package com.android.email;

import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.ContentProviderOperation;
import android.content.ContentResolver;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.content.OperationApplicationException;
import android.database.Cursor;
import android.os.Bundle;
import android.os.RemoteException;
import com.android.email.provider.C0255b;
import com.android.email.provider.EmailProvider;
import com.android.email.service.EmailBroadcastProcessorService;
import com.android.emailcommon.provider.Account;
import com.android.emailcommon.provider.EmailContent;
import com.android.emailcommon.provider.Policy;
import com.android.mail.utils.E;
import com.google.android.gm.R;
import java.util.ArrayList;

/* loaded from: classes.dex */
public final class SecurityPolicy {
    private static SecurityPolicy Mb = null;
    private final ComponentName Md;
    private Context mContext;
    private DevicePolicyManager Mc = null;
    private Policy Me = null;

    /* loaded from: classes.dex */
    public class PolicyAdmin extends DeviceAdminReceiver {
        @Override // android.app.admin.DeviceAdminReceiver
        public CharSequence onDisableRequested(Context context, Intent intent) {
            return context.getString(R.string.disable_admin_warning);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onDisabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.e(context, 2);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onEnabled(Context context, Intent intent) {
            EmailBroadcastProcessorService.e(context, 1);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordChanged(Context context, Intent intent) {
            EmailBroadcastProcessorService.e(context, 3);
        }

        @Override // android.app.admin.DeviceAdminReceiver
        public void onPasswordExpiring(Context context, Intent intent) {
            EmailBroadcastProcessorService.e(context, 4);
        }
    }

    private SecurityPolicy(Context context) {
        this.mContext = context.getApplicationContext();
        this.Md = new ComponentName(context, (Class<?>) PolicyAdmin.class);
    }

    private void V(boolean z) {
        if (z) {
            return;
        }
        Context context = this.mContext;
        ContentResolver contentResolver = context.getContentResolver();
        Cursor query = contentResolver.query(Account.CONTENT_URI, EmailContent.XT, "policyKey IS NOT NULL AND policyKey!=0", null, null);
        try {
            E.e("Email", "Email administration disabled; deleting " + query.getCount() + " secured account(s)", new Object[0]);
            while (query.moveToNext()) {
                contentResolver.delete(EmailProvider.a("uiaccount", query.getLong(0)), null, null);
            }
            query.close();
            he();
            C0255b.F(context);
        } catch (Throwable th) {
            query.close();
            throw th;
        }
    }

    public static void a(Context context, long j, boolean z) {
        Account k = Account.k(context, j);
        if (k != null) {
            a(context, k, z);
            if (z) {
                o.r(context).a(k);
            }
        }
    }

    public static void a(Context context, Account account, boolean z) {
        if (z) {
            account.dM |= 32;
        } else {
            account.dM &= -33;
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("flags", Integer.valueOf(account.dM));
        account.a(context, contentValues);
    }

    public static void b(Context context, int i) {
        SecurityPolicy w = w(context);
        switch (i) {
            case 1:
                w.V(true);
                return;
            case 2:
                w.V(false);
                return;
            case 3:
                Account.ab(context);
                o.r(context).gI();
                return;
            case 4:
                Context context2 = w.mContext;
                long longValue = com.android.emailcommon.b.s.a(context2, Policy.CONTENT_URI, Policy.XT, "passwordExpirationDays>0", null, "passwordExpirationDays ASC", -1L).longValue();
                long z = longValue < 0 ? -1L : Policy.z(context2, longValue);
                if (z != -1) {
                    boolean z2 = w.hd().getPasswordExpiration(w.Md) - System.currentTimeMillis() < 0;
                    m r = o.r(context2);
                    if (!z2) {
                        r.g(z);
                        return;
                    } else {
                        if (x(context2)) {
                            r.h(z);
                            return;
                        }
                        return;
                    }
                }
                return;
            default:
                return;
        }
    }

    private static void b(Context context, Account account) {
        android.accounts.Account account2 = new android.accounts.Account(account.NP, com.android.email.service.n.l(context, account.aa(context)).accountType);
        Bundle bundle = new Bundle(3);
        bundle.putBoolean("force", true);
        bundle.putBoolean("do_not_retry", true);
        bundle.putBoolean("expedited", true);
        ContentResolver.requestSync(account2, EmailContent.AUTHORITY, bundle);
        E.d("Email", "requestSync SecurityPolicy syncAccount %s, %s", account.toString(), bundle.toString());
    }

