package com.sophos.smsec.cloud.azure;

import I3.p;
import android.annotation.SuppressLint;
import android.app.admin.DevicePolicyManager;
import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
import android.os.ResultReceiver;
import android.text.TextUtils;
import android.widget.Button;
import android.widget.ProgressBar;
import android.widget.Toast;
import androidx.fragment.app.L;
import androidx.fragment.app.r;
import b4.C0651a;
import com.auth0.android.jwt.JWT;
import com.microsoft.identity.client.AcquireTokenParameters;
import com.microsoft.identity.client.AuthenticationCallback;
import com.microsoft.identity.client.IAuthenticationResult;
import com.microsoft.identity.client.ILoggerCallback;
import com.microsoft.identity.client.IPublicClientApplication;
import com.microsoft.identity.client.Logger;
import com.microsoft.identity.client.PublicClientApplication;
import com.microsoft.identity.client.SingleAccountPublicClientApplication;
import com.microsoft.identity.client.claims.ClaimsRequest;
import com.microsoft.identity.client.claims.RequestedClaimAdditionalInformation;
import com.microsoft.identity.client.exception.MsalException;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.java.commands.DeviceCodeFlowAuthResultCommand;
import com.microsoft.identity.common.java.constants.FidoConstants;
import com.sophos.mobilecontrol.client.android.command.definition.CommandRest;
import com.sophos.smsec.core.resources.apprequirements.PhoneRuntimePermissionCheck;
import com.sophos.smsec.core.resources.apprequirements.RuntimePermissionCheck;
import com.sophos.smsec.plugin.webfiltering.s;
import java.io.Serializable;
import java.util.Arrays;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class AzureAuthenticationHelper implements Serializable {
    public static final String GOOGLE_CLOUD_DPC = "com.google.android.apps.work.clouddpc";
    public static final String MICROSOFT_COMPANY_PORTAL_PKG = "com.microsoft.windowsintune.companyportal";
    public static final String MICROSOFT_INTUNE_PKG = "com.microsoft.intune";
    public static final String MS_ERROR = "MS_ERROR";
    public static final String MTD_DEVICE_NAME_PREFIX = "MTD_";
    public static final String MTD_ENROLLMENT_TYPE = "MTD";
    public static final int REQUEST_ENROLL = 2138;
    public static final int RESULT_AZURE_KILLALL_CANCELED = 2137;
    public static final int RESULT_AZURE_KILLALL_OK = 2136;
    public static final String SOPH_ERROR = "SOPH_ERROR";
    public static final String START = "START";
    public static final String SUCCESS = "SUCCESS";
    public static final String USER_ERROR = "USER_ERROR";

    /* renamed from: a, reason: collision with root package name */
    private static final boolean f20852a = false;

    /* renamed from: b, reason: collision with root package name */
    private static RuntimePermissionCheck f20853b = null;

    /* renamed from: c, reason: collision with root package name */
    private static PhoneRuntimePermissionCheck f20854c = null;
    private static final long serialVersionUID = 1;
    private androidx.appcompat.app.c mActivity;
    private e mAzureActivationErrorListener;
    private final boolean onlyConnectToAzure;
    private final int resIdButton;
    private final int resIdProgressbar;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a implements ILoggerCallback {
        a() {
        }

        @Override // com.microsoft.identity.client.ILoggerCallback
        public void log(String str, Logger.LogLevel logLevel, String str2, boolean z6) {
            if (z6) {
                return;
            }
            int i6 = d.f20865a[logLevel.ordinal()];
            if (i6 == 1) {
                a4.c.j("MSAL-" + str, str2);
                return;
            }
            if (i6 != 2) {
                a4.c.y("MSAL-" + str, str2);
                return;
            }
            a4.c.X("MSAL-" + str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class b implements com.microsoft.identity.common.internal.logging.ILoggerCallback {
        b() {
        }

