package com.manageengine.mdm.framework.security;

import android.app.KeyguardManager;
import android.app.PendingIntent;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.graphics.Bitmap;
import android.support.v4.app.NotificationCompat;
import android.util.Base64;
import com.manageengine.mdm.framework.R;
import com.manageengine.mdm.framework.appmgmt.PackageManager;
import com.manageengine.mdm.framework.core.CommandConstants;
import com.manageengine.mdm.framework.core.MDMApplication;
import com.manageengine.mdm.framework.core.MDMDeviceManager;
import com.manageengine.mdm.framework.db.MDMAgentParamsTableHandler;
import com.manageengine.mdm.framework.deviceadmin.DeviceAdminMonitor;
import com.manageengine.mdm.framework.logging.MDMLogger;
import com.manageengine.mdm.framework.notification.NotificationConstants;
import com.manageengine.mdm.framework.passcode.PasscodeNotificationService;
import com.manageengine.mdm.framework.profile.PassCodeScreenActivity;
import com.manageengine.mdm.framework.utils.AgentUtil;
import com.manageengine.mdm.framework.utils.JSONUtil;
import java.security.SecureRandom;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class PasscodePolicyManager {
    public static final int FORCE_PASSCODE_NOTIFICATION_CONSTANT = 12;
    public static final int FORCE_PASSCODE_NOTIFICATION_CONSTANT_WORKPROFILE_7 = 13;
    public static final String PASSCODE_DATA = "passcodeData";
    private static final int PASSCODE_POLICY_SCOPE_DEVICE = 0;
    public static final String PASSCODE_QUALITY = "PasscodeQuality";
    private static final String PASSWORD_RESET_TOKEN = "PasswordResetToken";
    private static final String PENDING_RESET_PASSWORD = "PendingResetPassword";
    public static final String POLICY_SCOPE = "PolicyScope";
    public static final int STATUS_PASSWORD_CLEAR_FAILED_DEVICE_ENCRYPTED = 12142;
    public static final int STATUS_PASSWORD_CLEAR_FAILURE_UNKNOWN = 4608;
    public static final int STATUS_PASSWORD_CLEAR_INVALID_ADMIN = 4607;
    public static final int STATUS_PASSWORD_CLEAR_NOT_SUPPORTED = 4610;
    public static final int STATUS_PASSWORD_CLEAR_SUCCESS = 4609;
    public static final int STATUS_PASSWORD_RESET_AUTH_REQUIRED = 4604;
    public static final int STATUS_PASSWORD_RESET_INSUFFICIENT_QUALITY = 4603;
    public static final int STATUS_PASSWORD_RESET_INVALID_ADMIN = 4606;
    public static final int STATUS_PASSWORD_RESET_SUCCESS = 0;
    public static final int STATUS_PASSWORD_RESET_UNKNOWN = 4600;
    public static final int STATUS_TOKEN_ACTIVATED = 2;
    public static final int STATUS_TOKEN_ACTIVATION_UNKNOWN = 4605;
    public static final int STATUS_TOKEN_GENERATION_FAILURE = 4602;
    public static final String TIME_OUT_FOR_FORCE_DEVICE_LOCK = "time_out";

    private void clearResetPasswordToken(Context context) {
        getDevicePolicyManager(context).clearResetPasswordToken(DeviceAdminMonitor.getComponentName(context));
        MDMAgentParamsTableHandler.getInstance(context).removeValue(PASSWORD_RESET_TOKEN);
    }

    private byte[] generateNewPasswordToken(Context context) {
        try {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            if (getDevicePolicyManager(context).setResetPasswordToken(DeviceAdminMonitor.getComponentName(context), bArr)) {
                MDMLogger.info("Token is set successfully");
                String encodeToString = Base64.encodeToString(bArr, 0);
                MDMLogger.info("Encoded byte String " + encodeToString);
                MDMAgentParamsTableHandler.getInstance(context).addStringValue(PASSWORD_RESET_TOKEN, encodeToString);
            } else {
                bArr = null;
                MDMAgentParamsTableHandler.getInstance(context).removeValue(PASSWORD_RESET_TOKEN);
                MDMLogger.info("Token is not set. Requires User Authentication");
            }
            return bArr;
        } catch (Exception e) {
            MDMLogger.error("generateNewPasswordToken failed  ", e);
            return null;
        }
    }

