package com.microsoft.omadm.platforms.afw.policy;

import android.content.ComponentName;
import android.content.Context;
import android.content.IntentFilter;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.os.Build;
import android.os.Bundle;
import android.os.UserManager;
import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonSyntaxException;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.ipphone.domain.IsIpPhoneUseCase;
import com.microsoft.intune.mam.client.app.startup.PermissionManager;
import com.microsoft.intune.omadm.afw.datacomponent.implementation.AfwSettingsRepository;
import com.microsoft.intune.omadm.afw.domain.IAfwSettingsRepository;
import com.microsoft.intune.omadm.defenderatp.contentcomponent.implementation.DefenderAtpContentProvider;
import com.microsoft.intune.omadm.safetynet.domain.SafetyNetSettingsManager;
import com.microsoft.omadm.OMADMSettings;
import com.microsoft.omadm.OMADMStatusCode;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.exception.OMADMStatusException;
import com.microsoft.omadm.platforms.afw.AfwResetPasswordTokenStatus;
import com.microsoft.omadm.platforms.afw.wptokenrenew.IWPTokenRenewalStateMachine;
import com.microsoft.omadm.platforms.android.IDevicePolicyManager;
import com.microsoft.omadm.platforms.android.NativeSettings;
import com.microsoft.omadm.platforms.android.policy.NativePolicyManager;
import com.microsoft.omadm.platforms.safe.KnoxVersion;
import com.microsoft.omadm.utils.PackageUtils;
import java.nio.charset.Charset;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.lang3.StringUtils;

@Singleton
/* loaded from: classes3.dex */
public class AfwPolicyManager extends NativePolicyManager {
    private static final String DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY_APP_RESTRICTIONS_KEY = "verify_apps:device_wide_unknown_source_block";
    public static final String GOOGLE_ACCOUNT_TYPE = "com.google";
    private static final String WORK_PROFILE_SYSTEM_APPS_PACKAGE_NAME_SEPARATOR = ";";
    private final IAfwSettingsRepository afwSettingsRepository;
    private Set<String> crossProfilePackages;
    private final UserManager userManager;
    private final IWPTokenRenewalStateMachine wpTokenRenewalStateMachine;
    private static final Logger LOGGER = Logger.getLogger(AfwPolicyManager.class.getName());
    private static final Charset UTF8 = Charset.forName("UTF-8");
    private static final Integer MINIMUM_GOOGLE_PLAY_VERSION_FOR_BLOCK_UNKNOWN_SOURCES = 80812500;
    private static final String[] DANGEROUS_PERMISSION_LIST = {"android.permission.READ_PHONE_STATE", PermissionManager.PERMISSION_GET_ACCOUNTS};
    public static final Set<String> ALWAYS_ON_VPN_BYPASS_APPLICATIONS = new HashSet(Arrays.asList("com.android.vending", "com.microsoft.windowsintune.companyportal"));

    /* loaded from: classes3.dex */
    private class AfwResetPasswordPayload {
        public String password;
        public String token;

        private AfwResetPasswordPayload() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public class PermissionActionItem {
        private String action;
        private String permission;

        private PermissionActionItem() {
        }

        public String getAction() {
            return this.action;
        }

        public String getPermission() {
            return this.permission;
        }

        public void setBehavior(String str) {
            this.action = str;
        }

        public void setPermission(String str) {
            this.permission = str;
        }
    }

    /* loaded from: classes3.dex */
    private class PermissionActions {
        private List<PermissionActionItem> permissionActions;

        private PermissionActions() {
        }

        public List<PermissionActionItem> getPermissionActions() {
            return this.permissionActions;
        }

        public void setPermissionActionsList(List<PermissionActionItem> list) {
            this.permissionActions = list;
        }
    }

    @Inject
    public AfwPolicyManager(Context context, OMADMSettings oMADMSettings, EnrollmentSettings enrollmentSettings, NativeSettings nativeSettings, SafetyNetSettingsManager safetyNetSettingsManager, IAfwSettingsRepository iAfwSettingsRepository, IWPTokenRenewalStateMachine iWPTokenRenewalStateMachine, IsIpPhoneUseCase isIpPhoneUseCase, IDevicePolicyManager iDevicePolicyManager, KnoxVersion knoxVersion) {
        super(context, oMADMSettings, enrollmentSettings, nativeSettings, safetyNetSettingsManager, isIpPhoneUseCase, iDevicePolicyManager, knoxVersion);
        this.crossProfilePackages = null;
        this.afwSettingsRepository = iAfwSettingsRepository;
        this.userManager = (UserManager) context.getSystemService(DefenderAtpContentProvider.USER_PATH);
        this.wpTokenRenewalStateMachine = iWPTokenRenewalStateMachine;
    }

