package com.microsoft.omadm;

import android.content.Context;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.utils.SSPUtils;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;

/* loaded from: classes.dex */
public final class EnrollmentRenewal {
    private static final long MILLISECONDS_PER_DAY = TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS);
    private static Logger logger = Logger.getLogger(EnrollmentRenewal.class.getName());

    private EnrollmentRenewal() {
    }

    public static boolean areEnrollmentCertsExpired() {
        Date date = Services.get().getEnrollmentSettings().getDate(EnrollmentSettings.DEVICE_CERTIFICATE_EXPIRATION, null);
        if (date == null) {
            return false;
        }
        boolean after = new Date().after(date);
        Logger logger2 = logger;
        StringBuilder sb = new StringBuilder();
        sb.append("Enrollment certificates are ");
        sb.append(after ? "expired" : "not expired");
        logger2.info(sb.toString());
        return after;
    }

    private static boolean needStorageDowngrade(Context context) {
        EnrollmentSettings enrollmentSettings = Services.get().getEnrollmentSettings();
        if (CertificateKeyStore.isUseOfAndroidKeyStoreEnabled() || !CertificateKeyStore.isAndroidStore(enrollmentSettings)) {
            return false;
        }
        if (CertificateKeyStore.hasEnrollmentCertificate(context, enrollmentSettings)) {
            logger.fine("Requesting key store downgrade. Android key store usage should be disabled but is already in use.");
            return true;
        }
        logger.warning("Key store downgrade is needed but is skipped since the enrollment certificate is not found or is not accessible.");
        return false;
    }

    private static boolean needStorageUpgrade(Context context) {
        EnrollmentSettings enrollmentSettings = Services.get().getEnrollmentSettings();
        if (!CertificateKeyStore.isUseOfAndroidKeyStoreEnabled()) {
            logger.fine("Skipping key store upgrade. Usage of Android key store is disabled.");
            return false;
        }
        if (CertificateKeyStore.isAndroidStore(enrollmentSettings)) {
            logger.fine("Skipping key store upgrade. Already using Android key store.");
            return false;
        }
        try {
            KeyStore.getInstance(CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            return true;
        } catch (KeyStoreException unused) {
            logger.fine("Skipping key store upgrade. Cannot use Android key store.");
            return false;
        }
    }

    public static void renewIfNeeded(Context context) {
        if (withinRenewalWindow(context)) {
            logger.info("Enrollment certificate requires renewal and is within the renewal window, starting enrollment renewal service.");
            SSPUtils.renewEnrollmentCertificate();
        } else if (needStorageDowngrade(context)) {
            logger.info("Starting enrollment renewal service for key store downgrade.");
            SSPUtils.renewEnrollmentCertificate();
        } else if (needStorageUpgrade(context)) {
            logger.info("Starting enrollment key store upgrade.");
            SSPUtils.upgradeEnrollmentCertificateStorage();
        }
    }

    public static void renewNow() {
        logger.info("Enrollment renewal now triggered. Renewing...");
        SSPUtils.renewEnrollmentCertificate();
    }

    private static boolean withinRenewalWindow(Context context) {
        if (!Services.get().getEnrollmentStateSettings().getCurrentState().isEnrolled()) {
            logger.info("Skipping enrollment renewal. Device is not enrolled.");
            return false;
        }
        if (areEnrollmentCertsExpired()) {
            logger.info("Skipping enrollment renewal. Certificates are expired.");
            return false;
        }
        EnrollmentSettings enrollmentSettings = Services.get().getEnrollmentSettings();
        long j = enrollmentSettings.getLong(EnrollmentSettings.RENEWAL_PERIOD, 0L);
        Date date = enrollmentSettings.getDate(EnrollmentSettings.DEVICE_CERTIFICATE_EXPIRATION, null);
        if (j == 0 || date == null) {
            logger.info("Skipping enrollment renewal. Invalid renewal window or certificate expiration dates.");
            return false;
        }
        return Services.get().getNtpTimeClient().tryGetCurrentDate().after(new Date(date.getTime() - (j * MILLISECONDS_PER_DAY)));
    }
}
