package com.microsoft.office.outlook.olmcore.managers.mam;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import com.acompli.accore.util.x0;
import com.acompli.accore.util.z;
import com.microsoft.office.outlook.auth.AuthenticationType;
import com.microsoft.office.outlook.crashreport.CrashReportManager;
import com.microsoft.office.outlook.executors.OutlookDispatchers;
import com.microsoft.office.outlook.executors.OutlookExecutors;
import com.microsoft.office.outlook.feature.FeatureManager;
import com.microsoft.office.outlook.hx.HxServices;
import com.microsoft.office.outlook.intune.InternalContentProtection;
import com.microsoft.office.outlook.intune.IntuneAppConfig;
import com.microsoft.office.outlook.intune.IntuneAppConfigProvider;
import com.microsoft.office.outlook.intune.api.app.AllowedAccounts;
import com.microsoft.office.outlook.intune.api.app.MAMComponents;
import com.microsoft.office.outlook.intune.api.identity.MAMFileProtectionManager;
import com.microsoft.office.outlook.intune.api.identity.MAMPolicyManager;
import com.microsoft.office.outlook.intune.api.notification.MAMNotificationReceiver;
import com.microsoft.office.outlook.intune.api.notification.MAMNotificationReceiverRegistry;
import com.microsoft.office.outlook.intune.api.policy.MAMComplianceManager;
import com.microsoft.office.outlook.intune.api.policy.MAMEnrollmentManager;
import com.microsoft.office.outlook.intune.api.policy.MAMServiceAuthenticationCallback;
import com.microsoft.office.outlook.intune.api.policy.MAMUserInfo;
import com.microsoft.office.outlook.intune.api.policy.SaveLocation;
import com.microsoft.office.outlook.intune.api.policy.notification.MAMComplianceNotification;
import com.microsoft.office.outlook.intune.api.policy.notification.MAMEnrollmentNotification;
import com.microsoft.office.outlook.intune.api.policy.notification.MAMNotification;
import com.microsoft.office.outlook.intune.api.policy.notification.MAMNotificationType;
import com.microsoft.office.outlook.intune.api.policy.notification.MAMUserNotification;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.Loggers;
import com.microsoft.office.outlook.olmcore.managers.accounts.OMAccountManager;
import com.microsoft.office.outlook.olmcore.managers.interfaces.AppSessionManager;
import com.microsoft.office.outlook.olmcore.managers.interfaces.AppStatusManager;
import com.microsoft.office.outlook.olmcore.managers.telemetry.AnalyticsSender;
import com.microsoft.office.outlook.olmcore.model.interfaces.AccountId;
import com.microsoft.office.outlook.olmcore.model.interfaces.accounts.OMAccount;
import com.microsoft.office.outlook.privacy.RegionConfigService;
import com.microsoft.office.outlook.profiling.StrictModeProfiler;
import com.microsoft.office.outlook.shareddevicemode.utils.SharedDeviceModeHelper;
import com.microsoft.office.outlook.sync.annotation.CalendarSync;
import com.microsoft.office.outlook.sync.annotation.ContactSync;
import com.microsoft.office.outlook.sync.manager.SyncAccountManager;
import com.microsoft.office.outlook.tokenstore.contracts.TokenStoreManager;
import com.microsoft.office.outlook.tokenstore.model.AADTokenParameters;
import com.microsoft.office.outlook.tokenstore.model.OneAuthId;
import com.microsoft.office.outlook.tokenstore.model.OneAuthTokenParameters;
import com.microsoft.office.outlook.tokenstore.model.TokenAcquirerResult;
import com.microsoft.office.outlook.tokenstore.model.TokenError;
import com.microsoft.office.outlook.tokenstore.model.TokenParameters;
import com.microsoft.office.outlook.tokenstore.model.TokenResource;
import com.microsoft.office.outlook.tokenstore.model.TokenResult;
import g5.k;
import g5.p;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import kotlinx.coroutines.n0;
import y6.n;

