package com.sevenprinciples.android.mdm.safeclient.documents;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.os.Build;
import android.os.UserHandle;
import android.os.UserManager;
import androidx.core.app.NotificationCompat;
import androidx.work.Data;
import androidx.work.ExistingWorkPolicy;
import androidx.work.OneTimeWorkRequest;
import androidx.work.WorkManager;
import com.microsoft.identity.common.internal.providers.oauth2.ResponseType;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.sevenprinciples.android.mdm.safeclient.base.ApplicationContext;
import com.sevenprinciples.android.mdm.safeclient.base.Constants;
import com.sevenprinciples.android.mdm.safeclient.base.MDM;
import com.sevenprinciples.android.mdm.safeclient.base.logger.AppLog;
import com.sevenprinciples.android.mdm.safeclient.base.receivers.ManagedUserWorker;
import com.sevenprinciples.android.mdm.safeclient.base.tools.ServiceException;
import com.sevenprinciples.android.mdm.safeclient.base.tools.StringHelper;
import com.sevenprinciples.android.mdm.safeclient.base.tools.WebServicesHelper;
import com.sevenprinciples.android.mdm.safeclient.security.MDMDeviceAdminReceiver;
import com.sevenprinciples.android.mdm.safeclient.ui.JS;
import java.util.Iterator;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class ManagedUsers {
    public static final String SECONDARY_PROFILE_CREATION_STATUS = "secondaryProfileCreationStatus";
    public static final String SECONDARY_PROFILE_ID = "secondaryProfileId";
    public static final String SECONDARY_PROFILE_TOKEN = "secondaryProfileToken";
    public static final String SECONDARY_PROFILE_USER = "secondaryUserId";
    private static final String TAG = Constants.TAG_PREFFIX + "MUS";

    private static void err(JSONObject jSONObject, String str) {
        JS.putS(jSONObject, NotificationCompat.CATEGORY_STATUS, "error");
        JS.putS(jSONObject, "errorMessage", str);
    }

    private static void ok(JSONObject jSONObject) {
        JS.putS(jSONObject, NotificationCompat.CATEGORY_STATUS, "success");
    }

    private static JSONObject profileCreate(JSONObject jSONObject, JSONObject jSONObject2, boolean z, JSONObject jSONObject3) {
        MDM.DB().setString(SECONDARY_PROFILE_CREATION_STATUS, "{\"status\":\"IN_PROGRESS\"}");
        MDM.DB().setString(SECONDARY_PROFILE_ID, JS.s(JS.doc(jSONObject2, "response"), "managedUserId"));
        try {
            JSONObject optJSONObject = jSONObject2.optJSONObject("response");
            if (optJSONObject != null) {
                optJSONObject.put("username", JS.s(jSONObject, "username"));
                optJSONObject.put("skipSetupWizard", true);
                optJSONObject.put("ephemeral", z);
                optJSONObject.put("leaveAllAppsEnabled", true);
            }
            MDM.DB().setLong(Constants.Keys.LastSecondaryUserEphemeral.name(), z ? 1L : 0L);
            jSONObject2.put("request", jSONObject);
            WorkManager.getInstance(ApplicationContext.getContext()).enqueueUniqueWork("managed-user", ExistingWorkPolicy.REPLACE, new OneTimeWorkRequest.Builder(ManagedUserWorker.class).setInputData(new Data.Builder().putBoolean("useWorkProfile", false).putString("activationCode", jSONObject2.toString()).build()).build());
            return null;
        } catch (Exception e) {
            JSONObject jSONObject4 = new JSONObject();
            JS.putS(jSONObject4, NotificationCompat.CATEGORY_STATUS, "ERROR");
            JS.putS(jSONObject4, "errorMessage", e.getMessage());
            JS.putS(jSONObject4, "errorException", e.getClass().getCanonicalName());
            MDM.DB().setString(SECONDARY_PROFILE_CREATION_STATUS, jSONObject4.toString());
            err(jSONObject3, "REQUEST_UNAVAILABLE_IN_THIS_DEVICE");
            JS.putS(jSONObject3, "exception", e.getMessage());
            return jSONObject3;
        }
    }

    private static JSONObject profileReuse(JSONObject jSONObject, long j, JSONObject jSONObject2) throws ServiceException, Exception {
        JSONObject jSONObject3 = new JSONObject();
        JS.putS(jSONObject3, NotificationCompat.CATEGORY_STATUS, "READY");
        JS.putL(jSONObject3, "userId", j);
        MDM.DB().setString(SECONDARY_PROFILE_CREATION_STATUS, jSONObject3.toString());
        String string = MDM.DB().getString(SECONDARY_PROFILE_TOKEN, "");
        JSONObject jSONObject4 = new JSONObject();
        JS.putS(jSONObject4, "username", JS.s(jSONObject, "username"));
        JS.putL(jSONObject4, "createdAt", System.currentTimeMillis());
        JS.putS(jSONObject4, "password", JS.s(jSONObject, "password"));
        JSONObject jSONObject5 = new JSONObject();
        jSONObject5.put("action", "secondary-user-login");
        JS.putS(jSONObject5, "payload", jSONObject4.toString());
        JS.putS(jSONObject5, ResponseType.TOKEN, string);
        JS.putB(jSONObject5, "sendPush", true);
        JS.putS(jSONObject5, "managedUserId", MDM.DB().getString(SECONDARY_PROFILE_ID, ""));
        JS.putS(jSONObject5, "mode", "saveEnrollment");
        String str = TAG;
        AppLog.i(str, "Sending saveEnrollment");
        AppLog.i(str, "Sending saveEnrollment result:" + WebServicesHelper.postRaw(WebServicesHelper.getMobileServiceEndPoint(), jSONObject5, WebServicesHelper.buildAuth()));
        ok(jSONObject2);
        return jSONObject2;
    }