    private static int convertActionStringToInt(String str) throws OMADMException {
        char c;
        int hashCode = str.hashCode();
        if (hashCode == -1895938684) {
            if (str.equals("Prompt")) {
                c = 0;
            }
            c = 65535;
        } else if (hashCode != -651933555) {
            if (hashCode == 1502889083 && str.equals("AutoDeny")) {
                c = 2;
            }
            c = 65535;
        } else {
            if (str.equals("AutoGrant")) {
                c = 1;
            }
            c = 65535;
        }
        if (c == 0) {
            return 0;
        }
        if (c == 1) {
            return 1;
        }
        if (c == 2) {
            return 2;
        }
        throw new OMADMException("Unknown action string.");
    }

    private void disableWorkProfileAllowWidgets() throws OMADMException {
        try {
            for (String str : this.devicePolicyManager.getCrossProfileWidgetProviders(this.componentName)) {
                if (!this.devicePolicyManager.removeCrossProfileWidgetProvider(this.componentName, str)) {
                    LOGGER.warning(MessageFormat.format("Failed to remove widget provider for component name {0} and package name {1}.", this.componentName, str));
                }
            }
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    private void enableWorkProfileAllowWidgets() throws OMADMException {
        try {
            List<String> crossProfileWidgetProviders = this.devicePolicyManager.getCrossProfileWidgetProviders(this.componentName);
            for (ApplicationInfo applicationInfo : this.context.getPackageManager().getInstalledApplications(0)) {
                if (!crossProfileWidgetProviders.contains(applicationInfo.packageName) && !this.devicePolicyManager.addCrossProfileWidgetProvider(this.componentName, applicationInfo.packageName)) {
                    LOGGER.warning(MessageFormat.format("Failed to add widget provider for component name {0} and package name {1}.", this.componentName, applicationInfo.packageName));
                }
            }
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    private boolean getAlwaysOnVpnLockdownModeEnabledExpectedValue() {
        return this.afwSettingsRepository.getWorkAlwaysOnVpnLockDownModeEnabledExpectedValue();
    }

    private String[] getHiddenWorkApps() {
        return this.afwSettingsRepository.getAppsHiddenByCompanyPortal().split(";");
    }

    private void recordHiddenWorkApp(String str) {
        StringBuilder sb = new StringBuilder(this.afwSettingsRepository.getAppsHiddenByCompanyPortal());
        if (wasPackageHiddenByCompanyPortal(str)) {
            return;
        }
        if (StringUtils.isNotEmpty(this.afwSettingsRepository.getAppsHiddenByCompanyPortal())) {
            sb.append(";");
        }
        sb.append(str);
        this.afwSettingsRepository.setAppsHiddenByCompanyPortal(sb.toString());
    }

    private void resetPasswordWithToken(String str, byte[] bArr) throws OMADMException {
        try {
            if (!this.devicePolicyManager.resetPasswordWithToken(this.componentName, str, bArr, 1)) {
                throw new OMADMException("Failed to set new work profile password.");
            }
            this.devicePolicyManager.lockNow();
            AfwPasswordPolicy.setRequireNewWorkProfilePassword(this.afwSettingsRepository, true);
        } catch (IllegalStateException e) {
            throw new OMADMException("Work profile password token is not valid.", e);
        }
    }

    private void setAlwaysOnVpnPackageHelper(String str, boolean z) throws PackageManager.NameNotFoundException, UnsupportedOperationException {
        if (Build.VERSION.SDK_INT < 29) {
            this.devicePolicyManager.setAlwaysOnVpnPackage(this.componentName, str, z);
        } else {
            this.devicePolicyManager.setAlwaysOnVpnPackage(this.componentName, str, z, ALWAYS_ON_VPN_BYPASS_APPLICATIONS);
        }
    }

    private boolean wasPackageHiddenByCompanyPortal(String str) {
        return this.afwSettingsRepository.getAppsHiddenByCompanyPortal().toLowerCase(Locale.US).contains(str.toLowerCase(Locale.US));
    }

    public void addCrossProfileIntentFilter(IntentFilter intentFilter, int i) {
        this.devicePolicyManager.addCrossProfileIntentFilter(this.componentName, intentFilter, i);
    }

    public void addUserRestriction(String str) throws OMADMException {
        this.devicePolicyManager.addUserRestriction(this.componentName, str);
    }

    public void clearCrossProfileIntentFilters() {
        this.devicePolicyManager.clearCrossProfileIntentFilters(this.componentName);
    }