        @Override // com.microsoft.identity.common.internal.logging.ILoggerCallback
        public void log(String str, Logger.LogLevel logLevel, String str2, boolean z6) {
            if (z6) {
                return;
            }
            int i6 = d.f20866b[logLevel.ordinal()];
            if (i6 == 1) {
                a4.c.j("MSID-" + str, str2);
                return;
            }
            if (i6 != 2) {
                a4.c.y("MSID-" + str, str2);
                return;
            }
            a4.c.X("MSID-" + str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class c implements IPublicClientApplication.ApplicationCreatedListener {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String[] f20863a;

        c(String[] strArr) {
            this.f20863a = strArr;
        }

        @Override // com.microsoft.identity.client.IPublicClientApplication.ApplicationCreatedListener
        public void onCreated(IPublicClientApplication iPublicClientApplication) {
            ClaimsRequest claimsRequest = new ClaimsRequest();
            RequestedClaimAdditionalInformation requestedClaimAdditionalInformation = new RequestedClaimAdditionalInformation();
            requestedClaimAdditionalInformation.setEssential(Boolean.TRUE);
            claimsRequest.requestClaimInAccessToken(DeviceCodeFlowAuthResultCommand.DEVICE_ID_CLAIM, requestedClaimAdditionalInformation);
            iPublicClientApplication.acquireToken(new AcquireTokenParameters.Builder().withScopes(Arrays.asList(this.f20863a)).withClaims(claimsRequest).withCallback(AzureAuthenticationHelper.this.l(iPublicClientApplication)).startAuthorizationFromActivity(AzureAuthenticationHelper.this.mActivity).build());
        }

        @Override // com.microsoft.identity.client.IPublicClientApplication.ApplicationCreatedListener
        public void onError(MsalException msalException) {
            G2.a.c("IntuneEnrollment", "MS_ERROR:SAPCA##" + msalException.getMessage());
            a4.c.k("AzureAuthenticationHel", "onError: ", msalException);
            AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
        }
    }

    /* loaded from: classes2.dex */
    static /* synthetic */ class d {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f20865a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f20866b;

        static {
            int[] iArr = new int[Logger.LogLevel.values().length];
            f20866b = iArr;
            try {
                iArr[Logger.LogLevel.ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f20866b[Logger.LogLevel.WARN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f20866b[Logger.LogLevel.INFO.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f20866b[Logger.LogLevel.VERBOSE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr2 = new int[Logger.LogLevel.values().length];
            f20865a = iArr2;
            try {
                iArr2[Logger.LogLevel.ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f20865a[Logger.LogLevel.WARNING.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f20865a[Logger.LogLevel.INFO.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f20865a[Logger.LogLevel.VERBOSE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public interface e {
        void a();
    }

    @SuppressLint({"ValidFragment"})
    /* loaded from: classes2.dex */
    public static class f extends X3.c {

        /* renamed from: r, reason: collision with root package name */
        private androidx.appcompat.app.c f20867r;

        f(androidx.appcompat.app.c cVar) {
            super(B3.i.f316t, B3.i.f324v, B3.i.f304q, B3.i.f308r);
            this.f20867r = cVar;
        }

        private void x0(String str) {
            try {
                try {
                    this.f20867r.startActivity(new Intent("android.intent.action.VIEW", Uri.parse(AuthenticationConstants.Broker.PLAY_STORE_INSTALL_PREFIX + str)));
                    Toast.makeText(this.f20867r, B3.i.f324v, 1).show();
                } catch (ActivityNotFoundException unused) {
                    new X3.b(B3.i.f173G0, B3.i.f280k).u0(this.f20867r.getSupportFragmentManager());
                }
            } catch (ActivityNotFoundException unused2) {
                this.f20867r.startActivity(new Intent("android.intent.action.VIEW", Uri.parse("https://play.google.com/store/apps/details?id=" + str)));
            }
        }

        @Override // X3.c, androidx.fragment.app.DialogInterfaceOnCancelListenerC0547l, android.content.DialogInterface.OnCancelListener
        public void onCancel(DialogInterface dialogInterface) {
            dialogInterface.dismiss();
        }

        @Override // X3.c
        public void v0() {
            x0("com.microsoft.intune");
        }

        @Override // X3.c
        public void w0() {
            x0("com.microsoft.windowsintune.companyportal");
        }
    }

    @SuppressLint({"ValidFragment"})
    /* loaded from: classes2.dex */
    public static class g extends X3.c {

        /* renamed from: r, reason: collision with root package name */
        private AzureAuthenticationHelper f20868r;

        /* renamed from: s, reason: collision with root package name */
        private boolean f20869s;

        g(AzureAuthenticationHelper azureAuthenticationHelper, boolean z6) {
            super(B3.i.f316t, B3.i.f312s, B3.i.f320u, B3.i.f328w);
            this.f20868r = azureAuthenticationHelper;
            this.f20869s = z6;
        }

