package com.microsoft.intune.mam.client.fileencryption;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import com.microsoft.intune.mam.DeviceBuildUtils;
import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.database.FileEncryptionStateTable;
import com.microsoft.intune.mam.client.database.IntuneMAMOpenHelper;
import com.microsoft.intune.mam.client.database.MultiIdentityInfoTable;
import com.microsoft.intune.mam.client.database.PendingFileEncryptionOperationsTable;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionServiceBehavior;
import com.microsoft.intune.mam.client.fileencryption.NativeFileIO;
import com.microsoft.intune.mam.client.identity.IdentityResolutionInfo;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityImpl;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.identity.MultiIdentityTransitionMode;
import com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiver;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiverRegistry;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.client.util.FileUtils;
import com.microsoft.intune.mam.client.util.IOUtils;
import com.microsoft.intune.mam.client.util.PackageUtils;
import com.microsoft.intune.mam.libs.MAMLibraryException;
import com.microsoft.intune.mam.libs.NativeLibLoaderClient;
import com.microsoft.intune.mam.log.MAMLogDisabler;
import com.microsoft.intune.mam.log.MAMLogManagerImpl;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.BundleEncryptionKey;
import com.microsoft.intune.mam.policy.notification.MAMNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotificationType;
import com.microsoft.intune.mam.policy.notification.MAMUserNotification;
import java.io.File;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Provider;

/* loaded from: classes.dex */
public class FileEncryptionManager implements MAMNotificationReceiver {
    private static final String DEFAULT_CIPHER = "AES";
    private static final String DEFAULT_CIPHER_MODE = "CBC";
    private static final int DEFAULT_KEYLENGTH = 128;
    private static final String ENCRYPTION_DATE_KEY_BASE = "EncryptionDate";
    private static final int KEY_ID_LENGTH = 16;
    static final int MAX_KEY_RETRIEVAL_FAILURES = 3;
    private static final String MULTIDEX_SUPPORT_CODE_CACHE_DIR_NAME = "code_cache";
    private static final int NATIVE_FLAG_APP_ON_SDCARD = 64;
    private static final int NATIVE_FLAG_AVOID_PTRACE = 128;
    private static final int NATIVE_FLAG_CRM_PACKAGE = 16;
    private static final int NATIVE_FLAG_EDGE_PACKAGE = 512;
    private static final int NATIVE_FLAG_ENABLE_UNLINKFS = 256;
    private static final int NATIVE_FLAG_HOUDINI = 2;
    private static final int NATIVE_FLAG_HOUDINI_PRESENT = 4;
    private static final int NATIVE_FLAG_IS_FUNCTIONAL_TEST = 32;
    private static final int NATIVE_FLAG_OFFICE_PACKAGE = 1;
    private static final int NATIVE_FLAG_POWERBI_PACKAGE = 8;
    private static final String SHARED_PREFS_NAME = "com.microsoft.intune.mam.appclient.fileencryption.pref";
    private String mCipherSpec;
    private Context mContext;
    private Key mCurrentMasterKey;
    private UUID mCurrentMasterKeyId;
    protected FileEncryptionServiceBehavior mEncryptionService;
    Map<MAMIdentity, EncryptionRequirement> mEncryptionSetting;
    private final HashMap<UUID, Integer> mFailedKeys;
    Provider<FileEncryptionServiceBehavior> mFileEncryptionServiceBehaviorProvider;
    FileEncryptionStateTable mFileEncryptionStateTable;
    private Mac mHMAC;
    private long mHookInstallRC;
    private boolean mHooksInstalled;
    private final IdentityResolver mIdentityResolver;
    private final Object mKeysLock;
    private final HashMap<UUID, Key> mKnownKeys;
    MAMIdentityManager mMAMIdentityManager;
    MAMLogPIIFactory mMAMLogPIIFactory;
    private MultiIdentityInfoTable mMultiIdentityInfoTable;
    MAMNotificationReceiverRegistry mNotificationReceiverRegistry;
    private FileEncryptionPendingOperations mOperations;
    Provider<FileEncryptionPendingOperations> mOperationsProvider;
    PendingFileEncryptionOperationsTable mPendingEncryptionOperationsTable;
    private AppPolicyServiceWrapper mProvider;
    private TelemetryLogger mTelemetryLogger;
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) FileEncryptionManager.class);
    private static final byte[] FILE_HEADER_IDENT = {0, 77, 83, 77, 65, 77, 65, 82, 80, 67, 82, 89, 80, 84, 0};