    public void clearResetPasswordToken() throws OMADMException {
        try {
            this.devicePolicyManager.clearResetPasswordToken(this.componentName);
            this.afwSettingsRepository.setResetPasswordTokenStatus(AfwSettingsRepository.INSTANCE.getDEFAULT_WORK_RESET_PASSWORD_TOKEN_STATUS());
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void clearUserRestriction(String str) throws OMADMException {
        this.devicePolicyManager.clearUserRestriction(this.componentName, str);
    }

    public void deleteAlwaysOnVpnPackage() throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        this.afwSettingsRepository.setWorkAlwaysOnVpnPackageName("");
        try {
            String alwaysOnVpnPackage = getAlwaysOnVpnPackage();
            boolean alwaysOnVpnLockdownModeEnabledExpectedValue = getAlwaysOnVpnLockdownModeEnabledExpectedValue();
            LOGGER.info(MessageFormat.format("Current work profile Always On VPN Package is {0}. Deleting Always On VPN Package.", alwaysOnVpnPackage));
            this.devicePolicyManager.setUninstallBlocked(this.componentName, alwaysOnVpnPackage, false);
            IDevicePolicyManager iDevicePolicyManager = this.devicePolicyManager;
            ComponentName componentName = this.componentName;
            UserManager userManager = this.userManager;
            iDevicePolicyManager.clearUserRestriction(componentName, "no_config_vpn");
            setAlwaysOnVpnPackageHelper(null, alwaysOnVpnLockdownModeEnabledExpectedValue);
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void disable() throws OMADMException {
        if (!isProfileOwner()) {
            throw new OMADMException("Cannot remove managed profile, app is currently not a profile owner.");
        }
        wipeDevice(true);
    }

    public void enableCertInstall() throws OMADMException {
        try {
            if (Build.VERSION.SDK_INT >= 26) {
                this.devicePolicyManager.setDelegatedScopes(this.componentName, this.context.getPackageName(), Arrays.asList("delegation-cert-install"));
            } else if (Build.VERSION.SDK_INT >= 23) {
                this.devicePolicyManager.setCertInstallerPackage(this.componentName, this.context.getPackageName());
            } else {
                LOGGER.info("Calling enableCertInstall for pre-Android M is not supported; ignoring.");
            }
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void enableManageApplicationRestrictions(String str) throws OMADMException {
        try {
            if (Build.VERSION.SDK_INT >= 26) {
                this.devicePolicyManager.setDelegatedScopes(this.componentName, str, Arrays.asList("delegation-app-restrictions"));
            } else if (Build.VERSION.SDK_INT >= 24) {
                this.devicePolicyManager.setApplicationRestrictionsManagingPackage(this.componentName, str);
            } else {
                LOGGER.info("Calling enableManageApplicationRestrictions for pre-Android N is not supported; ignoring.");
            }
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public boolean enableWorkProfileSystemApplication(String str) {
        try {
            Set<String> workEnabledSystemApplications = this.afwSettingsRepository.getWorkEnabledSystemApplications();
            LOGGER.info(MessageFormat.format("Enabling system application package: {0}", str));
            this.devicePolicyManager.enableSystemApp(this.componentName, str);
            workEnabledSystemApplications.add(str);
            LOGGER.info("Setting enabled system application packages to: " + workEnabledSystemApplications);
            this.afwSettingsRepository.setWorkEnabledSystemApplications(workEnabledSystemApplications);
            return true;
        } catch (IllegalArgumentException unused) {
            LOGGER.warning("Package " + str + " is not a valid system application package.");
            return false;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to enable work profile system app with message: ", (Throwable) e);
            return false;
        }
    }

    public boolean getAllowBluetoothContactSharing() throws OMADMException {
        return !this.devicePolicyManager.getBluetoothContactSharingDisabled(this.componentName);
    }

    public boolean getAllowCrossProfileCallerId() throws OMADMException {
        return !this.devicePolicyManager.getCrossProfileCallerIdDisabled(this.componentName);
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean getAllowFaceForUnlock() throws OMADMException {
        if (Build.VERSION.SDK_INT >= 28) {
            return getKeyguardFeaturesEnabled(128, getDeviceWidePolicyManager());
        }
        throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean getAllowFingerprintForUnlock() throws OMADMException {
        return getKeyguardFeaturesEnabled(32, getDeviceWidePolicyManager());
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean getAllowIrisForUnlock() throws OMADMException {
        if (Build.VERSION.SDK_INT >= 28) {
            return getKeyguardFeaturesEnabled(256, getDeviceWidePolicyManager());
        }
        throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
    }

    public boolean getAllowScreenShot() throws OMADMException {
        return !this.devicePolicyManager.getScreenCaptureDisabled(this.componentName);
    }