    private DevicePolicyManager getDevicePolicyManager(Context context) {
        return (DevicePolicyManager) context.getSystemService("device_policy");
    }

    private byte[] getGeneratedResetPasswordToken(Context context) {
        String stringValue = MDMAgentParamsTableHandler.getInstance(context).getStringValue(PASSWORD_RESET_TOKEN);
        if (stringValue != null) {
            return Base64.decode(stringValue, 0);
        }
        return null;
    }

    private KeyguardManager getKeyguardManager(Context context) {
        return (KeyguardManager) context.getSystemService("keyguard");
    }

    private String getPendingResetPassword(Context context) {
        return MDMAgentParamsTableHandler.getInstance(context).getStringValue(PENDING_RESET_PASSWORD);
    }

    private boolean isResetPasswordTokenActive(Context context) {
        return getDevicePolicyManager(context).isResetPasswordTokenActive(DeviceAdminMonitor.getComponentName(context));
    }

    private int resetPassword(Context context, String str, byte[] bArr) {
        try {
            if (getDevicePolicyManager(context).resetPasswordWithToken(DeviceAdminMonitor.getComponentName(context), str, bArr, 0)) {
                return 0;
            }
            return STATUS_PASSWORD_RESET_INSUFFICIENT_QUALITY;
        } catch (IllegalArgumentException e) {
            MDMLogger.error("Exception while resetting the password. Invalid reset token.", (Exception) e);
            return STATUS_PASSWORD_RESET_UNKNOWN;
        } catch (SecurityException e2) {
            MDMLogger.error("Exception while resetting the pasword. Invalid admin.", (Exception) e2);
            return STATUS_PASSWORD_RESET_UNKNOWN;
        } catch (Exception e3) {
            MDMLogger.error("Exception while resetting the password. Unknown error.", e3);
            return STATUS_PASSWORD_RESET_UNKNOWN;
        }
    }

    private int resetPasswordBelowOreo(Context context, String str) {
        int i = getDevicePolicyManager(context).resetPassword(str, 0) ? 0 : STATUS_PASSWORD_RESET_INSUFFICIENT_QUALITY;
        if (i == 0) {
            getDevicePolicyManager(context).lockNow();
        }
        return i;
    }

    private int resetPasswordOreo(Context context, String str) {
        int i = STATUS_PASSWORD_RESET_UNKNOWN;
        if (str == null) {
            str = "";
        }
        if (MDMDeviceManager.getInstance(context).getAgentUtil().isProfileOwnerOrDeviceOwner(context)) {
            int activateResetPasswordToken = activateResetPasswordToken(context);
            if (activateResetPasswordToken == 2) {
                if (!str.isEmpty()) {
                    resetPassword(context, "", getGeneratedResetPasswordToken(context));
                }
                i = resetPassword(context, str, getGeneratedResetPasswordToken(context));
            } else {
                i = activateResetPasswordToken;
            }
            if (i == 0) {
                getDevicePolicyManager(context).lockNow();
            } else {
                MDMAgentParamsTableHandler.getInstance(context).addStringValue(PENDING_RESET_PASSWORD, str);
            }
            MDMLogger.info("Password reset status : " + i);
        } else {
            MDMLogger.error("Failed since it is not device owner");
        }
        return i;
    }