    /* loaded from: classes.dex */
    public enum CompletionRequirement {
        SYNCHRONOUS,
        ASYNCHRONOUS
    }

    /* loaded from: classes.dex */
    public enum EncryptionOperationResult {
        SUCCESS,
        PENDING,
        FAILED
    }

    protected FileEncryptionManager(AppPolicyServiceWrapper appPolicyServiceWrapper, Context context, IdentityResolver identityResolver) {
        this.mEncryptionSetting = new ConcurrentHashMap();
        this.mKnownKeys = new HashMap<>();
        this.mFailedKeys = new HashMap<>();
        this.mCurrentMasterKeyId = null;
        this.mCurrentMasterKey = null;
        this.mKeysLock = new Object();
        this.mHooksInstalled = false;
        this.mHookInstallRC = 0L;
        this.mProvider = appPolicyServiceWrapper;
        this.mContext = context;
        this.mIdentityResolver = identityResolver;
        this.mCipherSpec = getCryptoAlgorithm() + "/" + getDefaultCipherMode() + "/PKCS5Padding";
    }

    public FileEncryptionManager(AppPolicyServiceWrapper appPolicyServiceWrapper, NativeLibLoaderClient nativeLibLoaderClient, Context context, MAMLogManagerImpl mAMLogManagerImpl, Provider<FileEncryptionServiceBehavior> provider, PendingFileEncryptionOperationsTable pendingFileEncryptionOperationsTable, FileEncryptionStateTable fileEncryptionStateTable, Provider<FileEncryptionPendingOperations> provider2, MAMLogPIIFactory mAMLogPIIFactory, MAMIdentityManager mAMIdentityManager, MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry, IdentityResolver identityResolver, MultiIdentityInfoTable multiIdentityInfoTable, TelemetryLogger telemetryLogger) {
        this(appPolicyServiceWrapper, context, identityResolver);
        int i;
        boolean z;
        this.mFileEncryptionServiceBehaviorProvider = provider;
        this.mPendingEncryptionOperationsTable = pendingFileEncryptionOperationsTable;
        this.mFileEncryptionStateTable = fileEncryptionStateTable;
        this.mOperationsProvider = provider2;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mMAMIdentityManager = mAMIdentityManager;
        this.mNotificationReceiverRegistry = mAMNotificationReceiverRegistry;
        this.mMultiIdentityInfoTable = multiIdentityInfoTable;
        this.mTelemetryLogger = telemetryLogger;
        startKeyFetch();
        try {
            nativeLibLoaderClient.ensureLoaded();
            String mAMDBCanonicalPath = getMAMDBCanonicalPath(context);
            if (PackageUtils.isWXPOfficePackage(context)) {
                LOGGER.info("Installing hooks for a WXP Office app.");
                i = 1;
            } else if (PackageUtils.isPowerBIPackage(context)) {
                i = 8;
                LOGGER.info("Installing hooks for a PowerBI app.");
            } else if (PackageUtils.isCRMPackage(context)) {
                i = 16;
                LOGGER.info("Installing hooks for a CRM app.");
            } else if (PackageUtils.isEdgePackage(context)) {
                i = 512;
                LOGGER.info("Installing hooks for an Edge app.");
            } else {
                i = 0;
            }
            if (PackageUtils.isInstalledToSDCard(context)) {
                i |= 64;
                LOGGER.info("App is installed to the SD card.");
            }
            String addTrailingSlash = FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(new File(context.getApplicationInfo().dataDir)));
            String addTrailingSlash2 = FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(context.getFilesDir()));
            String addTrailingSlash3 = FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(mAMLogManagerImpl.getLogsDir()));
            String addTrailingSlash4 = FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(getCodeCacheDir(context)));
            try {
                z = nativeLibLoaderClient.isLibHoudiniInUse();
            } catch (MAMLibraryException e) {