    public boolean getAlwaysOnVpnLockdownModeEnabled() {
        return this.afwSettingsRepository.getWorkAlwaysOnVpnLockDownModeEnabledCurrent();
    }

    public String getAlwaysOnVpnPackage() throws OMADMException {
        try {
            return this.devicePolicyManager.getAlwaysOnVpnPackage(this.componentName);
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public boolean getBlockPersonalAppInstallsFromUnknownSourcesEnabled() throws OMADMException {
        if (Build.VERSION.SDK_INT > 28) {
            return hasUserRestriction("no_install_unknown_sources_globally");
        }
        Integer packageVersion = PackageUtils.getPackageVersion(this.context, "com.android.vending");
        if (packageVersion == null || packageVersion.intValue() < MINIMUM_GOOGLE_PLAY_VERSION_FOR_BLOCK_UNKNOWN_SOURCES.intValue()) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, MessageFormat.format("BlockPersonalAppInstallsFromUnknownSources not supported if the version code of Google Play is lower than: {0}. Current version code: {1}.", MINIMUM_GOOGLE_PLAY_VERSION_FOR_BLOCK_UNKNOWN_SOURCES, packageVersion));
        }
        try {
            return this.devicePolicyManager.getApplicationRestrictions(this.componentName, "com.android.vending").getBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY_APP_RESTRICTIONS_KEY);
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public boolean getConnectedAppsEnabledForApp(String str) throws OMADMException {
        if (Build.VERSION.SDK_INT < 30) {
            return false;
        }
        if (this.crossProfilePackages == null) {
            this.crossProfilePackages = this.devicePolicyManager.getCrossProfilePackages(this.componentName);
        }
        LOGGER.info(MessageFormat.format("getCrossProfilePackages packages: {0}, AfwPolicyManager={1}", String.join(", ", this.crossProfilePackages), this));
        return this.crossProfilePackages.contains(str);
    }

    public boolean getCrossProfileContactsSearchDisabled() throws OMADMException {
        if (Build.VERSION.SDK_INT >= 24) {
            return this.devicePolicyManager.getCrossProfileContactsSearchDisabled(this.componentName);
        }
        LOGGER.warning("AFW policy get CrossProfileContactsSearchDisabled called on API before N. Ignoring.");
        return false;
    }

    public int getDefaultAppPermissionPolicy() throws OMADMException {
        try {
            return this.devicePolicyManager.getPermissionPolicy(this.componentName);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager
    protected IDevicePolicyManager getDeviceWidePolicyManager() {
        return (Build.VERSION.SDK_INT < 24 || !isProfileOwner()) ? this.devicePolicyManager : this.devicePolicyManager.getParentProfileInstance(this.componentName);
    }

    public boolean getDisableUnredactedNotifications() throws OMADMException {
        return !getKeyguardFeaturesEnabled(8, this.devicePolicyManager);
    }

    public boolean getWorkCalendarAllowPersonalAccessEnabled() throws OMADMException {
        return this.devicePolicyManager.getCrossProfileCalendarPackages(this.componentName) == null;
    }

    public boolean getWorkProfileAllowWidgetsEnabled() throws OMADMException {
        try {
            List<String> crossProfileWidgetProviders = this.devicePolicyManager.getCrossProfileWidgetProviders(this.componentName);
            for (ApplicationInfo applicationInfo : this.context.getPackageManager().getInstalledApplications(0)) {
                if (!crossProfileWidgetProviders.contains(applicationInfo.packageName)) {
                    LOGGER.info(MessageFormat.format("Not all work profile widgets are enabled. The first non-enabled package found is {0}.", applicationInfo.packageName));
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public String getWorkProfileSystemApplications() {
        return StringUtils.join(this.afwSettingsRepository.getWorkEnabledSystemApplications(), ";");
    }

    public void grantCompanyPortalPermissions() {
        if (Build.VERSION.SDK_INT < 23) {
            LOGGER.info("Calling setPermissionGrantState for Android before M is not possible.");
            return;
        }
        for (String str : DANGEROUS_PERMISSION_LIST) {
            if (!this.devicePolicyManager.setPermissionGrantState(this.componentName, this.context.getPackageName(), str, 1)) {
                LOGGER.warning("Failed to grant Work Profile Company Portal the permission: " + str);
            }
        }
    }

    public boolean hasUserRestriction(String str) throws OMADMException {
        UserManager userManager = this.userManager;
        if (userManager != null) {
            return userManager.hasUserRestriction(str);
        }
        throw new OMADMException("User manager is null. We can't get the user restriction information on " + str);
    }