/* loaded from: classes7.dex */
public class OlmAppEnrollmentManager implements MAMServiceAuthenticationCallback, AppEnrollmentManager {
    private static final long TOKEN_TIMEOUT = 15;
    private static OMAccount sWidgetDisabledAccount;
    private final OMAccountManager mAccountManager;
    private final AllowedAccounts mAllowedAccounts;
    private final AnalyticsSender mAnalyticsSender;
    private final AppSessionManager mAppSessionManager;
    private final AppStatusManager mAppStatusManager;
    private final b90.a<SyncAccountManager> mCalendarSyncAccountManager;
    private final b90.a<SyncAccountManager> mContactSyncAccountManager;
    private final Context mContext;
    private final b90.a<CrashReportManager> mCrashReportManagerLazy;
    private final z mEnvironment;
    private final b90.a<FeatureManager> mFeatureManagerLazy;
    private final HxServices mHxServices;
    private final InternalContentProtection mInternalContentProtection;
    private final IntuneAppConfigProvider mIntuneAppConfigProvider;
    private final b90.a<MAMComplianceManager> mMAMComplianceManager;
    private final MAMComponents mMAMComponents;
    private final b90.a<MAMEnrollmentManager> mMAMEnrollmentManager;
    private final MAMNotificationReceiverRegistry mMAMNotificationReceiverRegistry;
    private final MAMPolicyManager mMAMPolicyManager;
    protected b90.a<RegionConfigService> mRegionConfigService;
    private final SharedDeviceModeHelper mSharedDeviceModeHelper;
    private final b90.a<TokenStoreManager> mTokenStoreManagerLazy;
    private final Logger mLogger = Loggers.getInstance().getAccountLogger().withTag("OlmAppEnrollmentManager");
    private final Set<String> mCompanyPortalRequired = new HashSet();
    private final Set<String> mPendingEnrollments = new HashSet();
    private final Map<String, String> mTokensRequired = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.office.outlook.olmcore.managers.mam.OlmAppEnrollmentManager$1, reason: invalid class name */
    /* loaded from: classes7.dex */
    public class AnonymousClass1 implements MAMNotificationReceiver {
        final /* synthetic */ Handler val$handler;
        final /* synthetic */ Consumer val$notificationConsumer;

        AnonymousClass1(Handler handler, Consumer consumer) {
            this.val$handler = handler;
            this.val$notificationConsumer = consumer;
        }

        @Override // com.microsoft.office.outlook.intune.api.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            MAMNotificationType type = mAMNotification.getType();
            MAMNotificationType mAMNotificationType = MAMNotificationType.COMPLIANCE_STATUS;
            if (type != mAMNotificationType) {
                return true;
            }
            final MAMComplianceNotification mAMComplianceNotification = (MAMComplianceNotification) mAMNotification;
            Handler handler = this.val$handler;
            final Consumer consumer = this.val$notificationConsumer;
            handler.post(new Runnable() { // from class: com.microsoft.office.outlook.olmcore.managers.mam.h
                @Override // java.lang.Runnable
                public final void run() {
                    consumer.accept(mAMComplianceNotification);
                }
            });
            OlmAppEnrollmentManager.this.mMAMNotificationReceiverRegistry.unregisterReceiver(this, mAMNotificationType);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.office.outlook.olmcore.managers.mam.OlmAppEnrollmentManager$2, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result;

        static {
            int[] iArr = new int[MAMEnrollmentManager.Result.values().length];
            $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result = iArr;
            try {
                iArr[MAMEnrollmentManager.Result.AUTHORIZATION_NEEDED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.NOT_LICENSED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.ENROLLMENT_FAILED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.WRONG_USER.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.UNENROLLMENT_FAILED.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.UNENROLLMENT_SUCCEEDED.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.PENDING.ordinal()] = 8;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[MAMEnrollmentManager.Result.COMPANY_PORTAL_REQUIRED.ordinal()] = 9;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    /* loaded from: classes7.dex */
    private class EnrollmentNotificationReceiver implements MAMNotificationReceiver {
        private EnrollmentNotificationReceiver() {
        }

        @Override // com.microsoft.office.outlook.intune.api.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            MAMEnrollmentNotification mAMEnrollmentNotification = (MAMEnrollmentNotification) mAMNotification;
            String userIdentity = mAMEnrollmentNotification.getUserIdentity();
            boolean z11 = false;
            for (OMAccount oMAccount : OlmAppEnrollmentManager.this.mAccountManager.getAllAccounts()) {
                if (oMAccount.isIntunePolicyEligible() && userIdentity.equalsIgnoreCase(oMAccount.getO365UPN())) {
                    OlmAppEnrollmentManager.this.processesEnrollmentResult(oMAccount, mAMEnrollmentNotification.getEnrollmentResult());
                    z11 = true;
                }
            }
            if (!z11) {
                OlmAppEnrollmentManager.this.mLogger.e("Unable to find corresponding account to handle MAMEnrollmentNotification for UPN: " + x0.k(userIdentity));
            }
            return true;
        }
    }

    /* loaded from: classes7.dex */
    private class PolicyUpdateNotificationReceiver implements MAMNotificationReceiver {
        private PolicyUpdateNotificationReceiver() {
        }

