package com.sophos.smsdkex.core;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.SystemClock;
import androidx.appcompat.app.c;
import com.sophos.jbase.i;
import com.sophos.smsdkex.communication.SdkPreferences;
import com.sophos.smsdkex.communication.json.ContainerConfig;
import com.sophos.smsdkex.core.ComplexityChecker;
import com.sophos.smsdkex.core.PolicyException;
import com.sophos.smsdkex.receiver.a;
import com.sophos.smsdkex.ui.BlockUi;
import com.sophos.smsdkex.ui.PasswordUi;
import com.sophos.smsdkex.ui.PolicyUi;
import com.sophos.smsec.core.smsectrace.d;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public final class PasswordPolicy extends Policy implements PasswordHandler {
    public static final int GRACE_PERIOD_DELAY = 1500;
    private static final String TAG = "PasswordPolicy";
    private long mAge;
    private final AuthTime mAuthTime;
    private int mFailedLoginsUntilLock;
    private boolean mFingerprintAllowed;
    private long mGracePeriod;
    private boolean mHidePassword;
    private boolean mLockOnDeviceLock;
    private int mMinimumLength;
    private boolean mPinRequiredForNewPassword;
    private boolean mRequireComplexPassword;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public final class AuthTime {
        private AuthTime() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public long get() {
            d.a(PasswordPolicy.TAG, "AuthTime.get() called");
            return SdkPreferences.getLong(PasswordPolicy.this.getContext(), PolicyPreference.PWD_AUTH_TIME.getName(), 0L);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void reset() {
            d.a(PasswordPolicy.TAG, "AuthTime.reset() called");
            SdkPreferences.putLong(PasswordPolicy.this.getContext(), PolicyPreference.PWD_AUTH_TIME.getName(), 0L);
            PolicySyncer.getInstance(PasswordPolicy.this.getContext()).sync();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void set() {
            d.a(PasswordPolicy.TAG, "AuthTime.set() called");
            SdkPreferences.putLong(PasswordPolicy.this.getContext(), PolicyPreference.PWD_AUTH_TIME.getName(), Long.valueOf(System.currentTimeMillis()));
            PolicySyncer.getInstance(PasswordPolicy.this.getContext()).sync();
        }
    }

    /* loaded from: classes2.dex */
    private static final class LockReceiver extends BroadcastReceiver {
        private static final String TAG = "LockReceiver";
        private final WeakReference<PasswordPolicy> mPolicy;

        private LockReceiver(PasswordPolicy passwordPolicy) {
            this.mPolicy = new WeakReference<>(passwordPolicy);
        }

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            PasswordPolicy passwordPolicy = this.mPolicy.get();
            d.a(TAG, "was in background = true");
            a.a(true);
            if (passwordPolicy == null) {
                context.getApplicationContext().unregisterReceiver(this);
                return;
            }
            if ("android.intent.action.SCREEN_OFF".equals(intent.getAction())) {
                try {
                    if (PolicyManager.getPasswordHandler().isLockOnDeviceLock()) {
                        passwordPolicy.mAuthTime.reset();
                    }
                } catch (PolicyException e2) {
                    d.d(TAG, "", e2);
                }
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class PublicLockReceiver extends BroadcastReceiver {
        private static final String TAG = "PublicLockReceiver";

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            d.a(TAG, "onReceive");
            if (SdkPreferences.isLockOnDeviceLock(context)) {
                SdkPreferences.putLong(context, PolicyPreference.PWD_AUTH_TIME.getName(), 0L);
                PolicySyncer.getInstance(context).sync();
            }
        }
    }

    public PasswordPolicy(Context context, ContainerConfig containerConfig) throws ParseException, PolicyException {
        super(context, 70);
        this.mMinimumLength = 8;
        this.mAge = TimeUnit.DAYS.toMillis(0L);
        this.mFailedLoginsUntilLock = 0;
        this.mGracePeriod = TimeUnit.MINUTES.toMillis(5L);
        this.mRequireComplexPassword = false;
        this.mPinRequiredForNewPassword = false;
        this.mAuthTime = new AuthTime();
        parse(containerConfig.getConfiguration());
        PolicySyncer.getInstance(context.getApplicationContext()).query();
    }

    private void hasTooManyFailedLogins(int i) throws PolicyException {
        int i2 = this.mFailedLoginsUntilLock;
        if (i2 <= 0 || i < i2) {
            return;
        }
        this.mAuthTime.reset();
        SdkPreferences.setSgnKeyringSyncBlocked(getContext(), true);
        d.a(TAG, "authenticate: too many failed logins");
        throw new PolicyException(PolicyException.ErrorCode.APP_LOCKED, getContext().getString(R.string.smsdk_locked_failed_logins));
    }

