package com.microsoft.workaccount.authenticatorservice;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.app.Service;
import android.content.ComponentName;
import android.content.Intent;
import android.content.ServiceConnection;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.Process;
import android.webkit.CookieManager;
import android.webkit.CookieSyncManager;
import com.microsoft.aad.adal.unity.AuthenticationSettings;
import com.microsoft.workaccount.authenticatorservice.IWorkAccountService;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.PKCS12CertGenerator;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class AuthenticatorService extends Service {
    public static final String BROKER_PACKAGE_NAME = "com.microsoft.workaccount";
    private static final String INTUNE_PACKAGE_NAME = "com.microsoft.windowsintune.companyportal";
    static final String KEY_HASH_ALGORITHM = "SHA256";
    private static final String TAG = "AuthenticationService#";
    private Authenticator mAuthenticator;
    private IWorkAccountService mWorkAccountService;
    boolean isBound = false;
    AccountManagerStorageHelper mAcctMgrHelper = null;
    private ServiceConnection myConnection = new ServiceConnection() { // from class: com.microsoft.workaccount.authenticatorservice.AuthenticatorService.1
        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            AuthenticatorService.this.mWorkAccountService = IWorkAccountService.Stub.asInterface(iBinder);
            Logger.v("AuthenticationService#onServiceConnected", "WorkAccountService is connected");
            AuthenticatorService.this.transferDataFromWorkAccountService();
            AuthenticatorService.this.isBound = true;
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            Logger.v("AuthenticationService#onServiceDisconnected", "WorkAccountService is disconnected");
            AuthenticatorService.this.mWorkAccountService = null;
            AuthenticatorService.this.isBound = false;
        }
    };

    private void bindToWorkAccountService() {
        Logger.v("AuthenticationService#bindToWorkAccountService", "Bind to WorkAccount service for Caller uid:" + Process.myUid() + " tid:" + Process.myTid());
        Intent intent = new Intent();
        intent.setPackage("com.microsoft.windowsintune.companyportal");
        intent.setClassName("com.microsoft.windowsintune.companyportal", "com.microsoft.workaccount.authenticatorservice.WorkAccountService");
        if (!isIntentSupported(intent)) {
            Logger.i("AuthenticationService#bindToWorkAccountService", "WorkAccount service intent is not supported");
        } else {
            Logger.i("AuthenticationService#bindToWorkAccountService", "WorkAccount service intent is supported");
            bindService(intent, this.myConnection, 1);
        }
    }

    private boolean hasWPJAccount() {
        this.mAcctMgrHelper.restoreWPJAccount();
        if (StringHelper.IsNullOrBlank(this.mAcctMgrHelper.getWpjDeviceId())) {
            Logger.v("AuthenticationService#hasWPJAccount", "WPJ account does not exist.");
            return false;
        }
        Logger.v("AuthenticationService#hasWPJAccount", "WPJ account exists, account is: " + this.mAcctMgrHelper.getWpjUPN());
        return true;
    }

    private boolean isIntentSupported(Intent intent) {
        return getPackageManager().queryIntentServices(intent, 0).size() > 0;
    }

