwnerApp() {
        return getDevicePolicyManager().isDeviceOwnerApp(this.mContext.getPackageName());
    }

    public boolean isDevicePasscodeEnabled() {
        Vector<ProfileGroup> profileGroups = AgentProfileDBAdapter.getInstance().getProfileGroups("com.airwatch.android.androidwork.passwordpolicy");
        if (profileGroups == null || !profileGroups.isEmpty() || Build.VERSION.SDK_INT < 28) {
            return true;
        }
        Logger.i(TAG, "Device Password is not enforced, returning false");
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0047  */
    /* JADX WARN: Removed duplicated region for block: B:17:? A[RETURN, SYNTHETIC] */
    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isDevicePasswordSufficient() {
        /*
            r5 = this;
            com.airwatch.agent.utility.behavior.IAndroidEnterpriseBehavior r0 = com.airwatch.agent.utility.AfwUtils.getAEBehavior()
            boolean r0 = r0.shouldConsultParentProfile()
            java.lang.String r1 = "AndroidWorkDeviceAdmin"
            if (r0 == 0) goto L50
            boolean r0 = r5.isDevicePasscodeEnabled()
            if (r0 == 0) goto L50
            r0 = 1
            android.app.admin.DevicePolicyManager r2 = r5.getDevicePolicyManager()     // Catch: java.lang.SecurityException -> L49
            android.content.ComponentName r3 = r5.mAirWatchDeviceAdmin     // Catch: java.lang.SecurityException -> L49
            android.app.admin.DevicePolicyManager r2 = r2.getParentProfileInstance(r3)     // Catch: java.lang.SecurityException -> L49
            boolean r2 = r2.isActivePasswordSufficient()     // Catch: java.lang.SecurityException -> L49
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.SecurityException -> L49
            r3.<init>()     // Catch: java.lang.SecurityException -> L49
            java.lang.String r4 = "Android Nougat and above, isActivePasswordSufficient for Device Passcode returned: "
            r3.append(r4)     // Catch: java.lang.SecurityException -> L49
            boolean r4 = com.airwatch.agent.utility.Utils.canTrustSufficientPasswordAPI()     // Catch: java.lang.SecurityException -> L49
            if (r4 == 0) goto L36
            if (r2 == 0) goto L34
            goto L36
        L34:
            r4 = 0
            goto L37
        L36:
            r4 = 1
        L37:
            r3.append(r4)     // Catch: java.lang.SecurityException -> L49
            java.lang.String r3 = r3.toString()     // Catch: java.lang.SecurityException -> L49
            com.airwatch.util.Logger.i(r1, r3)     // Catch: java.lang.SecurityException -> L49
            boolean r1 = com.airwatch.agent.utility.Utils.canTrustSufficientPasswordAPI()     // Catch: java.lang.SecurityException -> L49
            if (r1 == 0) goto L48
            r0 = r2
        L48:
            return r0
        L49:
            r2 = move-exception
            java.lang.String r3 = "Error in checking isActivePasswordSufficient in PO mode "
            com.airwatch.util.Logger.e(r1, r3, r2)
            return r0
        L50:
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r2 = "isActivePasswordSufficient for Device Passcode returned: "
            r0.append(r2)
            com.airwatch.agent.deviceadministrator.DevicePolicyManagerWrapper r2 = r5.mDpmw
            java.lang.Boolean r2 = r2.isActivePasswordSufficient()
            r0.append(r2)
            java.lang.String r0 = r0.toString()
            com.airwatch.util.Logger.d(r1, r0)
            com.airwatch.agent.deviceadministrator.DevicePolicyManagerWrapper r0 = r5.mDpmw
            java.lang.Boolean r0 = r0.isActivePasswordSufficient()
            boolean r0 = r0.booleanValue()
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.airwatch.agent.google.mdm.android.work.AndroidWorkDeviceAdmin.isDevicePasswordSufficient():boolean");
    }