    private Policy hb() {
        Policy policy = new Policy();
        policy.ZM = Integer.MIN_VALUE;
        policy.ZL = Integer.MIN_VALUE;
        policy.ZN = Integer.MAX_VALUE;
        policy.ZP = Integer.MIN_VALUE;
        policy.ZO = Integer.MAX_VALUE;
        policy.ZQ = Integer.MIN_VALUE;
        policy.ZR = Integer.MAX_VALUE;
        policy.ZS = false;
        policy.ZT = false;
        policy.ZU = false;
        Cursor query = this.mContext.getContentResolver().query(Policy.CONTENT_URI, Policy.XO, null, null, null);
        Policy policy2 = new Policy();
        boolean z = false;
        while (query.moveToNext()) {
            try {
                policy2.b(query);
                if (b.DEBUG) {
                    E.c("Email", "Aggregate from: " + policy2, new Object[0]);
                }
                policy.ZM = Math.max(policy2.ZM, policy.ZM);
                policy.ZL = Math.max(policy2.ZL, policy.ZL);
                if (policy2.ZN > 0) {
                    policy.ZN = Math.min(policy2.ZN, policy.ZN);
                }
                if (policy2.ZR > 0) {
                    policy.ZR = Math.min(policy2.ZR, policy.ZR);
                }
                if (policy2.ZP > 0) {
                    policy.ZP = Math.max(policy2.ZP, policy.ZP);
                }
                if (policy2.ZO > 0) {
                    policy.ZO = Math.min(policy2.ZO, policy.ZO);
                }
                if (policy2.ZQ > 0) {
                    policy.ZQ = Math.max(policy2.ZQ, policy.ZQ);
                }
                policy.ZS |= policy2.ZS;
                policy.ZT |= policy2.ZT;
                policy.ZW |= policy2.ZW;
                z = true;
            } finally {
                query.close();
            }
        }
        if (!z) {
            if (b.DEBUG) {
                E.c("Email", "Calculated Aggregate: no policy", new Object[0]);
            }
            return Policy.aah;
        }
        if (policy.ZM == Integer.MIN_VALUE) {
            policy.ZM = 0;
        }
        if (policy.ZL == Integer.MIN_VALUE) {
            policy.ZL = 0;
        }
        if (policy.ZN == Integer.MAX_VALUE) {
            policy.ZN = 0;
        }
        if (policy.ZR == Integer.MAX_VALUE) {
            policy.ZR = 0;
        }
        if (policy.ZP == Integer.MIN_VALUE) {
            policy.ZP = 0;
        }
        if (policy.ZO == Integer.MAX_VALUE) {
            policy.ZO = 0;
        }
        if (policy.ZQ == Integer.MIN_VALUE) {
            policy.ZQ = 0;
        }
        if (b.DEBUG) {
            E.c("Email", "Calculated Aggregate: " + policy, new Object[0]);
        }
        return policy;
    }

    private synchronized Policy hc() {
        if (this.Me == null) {
            this.Me = hb();
        }
        return this.Me;
    }

    private synchronized DevicePolicyManager hd() {
        if (this.Mc == null) {
            this.Mc = (DevicePolicyManager) this.mContext.getSystemService("device_policy");
        }
        return this.Mc;
    }

    public static synchronized SecurityPolicy w(Context context) {
        SecurityPolicy securityPolicy;
        synchronized (SecurityPolicy.class) {
            if (Mb == null) {
                Mb = new SecurityPolicy(context.getApplicationContext());
            }
            securityPolicy = Mb;
        }
        return securityPolicy;
    }

    private static boolean x(Context context) {
        Account k;
        Cursor query = context.getContentResolver().query(Policy.CONTENT_URI, Policy.XT, "passwordExpirationDays>0", null, null);
        if (query == null) {
            return false;
        }
        boolean z = false;
        while (query.moveToNext()) {
            try {
                long z2 = Policy.z(context, query.getLong(0));
                if (z2 >= 0 && (k = Account.k(context, z2)) != null) {
                    a(context, k, true);
                    context.getContentResolver().delete(EmailProvider.a("uiaccountdata", z2), null, null);
                    z = true;
                }
            } finally {
                query.close();
            }
        }
        return z;
    }