        @Override // X3.c
        public void v0() {
            super.v0();
            G2.a.c("IntuneEnrollment", "USER_ERROR:complete intune setup canceled");
        }

        @Override // X3.c
        public void w0() {
            try {
                this.f20868r.mActivity.startActivity(this.f20868r.mActivity.getPackageManager().getLaunchIntentForPackage(this.f20869s ? "com.microsoft.windowsintune.companyportal" : "com.microsoft.intune"));
            } catch (Exception e6) {
                a4.c.k("AzureAuthenticationHel", "cannot start com.microsoft.windowsintune.companyportal", e6);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public final class h implements Runnable {
        h() {
        }

        @Override // java.lang.Runnable
        public void run() {
            Button button = (Button) AzureAuthenticationHelper.this.mActivity.findViewById(AzureAuthenticationHelper.this.resIdButton);
            ProgressBar progressBar = (ProgressBar) AzureAuthenticationHelper.this.mActivity.findViewById(AzureAuthenticationHelper.this.resIdProgressbar);
            if (button != null) {
                button.setEnabled(false);
                button.setVisibility(8);
            }
            if (progressBar != null) {
                progressBar.setEnabled(true);
                progressBar.setVisibility(0);
            }
        }
    }

    /* loaded from: classes2.dex */
    final class i implements Runnable {
        i() {
        }

        @Override // java.lang.Runnable
        public void run() {
            Button button = (Button) AzureAuthenticationHelper.this.mActivity.findViewById(AzureAuthenticationHelper.this.resIdButton);
            ProgressBar progressBar = (ProgressBar) AzureAuthenticationHelper.this.mActivity.findViewById(AzureAuthenticationHelper.this.resIdProgressbar);
            if (progressBar != null) {
                progressBar.setEnabled(false);
                progressBar.setVisibility(8);
            }
            if (button != null) {
                button.setEnabled(true);
                button.setVisibility(0);
            }
        }
    }

    public AzureAuthenticationHelper(androidx.appcompat.app.c cVar, int i6, int i7, boolean z6, e eVar) {
        this.mActivity = cVar;
        this.resIdProgressbar = i6;
        this.resIdButton = i7;
        this.mAzureActivationErrorListener = eVar;
        s();
        this.onlyConnectToAzure = z6;
    }

    public static boolean isGCloudDPCOwner(Context context) {
        return q(context, GOOGLE_CLOUD_DPC) || r(context, GOOGLE_CLOUD_DPC);
    }

    public static boolean isMicrosoftCompanyPortalInstalled(Context context) {
        return C0651a.e(context, "com.microsoft.windowsintune.companyportal");
    }

    public static boolean isMicrosoftIntuneInstalled(Context context) {
        return C0651a.e(context, "com.microsoft.intune");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void k(String str, String str2, String str3, String str4) {
        p k6 = p.k(this.mActivity);
        k6.M(false);
        setDeviceNameIfEmpty(str2, k6);
        k6.J(str2);
        k6.O(str2);
        k6.C(str4);
        k6.D(str);
        k6.B(str3);
        k6.N(MTD_ENROLLMENT_TYPE);
        k6.R(true);
        E3.c.a(this.mActivity, new CommandRest("cmd_activation_mtd"));
        this.mActivity.finish();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticationCallback l(final IPublicClientApplication iPublicClientApplication) {
        return new AuthenticationCallback() { // from class: com.sophos.smsec.cloud.azure.AzureAuthenticationHelper.4
            @Override // com.microsoft.identity.client.AuthenticationCallback
            public void onCancel() {
                AzureAuthenticationHelper.this.mActivity.runOnUiThread(new i());
                G2.a.c("IntuneEnrollment", "USER_ERROR:User has cancelled enrollment");
                a4.c.X("AzureAuthenticationHel", "onCancel");
                AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
            }

            @Override // com.microsoft.identity.client.SilentAuthenticationCallback
            public void onError(MsalException msalException) {
                AzureAuthenticationHelper.this.mActivity.runOnUiThread(new i());
                Toast.makeText(AzureAuthenticationHelper.this.mActivity, "An Error occured\n" + msalException.getMessage(), 1).show();
                a4.c.k("AzureAuthenticationHel", "onError: ", msalException);
                G2.a.c("IntuneEnrollment", "MS_ERROR:ACT_CTX##" + msalException.getMessage());
                AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
            }

