package com.blackberry.email.account;

import android.accounts.AccountManager;
import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.ContentProviderOperation;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.OperationApplicationException;
import android.database.Cursor;
import android.os.Build;
import android.os.Bundle;
import android.os.RemoteException;
import com.blackberry.common.utils.ag;
import com.blackberry.common.utils.m;
import com.blackberry.common.utils.n;
import com.blackberry.email.account.activity.setup.g;
import com.blackberry.email.account.service.EmailBroadcastProcessorService;
import com.blackberry.email.e;
import com.blackberry.email.provider.contract.Account;
import com.blackberry.email.provider.contract.EmailContent;
import com.blackberry.email.provider.contract.Policy;
import com.blackberry.email.provider.d;
import com.blackberry.email.service.EmailServiceUtils;
import com.blackberry.email.utils.ab;
import com.blackberry.j.j;
import com.google.common.annotations.VisibleForTesting;
import com.ibm.icu.text.PluralRules;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class SecurityPolicy {
    private static final String TAG = m.fD();
    private static SecurityPolicy bMm = null;
    private static final int bMq = 1;
    private static final int bMr = 2;
    private static final int bMs = 3;
    private static final int bMt = 4;
    private static final String bMu = "passwordExpirationDays>0";
    public static final int bMv = 1;
    public static final int bMw = 2;
    public static final int bMx = 4;
    public static final int bMy = 8;
    public static final int bMz = 16;
    private final ComponentName bMo;
    private Context mContext;
    private DevicePolicyManager bMn = null;
    private Policy bMp = null;

    /* loaded from: classes.dex */
    public static class PolicyAdmin extends DeviceAdminReceiver {
        @Override // android.app.admin.DeviceAdminReceiver
        public CharSequence onDisableRequested(Context context, Intent intent) {
            return "WARNING: Deactivating the Email app's authority to administer your device will delete all email accounts that require it, along with their email, contacts, calendar events and other data.";
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onDisabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 2);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onEnabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 1);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordChanged(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 3);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordExpiring(Context context, Intent intent) {
            EmailBroadcastProcessorService.c(context, 4);
        }
    }

    protected SecurityPolicy(Context context) {
        this.mContext = context.getApplicationContext();
        this.bMo = new ComponentName(context, (Class<?>) PolicyAdmin.class);
    }

    public static void a(Context context, long j, boolean z) {
        Account M = Account.M(context, j);
        if (M != null) {
            a(context, M, z);
            if (z) {
                e.bu(context).a(M, true);
            }
        }
    }

    private static void a(Context context, Account account, Policy policy, String str) {
        ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
        arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.bm()).build());
        arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)).withValueBackReference(EmailContent.a.clx, 0).withValue(EmailContent.a.clw, str).build());
        if (account.ckK > 0) {
            arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, account.ckK)).build());
        }
        try {
            context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
            account.aX(context);
            h(context, account);
        } catch (OperationApplicationException e) {
        } catch (RemoteException e2) {
            throw new IllegalStateException("Exception setting account policy.");
        }
    }

    public static void a(Context context, Account account, boolean z) {
        if (z) {
            account.mFlags |= 32;
        } else {
            account.mFlags &= -33;
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("flags", Integer.valueOf(account.mFlags));
        account.a(context, contentValues);
        g.a(context, account.mFlags, account.azU);
    }

    private static void a(Context context, Long[] lArr) {
        if (lArr != null) {
            for (Long l : lArr) {
                Account M = Account.M(context, l.longValue());
                if (M != null) {
                    h(context, M);
                }
            }
        }
    }

    private void a(Policy policy, Account account, boolean z) {
        boolean z2 = true;
        if (policy.yz()) {
            n.b(TAG, "Notify policies not supported, account:%d", Long.valueOf(account.mId));
            e.bu(this.mContext).g(account);
            this.mContext.getContentResolver().delete(d.g("uiaccountdata", account.getId()), null, null);
        } else if (!e(policy)) {
            n.b(TAG, "Notify policies are not being enforced, account:%d", Long.valueOf(account.mId));
            e.bu(this.mContext).a(account, true);
        } else if (z) {
            n.b(TAG, "Notify policies changed, account:%d", Long.valueOf(account.mId));
            e.bu(this.mContext).f(account);
            z2 = false;
        } else {
            n.b(TAG, "Policy is active and unchanged - do not notify, account:%d", Long.valueOf(account.mId));
            z2 = false;
        }
        a(this.mContext, account, z2);
    }