    public int activateResetPasswordToken(Context context) {
        byte[] generatedResetPasswordToken = getGeneratedResetPasswordToken(context);
        if (generatedResetPasswordToken == null) {
            generatedResetPasswordToken = generateNewPasswordToken(context);
        }
        if (generatedResetPasswordToken == null) {
            MDMLogger.error("ResetPassword :  Token generation failure");
            return STATUS_TOKEN_GENERATION_FAILURE;
        }
        if (isResetPasswordTokenActive(context)) {
            MDMLogger.info("ResetPassword : Reset Token is already activated");
            return 2;
        }
        MDMLogger.info("ResetPassword : Reset Token is not activated. Generating a new token");
        if (generateNewPasswordToken(context) == null) {
            MDMLogger.error("ResetPassword :  Token generation failure");
            return STATUS_TOKEN_GENERATION_FAILURE;
        }
        if (getKeyguardManager(context).createConfirmDeviceCredentialIntent(CommandConstants.MSG_AUTHORIZATION, "Authorize the admin to two reset") == null) {
            MDMLogger.info("ResetPassword : Reset Token is now activated. Proceeding to reset password");
            return 2;
        }
        MDMLogger.info("ResetPassword : Authorization required ");
        getDevicePolicyManager(context).lockNow();
        return STATUS_PASSWORD_RESET_AUTH_REQUIRED;
    }

    public int clearPassword(Context context) {
        DevicePolicyManager devicePolicyManager = getDevicePolicyManager(context);
        if (AgentUtil.getInstance().isVersionCompatible(context, 26).booleanValue()) {
            return AgentUtil.getInstance().isProfileOwnerOrDeviceOwner(context) ? resetPassword(context, "") == 0 ? STATUS_PASSWORD_CLEAR_SUCCESS : STATUS_PASSWORD_CLEAR_FAILURE_UNKNOWN : STATUS_PASSWORD_CLEAR_INVALID_ADMIN;
        }
        if (AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue()) {
            return AgentUtil.getInstance().isProfileOwner(context) ? STATUS_PASSWORD_CLEAR_NOT_SUPPORTED : AgentUtil.getInstance().isDeviceOwner(context) ? resetPassword(context, "") == 0 ? STATUS_PASSWORD_CLEAR_SUCCESS : STATUS_PASSWORD_CLEAR_FAILURE_UNKNOWN : STATUS_PASSWORD_CLEAR_INVALID_ADMIN;
        }
        int resetPassword = resetPassword(context, "");
        if (resetPassword == 0) {
            MDMLogger.info("Successfully cleared the passcode ");
            return STATUS_PASSWORD_CLEAR_SUCCESS;
        }
        MDMLogger.info("Cannot clear passcode!!!!");
        if (!AgentUtil.getInstance().isVersion3AndAbove().booleanValue()) {
            return resetPassword;
        }
        MDMLogger.debug("The Android version is 3 or above , so going to check encryption status");
        int storageEncryptionStatus = devicePolicyManager.getStorageEncryptionStatus();
        if (storageEncryptionStatus == 2 || storageEncryptionStatus == 3 || storageEncryptionStatus == 4 || storageEncryptionStatus == 5) {
            return 12142;
        }
        return resetPassword;
    }

    public void clearPendingResetPassword(Context context) {
        MDMAgentParamsTableHandler.getInstance(context).removeValue(PENDING_RESET_PASSWORD);
    }

    public void disablePasscodeNotification() {
        Context context = MDMApplication.getContext();
        MDMDeviceManager.getInstance(context).getNotificationManager().cancelNotification(12);
        MDMDeviceManager.getInstance(context).getNotificationManager().cancelNotification(13);
        context.stopService(new Intent(MDMApplication.getContext(), (Class<?>) PasscodeNotificationService.class));
    }

    public void enablePasscodeNotification(long j) {
        Context context = MDMApplication.getContext();
        Intent intent = new Intent(MDMApplication.getContext(), (Class<?>) PasscodeNotificationService.class);
        MDMAgentParamsTableHandler.getInstance(context).addLongValue(TIME_OUT_FOR_FORCE_DEVICE_LOCK, j);
        context.startService(intent);
    }