        @Override // com.microsoft.office.outlook.intune.api.notification.MAMNotificationReceiver
        public boolean onReceive(MAMNotification mAMNotification) {
            MAMUserNotification mAMUserNotification = (MAMUserNotification) mAMNotification;
            if (mAMUserNotification.getType() != MAMNotificationType.REFRESH_POLICY) {
                return false;
            }
            String userIdentity = mAMUserNotification.getUserIdentity();
            OMAccount inTuneAccountForUPN = OlmAppEnrollmentManager.this.getInTuneAccountForUPN(userIdentity, false);
            if (inTuneAccountForUPN == null || OlmAppEnrollmentManager.this.mMAMPolicyManager.getPolicyForIdentity(userIdentity).isContactSyncAllowed()) {
                return true;
            }
            SyncAccountManager syncAccountManager = (SyncAccountManager) OlmAppEnrollmentManager.this.mContactSyncAccountManager.get();
            SyncAccountManager.ToggleSyncSource toggleSyncSource = SyncAccountManager.ToggleSyncSource.Intune;
            syncAccountManager.disableSyncForAccountFuture(inTuneAccountForUPN, toggleSyncSource);
            IntuneAppConfig config = OlmAppEnrollmentManager.this.mIntuneAppConfigProvider.getConfig(inTuneAccountForUPN, OlmAppEnrollmentManager.this);
            if (config == null) {
                ((SyncAccountManager) OlmAppEnrollmentManager.this.mCalendarSyncAccountManager.get()).disableSyncForAccount(inTuneAccountForUPN, toggleSyncSource);
            }
            Iterator<AccountId> it = inTuneAccountForUPN.getSharedMailAccounts().iterator();
            while (it.hasNext()) {
                OMAccount accountFromId = OlmAppEnrollmentManager.this.mAccountManager.getAccountFromId(it.next());
                if (accountFromId != null) {
                    SyncAccountManager syncAccountManager2 = (SyncAccountManager) OlmAppEnrollmentManager.this.mContactSyncAccountManager.get();
                    SyncAccountManager.ToggleSyncSource toggleSyncSource2 = SyncAccountManager.ToggleSyncSource.Intune;
                    syncAccountManager2.disableSyncForAccountFuture(accountFromId, toggleSyncSource2);
                    if (config == null) {
                        ((SyncAccountManager) OlmAppEnrollmentManager.this.mCalendarSyncAccountManager.get()).disableSyncForAccount(accountFromId, toggleSyncSource2);
                    }
                }
            }
            return true;
        }
    }

    public OlmAppEnrollmentManager(Context context, OMAccountManager oMAccountManager, AppStatusManager appStatusManager, AppSessionManager appSessionManager, IntuneAppConfigProvider intuneAppConfigProvider, @CalendarSync b90.a<SyncAccountManager> aVar, @ContactSync b90.a<SyncAccountManager> aVar2, b90.a<TokenStoreManager> aVar3, b90.a<FeatureManager> aVar4, z zVar, AnalyticsSender analyticsSender, b90.a<CrashReportManager> aVar5, HxServices hxServices, SharedDeviceModeHelper sharedDeviceModeHelper, AllowedAccounts allowedAccounts, MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry, b90.a<MAMEnrollmentManager> aVar6, b90.a<MAMComplianceManager> aVar7, MAMComponents mAMComponents, MAMPolicyManager mAMPolicyManager, b90.a<MAMFileProtectionManager> aVar8) {
        this.mAccountManager = oMAccountManager;
        this.mContext = context;
        this.mIntuneAppConfigProvider = intuneAppConfigProvider;
        this.mAppStatusManager = appStatusManager;
        this.mAppSessionManager = appSessionManager;
        this.mContactSyncAccountManager = aVar2;
        this.mCalendarSyncAccountManager = aVar;
        this.mTokenStoreManagerLazy = aVar3;
        this.mFeatureManagerLazy = aVar4;
        this.mEnvironment = zVar;
        this.mAnalyticsSender = analyticsSender;
        this.mCrashReportManagerLazy = aVar5;
        this.mHxServices = hxServices;
        this.mSharedDeviceModeHelper = sharedDeviceModeHelper;
        this.mInternalContentProtection = new InternalContentProtection(context, aVar8);
        this.mAllowedAccounts = allowedAccounts;
        this.mMAMNotificationReceiverRegistry = mAMNotificationReceiverRegistry;
        this.mMAMEnrollmentManager = aVar6;
        this.mMAMComplianceManager = aVar7;
        this.mMAMComponents = mAMComponents;
        this.mMAMPolicyManager = mAMPolicyManager;
    }

    private IntuneAppConfig getConfig(OMAccount oMAccount) {
        return this.mIntuneAppConfigProvider.getConfig(oMAccount, this);
    }

    @SuppressLint({"BlockingAsyncCall"})
    private String getToken(final AccountId accountId, final String str) {
        this.mLogger.d("Token required for MAM for accountId: " + accountId + " resource: " + str);
        final TokenStoreManager tokenStoreManager = this.mTokenStoreManagerLazy.get();
        p f11 = k.f(OutlookDispatchers.getBackgroundDispatcher(), null, new ba0.p() { // from class: com.microsoft.office.outlook.olmcore.managers.mam.e
            @Override // ba0.p
            public final Object invoke(Object obj, Object obj2) {
                Object token;
                token = TokenStoreManager.this.getToken(accountId, str, null, null, (u90.d) obj2);
                return token;
            }
        });
        try {
            f11.S(15L, TimeUnit.SECONDS, "TokenStoreManager");
            if (n.p(f11)) {
                TokenResult tokenResult = (TokenResult) f11.A();
                if (tokenResult instanceof TokenResult.Success) {
                    this.mLogger.d("Successfully acquired token for MAM with accountId: " + accountId + " resource: " + str);
                    return ((TokenResult.Success) tokenResult).getToken();
                }
                if (tokenResult instanceof TokenResult.Error) {
                    TokenError tokenError = ((TokenResult.Error) tokenResult).getTokenError();
                    this.mLogger.e("Failed to acquire token for MAM with accountId: " + accountId + " and resource: " + str + " with error " + tokenError.getTokenErrorMessage());
                }
            } else {
                this.mLogger.e("Token acquire task failed for MAM with accountId: " + accountId + " and resource: " + str, f11.z());
            }
        } catch (InterruptedException e11) {
            this.mLogger.e("Token acquire task for MAM interrupted with accountId: " + accountId + " and resource: " + str, e11);
        }
        return null;
    }