    public static void b(Context context, int i) {
        SecurityPolicy bx = bx(context);
        switch (i) {
            case 1:
                bx.ah(true);
                return;
            case 2:
                bx.ah(false);
                return;
            case 3:
                Long[] cz = Account.cz(context);
                if (cz != null) {
                    for (Long l : cz) {
                        Account M = Account.M(context, l.longValue());
                        if (M != null) {
                            h(context, M);
                        }
                    }
                }
                e.bu(context).rh();
                return;
            case 4:
                Context context2 = bx.mContext;
                n.c(TAG, "Password has expired...", new Object[0]);
                long longValue = ab.a(context2, Policy.CONTENT_URI, Policy.kp, bMu, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
                long X = longValue < 0 ? -1L : Policy.X(context2, longValue);
                if (X != -1) {
                    if (!(bx.rr().getPasswordExpiration(bx.bMo) - System.currentTimeMillis() < 0)) {
                        e.bu(bx.mContext).ad(X);
                        return;
                    }
                    n.c(TAG, "The password has expired for one of the accounts", new Object[0]);
                    if (bB(context2)) {
                        e.bu(bx.mContext).ae(X);
                        return;
                    }
                    return;
                }
                return;
            default:
                return;
        }
    }

    @VisibleForTesting
    static long bA(Context context) {
        long longValue = ab.a(context, Policy.CONTENT_URI, Policy.kp, bMu, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
        if (longValue < 0) {
            return -1L;
        }
        return Policy.X(context, longValue);
    }

    @VisibleForTesting
    static boolean bB(Context context) {
        Account M;
        n.d(TAG, "Wiping expired account now.", new Object[0]);
        Cursor query = context.getContentResolver().query(Policy.CONTENT_URI, Policy.kp, bMu, null, null);
        if (query == null) {
            n.e(TAG, "%s - null database cursor", n.fG());
            return false;
        }
        boolean z = false;
        while (query.moveToNext()) {
            try {
                long X = Policy.X(context, query.getLong(0));
                if (X >= 0 && (M = Account.M(context, X)) != null) {
                    n.c(TAG, "Erase data and enable security hold, account:%d", Long.valueOf(X));
                    a(context, M, true);
                    context.getContentResolver().delete(d.g("uiaccountdata", X), null, null);
                    z = true;
                }
            } finally {
                query.close();
            }
        }
        return z;
    }

    public static synchronized SecurityPolicy bx(Context context) {
        SecurityPolicy securityPolicy;
        synchronized (SecurityPolicy.class) {
            if (bMm == null) {
                bMm = new SecurityPolicy(context.getApplicationContext());
            }
            securityPolicy = bMm;
        }
        return securityPolicy;
    }

    private void bz(Context context) {
        n.c(TAG, "Password has expired...", new Object[0]);
        long longValue = ab.a(context, Policy.CONTENT_URI, Policy.kp, bMu, (String[]) null, "passwordExpirationDays ASC", 0, (Long) (-1L)).longValue();
        long X = longValue < 0 ? -1L : Policy.X(context, longValue);
        if (X == -1) {
            return;
        }
        if (!(rr().getPasswordExpiration(this.bMo) - System.currentTimeMillis() < 0)) {
            e.bu(this.mContext).ad(X);
            return;
        }
        n.c(TAG, "The password has expired for one of the accounts", new Object[0]);
        if (bB(context)) {
            e.bu(this.mContext).ae(X);
        }
    }