    public static boolean isAuthenticated(Context context) {
        long j = SdkPreferences.getLong(context, PolicyPreference.PWD_AUTH_TIME.getName(), 0L);
        long gracePeriod = SdkPreferences.getGracePeriod(context);
        if (gracePeriod == 0) {
            gracePeriod = 1500;
        }
        return j != 0 && gracePeriod + j >= System.currentTimeMillis() && j <= System.currentTimeMillis() && System.currentTimeMillis() - SystemClock.elapsedRealtime() <= j;
    }

    public static void showPasswortRules(Context context, int i) {
        String string;
        if (context instanceof androidx.appcompat.app.d) {
            try {
                StringBuilder sb = new StringBuilder();
                PasswordHandler passwordHandler = PolicyManager.getPasswordHandler();
                if (passwordHandler instanceof PasswordPolicy) {
                    PasswordPolicy passwordPolicy = (PasswordPolicy) passwordHandler;
                    int minimumLength = passwordPolicy.getMinimumLength();
                    int i2 = R.string.smsdk_pwd_req_minlength;
                    Object[] objArr = new Object[1];
                    if (minimumLength == 0) {
                        minimumLength = 1;
                    }
                    objArr[0] = Integer.valueOf(minimumLength);
                    sb.append(context.getString(i2, objArr));
                    sb.append("\n");
                    if (passwordPolicy.isPinRequiredForNewPassword()) {
                        sb.append(context.getString(R.string.smsdk_pwd_req_PIN));
                    } else {
                        sb.append(context.getString(R.string.smsdk_pwd_req_any_char));
                    }
                    if (passwordPolicy.isComplexPasswordRequired()) {
                        sb.append("\n");
                        sb.append(context.getString(R.string.smsdk_pwd_req_complex));
                    }
                    string = sb.toString();
                } else {
                    string = "";
                }
            } catch (PolicyException unused) {
                string = context.getString(R.string.smsdk_pwd_req_any_char);
            }
            c.a aVar = new c.a(context, R.style.DNA_Colored_AlertDialog);
            aVar.c(i);
            aVar.a(string);
            aVar.a(true);
            aVar.d(android.R.string.ok, null);
            aVar.a().show();
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void authenticate(String str) throws PolicyException {
        try {
            Credentials load = Credentials.load(getContext());
            int i = SdkPreferences.getInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0);
            hasTooManyFailedLogins(i);
            if (!load.verify(str)) {
                int i2 = i + 1;
                SdkPreferences.putInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), Integer.valueOf(i2));
                hasTooManyFailedLogins(i2);
                this.mAuthTime.reset();
                SdkPreferences.setSgnKeyringSyncBlocked(getContext(), true);
                throw new PolicyException(PolicyException.ErrorCode.AUTHENTICATION_FAILED);
            }
            if (this.mAge > 0 && load.getCreationTime() + this.mAge < System.currentTimeMillis()) {
                this.mAuthTime.reset();
                SdkPreferences.setSgnKeyringSyncBlocked(getContext(), true);
                throw new PolicyException(PolicyException.ErrorCode.PASSWORD_EXPIRED);
            }
            this.mAuthTime.set();
            SdkPreferences.setSgnKeyringSyncBlocked(getContext().getApplicationContext(), false);
            i.b(str, null);
            PolicyManager.getInstance(getContext()).firePasswordEntered(str);
            SdkPreferences.putInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0);
            getContext().sendBroadcast(new Intent(PolicyManager.INTENT_RESYNC_KEYRING), "com.sophos.smenc.permission.KEYSYNC");
        } catch (IOException unused) {
            this.mAuthTime.reset();
            SdkPreferences.setSgnKeyringSyncBlocked(getContext(), true);
            throw new PolicyException(PolicyException.ErrorCode.NO_PASSWORD);
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void authenticatedWithFingerprint() throws PolicyException {
        hasTooManyFailedLogins(SdkPreferences.getInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0));
        this.mAuthTime.set();
        SdkPreferences.setSgnKeyringSyncBlocked(getContext().getApplicationContext(), false);
        PolicyManager.getInstance(getContext()).firePasswordEntered(null);
        SdkPreferences.putInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0);
        getContext().sendBroadcast(new Intent(PolicyManager.INTENT_RESYNC_KEYRING), "com.sophos.smenc.permission.KEYSYNC");