    public static JSONObject request(JSONObject jSONObject) throws Exception {
        JSONObject jSONObject2 = new JSONObject();
        String s = JS.s(jSONObject, "request");
        if (!UserManager.supportsMultipleUsers()) {
            err(jSONObject2, "MULTIPLE_USERS_NOT_SUPPORTED");
        } else if (Build.VERSION.SDK_INT < 28) {
            err(jSONObject2, "INVALID_VERSION");
        } else {
            if (s.equalsIgnoreCase("logout")) {
                ((DevicePolicyManager) ApplicationContext.getContext().getSystemService("device_policy")).logoutUser(MDMDeviceAdminReceiver.getComponentName(ApplicationContext.getContext()));
                ok(jSONObject2);
                return jSONObject2;
            }
            if (s.equalsIgnoreCase("login")) {
                DevicePolicyManager devicePolicyManager = (DevicePolicyManager) ApplicationContext.getContext().getSystemService("device_policy");
                ComponentName componentName = MDMDeviceAdminReceiver.getComponentName(ApplicationContext.getContext());
                UserManager userManager = (UserManager) ApplicationContext.getContext().getSystemService("user");
                try {
                    Iterator<UserHandle> it = devicePolicyManager.getSecondaryUsers(componentName).iterator();
                    long j = -1;
                    boolean z = false;
                    while (it.hasNext()) {
                        j = userManager.getSerialNumberForUser(it.next());
                        AppLog.i(TAG, "secondaryUserAvailable available");
                        z = true;
                    }
                    JSONObject jSONObject3 = new JSONObject();
                    jSONObject3.put("action", "secondary-user-login");
                    JS.putS(jSONObject3, "username", JS.s(jSONObject, "username"));
                    JS.putS(jSONObject3, "password", JS.s(jSONObject, "password"));
                    JS.putS(jSONObject3, IDToken.LOCALE, JS.s(jSONObject, IDToken.LOCALE));
                    if (z) {
                        JS.putS(jSONObject3, "mode", "reuseProfile");
                        JS.putS(jSONObject3, "managedUserId", MDM.DB().getString(SECONDARY_PROFILE_ID, ""));
                    } else {
                        JS.putS(jSONObject3, "mode", "createProfile");
                    }
                    try {
                        JSONObject postRaw = WebServicesHelper.postRaw(WebServicesHelper.getMobileServiceEndPoint(), jSONObject3, WebServicesHelper.buildAuth());
                        boolean b = JS.b(JS.doc(postRaw, "response"), "ephemeral");
                        String s2 = JS.s(JS.doc(postRaw, "response"), "activationPayload");
                        if (StringHelper.isEmpty(s2) && b) {
                            err(jSONObject2, "REQUEST_UNAVAILABLE_IN_THIS_DEVICE");
                            return jSONObject2;
                        }
                        if (b) {
                            Iterator<UserHandle> it2 = devicePolicyManager.getSecondaryUsers(componentName).iterator();
                            while (it2.hasNext()) {
                                AppLog.i(TAG, "Deleting user as ephemeral returned " + devicePolicyManager.removeUser(componentName, it2.next()));
                                Thread.sleep(1500L);
                            }
                        }
                        return StringHelper.isEmpty(s2) ? profileReuse(jSONObject, j, jSONObject2) : profileCreate(jSONObject, postRaw, b, jSONObject2);
                    } catch (ServiceException e) {
                        err(jSONObject2, e.getCodeName());
                    }
                } catch (Throwable th) {
                    err(jSONObject2, "REQUEST_UNAVAILABLE_IN_THIS_DEVICE");
                    JS.putS(jSONObject2, "exception", th.getMessage());
                    return jSONObject2;
                }
            } else if (s.equalsIgnoreCase("switchUser")) {
                JSONObject jSONObject4 = new JSONObject(MDM.DB().getString(SECONDARY_PROFILE_CREATION_STATUS, "{\"status\":\"INVALID\"}"));
                AppLog.i(TAG, "switch user as " + jSONObject4.toString());
                if (JS.s(jSONObject4, NotificationCompat.CATEGORY_STATUS).equalsIgnoreCase("READY")) {
                    DevicePolicyManager devicePolicyManager2 = (DevicePolicyManager) ApplicationContext.getContext().getSystemService("device_policy");
                    ComponentName componentName2 = MDMDeviceAdminReceiver.getComponentName(ApplicationContext.getContext());
                    UserManager userManager2 = (UserManager) ApplicationContext.getContext().getSystemService(UserManager.class);
                    for (UserHandle userHandle : devicePolicyManager2.getSecondaryUsers(componentName2)) {
                        if (userManager2.getSerialNumberForUser(userHandle) == JS.l(jSONObject4, "userId")) {
                            AppLog.i(TAG, "Really switching user");
                            MDM.DB().setLong(Constants.Keys.LastUserSwitchRequest.name(), System.currentTimeMillis());
                            devicePolicyManager2.switchUser(componentName2, userHandle);
                            return null;
                        }
                    }
                    err(jSONObject2, "USER_NOT_FOUND");
                    return jSONObject2;
                }
            } else if (s.equalsIgnoreCase("isProfileReady")) {
                JS.putO(jSONObject2, "isReady", new JSONObject(MDM.DB().getString(SECONDARY_PROFILE_CREATION_STATUS, "{\"status\":\"INVALID\"}")));
                AppLog.i(TAG, "Returning " + jSONObject2.toString());
                ok(jSONObject2);
            } else {
                err(jSONObject2, "INVALID_REQUEST");
            }
        }
        return jSONObject2;
    }
}