    private static void h(Context context, Account account) {
        android.accounts.Account account2 = new android.accounts.Account(account.apV, EmailServiceUtils.ab(context, account.cy(context)).accountType);
        Bundle bundle = new Bundle(4);
        bundle.putBoolean("force", true);
        bundle.putBoolean("do_not_retry", true);
        bundle.putBoolean("expedited", true);
        bundle.putBoolean(Policy.cou, true);
        com.blackberry.pimbase.idle.a.a(account2, j.AUTHORITY, bundle, com.blackberry.email.utils.m.gP(j.AUTHORITY), context);
        n.c(TAG, "requestSync SecurityPolicy syncAccount %d, %s", Long.valueOf(account.mId), bundle.toString());
    }

    public void a(long j, Policy policy, String str) {
        Account M = Account.M(this.mContext, j);
        if (M == null) {
            n.e(TAG, "Unable to find account to set policies on, account:%d", Long.valueOf(j));
            return;
        }
        Policy W = M.ckK > 0 ? Policy.W(this.mContext, M.ckK) : null;
        if (W != null && (W.coA != policy.coA || W.coC != policy.coC)) {
            Policy.a(this.mContext, M, policy);
        }
        policy.b(this.mContext.getResources());
        boolean z = W == null || !W.equals(policy);
        if (z || !ag.F(str, M.bsY)) {
            Context context = this.mContext;
            ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
            arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.bm()).build());
            arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, M.mId)).withValueBackReference(EmailContent.a.clx, 0).withValue(EmailContent.a.clw, str).build());
            if (M.ckK > 0) {
                arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, M.ckK)).build());
            }
            try {
                context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
                M.aX(context);
                h(context, M);
            } catch (OperationApplicationException e) {
            } catch (RemoteException e2) {
                throw new IllegalStateException("Exception setting account policy.");
            }
            rs();
        } else {
            n.b(TAG, "setAccountPolicy: policy unchanged, account:%d", Long.valueOf(j));
        }
        boolean z2 = false;
        if (policy.yz()) {
            n.b(TAG, "Notify policies not supported, account:%d", Long.valueOf(M.mId));
            z2 = true;
            e.bu(this.mContext).g(M);
            this.mContext.getContentResolver().delete(d.g("uiaccountdata", M.getId()), null, null);
        } else if (!e(policy)) {
            z2 = true;
            n.b(TAG, "Notify policies are not being enforced, account:%d", Long.valueOf(M.mId));
            e.bu(this.mContext).a(M, true);
        } else if (z) {
            n.b(TAG, "Notify policies changed, account:%d", Long.valueOf(M.mId));
            e.bu(this.mContext).f(M);
        } else {
            n.b(TAG, "Policy is active and unchanged - do not notify, account:%d", Long.valueOf(M.mId));
        }
        a(this.mContext, M, z2);
    }

    void ah(boolean z) {
        n.c(TAG, "Email admin " + (z ? "enabled." : "disabled."), new Object[0]);
        if (z) {
            return;
        }
        by(this.mContext);
    }

    public void an(long j) {
        Policy W;
        Account M = Account.M(this.mContext, j);
        if (M == null) {
            rv();
            return;
        }
        if (M.ckK == 0 || (W = Policy.W(this.mContext, M.ckK)) == null) {
            return;
        }
        n.b(TAG, "policiesRequired for account %d: %s", Long.valueOf(j), W);
        a(this.mContext, M, true);
        if (W.yz()) {
            e.bu(this.mContext).g(M);
        } else {
            e.bu(this.mContext).a(M, false);
        }
    }

    public void ao(long j) {
        e.bu(this.mContext).ag(j);
    }

    void by(Context context) {
        Cursor query = context.getContentResolver().query(Account.CONTENT_URI, EmailContent.kp, Account.clg, null, null);
        if (query != null) {
            try {
                n.d(TAG, "Deleting " + query.getCount() + " secured account(s)", new Object[0]);
                while (query.moveToNext()) {
                    long j = query.getLong(0);
                    Account M = Account.M(context, j);
                    if (M == null) {
                        n.e(TAG, "Unable to find account to delete, account: %d", Long.valueOf(j));
                        return;
                    }
                    AccountManager.get(context).removeAccount(new android.accounts.Account(M.apV, EmailServiceUtils.ab(context, M.cy(context)).accountType), null, null);
                }
            } finally {
                query.close();
            }
        } else {
            n.e(TAG, "%s - null database cursor", n.fG());
        }
        rs();
    }