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void changePassword(String str, String str2) throws PolicyException {
        try {
            authenticate(str);
        } catch (PolicyException e2) {
            if (e2.getErrorCode() != PolicyException.ErrorCode.PASSWORD_EXPIRED) {
                throw e2;
            }
        }
        setPassword(str2);
        PolicyManager.getInstance(getContext()).firePasswordChanged(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sophos.smsdkex.core.Policy
    public void check(PolicyUi policyUi) throws PolicyException {
        try {
            long j = SdkPreferences.getLong(getContext(), PolicyPreference.DEVICE_LOCKED_TIME.getName(), 0L);
            int i = SdkPreferences.getInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0);
            long j2 = this.mAuthTime.get();
            Credentials load = Credentials.load(getContext());
            long j3 = this.mGracePeriod;
            if (this.mGracePeriod == 0) {
                j3 += 1500;
            }
            if (this.mFailedLoginsUntilLock > 0 && i >= this.mFailedLoginsUntilLock) {
                this.mAuthTime.reset();
                if (policyUi instanceof BlockUi) {
                    d.a(TAG, "check: too many failed logins");
                    ((BlockUi) policyUi).showBlockDialog(new PolicyException(PolicyException.ErrorCode.APP_LOCKED, getContext().getString(R.string.smsdk_locked_failed_logins)));
                }
                throw PolicyManager.handleBlock(getContext(), new PolicyException(PolicyException.ErrorCode.APP_LOCKED, getContext().getString(R.string.smsdk_locked_failed_logins)));
            }
            if (j2 != 0 && j3 + j2 + 3000 >= System.currentTimeMillis() && j2 <= System.currentTimeMillis() && System.currentTimeMillis() - SystemClock.elapsedRealtime() <= j2) {
                if (this.mLockOnDeviceLock && j > this.mAuthTime.get()) {
                    this.mAuthTime.reset();
                    if (policyUi instanceof PasswordUi) {
                        ((PasswordUi) policyUi).showLoginDialog();
                    }
                    throw new PolicyException(PolicyException.ErrorCode.NOT_AUTHENTICATED);
                }
                if (load.getPasswordLength() < this.mMinimumLength) {
                    this.mAuthTime.reset();
                    if (policyUi instanceof PasswordUi) {
                        ((PasswordUi) policyUi).showChangePasswordDialog(PasswordUi.ChangePasswordCause.POLICY);
                    }
                    throw new PolicyException(PolicyException.ErrorCode.PASSWORD_TOO_SHORT);
                }
                if (load.isPinRequired() == this.mPinRequiredForNewPassword) {
                    this.mAuthTime.set();
                    return;
                }
                this.mAuthTime.reset();
                if (policyUi instanceof PasswordUi) {
                    ((PasswordUi) policyUi).showChangePasswordDialog(PasswordUi.ChangePasswordCause.POLICY);
                }
                throw new PolicyException(PolicyException.ErrorCode.PASSWORD_PIN_SETTINGS_NOT_EQUAL);
            }
            this.mAuthTime.reset();
            if (this.mAge > 0 && load.getCreationTime() + this.mAge < System.currentTimeMillis()) {
                if (policyUi instanceof PasswordUi) {
                    ((PasswordUi) policyUi).showChangePasswordDialog(PasswordUi.ChangePasswordCause.POLICY);
                }
                throw new PolicyException(PolicyException.ErrorCode.PASSWORD_EXPIRED);
            }
            d.a(TAG, "not auth @ " + new SimpleDateFormat("hh-mm-ss-SSS").format(new Date()));
            if (policyUi instanceof PasswordUi) {
                ((PasswordUi) policyUi).showLoginDialog();
            }
            throw new PolicyException(PolicyException.ErrorCode.NOT_AUTHENTICATED);
        } catch (IOException e2) {
            if (policyUi instanceof PasswordUi) {
                ((PasswordUi) policyUi).showSetPasswordDialog();
            }
            throw new PolicyException(PolicyException.ErrorCode.NO_PASSWORD, e2.getMessage(), e2);
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void checkAcceptance(String str) throws PolicyException {
        if (str.length() < this.mMinimumLength) {
            throw new PolicyException(PolicyException.ErrorCode.PASSWORD_TOO_SHORT);
        }
        if (this.mRequireComplexPassword && ComplexityChecker.getPasswordStrength(str, ComplexityChecker.PasswordType.TypePassword, false) != ComplexityChecker.PasswordStrength.StrengthOk) {
            throw new PolicyException(PolicyException.ErrorCode.PASSWORD_NOT_COMPLEX);
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public long getGracePeriod() {
        return this.mGracePeriod;
    }