    @SuppressLint({"BlockingAsyncCall"})
    private String getTokenWithoutAccount(String str, String str2, final String str3) {
        this.mLogger.d("Token required for MAM for resource: " + str);
        final TokenStoreManager tokenStoreManager = this.mTokenStoreManagerLazy.get();
        FeatureManager featureManager = this.mFeatureManagerLazy.get();
        final TokenParameters oneAuthTokenParameters = (featureManager.isFeatureOn(FeatureManager.Feature.ONEAUTH_O365) || featureManager.isFeatureOn(FeatureManager.Feature.ONEAUTH_GCC) || g6.d.a(this.mContext).A5().isSharedDeviceMode()) ? new OneAuthTokenParameters(AuthenticationType.Office365, new OneAuthId.OneAuthProviderId(str2), str, "https://login.windows.net/common/oauth2/token", null, UUID.randomUUID(), null, null) : new AADTokenParameters(AuthenticationType.Office365, "https://login.windows.net/common/oauth2/token", str2, str, null, UUID.randomUUID(), null);
        p f11 = k.f(OutlookDispatchers.getBackgroundDispatcher(), null, new ba0.p() { // from class: com.microsoft.office.outlook.olmcore.managers.mam.d
            @Override // ba0.p
            public final Object invoke(Object obj, Object obj2) {
                Object lambda$getTokenWithoutAccount$3;
                lambda$getTokenWithoutAccount$3 = OlmAppEnrollmentManager.lambda$getTokenWithoutAccount$3(TokenStoreManager.this, str3, oneAuthTokenParameters, (n0) obj, (u90.d) obj2);
                return lambda$getTokenWithoutAccount$3;
            }
        });
        try {
            f11.S(15L, TimeUnit.SECONDS, "getTokenWithoutAccount");
            if (n.p(f11)) {
                TokenAcquirerResult tokenAcquirerResult = (TokenAcquirerResult) f11.A();
                if (tokenAcquirerResult instanceof TokenAcquirerResult.Success) {
                    this.mLogger.d("Successfully acquired token for MAM for resource: " + str);
                    return ((TokenAcquirerResult.Success) tokenAcquirerResult).getTokenStoreValue().getToken();
                }
                if (tokenAcquirerResult instanceof TokenAcquirerResult.Error) {
                    TokenError tokenError = ((TokenAcquirerResult.Error) tokenAcquirerResult).getTokenError();
                    this.mLogger.e("Failed to acquire token for MAM with resource: " + str + " with error " + tokenError.getTokenErrorMessage());
                }
            } else {
                this.mLogger.e("Token acquire task failed for MAM with resource: " + str, f11.z());
            }
        } catch (InterruptedException e11) {
            this.mLogger.e("Token acquire task for MAM interrupted with resource: " + str, e11);
        }
        return null;
    }

    public static OMAccount getWidgetDisabledAccount() {
        return sWidgetDisabledAccount;
    }