    public boolean e(Policy policy) {
        int f = f(policy);
        if (f != 0) {
            StringBuilder sb = new StringBuilder("isActive for " + policy + PluralRules.KEYWORD_RULE_SEPARATOR);
            sb.append("FALSE -> ");
            if ((f & 1) != 0) {
                sb.append("no_admin ");
            }
            if ((f & 2) != 0) {
                sb.append("config ");
            }
            if ((f & 4) != 0) {
                sb.append("password ");
            }
            if ((f & 8) != 0) {
                sb.append("encryption ");
            }
            if ((f & 16) != 0) {
                sb.append("protocol ");
            }
            n.c(TAG, sb.toString(), new Object[0]);
        }
        return f == 0;
    }

    public int f(Policy policy) {
        int i;
        if (policy == null) {
            policy = rq();
        }
        if (policy == Policy.cpx) {
            return 0;
        }
        DevicePolicyManager rr = rr();
        if (!rx()) {
            return 1;
        }
        if (policy.yv() <= 0 || rr.getPasswordMinimumLength(this.bMo) >= policy.yv()) {
            i = 0;
        } else {
            n.d(TAG, "Password does not meet minumum length", new Object[0]);
            i = 4;
        }
        try {
            if (policy.yx() > 0) {
                if (rr.getPasswordQuality(this.bMo) < policy.yD()) {
                    n.d(TAG, "Password quality is not sufficient, password mode: %d", Integer.valueOf(policy.yx()));
                    i = 4;
                }
                if (!rr.isActivePasswordSufficient()) {
                    n.d(TAG, "Password quality - active password is not sufficient", new Object[0]);
                    i |= 4;
                }
            }
        } catch (IllegalStateException e) {
            i |= 2;
        }
        if (policy.ys() > 0 && rr.getMaximumTimeToLock(this.bMo) > policy.ys() * 1000) {
            n.d(TAG, "Password issue = max screen lock time is not sufficient", new Object[0]);
            i |= 2;
        }
        if (policy.yt() > 0) {
            long passwordExpirationTimeout = rr.getPasswordExpirationTimeout(this.bMo);
            if (passwordExpirationTimeout == 0 || passwordExpirationTimeout > policy.yE()) {
                n.d(TAG, "Password issue - expiration days: current timeout: %d, policy timeout: %d", Long.valueOf(passwordExpirationTimeout), Long.valueOf(policy.yE()));
                i |= 4;
            }
            if (rr.getPasswordExpiration(this.bMo) - System.currentTimeMillis() < 0) {
                n.d(TAG, "Password issue - password has expired", new Object[0]);
                i |= 4;
            }
        }
        if (policy.yw() > 0 && rr.getPasswordHistoryLength(this.bMo) < policy.yw()) {
            n.d(TAG, "Password issue - password history", new Object[0]);
            i |= 2;
        }
        if (policy.yn() > 0 && rr.getPasswordMinimumNonLetter(this.bMo) < policy.yn()) {
            n.d(TAG, "Password issue, min non-letter chars required: %d, policy value: %d", Integer.valueOf(rr.getPasswordMinimumNonLetter(this.bMo)), Integer.valueOf(policy.yn()));
            i |= 4;
        }
        if (policy.cow && rr().getStorageEncryptionStatus() == 1) {
            n.d(TAG, "Password issue - device encryption not enabled", new Object[0]);
            i |= 8;
        }
        if (policy.coz && !rr.getCameraDisabled(this.bMo)) {
            n.d(TAG, "Password issue - camera enabled", new Object[0]);
            i |= 2;
        }
        if (!policy.yz()) {
            return i;
        }
        n.d(TAG, "Password issue - there are unsupported policies", new Object[0]);
        return i | 16;
    }