                LOGGER.log(Level.SEVERE, "Unable to determine if houdini is in use", (Throwable) e);
                z = false;
            }
            i = z ? i | 4 | 128 : i;
            if (PackageUtils.isFtestPackage(context)) {
                i |= 32;
                LOGGER.info("Installing hooks for the FunctionalTestApp.");
            }
            if (DeviceBuildUtils.isHuaweiDevice() && Build.VERSION.SDK_INT >= 26) {
                i |= 128;
            }
            int i2 = isUnlinkfsNeeded() ? i | 256 : i;
            long installHooks = installHooks(mAMDBCanonicalPath, i2, Build.VERSION.SDK_INT, addTrailingSlash2, addTrailingSlash4, addTrailingSlash3, addTrailingSlash);
            if (installHooks == 0) {
                this.mHooksInstalled = true;
            } else {
                LOGGER.severe(String.format("Failed to initialize file encryption with error code 0x%x", Long.valueOf(installHooks)));
                this.mHookInstallRC = installHooks;
            }
            if (z && installHooks == 0) {
                try {
                    nativeLibLoaderClient.ensureLoadedForHoudini();
                } catch (MAMLibraryException e2) {
                    LOGGER.log(Level.SEVERE, "Houdini is in use but we can't load the libraries or initialize the classloader.", (Throwable) e2);
                    this.mHooksInstalled = false;
                }
                LOGGER.info("Installing additional hooks for houdini");
                long installHooksHoudini = installHooksHoudini(mAMDBCanonicalPath, i2 | 2, addTrailingSlash2, addTrailingSlash4, addTrailingSlash3, addTrailingSlash, getFileTrackerData());
                if (installHooksHoudini == 0) {
                    LOGGER.info("Installed hooks for houdini successfully");
                    return;
                }
                this.mHooksInstalled = false;
                this.mHookInstallRC = installHooksHoudini;
                LOGGER.severe(String.format("Failed to initialize file encryption for houdini with error code 0x%x", Long.valueOf(installHooksHoudini)));
            }
        } catch (MAMLibraryException e3) {
            LOGGER.log(Level.SEVERE, "There were errors when loading the native libraries, we are unable to continue", (Throwable) e3);
            this.mHooksInstalled = false;
        }
    }

    private int alignAllocationForPKCS5Padding(int i, int i2) {
        int i3 = i % i2;
        return i3 > 0 ? (i + i2) - i3 : i + i2;
    }

    public static boolean areEncryptedBytesVisible(File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            if (fileInputStream.available() < FILE_HEADER_IDENT.length) {
                return false;
            }
            byte[] bArr = new byte[FILE_HEADER_IDENT.length];
            fileInputStream.read(bArr);
            return Arrays.equals(bArr, FILE_HEADER_IDENT);
        } finally {
            IOUtils.safeCloseAndLog(fileInputStream);
        }
    }

    private static native long changeFileEncryptionNative(int i, int i2);

    @SuppressLint({"NewApi"})
    private File getCodeCacheDir(Context context) {
        return Build.VERSION.SDK_INT >= 21 ? context.getCodeCacheDir() : new File(context.getApplicationInfo().dataDir, MULTIDEX_SUPPORT_CODE_CACHE_DIR_NAME);
    }

    private String getEncryptionDateKey(MAMIdentity mAMIdentity) {
        return mAMIdentity.canonicalUPN() + "_" + ENCRYPTION_DATE_KEY_BASE;
    }

    private native long getFileTrackerData();

    private String getMAMDBCanonicalPath(Context context) {
        try {
            try {
                return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getCanonicalPath();
            } catch (IOException unused) {
                return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getAbsolutePath();
            }
        } catch (IOException unused2) {
            return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getParentFile().getCanonicalPath();
        }
    }

