package com.blackberry.email.account;

import android.accounts.AccountManager;
import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.ContentProviderOperation;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.OperationApplicationException;
import android.database.Cursor;
import android.os.Build;
import android.os.Bundle;
import android.os.RemoteException;
import com.blackberry.common.utils.aa;
import com.blackberry.common.utils.n;
import com.blackberry.common.utils.o;
import com.blackberry.email.account.service.EmailBroadcastProcessorService;
import com.blackberry.email.provider.EmailProvider;
import com.blackberry.email.provider.contract.Account;
import com.blackberry.email.provider.contract.EmailContent;
import com.blackberry.email.provider.contract.Policy;
import com.blackberry.email.service.EmailServiceUtils;
import com.blackberry.email.utils.Utility;
import com.blackberry.email.utils.i;
import com.blackberry.lib.b.a;
import com.blackberry.o.g;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class SecurityPolicy {
    private static final String TAG = n.pC();
    private static SecurityPolicy bfm = null;
    private final ComponentName bfo;
    private Context mContext;
    private DevicePolicyManager bfn = null;
    private Policy bfp = null;

    /* loaded from: classes.dex */
    public static class PolicyAdmin extends DeviceAdminReceiver {
        @Override // android.app.admin.DeviceAdminReceiver
        public CharSequence onDisableRequested(Context context, Intent intent) {
            return context.getString(a.i.emailprovider_disable_admin_warning);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onDisabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.s(context, 2);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onEnabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.s(context, 1);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordChanged(Context context, Intent intent) {
            EmailBroadcastProcessorService.s(context, 3);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordExpiring(Context context, Intent intent) {
            EmailBroadcastProcessorService.s(context, 4);
        }
    }

    protected SecurityPolicy(Context context) {
        this.mContext = context.getApplicationContext();
        this.bfo = new ComponentName(context, (Class<?>) PolicyAdmin.class);
    }

    private Policy Ag() {
        boolean z;
        Policy policy = new Policy();
        policy.buz = false;
        Cursor query = this.mContext.getContentResolver().query(Policy.CONTENT_URI, Policy.aMW, null, null, null);
        Policy policy2 = new Policy();
        if (query != null) {
            z = false;
            while (query.moveToNext()) {
                try {
                    policy2.g(query);
                    o.b(TAG, "Aggregate policy from:%s", policy2);
                    policy.f(policy2);
                    z = true;
                } finally {
                    query.close();
                }
            }
        } else {
            o.e(TAG, "%s - null database cursor", o.sk());
            z = false;
        }
        if (z) {
            o.c(TAG, "Calculated aggregate policy:%s", policy);
            return policy;
        }
        o.c(TAG, "Calculated Aggregate: no policy", new Object[0]);
        return Policy.bvd;
    }

    private synchronized Policy Ah() {
        if (this.bfp == null) {
            this.bfp = Ag();
        }
        return this.bfp;
    }

    private synchronized DevicePolicyManager Ai() {
        if (this.bfn == null) {
            this.bfn = (DevicePolicyManager) this.mContext.getSystemService("device_policy");
        }
        return this.bfn;
    }

    public static void a(Context context, long j, boolean z) {
        Account z2 = Account.z(context, j);
        if (z2 != null) {
            a(context, z2, z);
            if (z) {
                com.blackberry.email.b.a.bM(context).a(z2, true);
            }
        }
    }

    public static void a(Context context, Account account, boolean z) {
        if (z) {
            account.vw |= 32;
        } else {
            account.vw &= -33;
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("flags", Integer.valueOf(account.vw));
        account.a(context, contentValues);
        com.blackberry.email.utils.a.a(context, account.vw, account.aMS);
    }