    public void exitForceLockDownMode() {
        Context context = MDMApplication.getContext();
        disablePasscodeNotification();
        if (!AgentUtil.getInstance().isDeviceOwner(context) || !AgentUtil.getInstance().isVersionCompatible(context, 23).booleanValue()) {
            if (AgentUtil.getInstance().isProfileOwner(context)) {
                try {
                    if (AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue()) {
                        JSONArray installedPackageNames = MDMDeviceManager.getInstance(context).getPackageManager().getInstalledPackageNames();
                        getDevicePolicyManager(context).setApplicationHidden(DeviceAdminMonitor.getComponentName(context), "com.android.vending", false);
                        getDevicePolicyManager(context).setPackagesSuspended(DeviceAdminMonitor.getComponentName(context), JSONUtil.getInstance().convertToStringArray(installedPackageNames), false);
                        return;
                    }
                    return;
                } catch (Exception e) {
                    MDMLogger.info("Exception while suspending managed apps");
                    return;
                }
            }
            return;
        }
        MDMLogger.info("Disabling Passcode Activity");
        if (MDMDeviceManager.getInstance(context).getKioskManager().isKioskRunning() && MDMDeviceManager.getInstance(context).getKioskManager().getKioskLauncherType() == -1) {
            MDMLogger.info("Entering Into Kiosk");
            List<String> kioskApps = MDMDeviceManager.getInstance(context).getPackageManager().getKioskApps();
            if (kioskApps.size() > 0) {
                String[] strArr = new String[kioskApps.size()];
                for (int i = 0; i < kioskApps.size(); i++) {
                    strArr[i] = kioskApps.get(i);
                }
                MDMDeviceManager.getInstance(context).getLockTaskHandler().setLockTaskPackages(strArr);
            }
        } else {
            MDMLogger.info("Exiting Kioskmode");
            MDMDeviceManager.getInstance(context).getLockTaskHandler().clearLockTaskPackages();
        }
        DevicePolicyManager devicePolicyManager = (DevicePolicyManager) MDMApplication.getContext().getSystemService("device_policy");
        ComponentName componentName = new ComponentName(context, (Class<?>) DeviceAdminMonitor.class);
        ComponentName componentName2 = new ComponentName(MDMApplication.getContext(), (Class<?>) PassCodeScreenActivity.class);
        devicePolicyManager.clearPackagePersistentPreferredActivities(componentName, context.getPackageName());
        MDMApplication.getContext().getPackageManager().setComponentEnabledSetting(componentName2, 2, 1);
    }