    private byte[] hmac(UUID uuid, byte[] bArr) throws MAMException {
        Key key;
        synchronized (this.mKeysLock) {
            key = this.mKnownKeys.get(uuid);
            if (key == null) {
                key = retrieveKey(uuid);
            }
        }
        return hmac(key, bArr);
    }

    private native long installHooks(String str, int i, int i2, String str2, String str3, String str4, String str5);

    private native long installHooksHoudini(String str, int i, String str2, String str3, String str4, String str5, long j);

    public static native boolean isCanonicalPathIgnored(String str);

    public static native boolean isFileEncrypted(int i);

    public static boolean isFileEncrypted(File file) throws FileNotFoundException {
        ParcelFileDescriptor open = ParcelFileDescriptor.open(file, 268435456);
        try {
            return isFileEncrypted(open.getFd());
        } finally {
            IOUtils.safeClose(open);
        }
    }

    public static boolean isFileEncrypted(FileDescriptor fileDescriptor) throws IOException {
        ParcelFileDescriptor dup = ParcelFileDescriptor.dup(fileDescriptor);
        try {
            return isFileEncrypted(dup.getFd());
        } finally {
            dup.close();
        }
    }

    public static native void lockFileEncryptionState(int i);

    private Key retrieveKey(UUID uuid) throws MAMException {
        Integer num = this.mFailedKeys.get(uuid);
        if (num == null) {
            num = 0;
        }
        if (num.intValue() >= 3) {
            throw new MAMException(String.format("Failed to get file encryption key with id %s after maximum retries.", uuid.toString()));
        }
        if (!this.mProvider.areEncryptionKeysAccessible()) {
            throw new MAMException("Encryption keys only available to managed apps");
        }
        try {
            BundleEncryptionKey fileEncryptionKey = this.mProvider.getFileEncryptionKey(uuid);
            if (fileEncryptionKey == null) {
                this.mFailedKeys.put(uuid, Integer.valueOf(num.intValue() + 1));
                throw new MAMException(String.format("Failed to get file encryption key with id %s from client.", uuid.toString()));
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(fileEncryptionKey.getKey(), getCryptoAlgorithm());
            if (fileEncryptionKey.isCurrentKey()) {
                setEncryptionKey(fileEncryptionKey);
            } else {
                this.mKnownKeys.put(uuid, secretKeySpec);
            }
            return secretKeySpec;
        } catch (MAMException e) {
            this.mFailedKeys.put(uuid, Integer.valueOf(num.intValue() + 1));
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setEncryptionKey(BundleEncryptionKey bundleEncryptionKey) throws MAMException {
        if (bundleEncryptionKey == null || bundleEncryptionKey.getKey() == null) {
            throw new MAMException("null encryption key is invalid");
        }
        synchronized (this.mKeysLock) {
            this.mCurrentMasterKeyId = bundleEncryptionKey.getKeyId();
            this.mCurrentMasterKey = new SecretKeySpec(bundleEncryptionKey.getKey(), getCryptoAlgorithm());
            this.mKnownKeys.put(this.mCurrentMasterKeyId, this.mCurrentMasterKey);
        }
    }

    private void startKeyFetch() {
        new Thread(new Runnable() { // from class: com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    synchronized (FileEncryptionManager.this.mKeysLock) {
                        BundleEncryptionKey prefetchCurrentFileEncryptionKey = FileEncryptionManager.this.mProvider.prefetchCurrentFileEncryptionKey();
                        if (prefetchCurrentFileEncryptionKey != null) {
                            FileEncryptionManager.this.setEncryptionKey(prefetchCurrentFileEncryptionKey);
                        }
                    }
                } catch (MAMException e) {
                    FileEncryptionManager.LOGGER.log(Level.WARNING, "Unable to prefetch encryption key", (Throwable) e);
                }
            }
        }).start();
    }

    public static native void unlockFileEncryptionState(int i);