    private void bA(boolean z) {
        String str = TAG;
        Object[] objArr = new Object[1];
        objArr[0] = z ? "enabled." : "disabled.";
        o.c(str, "Email admin %s", objArr);
        if (z) {
            return;
        }
        Context context = this.mContext;
        Cursor query = context.getContentResolver().query(Account.CONTENT_URI, EmailContent.auw, "policyKey IS NOT NULL AND policyKey!=0", null, null);
        if (query != null) {
            try {
                o.d(TAG, "Deleting %d secured account(s)", Integer.valueOf(query.getCount()));
                while (query.moveToNext()) {
                    long j = query.getLong(0);
                    Account z2 = Account.z(context, j);
                    if (z2 == null) {
                        o.e(TAG, "Unable to find account to delete, account: %d", Long.valueOf(j));
                        return;
                    }
                    AccountManager.get(context).removeAccount(new android.accounts.Account(z2.aLk, EmailServiceUtils.af(context, z2.bY(context)).accountType), null, null);
                }
            } finally {
                query.close();
            }
        } else {
            o.e(TAG, "%s - null database cursor", o.sk());
        }
        Aj();
    }

    public static synchronized SecurityPolicy bt(Context context) {
        SecurityPolicy securityPolicy;
        synchronized (SecurityPolicy.class) {
            if (bfm == null) {
                bfm = new SecurityPolicy(context.getApplicationContext());
            }
            securityPolicy = bfm;
        }
        return securityPolicy;
    }

    private static boolean bu(Context context) {
        Account z;
        o.d(TAG, "Wiping expired account now.", new Object[0]);
        Cursor query = context.getContentResolver().query(Policy.CONTENT_URI, Policy.auw, "passwordExpirationDays>0", null, null);
        if (query == null) {
            o.e(TAG, "%s - null database cursor", o.sk());
            return false;
        }
        boolean z2 = false;
        while (query.moveToNext()) {
            try {
                long J = Policy.J(context, query.getLong(0));
                if (J >= 0 && (z = Account.z(context, J)) != null) {
                    o.c(TAG, "Erase data and enable security hold, account:%d", Long.valueOf(J));
                    a(context, z, true);
                    context.getContentResolver().delete(EmailProvider.f("uiaccountdata", J), null, null);
                    z2 = true;
                }
            } catch (Throwable th) {
                query.close();
                throw th;
            }
        }
        query.close();
        return z2;
    }

    private static void g(Context context, Account account) {
        android.accounts.Account account2 = new android.accounts.Account(account.aLk, EmailServiceUtils.af(context, account.bY(context)).accountType);
        Bundle bundle = new Bundle(4);
        bundle.putBoolean("force", true);
        bundle.putBoolean("do_not_retry", true);
        bundle.putBoolean("expedited", true);
        bundle.putBoolean("__security_policy_activated__", true);
        com.blackberry.pimbase.idle.a.a(account2, g.AUTHORITY, bundle, i.eM(g.AUTHORITY), context);
        o.c(TAG, "requestSync SecurityPolicy syncAccount %d, %s", Long.valueOf(account.Bi), bundle.toString());
    }

    public static void r(Context context, int i) {
        SecurityPolicy bt = bt(context);
        switch (i) {
            case 1:
                bt.bA(true);
                return;
            case 2:
                bt.bA(false);
                return;
            case 3:
                Long[] bZ = Account.bZ(context);
                if (bZ != null) {
                    for (Long l : bZ) {
                        Account z = Account.z(context, l.longValue());
                        if (z != null) {
                            g(context, z);
                        }
                    }
                }
                com.blackberry.email.b.a.bM(context).ES();
                return;
            case 4:
                Context context2 = bt.mContext;
                o.c(TAG, "Password has expired...", new Object[0]);
                long longValue = Utility.a(context2, Policy.CONTENT_URI, Policy.auw, "passwordExpirationDays>0", (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
                long J = longValue < 0 ? -1L : Policy.J(context2, longValue);
                if (J == -1) {
                    return;
                }
                if (!(bt.Ai().getPasswordExpiration(bt.bfo) - System.currentTimeMillis() < 0)) {
                    com.blackberry.email.b.a.bM(bt.mContext).ak(J);
                    return;
                }
                o.c(TAG, "The password has expired for one of the accounts", new Object[0]);
                if (bu(context2)) {
                    com.blackberry.email.b.a.bM(bt.mContext).al(J);
                    return;
                }
                return;
            default:
                return;
        }
    }