            @Override // com.microsoft.identity.client.SilentAuthenticationCallback
            public void onSuccess(IAuthenticationResult iAuthenticationResult) {
                a4.c.e("AzureAuthenticationHel", "onSuccess: ");
                String accessToken = iAuthenticationResult.getAccessToken();
                final String n6 = AzureAuthenticationHelper.this.n(iAuthenticationResult);
                final String p6 = AzureAuthenticationHelper.this.p(iAuthenticationResult);
                a4.c.e("AzureAuthenticationHel", "onSuccess: deviceID: " + n6);
                AzureAuthenticationHelper.this.mActivity.runOnUiThread(new i());
                if (!TextUtils.isEmpty(n6)) {
                    if (AzureAuthenticationHelper.this.onlyConnectToAzure) {
                        AzureAuthenticationHelper.this.t(n6);
                        return;
                    }
                    final com.sophos.smsec.core.resources.dialog.a aVar = new com.sophos.smsec.core.resources.dialog.a(AzureAuthenticationHelper.this.mActivity);
                    aVar.y(true);
                    aVar.n(AzureAuthenticationHelper.this.mActivity.getString(B3.i.f284l));
                    aVar.show();
                    com.sophos.smsec.cloud.azure.c.d(accessToken, new ResultReceiver(new Handler()) { // from class: com.sophos.smsec.cloud.azure.AzureAuthenticationHelper.4.1
                        @Override // android.os.ResultReceiver
                        protected void onReceiveResult(int i6, Bundle bundle) {
                            super.onReceiveResult(i6, bundle);
                            aVar.dismiss();
                            if (i6 != -1) {
                                G2.a.c("IntuneEnrollment", "SOPH_ERROR:Could not get CASL token - response != ok");
                                AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
                                return;
                            }
                            Serializable serializable = bundle.getSerializable(FidoConstants.WEBAUTHN_AUTHENTICATION_ASSERTION_RESPONSE_JSON_KEY);
                            if (serializable instanceof Response) {
                                Response response = (Response) serializable;
                                JWT responseJWT = response.getResponseJWT();
                                if (responseJWT != null) {
                                    AzureAuthenticationHelper.this.k(responseJWT.c("aud").asString(), n6, p6, response.getResponseJWTString());
                                } else {
                                    Toast.makeText(AzureAuthenticationHelper.this.mActivity, AzureAuthenticationHelper.this.mActivity.getString(B3.i.f215R1), 1).show();
                                    G2.a.c("IntuneEnrollment", "SOPH_ERROR:Could not get CASL token");
                                    AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
                                }
                            }
                        }
                    });
                    return;
                }
                L p7 = AzureAuthenticationHelper.this.mActivity.getSupportFragmentManager().p();
                X3.b bVar = new X3.b(B3.i.f212Q1, B3.i.f276j);
                p7.e(bVar, bVar.getTag());
                p7.j();
                IPublicClientApplication iPublicClientApplication2 = iPublicClientApplication;
                if (iPublicClientApplication2 instanceof SingleAccountPublicClientApplication) {
                    try {
                        ((SingleAccountPublicClientApplication) iPublicClientApplication2).signOut();
                    } catch (MsalException | InterruptedException e6) {
                        a4.c.k("AzureAuthenticationHel", "onSuccess: ", e6);
                    }
                }
                G2.a.c("IntuneEnrollment", "MS_ERROR:no deviceId received");
                AzureAuthenticationHelper.this.mAzureActivationErrorListener.a();
            }
        };
    }

    private RuntimePermissionCheck m() {
        if (f20853b == null) {
            int i6 = B3.i.f296o;
            int i7 = B3.i.f292n;
            f20853b = new RuntimePermissionCheck("android.permission.GET_ACCOUNTS", 2134, i6, i7, i7, B3.i.f288m);
        }
        return f20853b;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String n(IAuthenticationResult iAuthenticationResult) {
        if (iAuthenticationResult == null) {
            return null;
        }
        iAuthenticationResult.getAccessToken();
        return new JWT(iAuthenticationResult.getAccessToken()).c(DeviceCodeFlowAuthResultCommand.DEVICE_ID_CLAIM).asString();
    }

    private PhoneRuntimePermissionCheck o() {
        if (f20854c == null) {
            f20854c = new PhoneRuntimePermissionCheck(2135, B3.i.f263f2);
        }
        return f20854c;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String p(IAuthenticationResult iAuthenticationResult) {
        if (iAuthenticationResult == null) {
            return null;
        }
        iAuthenticationResult.getAccessToken();
        return new JWT(iAuthenticationResult.getAccessToken()).c("unique_name").asString();
    }