    public void activityPaused() {
        if (isUnlinkfsNeeded()) {
            new Thread(new Runnable() { // from class: com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager.1
                @Override // java.lang.Runnable
                public void run() {
                    FileEncryptionManager.this.webviewFinished();
                }
            }).start();
        }
    }

    void changeAppEncryption(CompletionRequirement completionRequirement, MAMIdentity mAMIdentity, EncryptionRequirement encryptionRequirement) {
        FileEncryptionServiceBehavior.Operation operation;
        switch (encryptionRequirement) {
            case NONE:
                operation = FileEncryptionServiceBehavior.Operation.DECRYPT;
                break;
            case FULL:
                operation = FileEncryptionServiceBehavior.Operation.ENCRYPT;
                break;
            case PARTIAL:
                operation = FileEncryptionServiceBehavior.Operation.ENCRYPT_PARTIAL;
                break;
            default:
                throw new AssertionError("Unknown encryption requirement " + encryptionRequirement);
        }
        if (completionRequirement == CompletionRequirement.ASYNCHRONOUS) {
            this.mEncryptionService.schedule(operation, 0L, mAMIdentity);
        } else {
            this.mOperations.pendEncryptionChangeForAppFiles(encryptionRequirement, mAMIdentity);
            this.mOperations.executePendingEncryptionOperations(null, this);
        }
    }

    public EncryptionOperationResult changeFileEncryption(int i, EncryptionOperation encryptionOperation) throws MAMException {
        long changeFileEncryptionNative = changeFileEncryptionNative(i, encryptionOperation.getValue());
        if (changeFileEncryptionNative == 0) {
            return EncryptionOperationResult.SUCCESS;
        }
        if (!NativeErrcodes.isSameError(changeFileEncryptionNative, NativeErrcodes.MDM_ERR_ENCRYPTION_CHANGE_UNSAFE)) {
            LOGGER.severe(String.format(Locale.US, "Failed to encrypt or decrypt file descriptor %d with MDM_RC  0x%x", Integer.valueOf(i), Long.valueOf(changeFileEncryptionNative)));
            throw new MAMException("Encrypting a file failed");
        }
        String openedPathForFileDescriptor = NativeFileIO.getOpenedPathForFileDescriptor(i);
        if (openedPathForFileDescriptor == null) {
            LOGGER.severe("Could not encrypt/decrypt a requested file right now. Because the path could not be retrieved, the operation will NOT be performed at a later time");
            return EncryptionOperationResult.FAILED;
        }
        LOGGER.info("Could not encrypt/decrypt file {0} right now. The operation will be performed at a later time.", this.mMAMLogPIIFactory.getPIIFilePath(openedPathForFileDescriptor));
        this.mPendingEncryptionOperationsTable.addOperation(openedPathForFileDescriptor, encryptionOperation);
        this.mEncryptionService.schedule(FileEncryptionServiceBehavior.Operation.EXECUTE_PENDING_ENCRYPTION_OPERATIONS, FileEncryptionServiceBehavior.TRY_PENDING_OPERATIONS_INTERVAL_MS);
        return EncryptionOperationResult.PENDING;
    }

    public EncryptionOperationResult changeFileEncryption(File file, EncryptionOperation encryptionOperation) throws MAMException {
        int i;
        boolean z;
        boolean z2 = true;
        LOGGER.fine("Changing encryption for {0} to {1}", new Object[]{this.mMAMLogPIIFactory.getPIIFilePath(file), encryptionOperation.toString()});
        try {
            if (file.canWrite()) {
                z = false;
            } else {
                file.setWritable(true);
                z = true;
            }
            try {
                if (file.canRead()) {
                    z2 = false;
                } else {
                    file.setReadable(true);
                }
                try {
                    i = NativeFileIO.openRawFileDescriptor(file.getAbsolutePath(), NativeFileIO.OpenAccess.READWRITE);
                    try {
                        if (i < 0) {
                            throw new MAMException("Could not open " + file.getAbsolutePath());
                        }
                        EncryptionOperationResult changeFileEncryption = changeFileEncryption(i, encryptionOperation);
                        if (i >= 0) {
                            NativeFileIO.closeRawFileDescriptor(i);
                        }
                        if (z) {
                            file.setWritable(false);
                        }
                        if (z2) {
                            file.setReadable(false);
                        }
                        return changeFileEncryption;
                    } catch (Throwable th) {
                        th = th;
                        if (i >= 0) {
                            NativeFileIO.closeRawFileDescriptor(i);
                        }
                        if (z) {
                            file.setWritable(false);
                        }
                        if (z2) {
                            file.setReadable(false);
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                    i = -1;
                }
            } catch (Throwable th3) {
                th = th3;
                i = -1;
                z2 = false;
            }
        } catch (Throwable th4) {
            th = th4;
            i = -1;
            z = false;
            z2 = false;
        }
    }