    public synchronized void Aj() {
        this.bfp = null;
        Ak();
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:36:0x0124 -> B:32:0x013c). Please report as a decompilation issue!!! */
    public void Ak() {
        DevicePolicyManager Ai = Ai();
        Policy Ah = Ah();
        if (Ah == Policy.bvd) {
            o.c(TAG, "setActivePolicies: none, remove admin", new Object[0]);
            Ai.removeActiveAdmin(this.bfo);
            return;
        }
        if (An()) {
            o.c(TAG, "setActivePolicies: %s", Ah);
            Ai.setPasswordQuality(this.bfo, Ah.Gc());
            Ai.setPasswordMinimumLength(this.bfo, Ah.FV());
            Ai.setMaximumTimeToLock(this.bfo, Ah.FS() * 1000);
            Ai.setMaximumFailedPasswordsForWipe(this.bfo, Ah.FU());
            Ai.setPasswordExpirationTimeout(this.bfo, Ah.Gd());
            Ai.setPasswordHistoryLength(this.bfo, Ah.FW());
            Ai.setPasswordMinimumSymbols(this.bfo, Ah.FL());
            Ai.setPasswordMinimumNumeric(this.bfo, Ah.FM());
            Ai.setPasswordMinimumNonLetter(this.bfo, Ah.FO());
            Ai.setPasswordMinimumUpperCase(this.bfo, Ah.FN());
            Ai.setPasswordMinimumLetters(this.bfo, Ah.FP());
            Ai.setPasswordMinimumLowerCase(this.bfo, Ah.FQ());
            try {
                Ai.setCameraDisabled(this.bfo, Ah.buB);
            } catch (SecurityException e) {
                o.b(TAG, e, "Unable to set camera restriction", new Object[0]);
            }
            Ai.setStorageEncryption(this.bfo, Ah.buy);
            if (Build.VERSION.SDK_INT >= 26) {
                try {
                    if (Ah.FJ()) {
                        Ai.clearUserRestriction(this.bfo, "no_bluetooth");
                    } else {
                        Ai.addUserRestriction(this.bfo, "no_bluetooth");
                    }
                } catch (SecurityException e2) {
                    o.b(TAG, e2, "Unable to process '%s' user restriction", "no_bluetooth");
                }
            }
            try {
                if (Ah.FK()) {
                    Ai.clearUserRestriction(this.bfo, "no_sms");
                } else {
                    Ai.addUserRestriction(this.bfo, "no_sms");
                }
            } catch (SecurityException e3) {
                o.b(TAG, e3, "Unable to process '%s' user restriction", "no_sms");
            }
            try {
                if (Ah.FR() && Build.PRODUCT.endsWith("att")) {
                    Ai.setKeyguardDisabledFeatures(this.bfo, 16);
                } else {
                    Ai.setKeyguardDisabledFeatures(this.bfo, 0);
                }
            } catch (SecurityException e4) {
                o.d(TAG, "Security exception calling setKeyguardDisabledFeatures API:%d %s", Integer.valueOf(Build.VERSION.SDK_INT), e4.getMessage());
            }
        }
    }

    public void Al() {
        com.blackberry.email.b.a.bM(this.mContext).ET();
    }

    public void Am() {
        DevicePolicyManager Ai = Ai();
        if (Ai.isAdminActive(this.bfo)) {
            Ai.wipeData(1);
        } else {
            o.d(TAG, "Could not remote wipe because not device admin.", new Object[0]);
        }
    }