    public final void a(long j, Policy policy, String str, boolean z) {
        Account k = Account.k(this.mContext, j);
        if (k == null) {
            return;
        }
        Policy y = k.XJ > 0 ? Policy.y(this.mContext, k.XJ) : null;
        if (y != null && str != null && (y.ZX != policy.ZX || y.ZZ != policy.ZZ)) {
            Policy.a(this.mContext, k, policy);
        }
        boolean z2 = y == null || !y.equals(policy);
        if (z2 || !com.android.emailcommon.b.r.v(str, k.XH)) {
            Context context = this.mContext;
            ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
            if (policy != null) {
                policy.normalize();
                arrayList.add(ContentProviderOperation.newInsert(Policy.CONTENT_URI).withValues(policy.lB()).build());
                arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, k.Ln)).withValueBackReference("policyKey", 0).withValue("securitySyncKey", str).build());
            } else {
                arrayList.add(ContentProviderOperation.newUpdate(ContentUris.withAppendedId(Account.CONTENT_URI, k.Ln)).withValue("securitySyncKey", null).withValue("policyKey", 0).build());
            }
            if (k.XJ > 0) {
                arrayList.add(ContentProviderOperation.newDelete(ContentUris.withAppendedId(Policy.CONTENT_URI, k.XJ)).build());
            }
            try {
                context.getContentResolver().applyBatch(EmailContent.AUTHORITY, arrayList);
                k.X(context);
                b(context, k);
            } catch (OperationApplicationException e) {
            } catch (RemoteException e2) {
                throw new IllegalStateException("Exception setting account policy.");
            }
            he();
        } else {
            E.c(com.android.emailcommon.b.mW, "setAccountPolicy; policy unchanged", new Object[0]);
        }
        boolean z3 = false;
        m r = o.r(this.mContext);
        if (policy.aag != null) {
            E.c(com.android.emailcommon.b.mW, "Notify policies for " + k.Xy + " not supported.", new Object[0]);
            z3 = true;
            if (z) {
                r.c(k);
            }
            this.mContext.getContentResolver().delete(EmailProvider.a("uiaccountdata", j), null, null);
        } else if (!a(policy)) {
            z3 = true;
            E.c(com.android.emailcommon.b.mW, "Notify policies for " + k.Xy + " are not being enforced.", new Object[0]);
            if (z) {
                r.a(k);
            }
        } else if (z2) {
            E.c(com.android.emailcommon.b.mW, "Notify policies for " + k.Xy + " changed.", new Object[0]);
            if (z) {
                r.b(k);
            }
        } else {
            E.c(com.android.emailcommon.b.mW, "Policy is active and unchanged; do not notify.", new Object[0]);
        }
        a(this.mContext, k, z3);
    }

    public final boolean a(Policy policy) {
        int b = b(policy);
        if (b.DEBUG && b != 0) {
            StringBuilder sb = new StringBuilder("isActive for " + policy + ": ");
            sb.append("FALSE -> ");
            if ((b & 1) != 0) {
                sb.append("no_admin ");
            }
            if ((b & 2) != 0) {
                sb.append("config ");
            }
            if ((b & 4) != 0) {
                sb.append("password ");
            }
            if ((b & 8) != 0) {
                sb.append("encryption ");
            }
            if ((b & 16) != 0) {
                sb.append("protocol ");
            }
            E.c("Email", sb.toString(), new Object[0]);
        }
        return b == 0;
    }