    public void clearCachedKeys() {
        if (this.mOperations.hasPendingOperations()) {
            LOGGER.info("Not yet clearing cached keys because there are encryption operations still pending.");
            return;
        }
        LOGGER.info("Clearing cached keys");
        synchronized (this.mKeysLock) {
            this.mCurrentMasterKey = null;
            this.mCurrentMasterKeyId = null;
            this.mKnownKeys.clear();
        }
    }

    protected Cipher createCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {
        return Cipher.getInstance(this.mCipherSpec);
    }

    public byte[] decryptData(byte[] bArr, byte[] bArr2) throws MAMException {
        Key key;
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            if (bArr.length < 16) {
                throw new MAMException("Cannot decrypt data. Buffer too short.");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            UUID uuid = new UUID(wrap.getLong(), wrap.getLong());
            synchronized (this.mKeysLock) {
                key = this.mKnownKeys.get(uuid);
                if (key == null) {
                    key = retrieveKey(uuid);
                }
            }
            try {
                Cipher createCipher = createCipher();
                createCipher.init(2, key, new IvParameterSpec(bArr2));
                return createCipher.doFinal(bArr, 16, bArr.length - 16);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                LOGGER.log(Level.SEVERE, "Failed to decrypt data.", e);
                throw new MAMException("FileEncryptionManager failed to decrypt data.");
            }
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public byte[] encryptData(byte[] bArr, byte[] bArr2) throws MAMException {
        UUID uuid;
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            synchronized (this.mKeysLock) {
                if (this.mCurrentMasterKey == null) {
                    setEncryptionKey(this.mProvider.getCurrentFileEncryptionKey());
                }
                uuid = this.mCurrentMasterKeyId;
            }
            try {
                Cipher createCipher = createCipher();
                ByteBuffer allocate = ByteBuffer.allocate(16 + alignAllocationForPKCS5Padding(bArr.length, createCipher.getBlockSize()));
                allocate.putLong(uuid.getMostSignificantBits());
                allocate.putLong(uuid.getLeastSignificantBits());
                createCipher.init(1, this.mCurrentMasterKey, new IvParameterSpec(bArr2));
                createCipher.doFinal(bArr, 0, bArr.length, allocate.array(), allocate.position());
                return allocate.array();
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ShortBufferException e) {
                LOGGER.log(Level.SEVERE, "Failed to encrypt data.", e);
                throw new MAMException("FileEncryptionManager failed to encrypt data.");
            }
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected String getActiveIdentity() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            IdentityResolutionInfo currentIdentityInfo = this.mIdentityResolver.getCurrentIdentityInfo(null);
            MAMIdentity identity = currentIdentityInfo.getIdentity();
            if (identity == null) {
                return null;
            }
            if (!MAMInfo.isMultiIdentityEnabled() && MAMIdentityImpl.isNullOrEmpty(identity) && currentIdentityInfo.getProvider() == IdentityResolutionInfo.Provider.DEFAULT) {
                return null;
            }
            return identity.rawUPN();
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public String getCryptoAlgorithm() {
        return DEFAULT_CIPHER;
    }