    public boolean An() {
        DevicePolicyManager Ai = Ai();
        return Ai.isAdminActive(this.bfo) && Ai.hasGrantedPolicy(this.bfo, 6) && Ai.hasGrantedPolicy(this.bfo, 7) && Ai.hasGrantedPolicy(this.bfo, 8);
    }

    public ComponentName Ao() {
        return this.bfo;
    }

    public void a(long j, Policy policy, String str) {
        Account z = Account.z(this.mContext, j);
        boolean z2 = true;
        if (z == null) {
            o.e(TAG, "Unable to find account to set policies on, account:%d", Long.valueOf(j));
            return;
        }
        Policy I = z.btz > 0 ? Policy.I(this.mContext, z.btz) : null;
        if (I != null && (I.buC != policy.buC || I.buE != policy.buE)) {
            Policy.a(this.mContext, z, policy);
        }
        policy.f(this.mContext.getResources());
        o.c(TAG, "Set policies on, account:%d", Long.valueOf(j));
        boolean z3 = I == null || !I.equals(policy);
        if (z3 || !aa.p(str, z.aUM)) {
            o.c(TAG, "setAccountPolicy: policy changed, account:%d", Long.valueOf(j));
            Context context = this.mContext;
            ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
            arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.oY()).build());
            arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, z.Bi)).withValueBackReference("policyKey", 0).withValue("securitySyncKey", str).build());
            if (z.btz > 0) {
                arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, z.btz)).build());
            }
            try {
                context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
                z.bT(context);
                g(context, z);
            } catch (OperationApplicationException unused) {
            } catch (RemoteException e) {
                throw new IllegalStateException("Exception setting account policy.", e);
            }
            Aj();
        } else {
            o.c(TAG, "setAccountPolicy: policy unchanged, account:%d", Long.valueOf(j));
        }
        o.c(TAG, "Update security hold for account:%d", Long.valueOf(z.Bi));
        if (policy.FY()) {
            o.c(TAG, "Notify policies not supported, account:%d", Long.valueOf(z.Bi));
            com.blackberry.email.b.a.bM(this.mContext).p(z);
            this.mContext.getContentResolver().delete(EmailProvider.f("uiaccountdata", z.getId()), null, null);
        } else if (a(policy)) {
            if (z3) {
                o.c(TAG, "Notify policies changed, account:%d", Long.valueOf(z.Bi));
                com.blackberry.email.b.a.bM(this.mContext).o(z);
            } else {
                o.c(TAG, "Policy is active and unchanged - do not notify, account:%d", Long.valueOf(z.Bi));
            }
            z2 = false;
        } else {
            o.c(TAG, "Notify policies are not being enforced, account:%d", Long.valueOf(z.Bi));
            com.blackberry.email.b.a.bM(this.mContext).a(z, true);
        }
        a(this.mContext, z, z2);
    }

    public boolean a(Policy policy) {
        int b = b(policy);
        if (b != 0) {
            StringBuilder sb = new StringBuilder("isActive for " + policy + ": ");
            sb.append("FALSE -> ");
            if ((b & 1) != 0) {
                sb.append("no_admin ");
            }
            if ((b & 2) != 0) {
                sb.append("config ");
            }
            if ((b & 4) != 0) {
                sb.append("password ");
            }
            if ((b & 8) != 0) {
                sb.append("encryption ");
            }
            if ((b & 16) != 0) {
                sb.append("protocol ");
            }
            o.c(TAG, sb.toString(), new Object[0]);
        }
        return b == 0;
    }