    private boolean hasPendingEnrollment(String str) {
        boolean contains;
        synchronized (this.mPendingEnrollments) {
            contains = this.mPendingEnrollments.contains(str);
        }
        return contains;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Object lambda$getTokenWithoutAccount$3(TokenStoreManager tokenStoreManager, String str, TokenParameters tokenParameters, n0 n0Var, u90.d dVar) {
        return tokenStoreManager.getTokenWithoutAccount(str, tokenParameters, 15000L, TokenResource.Intune, dVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Object lambda$onAadTokenRefreshed$0(TokenStoreManager tokenStoreManager, OMAccount oMAccount, String str, n0 n0Var, u90.d dVar) {
        return tokenStoreManager.getToken(oMAccount.getAccountId(), str, null, null, dVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Object lambda$onAadTokenRefreshed$1(AccountId accountId, OMAccount oMAccount, String str, String str2, p pVar) throws Exception {
        if (!n.p(pVar)) {
            this.mLogger.e("Failed to get token for MAM with accountId: " + accountId, pVar.z());
            return null;
        }
        TokenResult tokenResult = (TokenResult) pVar.A();
        if (tokenResult instanceof TokenResult.Success) {
            this.mLogger.d("Successfully acquired token for MAM with accountId: " + accountId);
            this.mMAMEnrollmentManager.get().updateToken(oMAccount.getO365UPN(), oMAccount.getUserID(), str, ((TokenResult.Success) tokenResult).getToken());
            this.mTokensRequired.remove(str2);
            return null;
        }
        if (!(tokenResult instanceof TokenResult.Error)) {
            return null;
        }
        TokenError tokenError = ((TokenResult.Error) tokenResult).getTokenError();
        this.mLogger.e("Failed to acquire token for MAM with accountId: " + accountId + " and resource: " + str + " with error " + tokenError.getTokenErrorMessage());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processesEnrollmentResult(OMAccount oMAccount, MAMEnrollmentManager.Result result) {
        synchronized (this.mPendingEnrollments) {
            if (result == MAMEnrollmentManager.Result.PENDING) {
                this.mPendingEnrollments.add(oMAccount.getO365UPN());
            } else {
                this.mPendingEnrollments.remove(oMAccount.getO365UPN());
            }
        }
        switch (AnonymousClass2.$SwitchMap$com$microsoft$office$outlook$intune$api$policy$MAMEnrollmentManager$Result[result.ordinal()]) {
            case 1:
                this.mLogger.e("MAM Service authorization needed.");
                return;
            case 2:
                this.mLogger.i("The user is not licensed for MAM Service enrollment.");
                return;
            case 3:
                this.mLogger.i("MAM Service enrollment succeeded.");
                if (this.mFeatureManagerLazy.get().isFeatureOn(FeatureManager.Feature.INTUNE_FOLDER_PROTECTION_REFACTOR)) {
                    this.mInternalContentProtection.applyProtection(getInTuneIdentity(oMAccount));
                    return;
                }
                return;
            case 4:
                this.mLogger.w("MAM Service enrollment failed for an unknown reason.");
                return;
            case 5:
                this.mLogger.w("MAM Service enrollment failed because a different user is already enrolled.");
                this.mLogger.w("The account will be removed.");
                this.mAccountManager.deleteAccountSynchronous(oMAccount.getAccountId(), OMAccountManager.DeleteAccountReason.INTUNE_ENROLL_WRONG_USER);
                return;
            case 6:
                this.mLogger.w("MAM Service unenrollment failed for an unknown reason.");
                return;
            case 7:
                this.mLogger.i("MAM Service unenrollment succeeded.");
                return;
            case 8:
                this.mLogger.v("MAM Service enrollment pending.");
                return;
            case 9:
                this.mCompanyPortalRequired.add(oMAccount.getO365UPN().toLowerCase());
                this.mLogger.v("MAM Service cannot enroll because the Company Portal is required. Enrollment will occur when the AAD token is refreshed.");
                return;
            default:
                this.mLogger.w("Unhandled enrollment result " + result);
                return;
        }
    }

    private void remediateCompliance(String str, String str2, String str3, String str4, boolean z11) {
        this.mLogger.d("Attempting to remediate compliance with Intune MAM App Protection Policy for " + x0.c(str));
        this.mMAMComplianceManager.get().remediateCompliance(str, str2, str3, str4, z11);
    }

    public static void setWidgetDisabledAccount(OMAccount oMAccount) {
        sWidgetDisabledAccount = oMAccount;
    }

    private boolean shouldSkipIntunePolicyChange(OMAccount oMAccount) {
        if (!this.mMAMPolicyManager.isIdentityManaged(oMAccount.getO365UPN()) || !oMAccount.isIntunePolicyEligible() || !oMAccount.isFileAccount() || this.mAccountManager.getMailAccountForEmail(oMAccount.getPrimaryEmail()) == null) {
            return false;
        }
        this.mLogger.d("Skip un-enroll because there is an equivalent mail account that exists in the app");
        return true;
    }

    private void unenroll(OMAccount oMAccount) {
        if (oMAccount.isIntunePolicyEligible()) {
            String o365upn = oMAccount.getO365UPN();
            if (o365upn == null || o365upn.isEmpty()) {
                this.mLogger.w("O365 account " + x0.k(o365upn) + " has null/empty UPN, cannot unenroll from MAM");
                return;
            }
            if (this.mFeatureManagerLazy.get().isFeatureOn(FeatureManager.Feature.INTUNE_FOLDER_PROTECTION_REFACTOR)) {
                this.mInternalContentProtection.removeProtection();
            }
            this.mLogger.d("Attempting to unenroll O365 account " + x0.c(o365upn) + " from MAM");
            this.mMAMEnrollmentManager.get().unregisterAccountForMAM(o365upn);
        }
    }