    private static boolean q(Context context, String str) {
        DevicePolicyManager devicePolicyManager;
        if (!s.b(context) || (devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy")) == null) {
            return false;
        }
        return devicePolicyManager.isDeviceOwnerApp(str);
    }

    private static boolean r(Context context, String str) {
        DevicePolicyManager devicePolicyManager;
        if (!s.b(context) || (devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy")) == null) {
            return false;
        }
        return devicePolicyManager.isProfileOwnerApp(str);
    }

    private void s() {
        try {
            com.microsoft.identity.client.Logger.getInstance().setExternalLogger(new a());
        } catch (IllegalStateException e6) {
            a4.c.X("AzureAuthenticationHel", "registerLogger: " + e6.getMessage());
        }
        com.microsoft.identity.common.internal.logging.Logger.getInstance().setExternalLogger(new b());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void t(String str) {
        p k6 = p.k(this.mActivity);
        setDeviceNameIfEmpty(str, k6);
        k6.O(str);
        k6.N(MTD_ENROLLMENT_TYPE);
        E3.c.d(this.mActivity);
        this.mActivity.finish();
    }

    public void handleAuthenticateClicked(boolean z6) {
        if (!z6) {
            G2.a.c("IntuneEnrollment", "START:Start MTD enrollment");
        }
        boolean isMicrosoftIntuneInstalled = isMicrosoftIntuneInstalled(this.mActivity);
        boolean isMicrosoftCompanyPortalInstalled = isMicrosoftCompanyPortalInstalled(this.mActivity);
        if (!isMicrosoftCompanyPortalInstalled && !isMicrosoftIntuneInstalled) {
            G2.a.c("IntuneEnrollment", "USER_ERROR:Company Portal nor Intune not installed");
            f fVar = new f(this.mActivity);
            L p6 = this.mActivity.getSupportFragmentManager().p();
            p6.e(fVar, fVar.getTag());
            p6.j();
            return;
        }
        if (!com.sophos.cloud.core.rest.p.c(this.mActivity)) {
            G2.a.c("IntuneEnrollment", "USER_ERROR:No internet connection");
            new X3.b(B3.i.f173G0, B3.i.f195L2).u0(this.mActivity.getSupportFragmentManager());
            return;
        }
        if (!m().isGranted(this.mActivity)) {
            m().check((r) this.mActivity);
            return;
        }
        if (!o().isGranted(this.mActivity)) {
            o().check((r) this.mActivity);
            return;
        }
        if (T3.a.g(this.mActivity, "com.microsoft.windowsintune.companyportal") || (isGCloudDPCOwner(this.mActivity) && isMicrosoftCompanyPortalInstalled)) {
            this.mActivity.runOnUiThread(new h());
            Toast.makeText(this.mActivity, B3.i.f300p, 1).show();
            PublicClientApplication.create(this.mActivity, B3.h.f147a, new c(new String[]{f20852a ? "https://SophosTechnology.onmicrosoft.com/bf4fa897-3d78-42e1-9d43-3896f4126e1a/enroll" : "https://SophosTechnology.onmicrosoft.com/1020ac7d-5704-4c49-86cd-7ef6f4433f0d/enroll"}));
            return;
        }
        L p7 = this.mActivity.getSupportFragmentManager().p();
        g gVar = new g(this, isMicrosoftCompanyPortalInstalled(this.mActivity));
        p7.e(gVar, gVar.getTag());
        p7.j();
    }

    public void onActivityResult(int i6, int i7, Intent intent) {
        a4.c.e("AzureAuthenticationHel", "onActivityResult() called with: requestCode = [" + i6 + "], resultCode = [" + i7 + "], data = [" + intent + "]");
    }

    public void onRequestPermissionsResult(int i6, String[] strArr, int[] iArr) {
        if (m().handlePermissionResult(this.mActivity, i6, strArr, iArr) || o().handlePermissionResult(this.mActivity, i6, strArr, iArr)) {
            handleAuthenticateClicked(true);
        }
    }

    protected void setDeviceNameIfEmpty(String str, p pVar) {
        if (StringUtils.isEmpty(pVar.i())) {
            pVar.P(MTD_DEVICE_NAME_PREFIX + str);
        }
    }
}