    public void hideWorkApps() {
        StringBuilder sb = new StringBuilder();
        for (ApplicationInfo applicationInfo : this.context.getPackageManager().getInstalledApplications(0)) {
            boolean isCompanyPortalPackage = PackageUtils.isCompanyPortalPackage(this.context, applicationInfo.packageName);
            boolean isApplicationHidden = this.devicePolicyManager.isApplicationHidden(this.componentName, applicationInfo.packageName);
            boolean z = this.context.getPackageManager().getLaunchIntentForPackage(applicationInfo.packageName) != null;
            if (!isCompanyPortalPackage && !isApplicationHidden && z) {
                LOGGER.info(MessageFormat.format("Hiding work app: {0}", applicationInfo.packageName));
                try {
                    this.devicePolicyManager.setApplicationHidden(this.componentName, applicationInfo.packageName, true);
                    recordHiddenWorkApp(applicationInfo.packageName);
                } catch (Exception e) {
                    LOGGER.severe(MessageFormat.format("Exception listing or hiding work app: {0} : {1}", applicationInfo.packageName, e.getMessage()));
                    sb.append(applicationInfo.packageName);
                    sb.append(";");
                }
            }
        }
        if (StringUtils.isNotEmpty(sb.toString())) {
            LOGGER.log(Level.WARNING, MessageFormat.format("Failed to hide the following packages: {0}", sb.toString()));
        }
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean isAppVerifyEnabled() {
        boolean hasUserRestriction = this.userManager.hasUserRestriction("ensure_verify_apps");
        LOGGER.info(MessageFormat.format("AFW isAppVerifyEnabled: {0}", Boolean.valueOf(hasUserRestriction)));
        return hasUserRestriction;
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean isDeviceAdmin() {
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean isEnabled() {
        return isProfileOwner();
    }

    public boolean isWorkPasswordCompliant() throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            long passwordExpiration = this.devicePolicyManager.getPasswordExpiration(this.componentName);
            if (this.devicePolicyManager.isActivePasswordSufficient()) {
                if (passwordExpiration != 0) {
                    if (passwordExpiration - System.currentTimeMillis() > 0) {
                    }
                }
                return true;
            }
            return false;
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public boolean isWorkPasswordRequired() {
        return Build.VERSION.SDK_INT >= 24 && this.afwSettingsRepository.getWorkPasswordEnabled() == 0;
    }

    public boolean isWorkProfileTokenRequiredForRenewal() {
        IWPTokenRenewalStateMachine iWPTokenRenewalStateMachine = this.wpTokenRenewalStateMachine;
        if (iWPTokenRenewalStateMachine != null) {
            return iWPTokenRenewalStateMachine.isWorkProfileTokenRequiredForRenewal();
        }
        LOGGER.severe("Failed to get work profile token renewal status due to the null injected state machine.");
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void onPasswordChanged() {
        AfwPasswordPolicy.setRequireNewWorkProfilePassword(this.afwSettingsRepository, false);
    }

    public boolean removeUserCertificate(String str) throws OMADMException {
        if (Build.VERSION.SDK_INT >= 24) {
            return this.devicePolicyManager.removeKeyPair(this.componentName, str);
        }
        throw new OMADMException("Remove user certificates not supported on devices prior to N.");
    }

    public void renewWorkProfileToken(String str) {
        if (this.wpTokenRenewalStateMachine == null) {
            LOGGER.severe("Failed to renew work profile token due to the null injected state machine.");
        } else {
            LOGGER.info("Start processing work profile token renewal.");
            this.wpTokenRenewalStateMachine.renewWorkProfileToken(str);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void resetPassword(String str) throws OMADMException {
        try {
            AfwResetPasswordPayload afwResetPasswordPayload = (AfwResetPasswordPayload) new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.UPPER_CAMEL_CASE).create().fromJson(str, AfwResetPasswordPayload.class);
            byte[] bytes = afwResetPasswordPayload.token.getBytes(UTF8);
            if (Build.VERSION.SDK_INT < 26) {
                super.resetPassword(afwResetPasswordPayload.password);
            } else {
                resetPasswordWithToken(afwResetPasswordPayload.password, bytes);
            }
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public boolean resetPasswordTokenNeedsActivation() throws OMADMException {
        if (Build.VERSION.SDK_INT < 26) {
            LOGGER.warning("AFW policy resetPasswordTokenNeedsActivation called on API before O. Ignoring.");
            return false;
        }
        try {
            return AfwResetPasswordTokenStatus.Set == this.afwSettingsRepository.getResetPasswordTokenStatus();
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setAccountManagementDisabled(String str, boolean z) {
        this.devicePolicyManager.setAccountManagementDisabled(this.componentName, str, z);
    }