    public void forceLockDownMode() {
        Context context = MDMApplication.getContext();
        if (AgentUtil.getInstance().isDeviceOwner(context) && AgentUtil.getInstance().isVersionCompatible(context, 23).booleanValue()) {
            MDMLogger.info("Enabling Passcode Activity");
            DevicePolicyManager devicePolicyManager = (DevicePolicyManager) MDMApplication.getContext().getSystemService("device_policy");
            ComponentName componentName = new ComponentName(MDMApplication.getContext(), (Class<?>) PassCodeScreenActivity.class);
            MDMDeviceManager.getInstance(context).getLockTaskHandler().setLockTaskPackages(new String[]{context.getPackageName(), MDMDeviceManager.getInstance(context).getPackageManager().getSettingsPackageName()});
            MDMApplication.getContext().getPackageManager().setComponentEnabledSetting(componentName, 1, 1);
            IntentFilter intentFilter = new IntentFilter();
            intentFilter.addAction("android.intent.action.MAIN");
            intentFilter.addCategory("android.intent.category.DEFAULT");
            intentFilter.addCategory("android.intent.category.HOME");
            devicePolicyManager.addPersistentPreferredActivity(DeviceAdminMonitor.getComponentName(MDMApplication.getContext()), intentFilter, componentName);
            Intent intent = new Intent(context, (Class<?>) PassCodeScreenActivity.class);
            intent.addFlags(268435456);
            context.startActivity(intent);
            return;
        }
        if (AgentUtil.getInstance().isProfileOwner(context)) {
            try {
                if (!AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue()) {
                    getDevicePolicyManager(context).setShortSupportMessage(DeviceAdminMonitor.getComponentName(context), null);
                    getDevicePolicyManager(context);
                    MDMDeviceManager.getInstance(context).getNotificationManager().notifyNotification(MDMDeviceManager.getInstance(context).getNotificationManager().createNotification(NotificationConstants.DEFAULT_CHANNEL_ID, context.getResources().getString(R.string.mdm_agent_profile_passcode_notification_title), context.getResources().getString(R.string.mdm_agent_profile_passcode_workprofile7_notification), false, false, true, R.drawable.ic_notification, (Bitmap) null, (NotificationCompat.Style) new NotificationCompat.BigTextStyle(), PendingIntent.getActivity(context, 12, new Intent("android.app.action.SET_NEW_PASSWORD"), 134217728), (NotificationCompat.Action[]) null, false, true, true), 13);
                    return;
                }
                DevicePolicyManager devicePolicyManager2 = getDevicePolicyManager(context);
                PackageManager packageManager = MDMDeviceManager.getInstance(context).getPackageManager();
                devicePolicyManager2.setShortSupportMessage(DeviceAdminMonitor.getComponentName(context), context.getResources().getString(R.string.mdm_agent_set_device_compliant_enable_action));
                JSONArray removeStringItem = JSONUtil.getInstance().removeStringItem(JSONUtil.getInstance().removeStringItem(packageManager.getInstalledPackageNames(), context.getPackageName()), context.getPackageName());
                if (JSONUtil.getInstance().contains(removeStringItem, "com.android.vending")) {
                    devicePolicyManager2.setApplicationHidden(DeviceAdminMonitor.getComponentName(context), "com.android.vending", true);
                }
                String[] convertToStringArray = JSONUtil.getInstance().convertToStringArray(removeStringItem);
                MDMDeviceManager.getInstance(context).getNotificationManager().notifyNotification(MDMDeviceManager.getInstance(context).getNotificationManager().createNotification(NotificationConstants.DEFAULT_CHANNEL_ID, context.getResources().getString(R.string.mdm_agent_profile_passcode_notification_title), context.getResources().getString(R.string.mdm_agent_profile_passcode_workprofile7_notification), false, false, true, R.drawable.ic_notification, (Bitmap) null, (NotificationCompat.Style) new NotificationCompat.BigTextStyle(), PendingIntent.getActivity(context, 12, getintentforPasscodeScope(), 134217728), (NotificationCompat.Action[]) null, false, true, true), 13);
                if (AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue()) {
                    getDevicePolicyManager(context).setPackagesSuspended(DeviceAdminMonitor.getComponentName(context), convertToStringArray, true);
                }
            } catch (Exception e) {
                MDMLogger.info("Exception while suspending managed apps");
            }
        }
    }

    public String getLockDeviceMessage() {
        Context context = MDMApplication.getContext();
        JSONObject jSONObject = MDMAgentParamsTableHandler.getInstance(context).getJSONObject(PASSCODE_DATA);
        int i = JSONUtil.getInstance().getInt(jSONObject, "MinSymbolLength");
        int i2 = JSONUtil.getInstance().getInt(jSONObject, "MinUpperLength");
        int i3 = JSONUtil.getInstance().getInt(jSONObject, "MinLowerLength");
        int i4 = JSONUtil.getInstance().getInt(jSONObject, "MinNumLength");
        int i5 = JSONUtil.getInstance().getInt(jSONObject, "MinLength");
        int intValue = MDMAgentParamsTableHandler.getInstance(context).getIntValue(PASSCODE_QUALITY, 0);
        if (intValue != 5 || i5 <= 0) {
            return (intValue <= 1 || intValue >= 5 || i5 <= 0) ? context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content2) : context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content1, Integer.valueOf(i5));
        }
        String string = context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_start, Integer.valueOf(i5));
        if (i2 != -1) {
            string = string.concat(" " + i2 + " " + context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_upper));
        }
        if (i3 != -1) {
            string = string.concat(" " + i2 + " " + context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_lower));
        }
        if (i4 != -1) {
            string = string.concat(" " + i2 + " " + context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_number));
        }
        if (i != -1) {
            string = string.concat(" " + i2 + " " + context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_symbol));
        }
        return string.concat(" " + context.getResources().getString(R.string.mdm_agent_profile_passcode_lock_device_content_end));
    }