    public String getDefaultCipherMode() {
        return DEFAULT_CIPHER_MODE;
    }

    public int getDefaultKeyLength() {
        return 128;
    }

    public int getEncryptionRequirement(String str) {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            return getEncryptionRequirement(this.mMAMIdentityManager.fromString(str)).getValue();
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public EncryptionRequirement getEncryptionRequirement(MAMIdentity mAMIdentity) {
        EncryptionRequirement encryptionRequirement = this.mEncryptionSetting.get(mAMIdentity);
        if (encryptionRequirement != null) {
            return encryptionRequirement;
        }
        EncryptionRequirement fileEncryptionRequirement = this.mProvider.getFileEncryptionRequirement(mAMIdentity);
        this.mEncryptionSetting.put(mAMIdentity, fileEncryptionRequirement);
        return fileEncryptionRequirement;
    }

    public long getHookingErrorCode() {
        return this.mHookInstallRC;
    }

    protected String getPrimaryIdentity() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            MAMIdentity primaryIdentity = this.mProvider.getPrimaryIdentity();
            if (primaryIdentity != null && (!MAMIdentityImpl.isNullOrEmpty(primaryIdentity) || MAMInfo.isMultiIdentityEnabled())) {
                return primaryIdentity.rawUPN();
            }
            return null;
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected byte[] hmac(Key key, byte[] bArr) throws MAMException {
        byte[] doFinal;
        try {
            synchronized (this.mHMAC) {
                this.mHMAC.init(key);
                doFinal = this.mHMAC.doFinal(bArr);
            }
            return doFinal;
        } catch (InvalidKeyException e) {
            LOGGER.log(Level.SEVERE, "Failed to initialize hmac.", (Throwable) e);
            throw new MAMException("FileEncryptionManager failed to initialize hmac");
        }
    }

    protected byte[] hmac(byte[] bArr, byte[] bArr2) throws MAMException {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            return hmac(new UUID(wrap.getLong(), wrap.getLong()), bArr2);
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected boolean initHMAC() {
        try {
            this.mHMAC = Mac.getInstance("HmacSHA256");
            return true;
        } catch (NoSuchAlgorithmException e) {
            LOGGER.log(Level.SEVERE, "Failed to get hmac instance.", (Throwable) e);
            return false;
        }
    }

    public boolean initialize() {
        if (!this.mHooksInstalled) {
            return false;
        }
        this.mEncryptionService = this.mFileEncryptionServiceBehaviorProvider.get();
        this.mOperations = this.mOperationsProvider.get();
        if (!initHMAC()) {
            return false;
        }
        this.mEncryptionService.schedule(FileEncryptionServiceBehavior.Operation.EXECUTE_PENDING_ENCRYPTION_OPERATIONS);
        this.mEncryptionService.schedule(FileEncryptionServiceBehavior.Operation.PROTECT_COMPLETED_DOWNLOADS);
        for (MAMIdentity mAMIdentity : this.mFileEncryptionStateTable.getAllIdentities()) {
            FileEncryptionStateTable.EncryptionState encryptionState = this.mFileEncryptionStateTable.getEncryptionState(mAMIdentity);
            if (encryptionState != null && encryptionState.mStatus == FileEncryptionStateTable.Status.NOT_STARTED) {
                LOGGER.info("App was killed without meeting encryption requirements, restarting requirement " + encryptionState.mEncryptionRequired + " for identity ", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity.rawUPN()));
                changeAppEncryption(CompletionRequirement.ASYNCHRONOUS, mAMIdentity, encryptionState.mEncryptionRequired);
            }
        }
        this.mNotificationReceiverRegistry.registerReceiver(this, MAMNotificationType.MANAGEMENT_REMOVED);
        this.mEncryptionSetting.clear();
        return true;
    }