    @Override // com.microsoft.office.outlook.intune.api.policy.MAMServiceAuthenticationCallback
    public synchronized String acquireToken(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        String lowerCase = str.toLowerCase();
        boolean z11 = false;
        try {
            for (OMAccount oMAccount : this.mAccountManager.getAllAccounts()) {
                if (oMAccount.isIntunePolicyEligible() && lowerCase.equalsIgnoreCase(oMAccount.getO365UPN())) {
                    z11 = true;
                    String token = getToken(oMAccount.getAccountId(), str3);
                    if (token != null) {
                        this.mTokensRequired.remove(lowerCase);
                        return token;
                    }
                }
            }
            if (!z11) {
                this.mLogger.e("Token required before account is created for true mam ca resource " + str3);
                String tokenWithoutAccount = getTokenWithoutAccount(str3, str2, lowerCase);
                if (tokenWithoutAccount != null) {
                    this.mTokensRequired.remove(lowerCase);
                    return tokenWithoutAccount;
                }
            }
            this.mTokensRequired.put(lowerCase, str3);
            return null;
        } catch (Exception e11) {
            this.mCrashReportManagerLazy.get().reportStackTrace("MAM acquire token with account", e11);
            throw e11;
        }
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean areWidgetsAllowed(OMAccount oMAccount) {
        if (!this.mFeatureManagerLazy.get().isFeatureOn(FeatureManager.Feature.WIDGET_APP_CONFIG)) {
            return true;
        }
        if ((this.mEnvironment.H() && sWidgetDisabledAccount == oMAccount) || !isDeviceSyncAllowed(oMAccount)) {
            return false;
        }
        IntuneAppConfig config = getConfig(oMAccount);
        if (config == null || config.getAreWidgetsAllowed() == null) {
            return true;
        }
        return config.getAreWidgetsAllowed().booleanValue();
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public void enrollIfEligible(OMAccount oMAccount) {
        if (!oMAccount.isIntunePolicyEligible()) {
            this.mLogger.d("Not enrolling account " + oMAccount.getAccountId() + " of type " + oMAccount.getAuthenticationType() + " in MAM because it is not an O365 account");
            return;
        }
        if (oMAccount.isSharedMailAccount()) {
            this.mLogger.d("Not enrolling account " + oMAccount.getAccountId() + " in MAM because it is a shared/delegate mailbox");
            return;
        }
        String o365upn = oMAccount.getO365UPN();
        if (o365upn == null || o365upn.isEmpty()) {
            this.mLogger.w("O365 account " + oMAccount.getAccountId() + " has null/empty UPN, cannot enroll in MAM");
            return;
        }
        if (this.mCompanyPortalRequired.contains(o365upn.toLowerCase())) {
            this.mLogger.d("Not enrolling account " + x0.c(o365upn) + " because we already know the Company Portal is required (but not present)");
            return;
        }
        if (hasPendingEnrollment(o365upn)) {
            this.mLogger.w("Enrollment already pending for O365 account " + x0.c(o365upn) + ".");
            return;
        }
        this.mLogger.d("Attempting to enroll O365 account " + x0.c(o365upn) + " in MAM");
        this.mMAMEnrollmentManager.get().registerAccountForMAM(o365upn, oMAccount.getUserID(), oMAccount.getAADTenantId(), com.acompli.accore.util.d.x(oMAccount));
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public OMAccount getInTuneAccountForUPN(String str, boolean z11) {
        if (z11 && !this.mMAMPolicyManager.isIdentityManaged(str)) {
            return null;
        }
        for (OMAccount oMAccount : this.mAccountManager.getAllAccounts()) {
            if (oMAccount.isIntunePolicyEligible() && str.equalsIgnoreCase(oMAccount.getO365UPN())) {
                return oMAccount;
            }
        }
        return null;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public String getInTuneIdentity(OMAccount oMAccount) {
        OMAccount primaryAccountForSharedMailAccount;
        if (oMAccount.isSharedMailAccount() && (primaryAccountForSharedMailAccount = this.mAccountManager.getPrimaryAccountForSharedMailAccount(oMAccount)) != null) {
            oMAccount = primaryAccountForSharedMailAccount;
        }
        return oMAccount.isIntunePolicyEligible() ? oMAccount.getO365UPN() : "";
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public OMAccount getInTuneProtectedAccount() {
        for (OMAccount oMAccount : this.mAccountManager.getAllAccounts()) {
            if (oMAccount.isIntunePolicyEligible() && !oMAccount.isSharedMailAccount() && isAccountInTuneProtected(oMAccount)) {
                return oMAccount;
            }
        }
        return null;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public List<OMAccount> getInTuneProtectedAccounts() {
        ArrayList arrayList = new ArrayList();
        for (OMAccount oMAccount : this.mAccountManager.getAllAccounts()) {
            if (isAccountInTuneProtected(oMAccount)) {
                arrayList.add(oMAccount);
            }
        }
        return arrayList;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public OMAccount getIntuneProtectedEUDBAccount(ArrayList<String> arrayList) {
        OMAccount accountFromId;
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            AccountId eUDBAccountId = this.mRegionConfigService.get().getEUDBAccountId(it.next());
            if (eUDBAccountId != null && (accountFromId = this.mAccountManager.getAccountFromId(eUDBAccountId)) != null && accountFromId.isIntunePolicyEligible() && !accountFromId.isSharedMailAccount() && isAccountInTuneProtected(accountFromId)) {
                return accountFromId;
            }
        }
        return null;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public OMAccount getProtectedPrimaryMailAccountForManagedIdentity(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        for (OMAccount oMAccount : this.mAccountManager.getMailAccounts()) {
            if (oMAccount.isIntunePolicyEligible() && !oMAccount.isSharedMailAccount() && str.equalsIgnoreCase(getInTuneIdentity(oMAccount))) {
                return oMAccount;
            }
        }
        return null;
    }