    public int getMinimumLength() {
        return this.mMinimumLength;
    }

    public boolean isComplexPasswordRequired() {
        return this.mRequireComplexPassword;
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public boolean isFingerprintAllowed() {
        return this.mFingerprintAllowed;
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public boolean isHidePassword() {
        return this.mHidePassword;
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public boolean isLockOnDeviceLock() {
        return this.mLockOnDeviceLock;
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public boolean isPinRequiredForNewPassword() {
        return this.mPinRequiredForNewPassword;
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public boolean isPinRequriedByCurrentPassword() throws PolicyException {
        try {
            return Credentials.load(getContext()).isPinRequired();
        } catch (IOException unused) {
            throw new PolicyException(PolicyException.ErrorCode.NO_PASSWORD);
        }
    }

    @Override // com.sophos.smsdkex.core.Policy
    protected void parse(ContainerConfig.Configuration configuration) throws ParseException, PolicyException {
        int minimumLength = configuration.getGeneral().getPasswordRules().getMinimumLength();
        if (minimumLength < 0) {
            throw new PolicyException(PolicyException.ErrorCode.CONFIGURATION_FAILED, "Error: password.minimumLength < 0");
        }
        this.mMinimumLength = minimumLength;
        int age = configuration.getGeneral().getPasswordRules().getAge();
        if (age < 0) {
            throw new PolicyException(PolicyException.ErrorCode.CONFIGURATION_FAILED, "Error: password.age < 0");
        }
        this.mAge = TimeUnit.DAYS.toMillis(age);
        int failedLoginsUntilLock = configuration.getGeneral().getPasswordRules().getFailedLoginsUntilLock();
        if (failedLoginsUntilLock < 0) {
            throw new PolicyException(PolicyException.ErrorCode.CONFIGURATION_FAILED, "Error: password.failedLoginsUntilLock < 0");
        }
        this.mFailedLoginsUntilLock = failedLoginsUntilLock;
        int gracePeriod = configuration.getGeneral().getPasswordRules().getGracePeriod();
        if (gracePeriod < 0) {
            throw new PolicyException(PolicyException.ErrorCode.CONFIGURATION_FAILED, "Error: password.gracePeriod < 0");
        }
        this.mGracePeriod = TimeUnit.MINUTES.toMillis(gracePeriod);
        SdkPreferences.setGracePeriod(getContext(), this.mGracePeriod);
        this.mPinRequiredForNewPassword = configuration.getGeneral().getPasswordRules().isPinRequired();
        this.mFingerprintAllowed = configuration.getGeneral().getPasswordRules().isFingerprintAllowed();
        this.mLockOnDeviceLock = configuration.getGeneral().getPasswordRules().isLockOnDeviceLock();
        SdkPreferences.setLockOnDeviceLock(getContext(), this.mLockOnDeviceLock);
        this.mHidePassword = configuration.getGeneral().getPasswordRules().isHidePassword();
        if (this.mHidePassword) {
            SdkPreferences.setHidePasswordEnabled(getContext(), true);
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void resetAuthtimer() {
        PolicyManager.startGracePeriodExpirationTimer();
        resetAuthtimerWithoutGracePeriodTimer();
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void resetAuthtimerWithoutGracePeriodTimer() {
        PolicyManager.stopGracePeriodSyncer();
        if (this.mAuthTime != null && !PolicyManager.sCheckRunning && PolicyManager.isAppInForeGround(getContext())) {
            d.a(TAG, "resetAuthtimer");
            this.mAuthTime.set();
        } else if (PolicyManager.sCheckRunning) {
            d.a(TAG, "resetAuthtimer blocked");
            PolicyManager.sRestAuthTimeWhenCheckFinished = true;
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void setAuthTimeZero() {
        if (this.mAuthTime != null) {
            d.a(TAG, "setAuthTimerZero");
            this.mAuthTime.reset();
        }
    }

    @Override // com.sophos.smsdkex.core.PasswordHandler
    public void setPassword(String str) throws PolicyException {
        checkAcceptance(str);
        Credentials.create(getContext(), str, this.mPinRequiredForNewPassword);
        SdkPreferences.putInt(getContext(), PolicyPreference.PWD_FAILED_LOGINS.getName(), 0);
        this.mAuthTime.set();
        PolicyManager.getInstance(getContext()).firePasswordChanged(null, str);
    }
}