    private void loadAccountData() {
        X509Certificate wpjX509Certificate = this.mAcctMgrHelper.getWpjX509Certificate();
        DeviceCertProxy.sValidIssuer = true;
        DeviceCertProxy.sPrivateKey = this.mAcctMgrHelper.getWpjPrivateKey();
        DeviceCertProxy.sPublicKey = this.mAcctMgrHelper.getWpjPublicKey();
        try {
            DeviceCertProxy.sThumbPrint = PKCS12CertGenerator.obtainthumbPrintFromCert(wpjX509Certificate);
        } catch (NoSuchAlgorithmException e) {
            Logger.e("AuthenticationService#loadAccountData", "No such algorithm for cert digest", WorkplaceJoinFailure.CERTIFICATE, e);
        } catch (CertificateEncodingException e2) {
            Logger.e("AuthenticationService#loadAccountData", "Certificate Encoding error", WorkplaceJoinFailure.CERTIFICATE, e2);
        }
        DeviceCertProxy.sCertificate = wpjX509Certificate;
        AuthenticationSettings.INSTANCE.setDeviceCertificateProxyClass(DeviceCertProxy.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void transferDataFromWorkAccountService() {
        if (this.mWorkAccountService != null) {
            try {
                Logger.v("AuthenticationService#transferDataFromWorkAccountService", "Service pid:" + this.mWorkAccountService.getProcessId());
                Bundle data = this.mWorkAccountService.getData(WorkAccountService.INTUNE_DEVICE_SERVICE_REQUEST);
                if (data == null) {
                    Logger.v("AuthenticationService#transferDataFromWorkAccountService", "Service returned null for bundle");
                    return;
                }
                Logger.v("AuthenticationService#transferDataFromWorkAccountService", "Service returned data");
                String string = data.getString("workplaceJoin.key.upn");
                String string2 = data.getString("workplaceJoin.key.deviceId");
                if (StringHelper.IsNullOrBlank(string2) || StringHelper.IsNullOrBlank(string)) {
                    Logger.e("AuthenticationService#transferDataFromWorkAccountService", "Certificate data is invalid.", WorkplaceJoinFailure.INTERNAL);
                    return;
                }
                Logger.v("AuthenticationService#transferDataFromWorkAccountService", "Certificate data is valid");
                AccountManager accountManager = AccountManager.get(getApplicationContext());
                Account account = this.mAcctMgrHelper.getAccount(string, "com.microsoft.workaccount");
                if (account == null) {
                    account = new Account(string, "com.microsoft.workaccount");
                    Bundle bundle = new Bundle();
                    bundle.putString(WorkplaceJoinApplication.DATA_UPN, string);
                    bundle.putString(WorkplaceJoinApplication.DATA_DEVICE_ID, string2);
                    accountManager.addAccountExplicitly(account, "", bundle);
                } else {
                    this.mAcctMgrHelper.setAccountUpn(account, string);
                    this.mAcctMgrHelper.setAccountDeviceId(account, string2);
                }
                this.mAcctMgrHelper.transferDataToAccount(account, data);
                loadAccountData();
            } catch (Exception e) {
                Logger.e("AuthenticationService#transferDataFromWorkAccountService", e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            }
        }
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        Logger.v("AuthenticationService#onBind", "Broker AuthenticatorService onBind. Binder calling uid: " + Binder.getCallingUid());
        return this.mAuthenticator.getIBinder();
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        Logger.v("AuthenticationService#onCreate", "AuthenticationService created. Authenticator package:" + getPackageName() + " this:" + Binder.getCallingUid());
        CookieSyncManager.createInstance(getApplicationContext());
        CookieManager.getInstance().setAcceptCookie(true);
        this.mAuthenticator = new Authenticator(this);
        new SecretKeyStorage(getApplicationContext()).loadSecretKeys();
        this.mAcctMgrHelper = this.mAuthenticator.getAccountManagerHelper();
        if (!hasWPJAccount() || this.mAcctMgrHelper.getWpjX509Certificate() == null) {
            return;
        }
        loadAccountData();
        Logger.i("AuthenticationService#onCreate", "WPJ deviceCertProxy is set.");
    }

    @Override // android.app.Service
    public void onDestroy() {
        Logger.v("AuthenticationService#onDestroy", "Broker AuthenticationService onDestroy.");
        if (this.isBound) {
            Logger.v("AuthenticationService#onDestroy", "Unbind data service");
            this.isBound = false;
            unbindService(this.myConnection);
        }
        super.onDestroy();
    }

    @Override // android.app.Service
    public boolean onUnbind(Intent intent) {
        Logger.v("AuthenticationService#onUnbind", "Unbinding Authenticatior service.");
        if (this.isBound) {
            Logger.v("AuthenticationService#onUnbind", "Unbind data service");
            this.isBound = false;
            unbindService(this.myConnection);
        }
        return super.onUnbind(intent);
    }
}