    public void setAllowBluetoothContactSharing(boolean z) throws OMADMException {
        this.devicePolicyManager.setBluetoothContactSharingDisabled(this.componentName, !z);
    }

    public void setAllowCrossProfileCallerId(boolean z) throws OMADMException {
        this.devicePolicyManager.setCrossProfileCallerIdDisabled(this.componentName, !z);
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void setAllowFaceForUnlock(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 28) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
        }
        setKeyguardFeaturesEnabled(128, z, getDeviceWidePolicyManager());
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void setAllowFingerprintForUnlock(boolean z) throws OMADMException {
        setKeyguardFeaturesEnabled(32, z, getDeviceWidePolicyManager());
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void setAllowIrisForUnlock(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 28) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
        }
        setKeyguardFeaturesEnabled(256, z, getDeviceWidePolicyManager());
    }

    public void setAllowScreenShot(boolean z) throws OMADMException {
        this.devicePolicyManager.setScreenCaptureDisabled(this.componentName, !z);
    }

    public void setAllowWorkFaceForUnlock(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 28) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
        }
        setKeyguardFeaturesEnabled(128, z, this.devicePolicyManager);
    }

    public void setAllowWorkFingerprintForUnlock(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        setKeyguardFeaturesEnabled(32, z, this.devicePolicyManager);
    }

    public void setAllowWorkIrisForUnlock(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 28) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to P.");
        }
        setKeyguardFeaturesEnabled(256, z, this.devicePolicyManager);
    }

    public void setAlwaysOnVpnLockdownModeEnabled(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        if (this.afwSettingsRepository.getWorkAlwaysOnVpnLockDownModeEnabledExpectedValue()) {
            LOGGER.info(MessageFormat.format("Current value of AFW settings lockdown mode enabled next set to: {0}, setting it to: {1}.", Boolean.valueOf(this.afwSettingsRepository.getWorkAlwaysOnVpnLockDownModeEnabledExpectedValue()), Boolean.valueOf(z)));
        }
        this.afwSettingsRepository.setWorkAlwaysOnVpnLockDownModeEnabledExpectedValue(z);
        try {
            LOGGER.info(MessageFormat.format("Setting work profile always on vpn lockdown mode enabled to: {0}", Boolean.valueOf(z)));
            String alwaysOnVpnPackage = getAlwaysOnVpnPackage();
            if (StringUtils.isNotBlank(alwaysOnVpnPackage)) {
                setAlwaysOnVpnPackageHelper(alwaysOnVpnPackage, z);
                this.devicePolicyManager.setUninstallBlocked(this.componentName, alwaysOnVpnPackage, true);
                IDevicePolicyManager iDevicePolicyManager = this.devicePolicyManager;
                ComponentName componentName = this.componentName;
                UserManager userManager = this.userManager;
                iDevicePolicyManager.addUserRestriction(componentName, "no_config_vpn");
                this.afwSettingsRepository.setWorkAlwaysOnVpnLockDownModeEnabledCurrent(z);
            }
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public synchronized void setAlwaysOnVpnPackage(String str) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        this.afwSettingsRepository.setWorkAlwaysOnVpnPackageName(str == null ? "" : str);
        try {
            if (!PackageUtils.isPackageInstalled(this.context, str)) {
                LOGGER.warning(MessageFormat.format("Current work profile Always On VPN Package is: {0}. Tried setting to {1}, but that package is not installed on device.", getAlwaysOnVpnPackage(), str));
                throw new OMADMException(MessageFormat.format("Tried to set {0} as as Always On VPN, but the package was not found.", str));
            }
            boolean alwaysOnVpnLockdownModeEnabledExpectedValue = getAlwaysOnVpnLockdownModeEnabledExpectedValue();
            String alwaysOnVpnPackage = getAlwaysOnVpnPackage();
            LOGGER.info(MessageFormat.format("Current work profile Always On VPN Package is {0}. Setting vpn package to {1}. Setting lockdown Enabled to: {2} ", alwaysOnVpnPackage, str, Boolean.valueOf(alwaysOnVpnLockdownModeEnabledExpectedValue)));
            setAlwaysOnVpnPackageHelper(str, alwaysOnVpnLockdownModeEnabledExpectedValue);
            this.devicePolicyManager.setUninstallBlocked(this.componentName, str, true);
            if (StringUtils.isNotBlank(alwaysOnVpnPackage) && !StringUtils.equals(alwaysOnVpnPackage, str)) {
                LOGGER.info(MessageFormat.format("Customer is switching to new Always ON VPN Package {0}. Removing app uninstall restriction on {1}.", str, alwaysOnVpnPackage));
                this.devicePolicyManager.setUninstallBlocked(this.componentName, alwaysOnVpnPackage, false);
            }
            IDevicePolicyManager iDevicePolicyManager = this.devicePolicyManager;
            ComponentName componentName = this.componentName;
            UserManager userManager = this.userManager;
            iDevicePolicyManager.addUserRestriction(componentName, "no_config_vpn");
        } catch (UnsupportedOperationException unused) {
            LOGGER.warning(MessageFormat.format("Current work profile Always On VPN Package is: {0}. Tried setting to {1}, but that package does not support always on VPN.", getAlwaysOnVpnPackage(), str));
            throw new OMADMException(MessageFormat.format("Tried to set package: {0} as Always On VPN, but package does not support Always On functionality.", str));
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public void setBlockPersonalAppInstallsFromUnknownSources(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT > 28) {
            setUserRestriction("no_install_unknown_sources_globally", z);
            return;
        }
        try {
            Bundle bundle = new Bundle(this.devicePolicyManager.getApplicationRestrictions(this.componentName, "com.android.vending"));
            bundle.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY_APP_RESTRICTIONS_KEY, z);
            this.devicePolicyManager.setApplicationRestrictions(this.componentName, "com.android.vending", bundle);
        } catch (Exception e) {
            LOGGER.severe(e.getMessage());
            throw new OMADMException(e);
        }
    }