    public final int b(Policy policy) {
        int i;
        if (policy == null) {
            policy = hc();
        }
        if (policy == Policy.aah) {
            return 0;
        }
        DevicePolicyManager hd = hd();
        if (!hj()) {
            return 1;
        }
        int i2 = (policy.ZM <= 0 || hd.getPasswordMinimumLength(this.Md) >= policy.ZM) ? 0 : 4;
        if (policy.ZL > 0) {
            i = hd.getPasswordQuality(this.Md) >= policy.lV() ? i2 : 4;
            if (!hd.isActivePasswordSufficient()) {
                i |= 4;
            }
        } else {
            i = i2;
        }
        if (policy.ZR > 0 && hd.getMaximumTimeToLock(this.Md) > policy.ZR * 1000) {
            i |= 2;
        }
        if (policy.ZO > 0) {
            long passwordExpirationTimeout = hd.getPasswordExpirationTimeout(this.Md);
            if (passwordExpirationTimeout == 0 || passwordExpirationTimeout > policy.lW()) {
                i |= 4;
            }
            if (hd.getPasswordExpiration(this.Md) - System.currentTimeMillis() < 0) {
                i |= 4;
            }
        }
        if (policy.ZP > 0 && hd.getPasswordHistoryLength(this.Md) < policy.ZP) {
            i |= 2;
        }
        if (policy.ZQ > 0 && hd.getPasswordMinimumNonLetter(this.Md) < policy.ZQ) {
            i |= 4;
        }
        if (policy.ZT && hd().getStorageEncryptionStatus() != 3) {
            i |= 8;
        }
        if (policy.ZW && !hd.getCameraDisabled(this.Md)) {
            i |= 2;
        }
        if (policy.aag != null) {
            i |= 16;
        }
        return i;
    }

    public final void d(Account account) {
        b(this.mContext, account);
    }

    public final synchronized void he() {
        this.Me = null;
        hg();
    }

    public final void hf() {
        if (b.DEBUG) {
            E.c("Email", "reducePolicies", new Object[0]);
        }
        he();
    }

    public final void hg() {
        DevicePolicyManager hd = hd();
        Policy hc = hc();
        if (hc == Policy.aah) {
            if (b.DEBUG) {
                E.c("Email", "setActivePolicies: none, remove admin", new Object[0]);
            }
            hd.removeActiveAdmin(this.Md);
            return;
        }
        if (hj()) {
            if (b.DEBUG) {
                E.c("Email", "setActivePolicies: " + hc, new Object[0]);
            }
            hd.setPasswordQuality(this.Md, hc.lV());
            hd.setPasswordMinimumLength(this.Md, hc.ZM);
            hd.setMaximumTimeToLock(this.Md, hc.ZR * 1000);
            hd.setMaximumFailedPasswordsForWipe(this.Md, hc.ZN);
            hd.setPasswordExpirationTimeout(this.Md, hc.lW());
            hd.setPasswordHistoryLength(this.Md, hc.ZP);
            hd.setPasswordMinimumSymbols(this.Md, 0);
            hd.setPasswordMinimumNumeric(this.Md, 0);
            hd.setPasswordMinimumNonLetter(this.Md, hc.ZQ);
            try {
                hd.setCameraDisabled(this.Md, hc.ZW);
            } catch (SecurityException e) {
                E.c("Email", "SecurityException in setCameraDisabled, nothing changed", new Object[0]);
            }
            hd.setStorageEncryption(this.Md, hc.ZT);
        }
    }

    public final void hh() {
        o.r(this.mContext).gJ();
    }

    public final void hi() {
        DevicePolicyManager hd = hd();
        if (hd.isAdminActive(this.Md)) {
            hd.wipeData(1);
        } else {
            E.c(com.android.emailcommon.b.mW, "Could not remote wipe because not device admin.", new Object[0]);
        }
    }

    public final boolean hj() {
        DevicePolicyManager hd = hd();
        return hd.isAdminActive(this.Md) && hd.hasGrantedPolicy(this.Md, 6) && hd.hasGrantedPolicy(this.Md, 7) && hd.hasGrantedPolicy(this.Md, 8);
    }

    public final ComponentName hk() {
        return this.Md;
    }

    public final void k(long j) {
        Policy y;
        Account k = Account.k(this.mContext, j);
        if (k == null || k.XJ == 0 || (y = Policy.y(this.mContext, k.XJ)) == null) {
            return;
        }
        if (b.DEBUG) {
            E.c("Email", "policiesRequired for " + k.Xy + ": " + y, new Object[0]);
        }
        a(this.mContext, k, true);
        m r = o.r(this.mContext);
        if (y.aag == null) {
            r.a(k);
        } else {
            r.c(k);
        }
    }
}