    public void ab(long j) {
        o.c(TAG, "Policies required for account %d", Long.valueOf(j));
        Account z = Account.z(this.mContext, j);
        if (z == null) {
            o.d(TAG, "Account %d has been deleted, clear notification", Long.valueOf(j));
            Al();
            return;
        }
        if (z.btz == 0) {
            o.d(TAG, "Account %d has no policy", Long.valueOf(j));
            return;
        }
        Policy I = Policy.I(this.mContext, z.btz);
        if (I == null) {
            o.d(TAG, "Cannot retrieve policy for account %d", Long.valueOf(j));
            return;
        }
        o.c(TAG, "Policies required for account %d: policy:%s", Long.valueOf(j), I);
        a(this.mContext, z, true);
        if (I.FY()) {
            o.c(TAG, "Account %d has unsupported policies", Long.valueOf(j));
            com.blackberry.email.b.a.bM(this.mContext).p(z);
        } else {
            o.c(TAG, "Account %d has no unsupported policies", Long.valueOf(j));
            com.blackberry.email.b.a.bM(this.mContext).a(z, false);
        }
    }

    public void ac(long j) {
        com.blackberry.email.b.a.bM(this.mContext).an(j);
    }

    public int b(Policy policy) {
        int i;
        if (policy == null) {
            policy = Ah();
        }
        if (policy == Policy.bvd) {
            return 0;
        }
        if (!An()) {
            o.d(TAG, "Not the active device admin, activation required", new Object[0]);
            return 1;
        }
        DevicePolicyManager Ai = Ai();
        if (policy.FV() <= 0 || Ai.getPasswordMinimumLength(this.bfo) >= policy.FV()) {
            i = 0;
        } else {
            o.d(TAG, "Password does not meet minumum length", new Object[0]);
            i = 4;
        }
        try {
            if (policy.FX() > 0) {
                if (Ai.getPasswordQuality(this.bfo) < policy.Gc()) {
                    o.d(TAG, "Password quality is not sufficient, password mode: %d", Integer.valueOf(policy.FX()));
                    i = 4;
                }
                if (!Ai.isActivePasswordSufficient()) {
                    o.d(TAG, "Password quality - active password is not sufficient", new Object[0]);
                    i |= 4;
                }
            }
        } catch (IllegalStateException unused) {
            i |= 2;
        }
        if (policy.FS() > 0 && Ai.getMaximumTimeToLock(this.bfo) > policy.FS() * 1000) {
            o.d(TAG, "Password issue = max screen lock time is not sufficient", new Object[0]);
            i |= 2;
        }
        if (policy.FT() > 0) {
            long passwordExpirationTimeout = Ai.getPasswordExpirationTimeout(this.bfo);
            if (passwordExpirationTimeout == 0 || passwordExpirationTimeout > policy.Gd()) {
                o.d(TAG, "Password issue - expiration days: current timeout: %d, policy timeout: %d", Long.valueOf(passwordExpirationTimeout), Long.valueOf(policy.Gd()));
                i |= 4;
            }
            if (Ai.getPasswordExpiration(this.bfo) - System.currentTimeMillis() < 0) {
                o.d(TAG, "Password issue - password has expired", new Object[0]);
                i |= 4;
            }
        }
        if (policy.FW() > 0 && Ai.getPasswordHistoryLength(this.bfo) < policy.FW()) {
            o.d(TAG, "Password issue - password history", new Object[0]);
            i |= 2;
        }
        if (policy.FO() > 0 && Ai.getPasswordMinimumNonLetter(this.bfo) < policy.FO()) {
            o.d(TAG, "Password issue, min non-letter chars required: %d, policy value: %d", Integer.valueOf(Ai.getPasswordMinimumNonLetter(this.bfo)), Integer.valueOf(policy.FO()));
            i |= 4;
        }
        if (policy.buy && Ai().getStorageEncryptionStatus() == 1) {
            o.d(TAG, "Password issue - device encryption not enabled", new Object[0]);
            i |= 8;
        }
        if (policy.buB && !Ai.getCameraDisabled(this.bfo)) {
            o.d(TAG, "Password issue - camera enabled", new Object[0]);
            i |= 2;
        }
        if (!policy.FY()) {
            return i;
        }
        o.d(TAG, "Password issue - there are unsupported policies", new Object[0]);
        return i | 16;
    }

    public void b(Account account) {
        g(this.mContext, account);
    }
}