    public void j(Account account) {
        h(this.mContext, account);
    }

    @VisibleForTesting
    Policy rp() {
        boolean z;
        Policy policy = new Policy();
        policy.cox = false;
        Cursor query = this.mContext.getContentResolver().query(Policy.CONTENT_URI, Policy.aAs, null, null, null);
        Policy policy2 = new Policy();
        if (query != null) {
            z = false;
            while (query.moveToNext()) {
                try {
                    policy2.j(query);
                    n.b(TAG, "Aggregate from: " + policy2, new Object[0]);
                    policy.j(policy2);
                    z = true;
                } finally {
                    query.close();
                }
            }
        } else {
            n.e(TAG, "%s - null database cursor", n.fG());
            z = false;
        }
        if (z) {
            n.b(TAG, "Calculated Aggregate: " + policy, new Object[0]);
            return policy;
        }
        n.b(TAG, "Calculated Aggregate: no policy", new Object[0]);
        return Policy.cpx;
    }

    public synchronized Policy rq() {
        if (this.bMp == null) {
            this.bMp = rp();
        }
        return this.bMp;
    }

    synchronized DevicePolicyManager rr() {
        if (this.bMn == null) {
            this.bMn = (DevicePolicyManager) this.mContext.getSystemService("device_policy");
        }
        return this.bMn;
    }

    public synchronized void rs() {
        this.bMp = null;
        ru();
    }

    public void rt() {
        n.b(TAG, "reducePolicies", new Object[0]);
        rs();
    }

    public void ru() {
        DevicePolicyManager rr = rr();
        Policy rq = rq();
        if (rq == Policy.cpx) {
            n.b(TAG, "setActivePolicies: none, remove admin", new Object[0]);
            rr.removeActiveAdmin(this.bMo);
            return;
        }
        if (rx()) {
            n.b(TAG, "setActivePolicies: " + rq, new Object[0]);
            rr.setPasswordQuality(this.bMo, rq.yD());
            rr.setPasswordMinimumLength(this.bMo, rq.yv());
            rr.setMaximumTimeToLock(this.bMo, rq.ys() * 1000);
            rr.setMaximumFailedPasswordsForWipe(this.bMo, rq.yu());
            rr.setPasswordExpirationTimeout(this.bMo, rq.yE());
            rr.setPasswordHistoryLength(this.bMo, rq.yw());
            rr.setPasswordMinimumSymbols(this.bMo, rq.yk());
            rr.setPasswordMinimumNumeric(this.bMo, rq.yl());
            rr.setPasswordMinimumNonLetter(this.bMo, rq.yn());
            rr.setPasswordMinimumUpperCase(this.bMo, rq.ym());
            rr.setPasswordMinimumLetters(this.bMo, rq.yo());
            rr.setPasswordMinimumLowerCase(this.bMo, rq.yp());
            rr.setCameraDisabled(this.bMo, rq.coz);
            rr.setStorageEncryption(this.bMo, rq.cow);
            try {
                if (rq.yr() && Build.PRODUCT.endsWith("att")) {
                    rr.setKeyguardDisabledFeatures(this.bMo, 16);
                } else {
                    rr.setKeyguardDisabledFeatures(this.bMo, 0);
                }
            } catch (SecurityException e) {
                n.d(TAG, "Security exception calling setKeyguardDisabledFeatures API:%d %s", Integer.valueOf(Build.VERSION.SDK_INT), e.getMessage());
            }
        }
    }

    public void rv() {
        e.bu(this.mContext).ri();
    }

    public void rw() {
        DevicePolicyManager rr = rr();
        if (rr.isAdminActive(this.bMo)) {
            rr.wipeData(1);
        } else {
            n.b(TAG, "Could not remote wipe because not device admin.", new Object[0]);
        }
    }

    public boolean rx() {
        DevicePolicyManager rr = rr();
        return rr.isAdminActive(this.bMo) && rr.hasGrantedPolicy(this.bMo, 6) && rr.hasGrantedPolicy(this.bMo, 7) && rr.hasGrantedPolicy(this.bMo, 8);
    }

    public ComponentName ry() {
        return this.bMo;
    }

    void setContext(Context context) {
        this.mContext = context;
    }
}