    public void setConnectedAppsEnabledForApp(String str, boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 30) {
            if (z) {
                throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to R (i.e. API level 30 or Android 11).");
            }
            return;
        }
        if (this.crossProfilePackages == null) {
            this.crossProfilePackages = this.devicePolicyManager.getCrossProfilePackages(this.componentName);
        }
        if (z && !this.crossProfilePackages.contains(str)) {
            this.crossProfilePackages.add(str);
            this.devicePolicyManager.setCrossProfilePackages(this.componentName, this.crossProfilePackages);
            LOGGER.info(MessageFormat.format("setCrossProfilePackages updated packages: {0}, AfwPolicyManager={1}", String.join(", ", this.crossProfilePackages), this));
        } else {
            if (z || !this.crossProfilePackages.contains(str)) {
                return;
            }
            this.crossProfilePackages.remove(str);
            this.devicePolicyManager.setCrossProfilePackages(this.componentName, this.crossProfilePackages);
            LOGGER.info(MessageFormat.format("setCrossProfilePackages updated packages: {0}, AfwPolicyManager={1}", String.join(", ", this.crossProfilePackages), this));
        }
    }

    public void setCrossProfileContactsSearchDisabled(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            LOGGER.warning("AFW policy CrossProfileContactsSearchDisabled called on API before N. Ignoring.");
        } else {
            this.devicePolicyManager.setCrossProfileContactsSearchDisabled(this.componentName, z);
        }
    }

    public void setDefaultAppPermissionPolicy(int i) throws OMADMException {
        try {
            this.devicePolicyManager.setPermissionPolicy(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setDisableUnredactedNotifications(boolean z) throws OMADMException {
        setKeyguardFeaturesEnabled(8, !z, this.devicePolicyManager);
    }

    public void setPermissionGrantState(String str, String str2) throws OMADMException {
        try {
            PermissionActions permissionActions = (PermissionActions) new Gson().fromJson(str2, PermissionActions.class);
            if (permissionActions != null) {
                for (PermissionActionItem permissionActionItem : permissionActions.getPermissionActions()) {
                    this.devicePolicyManager.setPermissionGrantState(this.componentName, str, permissionActionItem.getPermission(), convertActionStringToInt(permissionActionItem.getAction()));
                }
            }
        } catch (JsonSyntaxException unused) {
            throw new OMADMException("Failure while parsing the permission action list.");
        }
    }

    public void setProfileEnabled() throws OMADMException {
        try {
            this.devicePolicyManager.setProfileEnabled(this.componentName);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setResetPasswordToken(String str) throws OMADMException {
        try {
            if (AfwResetPasswordTokenStatus.Inactive != this.afwSettingsRepository.getResetPasswordTokenStatus()) {
                LOGGER.warning("Work Profile Reset Password Token is already set.");
                return;
            }
            this.devicePolicyManager.setResetPasswordToken(this.componentName, str.getBytes(UTF8));
            this.afwSettingsRepository.setResetPasswordTokenStatus(AfwResetPasswordTokenStatus.Set);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setUserRestriction(String str, boolean z) throws OMADMException {
        if (z) {
            addUserRestriction(str);
        } else {
            clearUserRestriction(str);
        }
    }