    @Override // com.microsoft.office.outlook.olmcore.listener.accounts.OMAccountsChangedListener
    public String getTag() {
        return "OlmAppEnrollmentManager";
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public <T> boolean handleADALComplianceException(OlmAuthenticationException olmAuthenticationException, boolean z11, Consumer<T> consumer) {
        if (olmAuthenticationException.isIntunePolicyRequiredException()) {
            return handleADALComplianceException(olmAuthenticationException.getAccountUpn(), olmAuthenticationException.getAccountUserId(), olmAuthenticationException.getTenantId(), olmAuthenticationException.getAuthorityUrl(), z11, consumer);
        }
        return false;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public <T> boolean handleADALComplianceException(String str, String str2, String str3, String str4, boolean z11, Consumer<T> consumer) {
        this.mLogger.d("attempting to handle IntuneAppProtectionPolicyRequiredException");
        if (str == null || str2 == null || str.isEmpty() || str2.isEmpty()) {
            this.mLogger.w("null data received from broker with IntuneAppProtectionPolicyRequiredException -- ADAL bug");
            return false;
        }
        if (consumer != null) {
            this.mMAMNotificationReceiverRegistry.registerReceiver(new AnonymousClass1(new Handler(Looper.getMainLooper()), consumer), MAMNotificationType.COMPLIANCE_STATUS);
        }
        remediateCompliance(str, str2, str3, str4, z11);
        return true;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean isAccountInTuneProtected(OMAccount oMAccount) {
        if (oMAccount == null) {
            return false;
        }
        String inTuneIdentity = getInTuneIdentity(oMAccount);
        if (this.mMAMPolicyManager.isIdentityManaged(inTuneIdentity)) {
            return true;
        }
        MAMUserInfo mAMUserInfo = (MAMUserInfo) this.mMAMComponents.get(MAMUserInfo.class);
        String primaryUser = mAMUserInfo != null ? mAMUserInfo.getPrimaryUser() : null;
        return !TextUtils.isEmpty(primaryUser) && primaryUser.equalsIgnoreCase(inTuneIdentity);
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean isAccountMdmLessEnrolled(OMAccount oMAccount) {
        if (!isAccountInTuneProtected(oMAccount)) {
            return false;
        }
        String o365upn = oMAccount.getO365UPN();
        if (TextUtils.isEmpty(o365upn)) {
            return false;
        }
        return MAMEnrollmentManager.Result.ENROLLMENT_SUCCEEDED.equals(this.mMAMEnrollmentManager.get().getRegisteredAccountStatus(o365upn));
    }