    boolean isOneLockNonCompliant() {
        if (Build.VERSION.SDK_INT <= 27) {
            return false;
        }
        boolean contains = getDevicePolicyManager().getUserRestrictions(this.mAirWatchDeviceAdmin).keySet().contains("no_unified_password");
        Logger.d(TAG, "One lock disabled: " + contains);
        return contains && getDevicePolicyManager().isUsingUnifiedPassword(this.mAirWatchDeviceAdmin);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean isProfileOwnerApp() {
        return getDevicePolicyManager().isProfileOwnerApp(this.mContext.getPackageName());
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean isWorkAppPasswordSufficient() {
        Logger.i(TAG, "isActivePasscodeSufficient for Work Passcode returned: " + this.mDpmw.isActivePasswordSufficient() + " and One Lock compliance returned: " + isOneLockNonCompliant());
        return this.mDpmw.isActivePasswordSufficient().booleanValue() && !isOneLockNonCompliant();
    }

    public /* synthetic */ Boolean lambda$changeOrClearPasscode$0$AndroidWorkDeviceAdmin(boolean z, String str) {
        boolean handleRestPasscode;
        if (Build.VERSION.SDK_INT >= 23 && getDevicePolicyManager().isDeviceOwnerApp(this.mContext.getPackageName()) && !z) {
            Logger.d(TAG, "calling resetPasscode with do not ask credentials on boot flag");
            handleRestPasscode = handleRestPasscode(str, 2);
        } else {
            Logger.d(TAG, "calling resetPasscode with password require entry flag");
            handleRestPasscode = handleRestPasscode(str, 1);
        }
        return Boolean.valueOf(handleRestPasscode);
    }

    public /* synthetic */ Boolean lambda$changeOrClearPasscodeWithToken$1$AndroidWorkDeviceAdmin(boolean z, String str, byte[] bArr) {
        int i = 1;
        boolean z2 = getDevicePolicyManager().isDeviceOwnerApp(this.mContext.getPackageName()) && !z;
        Logger.d(TAG, "secure startup? " + z2);
        if (z2) {
            Logger.d(TAG, "with do not ask credentials on boot flag");
            i = 2;
        }
        if (isDeviceOwnerApp() || isProfileOwnerApp()) {
            return Boolean.valueOf(handleResetPasswordProfileAndDeviceOwner(str, i, bArr));
        }
        return false;
    }

    void removeCaCert(String str) throws CertificateException {
        if (str == null) {
            throw new IllegalArgumentException("AndroidWorkDeviceAdmin: Thumbprint cannot be null");
        }
        String upperCase = str.toUpperCase();
        Logger.d(TAG, "remove CA cert " + upperCase);
        DevicePolicyManager devicePolicyManager = getDevicePolicyManager();
        List<byte[]> installedCaCerts = devicePolicyManager.getInstalledCaCerts(this.mAirWatchDeviceAdmin);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (byte[] bArr : installedCaCerts) {
            String thumbPrint = getThumbPrint((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr)));
            if (upperCase.equals(thumbPrint)) {
                devicePolicyManager.uninstallCaCert(this.mAirWatchDeviceAdmin, bArr);
                Logger.i(TAG, "removed existing CA cert " + thumbPrint);
            }
        }
    }

    public void removeCert(String str, String str2, String str3, String str4) {
        boolean z = str2 == null || str2.length() == 0;
        boolean isEmptyOrNull = StringUtils.isEmptyOrNull(str);
        if (!isEmptyOrNull && UIUtility.isAndroidRAndAbove() && AfwApp.getAppContext().isFeatureEnabled(FeatureFlag.ENABLE_GRANT_KEYPAIR_TO_APP) && !z) {
            revokeKeyPairFromApps(str, str4);
        }
        try {
            if (z) {
                removeCaCert(str3);
            } else if (isEmptyOrNull) {
                Logger.w(TAG, "empty alias for removing keypair");
            } else if (Build.VERSION.SDK_INT >= 24) {
                getDevicePolicyManager().removeKeyPair(this.mAirWatchDeviceAdmin, str);
            } else {
                Logger.w(TAG, "removing key/pair certs is not supported");
            }
        } catch (Exception e) {
            Logger.e(TAG, "could not remove cert " + str, (Throwable) e);
        }
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean resetPasscode(String str, boolean z) {
        return resetPasscodeWithToken(str, z, null);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean resetPasscodeV2(String str, boolean z, boolean z2) {
        return resetPasscodeWithFlags(str, z, z2, null);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean resetPasscodeV2WithToken(String str, boolean z, boolean z2, byte[] bArr) {
        return resetPasscodeWithFlags(str, z, z2, bArr);
    }