    boolean isEncryptionRequirementAChange(MAMIdentity mAMIdentity, EncryptionRequirement encryptionRequirement) {
        EncryptionRequirement encryptionRequirement2;
        FileEncryptionStateTable.EncryptionState encryptionState = this.mFileEncryptionStateTable.getEncryptionState(mAMIdentity);
        if (encryptionState != null) {
            encryptionRequirement2 = encryptionState.mEncryptionRequired;
        } else {
            long j = this.mProvider.getAppPrivateSharedPreferences(SHARED_PREFS_NAME).getLong(getEncryptionDateKey(mAMIdentity), -1L);
            if (j == -1) {
                return true;
            }
            encryptionRequirement2 = j != 0 ? EncryptionRequirement.FULL : EncryptionRequirement.NONE;
        }
        return encryptionRequirement != encryptionRequirement2;
    }

    protected boolean isPureMultiIdentity() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            return this.mMultiIdentityInfoTable.getMultiIdentityTransitionMode() == MultiIdentityTransitionMode.MI_FROM_UNMANAGED;
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected boolean isUnlinkfsNeeded() {
        return Build.VERSION.SDK_INT >= 26;
    }

    protected void logTelemetryF2FSFeaturesSuppressed() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            this.mTelemetryLogger.logTrackedOccurrence(this.mContext.getPackageName(), TrackedOccurrence.F2FS_FEATURES_SUPPRESSED, "");
        } finally {
            mAMLogDisabler.finish();
        }
    }

    @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
    public boolean onReceive(MAMNotification mAMNotification) {
        if (mAMNotification.getType() != MAMNotificationType.MANAGEMENT_REMOVED) {
            return true;
        }
        LOGGER.info("Decrypting all files for MANAGMENT_REMOVED");
        refreshAppEncryption(EncryptionRequirement.NONE, CompletionRequirement.SYNCHRONOUS, this.mMAMIdentityManager.fromString(((MAMUserNotification) mAMNotification).getUserIdentity()));
        return true;
    }

    public void onSelectiveWipeCompleted(MAMIdentity mAMIdentity, boolean z) {
        if (!MAMInfo.isMultiIdentityEnabled() && z) {
            LOGGER.info("Wipe was successful, decrypting app data files");
            refreshAppEncryption(EncryptionRequirement.NONE, CompletionRequirement.SYNCHRONOUS, mAMIdentity);
            LOGGER.info("Finished decrypting app data files");
        }
        clearCachedKeys();
    }

    public void refreshAppEncryption(EncryptionRequirement encryptionRequirement, CompletionRequirement completionRequirement, MAMIdentity mAMIdentity) {
        if (mAMIdentity == null) {
            return;
        }
        LOGGER.info("refreshing app encryption");
        this.mFailedKeys.clear();
        if (isEncryptionRequirementAChange(mAMIdentity, encryptionRequirement)) {
            LOGGER.info("Changing encryption requirement for {0} to {1}", new Object[]{this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity.rawUPN()), encryptionRequirement});
            this.mEncryptionSetting.put(mAMIdentity, encryptionRequirement);
            this.mFileEncryptionStateTable.setEncryptionState(mAMIdentity, encryptionRequirement, FileEncryptionStateTable.Status.NOT_STARTED);
            changeAppEncryption(completionRequirement, mAMIdentity, encryptionRequirement);
        }
    }

    public void refreshAppEncryption(MAMIdentity mAMIdentity) {
        refreshAppEncryption(this.mProvider.getFileEncryptionRequirement(mAMIdentity), CompletionRequirement.ASYNCHRONOUS, mAMIdentity);
    }

    public boolean shouldEncryptFile(MAMIdentity mAMIdentity, File file) {
        EncryptionRequirement encryptionRequirement = getEncryptionRequirement(mAMIdentity);
        if (encryptionRequirement == EncryptionRequirement.FULL) {
            return true;
        }
        if (encryptionRequirement == EncryptionRequirement.NONE) {
            return false;
        }
        return !FileUtils.isFileUnderAppData(file, this.mContext) || PackageUtils.isInstalledToSDCard(this.mContext);
    }

    public boolean shouldEncryptFileForCurrentIdentity(File file) {
        return shouldEncryptFile(this.mIdentityResolver.getCurrentIdentity(), file);
    }

    protected native void webviewFinished();
}