    public void setWorkCalendarAllowPersonalAccessEnabled(boolean z) throws OMADMException {
        LOGGER.info(MessageFormat.format("setWorkCalendarAllowPersonalAccessEnabled {0} to {1}.", this.componentName, Boolean.valueOf(z)));
        if (z) {
            this.devicePolicyManager.setCrossProfileCalendarPackages(this.componentName, null);
        } else {
            this.devicePolicyManager.setCrossProfileCalendarPackages(this.componentName, Collections.emptySet());
        }
    }

    public void setWorkMaximumFailedPasswordsForWipe(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setMaximumFailedPasswordsForWipe(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkMaximumTimeToLock(long j) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setMaximumTimeToLock(this.componentName, j);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordExpiration(long j) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordExpirationTimeout(this.componentName, j);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordHistoryLength(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordHistoryLength(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumLength(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumLength(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumLetter(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumLetters(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumLowerCase(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumLowerCase(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumNonLetter(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumNonLetter(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumNumeric(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumNumeric(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumSymbol(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumSymbols(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordMinimumUpperCase(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordMinimumUpperCase(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkPasswordQuality(int i) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        try {
            this.devicePolicyManager.setPasswordQuality(this.componentName, i);
        } catch (Exception e) {
            throw new OMADMException(e);
        }
    }

    public void setWorkProfileAllowWidgets(boolean z) throws OMADMException {
        if (z) {
            enableWorkProfileAllowWidgets();
        } else {
            disableWorkProfileAllowWidgets();
        }
    }

    public void setWorkProfileSystemApplications(String str) throws OMADMException {
        String[] split = str.split(";");
        Set<String> workEnabledSystemApplications = this.afwSettingsRepository.getWorkEnabledSystemApplications();
        for (String str2 : split) {
            if (str2.isEmpty()) {
                LOGGER.warning("System app package list contained empty package name.");
            } else {
                try {
                    this.devicePolicyManager.enableSystemApp(this.componentName, str2);
                    workEnabledSystemApplications.add(str2);
                } catch (IllegalArgumentException unused) {
                    LOGGER.warning("Package " + str2 + " is not a valid system application package.");
                } catch (Exception e) {
                    LOGGER.severe("Failed to enable work profile system app with message: " + e.getMessage());
                    throw new OMADMException(e);
                }
            }
        }
        LOGGER.info("Setting enabled system application packages to: " + workEnabledSystemApplications);
        this.afwSettingsRepository.setWorkEnabledSystemApplications(workEnabledSystemApplications);
    }

    public void setWorkTrustAgentsEnabled(boolean z) throws OMADMException {
        if (Build.VERSION.SDK_INT < 24) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED, "Not supported on AFW devices prior to N.");
        }
        setKeyguardFeaturesEnabled(16, z, this.devicePolicyManager);
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public boolean shouldStartEncryption() {
        return false;
    }

    public void showHiddenWorkApps() {
        StringBuilder sb = new StringBuilder();
        for (String str : getHiddenWorkApps()) {
            if (StringUtils.isNotEmpty(str)) {
                if (PackageUtils.isPackageInstalled(this.context, str)) {
                    LOGGER.info(MessageFormat.format("Unhiding work app: {0}", str));
                    try {
                        this.devicePolicyManager.setApplicationHidden(this.componentName, str, false);
                    } catch (Exception e) {
                        LOGGER.severe(MessageFormat.format("Exception unhiding work app: {0} : {1}", str, e.getMessage()));
                        if (StringUtils.isNotEmpty(sb)) {
                            sb.append(";");
                        }
                        sb.append(str);
                    }
                } else {
                    LOGGER.info(MessageFormat.format("Previously hidden app has been uninstalled: {0}", str));
                }
            }
        }
        this.afwSettingsRepository.setAppsHiddenByCompanyPortal(sb.toString());
        if (StringUtils.isNotEmpty(sb.toString())) {
            LOGGER.log(Level.WARNING, MessageFormat.format("Failed to unhide the following work apps: {0}", sb.toString()));
        }
    }

    @Override // com.microsoft.omadm.platforms.android.policy.NativePolicyManager, com.microsoft.omadm.platforms.IPolicyManager
    public void toggleAppVerify(boolean z) {
        if (z) {
            this.devicePolicyManager.addUserRestriction(this.componentName, "ensure_verify_apps");
        } else {
            this.devicePolicyManager.clearUserRestriction(this.componentName, "ensure_verify_apps");
        }
    }

    public void uninstallCaCert(byte[] bArr) throws OMADMException {
        this.devicePolicyManager.uninstallCaCert(this.componentName, bArr);
    }
}