    public boolean resetPasscodeWithFlags(String str, boolean z, boolean z2, byte[] bArr) {
        Logger.d(TAG, "using passcode resetter to clear/change the passcode");
        return new GooglePasscodeResetter(ConfigurationManager.getInstance(), ProfileFactory.getInstance(), this).resetPasscode(z ? PasscodeResetMode.CLEAR : PasscodeResetMode.CHANGE, false, ArrayUtils.isEmpty(bArr) ? changeOrClearPasscode(str, z2) : changeOrClearPasscodeWithToken(str, z2, bArr));
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean resetPasscodeWithToken(String str, boolean z, byte[] bArr) {
        return resetPasscodeWithFlags(str, z, true, bArr);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean resetPasswordPolicy() {
        boolean z = true;
        if (AfwUtils.getAEBehavior().shouldConsultParentProfile()) {
            Logger.i(TAG, "resetPasswordPolicy for parent admin instance");
            z = true & setPasscodePolicyImpl(getDevicePolicyManager().getParentProfileInstance(this.mAirWatchDeviceAdmin), 0, 0, 16, -1L);
        }
        boolean passcodePolicyImpl = setPasscodePolicyImpl(this.mDpmw.getInstance(), 0, 0, 16, -1L) & z;
        Logger.d(TAG, "resetPasswordPolicy() returning : " + passcodePolicyImpl);
        return passcodePolicyImpl;
    }

    public void setAccountManagementDisabled(DevicePolicyManager devicePolicyManager, String str, boolean z) {
        try {
            Logger.i(TAG, "Disabling removal of google accounts.");
            devicePolicyManager.setAccountManagementDisabled(this.mAirWatchDeviceAdmin, str, z);
        } catch (SecurityException e) {
            Logger.e(TAG, "Cannot disable account management because admin is not a device or profile owner. ", (Throwable) e);
        }
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public void setAccountManagementDisabled(String str, boolean z) {
        setAccountManagementDisabled(getDevicePolicyManager(), str, z);
    }

    public boolean setAppEnabled(DevicePolicyManager devicePolicyManager, String str, boolean z) {
        try {
            if ((this.mContext.getPackageManager().getApplicationInfo(str, 8192).flags & 8388608) != 0) {
                Logger.d(TAG, "Setting application [" + str + "] enabled:" + z);
                return AfwApp.getAppContext().isFeatureEnabled(FeatureFlagConstants.ENABLE_REFACTORED_DISABLE_CHROME_API) ? setApplicationEnabled(devicePolicyManager, str, z) : setAppEnabledForPieAndBelow(devicePolicyManager, str, z);
            }
            if (!z) {
                Logger.d(TAG, "App already disabled: " + str);
                return false;
            }
            Logger.d(TAG, "Enabling system app " + str);
            devicePolicyManager.enableSystemApp(this.mAirWatchDeviceAdmin, str);
            return true;
        } catch (PackageManager.NameNotFoundException e) {
            Logger.d(TAG, "App not found: " + str, (Throwable) e);
            return false;
        } catch (IllegalArgumentException e2) {
            Logger.d(TAG, "Could not set app enabled: " + str + ": ", (Throwable) e2);
            return false;
        }
    }

    public boolean setAppEnabled(String str, boolean z) {
        return setAppEnabled(getDevicePolicyManager(), str, z);
    }