    boolean isDeviceSyncAllowed(OMAccount oMAccount) {
        String inTuneIdentity = getInTuneIdentity(oMAccount);
        if (this.mMAMPolicyManager.isIdentityManaged(inTuneIdentity)) {
            return this.mMAMPolicyManager.getPolicyForIdentity(inTuneIdentity).isContactSyncAllowed();
        }
        return true;
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean isNotAllowedByIntune(OMAccount oMAccount) {
        return !this.mAllowedAccounts.isAccountAllowed(getInTuneIdentity(oMAccount));
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean isSaveFileToDeviceAllowed(AccountId accountId) {
        if (this.mSharedDeviceModeHelper.isSharedDeviceMode()) {
            return false;
        }
        OMAccount accountFromId = this.mAccountManager.getAccountFromId(accountId);
        if (accountFromId == null) {
            return true;
        }
        return this.mMAMPolicyManager.getPolicyForIdentity(getInTuneIdentity(accountFromId)).isSaveToLocationAllowed(SaveLocation.LOCAL, null);
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean okToEnableAddins(OMAccount oMAccount) {
        if (!isDeviceSyncAllowed(oMAccount)) {
            return false;
        }
        IntuneAppConfig config = getConfig(oMAccount);
        if (config == null || config.getAddinsEnabled() == null) {
            return true;
        }
        return config.getAddinsEnabled().booleanValue();
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean okToSyncCalendars(OMAccount oMAccount) {
        if (!isDeviceSyncAllowed(oMAccount)) {
            return false;
        }
        IntuneAppConfig config = getConfig(oMAccount);
        if (config == null || config.getCalendarSyncAvailable() == null) {
            return true;
        }
        return config.getCalendarSyncAvailable().booleanValue();
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public boolean okToSyncContacts(OMAccount oMAccount) {
        return isDeviceSyncAllowed(oMAccount);
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public synchronized void onAadTokenRefreshed(final OMAccount oMAccount, OlmAuthenticationResult olmAuthenticationResult) {
        if (oMAccount.isIntunePolicyEligible()) {
            final String lowerCase = oMAccount.getO365UPN().toLowerCase();
            if (this.mMAMEnrollmentManager.get().getRegisteredAccountStatus(lowerCase) == null) {
                this.mMAMEnrollmentManager.get().registerAccountForMAM(lowerCase, oMAccount.getUserID(), olmAuthenticationResult != null ? olmAuthenticationResult.getTenantId() : oMAccount.getAADTenantId(), com.acompli.accore.util.d.x(oMAccount));
            }
            final String str = this.mTokensRequired.get(lowerCase);
            if (str == null) {
                return;
            }
            final AccountId accountId = oMAccount.getAccountId();
            this.mLogger.d("Token required for MAM after aad token refresh for accountId: + " + accountId + "resource: " + str);
            final TokenStoreManager tokenStoreManager = this.mTokenStoreManagerLazy.get();
            k.f(OutlookDispatchers.getBackgroundDispatcher(), null, new ba0.p() { // from class: com.microsoft.office.outlook.olmcore.managers.mam.f
                @Override // ba0.p
                public final Object invoke(Object obj, Object obj2) {
                    Object lambda$onAadTokenRefreshed$0;
                    lambda$onAadTokenRefreshed$0 = OlmAppEnrollmentManager.lambda$onAadTokenRefreshed$0(TokenStoreManager.this, oMAccount, str, (n0) obj, (u90.d) obj2);
                    return lambda$onAadTokenRefreshed$0;
                }
            }).o(new g5.i() { // from class: com.microsoft.office.outlook.olmcore.managers.mam.g
                @Override // g5.i
                public final Object then(p pVar) {
                    Object lambda$onAadTokenRefreshed$1;
                    lambda$onAadTokenRefreshed$1 = OlmAppEnrollmentManager.this.lambda$onAadTokenRefreshed$1(accountId, oMAccount, str, lowerCase, pVar);
                    return lambda$onAadTokenRefreshed$1;
                }
            }, OutlookExecutors.getBackgroundExecutor());
        }
    }

    @Override // com.microsoft.office.outlook.olmcore.listener.accounts.OMAccountsChangedListener
    public void onOMAccountAdded(OMAccount oMAccount) {
        enrollIfEligible(oMAccount);
    }

    @Override // com.microsoft.office.outlook.olmcore.listener.accounts.OMAccountsChangedListener
    public void onOMAccountDeleting(OMAccount oMAccount, OMAccountManager.DeleteAccountReason deleteAccountReason) {
        if (shouldSkipIntunePolicyChange(oMAccount) || deleteAccountReason.isMigration()) {
            return;
        }
        unenroll(oMAccount);
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public void performIntuneEnrollmentSilent(OMAccount oMAccount) {
        if (oMAccount.isIntunePolicyEligible()) {
            String o365upn = oMAccount.getO365UPN();
            try {
                this.mLogger.d("Attempting to enroll account " + x0.c(o365upn) + " in MAM");
                this.mMAMEnrollmentManager.get().registerAccountForMAM(o365upn, oMAccount.getUserID(), oMAccount.getAADTenantId(), com.acompli.accore.util.d.x(oMAccount));
            } catch (Exception e11) {
                this.mLogger.e("Error enrolling account " + x0.c(o365upn) + " in MAM", e11);
                this.mAnalyticsSender.sendAssertionEvent("gcc_intune_enrollment_failed");
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public void registerReceivers() {
        this.mMAMNotificationReceiverRegistry.registerReceiver(new EnrollmentNotificationReceiver(), MAMNotificationType.MAM_ENROLLMENT_RESULT);
        this.mMAMNotificationReceiverRegistry.registerReceiver(new PolicyUpdateNotificationReceiver(), MAMNotificationType.REFRESH_POLICY);
        this.mMAMNotificationReceiverRegistry.registerReceiver(new ManagementRemovedReceiver(this.mContext, this.mLogger, this.mAccountManager, this.mAppSessionManager, this.mAppStatusManager, this.mHxServices), MAMNotificationType.MANAGEMENT_REMOVED);
        StrictModeProfiler strictModeProfiler = StrictModeProfiler.INSTANCE;
        strictModeProfiler.beginStrictModeExemption("OlmAppEnrollmentManager<init>");
        this.mMAMEnrollmentManager.get().registerAuthenticationCallback(this);
        strictModeProfiler.endStrictModeExemption("OlmAppEnrollmentManager<init>");
    }

    @Override // com.microsoft.office.outlook.olmcore.managers.mam.AppEnrollmentManager
    public void verifyFolderProtection() {
        OMAccount inTuneProtectedAccount = getInTuneProtectedAccount();
        if (inTuneProtectedAccount == null) {
            this.mInternalContentProtection.verifyProtection(null);
        } else {
            this.mInternalContentProtection.verifyProtection(getInTuneIdentity(inTuneProtectedAccount));
        }
    }
}