    public Intent getintentforPasscodeScope() {
        Context context = MDMApplication.getContext();
        int intValue = MDMAgentParamsTableHandler.getInstance(context).getIntValue(POLICY_SCOPE, -1);
        new ComponentName(context, (Class<?>) DeviceAdminMonitor.class);
        return (AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue() && AgentUtil.getInstance().isProfileOwner(context) && intValue == 0) ? new Intent("android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD") : new Intent("android.app.action.SET_NEW_PASSWORD");
    }

    public boolean isPasswordPolicyCompliant(Context context) {
        return getDevicePolicyManager(context).isActivePasswordSufficient();
    }

    public int resetPassword(Context context, String str) {
        int i = STATUS_PASSWORD_RESET_UNKNOWN;
        try {
            ComponentName componentName = DeviceAdminMonitor.getComponentName(context);
            DevicePolicyManager devicePolicyManager = getDevicePolicyManager(context);
            int passwordQuality = devicePolicyManager.getPasswordQuality(componentName);
            int passwordMinimumLength = devicePolicyManager.getPasswordMinimumLength(componentName);
            int maximumFailedPasswordsForWipe = devicePolicyManager.getMaximumFailedPasswordsForWipe(componentName);
            devicePolicyManager.setPasswordQuality(componentName, 0);
            devicePolicyManager.setPasswordMinimumLength(componentName, 0);
            i = AgentUtil.getInstance().isVersionCompatible(context, 26).booleanValue() ? MDMDeviceManager.getInstance(context).getAgentUtil().isProfileOwnerOrDeviceOwner(context) ? resetPasswordOreo(context, str) : STATUS_PASSWORD_RESET_INVALID_ADMIN : resetPasswordBelowOreo(context, str);
            devicePolicyManager.setPasswordQuality(componentName, passwordQuality);
            devicePolicyManager.setPasswordMinimumLength(componentName, passwordMinimumLength);
            devicePolicyManager.setMaximumFailedPasswordsForWipe(componentName, maximumFailedPasswordsForWipe);
        } catch (Exception e) {
            MDMLogger.error("Exception while resetting the password", e);
        }
        return i;
    }

    public void resetPasswordIfPending(Context context) {
        if (getPendingResetPassword(context) != null) {
            resetWithPendingPassword(context);
        }
    }

    public int resetWithPendingPassword(Context context) {
        return resetPassword(context, getPendingResetPassword(context));
    }

    public void setUnifiedPassword(boolean z) {
        Context context = MDMApplication.getContext();
        if (!AgentUtil.getInstance().isVersionCompatible(context, 28).booleanValue() || !AgentUtil.getInstance().isProfileOwner(context)) {
            MDMLogger.info("Use One lock Not Applicable");
            return;
        }
        DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        ComponentName componentName = new ComponentName(context, (Class<?>) DeviceAdminMonitor.class);
        MDMLogger.info("Set unified Lock:" + z);
        if (z) {
            devicePolicyManager.clearUserRestriction(componentName, "no_unified_password");
        } else {
            devicePolicyManager.addUserRestriction(componentName, "no_unified_password");
        }
    }
}