    boolean setAppEnabledForPieAndBelow(DevicePolicyManager devicePolicyManager, String str, boolean z) {
        Logger.i(TAG, "Calling old set App Enabled API");
        if (!isChromeDisableRequestAndroidV26(str)) {
            return devicePolicyManager.setApplicationHidden(this.mAirWatchDeviceAdmin, str, !z);
        }
        boolean z2 = !checkIfAllWorkAppsSuspended() && devicePolicyManager.setPackagesSuspended(this.mAirWatchDeviceAdmin, new String[]{str}, z ^ true).length == 0;
        return (z && devicePolicyManager.isApplicationHidden(this.mAirWatchDeviceAdmin, str)) ? devicePolicyManager.setApplicationHidden(this.mAirWatchDeviceAdmin, str, false) : z2;
    }

    boolean setAppEnabledForQAndAbove(DevicePolicyManager devicePolicyManager, String str, boolean z) throws PackageManager.NameNotFoundException {
        if ("com.android.chrome".equalsIgnoreCase(str) && devicePolicyManager.isPackageSuspended(this.mAirWatchDeviceAdmin, "com.android.chrome") && !checkIfAllWorkAppsSuspended()) {
            Logger.i(TAG, "Un-suspending Chrome on OS Q and above as it is not necessary.");
            devicePolicyManager.setPackagesSuspended(this.mAirWatchDeviceAdmin, new String[]{"com.android.chrome"}, false);
        }
        return devicePolicyManager.setApplicationHidden(this.mAirWatchDeviceAdmin, str, !z);
    }

    public void setApplicationRestrictions(String str, Bundle bundle) {
        getDevicePolicyManager().setApplicationRestrictions(this.mAirWatchDeviceAdmin, str, bundle);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public void setDeviceOwnerLockScreenInfo(CharSequence charSequence) {
        getDevicePolicyManager().setDeviceOwnerLockScreenInfo(this.mAirWatchDeviceAdmin, charSequence);
    }

    public boolean setLocationEnabled(boolean z) {
        if (!UIUtility.isAndroidRAndAbove()) {
            return false;
        }
        try {
            getDevicePolicyManager().setLocationEnabled(this.mAirWatchDeviceAdmin, z);
            return true;
        } catch (SecurityException e) {
            Logger.e(TAG, "setLocationEnabled: ", (Throwable) e);
            return false;
        }
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public void setLongSupportMessage(String str) {
        getDevicePolicyManager().setLongSupportMessage(this.mAirWatchDeviceAdmin, str);
    }

    public void setPackagesSuspended(String[] strArr, boolean z) {
        getDevicePolicyManager().setPackagesSuspended(this.mAirWatchDeviceAdmin, strArr, z);
    }

    public boolean setPermissionGrantState(String str, String str2, int i) {
        try {
            return getDevicePolicyManager().setPermissionGrantState(this.mAirWatchDeviceAdmin, str, str2, i);
        } catch (IllegalArgumentException | SecurityException e) {
            Logger.e(TAG, "setPermissionGrantState: ", e);
            return false;
        }
    }

    public void setScreenCaptureDisabled(boolean z) {
        getDevicePolicyManager().setScreenCaptureDisabled(this.mAirWatchDeviceAdmin, z);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public void setShortSupportMessage(String str) {
        getDevicePolicyManager().setShortSupportMessage(this.mAirWatchDeviceAdmin, str);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public void transferDpcOwnership(ComponentName componentName, ComponentName componentName2, PersistableBundle persistableBundle) {
        this.mDpmw.transferDpcOwnership(componentName, componentName2, persistableBundle);
    }

    @Override // com.airwatch.agent.deviceadministrator.DeviceAdministratorManager, com.airwatch.agent.deviceadministrator.IDeviceAdmin
    public boolean wipeDevice(int i) {
        Logger.d(TAG, "wipeDevice(" + i + ")");
        if (isDeviceOwnerApp()) {
            enableUserRestriction("no_factory_reset", false);
        }
        return super.wipeDevice(i);
    }
}
