package com.microsoft.workaccount.authenticatorservice;

import android.annotation.SuppressLint;
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.Process;
import android.os.RemoteException;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.workaccount.authenticatorservice.IWorkAccountService;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.CertificateData;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public abstract class WorkAccountService extends Service {
    private static final String AZURE_AUTHENTICATOR_APP_SIGNATURE = "ho040S3ffZkmxqtQrSwpTVOn9r0=";
    public static final String AZURE_PACKAGE = "com.azure.authenticator";
    private static final String ENCODING_ERROR = "Encoding error";
    public static final String INTUNE_DEVICE_SERVICE_REQUEST = "intune.device.service.request";
    public static final String KEY_CERT_PASSWORD = "workplaceJoin.key.cert.password";
    public static final String KEY_CERT_PKCS12 = "workplaceJoin.key.cert.pkcs12";
    public static final String KEY_CERT_PRIVATE_KEY = "workplaceJoin.key.cert.privateKey";
    public static final String KEY_CERT_RESPONSE = "workplaceJoin.key.cert.response";
    public static final String KEY_DEVICEID = "workplaceJoin.key.deviceId";
    public static final String KEY_UPN = "workplaceJoin.key.upn";
    public static final String SHARED_PREFERENCE_KEY_CERT_INSTALLED = "workplaceJoin.key.cert.installed";
    public static final String SHARED_PREFERENCE_KEY_CERT_PASSWORD = "workplaceJoin.key.cert.password";
    public static final String SHARED_PREFERENCE_KEY_CERT_PKCS12 = "workplaceJoin.key.cert.pkcs12";
    public static final String SHARED_PREFERENCE_KEY_CERT_PRIVATE_KEY = "workplaceJoin.key.cert.privateKey";
    public static final String SHARED_PREFERENCE_KEY_CERT_PUBLIC_KEY = "workplaceJoin.key.cert.publicKey";
    public static final String SHARED_PREFERENCE_KEY_CERT_RESPONSE = "workplaceJoin.key.cert.response";
    public static final String SHARED_PREFERENCE_KEY_DEVICEID = "workplaceJoin.key.deviceId";
    public static final String SHARED_PREFERENCE_KEY_REFRESH_TOKEN = "workplaceJoin.key.refresh.token";
    public static final String SHARED_PREFERENCE_KEY_UPN = "workplaceJoin.key.upn";
    private static final String SHARED_PREFERENCE_NAME = "workplaceJoinData";
    private static final String TAG = "WorkAccountService#";
    private static CertificateData sData;
    private final IWorkAccountService.Stub mBinder = new IWorkAccountService.Stub() { // from class: com.microsoft.workaccount.authenticatorservice.WorkAccountService.1
        private boolean hasPermission() {
            int callingUid = Binder.getCallingUid();
            String[] packagesForUid = WorkAccountService.this.getApplicationContext().getPackageManager().getPackagesForUid(callingUid);
            if (packagesForUid != null) {
                for (String str : packagesForUid) {
                    String currentSignatureForPackage = getCurrentSignatureForPackage(str);
                    Logger.i("WorkAccountService#hasPermission", "Check the Azure Authenticator app signature. ", "Package:" + str + " uid:" + callingUid + " signature:" + currentSignatureForPackage + " expected:ho040S3ffZkmxqtQrSwpTVOn9r0=");
                    if (currentSignatureForPackage.equalsIgnoreCase("ho040S3ffZkmxqtQrSwpTVOn9r0=")) {
                        return true;
                    }
                }
            } else {
                Logger.v("WorkAccountService#hasPermission", "No packages found for uid.", "" + callingUid);
            }
            return false;
        }

        private boolean isDeviceDataRequest(String str) {
            return !TextUtils.isEmpty(str) && str.equalsIgnoreCase(WorkAccountService.INTUNE_DEVICE_SERVICE_REQUEST);
        }

        private Bundle provideDeviceData() {
            Logger.v("WorkAccountService#provideDeviceData", "Providing device data....");
            return WorkAccountService.getDataBundle(WorkAccountService.this.getApplicationContext());
        }

        @SuppressLint({"PackageManagerGetSignatures"})
        public String getCurrentSignatureForPackage(String str) {
            try {
                PackageInfo packageInfo = WorkAccountService.this.getApplicationContext().getPackageManager().getPackageInfo(str, 64);
                if (packageInfo != null && packageInfo.signatures != null && packageInfo.signatures.length > 0) {
                    Signature signature = packageInfo.signatures[0];
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                    messageDigest.update(signature.toByteArray());
                    return Base64.encodeToString(messageDigest.digest(), 2);
                }
            } catch (PackageManager.NameNotFoundException e) {
                Logger.e("WorkAccountService#getCurrentSignatureForPackage", "Calling App's package does not exist in PackageManager", WorkplaceJoinFailure.INTERNAL, e);
            } catch (NoSuchAlgorithmException e2) {
                Logger.e("WorkAccountService#getCurrentSignatureForPackage", "Digest SHA algorithm does not exist", WorkplaceJoinFailure.INTERNAL, e2);
            }
            Logger.v("WorkAccountService#getCurrentSignatureForPackage", "Signature not found for package.", str);
            return null;
        }

        @Override // com.microsoft.workaccount.authenticatorservice.IWorkAccountService
        public Bundle getData(String str) throws RemoteException {
            Logger.v("WorkAccountService#getData", "getData context name:" + WorkAccountService.this.getApplicationContext().getPackageName() + " Binder-uid:" + Binder.getCallingUid() + " Binder-pid:" + Binder.getCallingPid());
            if (!isDeviceDataRequest(str)) {
                Logger.e("WorkAccountService#getData", "Data service is received unknown request", WorkplaceJoinFailure.INTERNAL);
                return null;
            }
            if (hasPermission()) {
                return provideDeviceData();
            }
            Logger.e("WorkAccountService#getData", "Requesting app does not have matching signature", WorkplaceJoinFailure.INTERNAL);
            return null;
        }

        @Override // com.microsoft.workaccount.authenticatorservice.IWorkAccountService
        public int getProcessId() throws RemoteException {
            Logger.v("WorkAccountService#getProcessId", "Context name:" + WorkAccountService.this.getApplicationContext().getPackageName() + " Binder-uid:" + Binder.getCallingUid() + " Binder-pid:" + Binder.getCallingPid() + " intent packagename:" + WorkAccountService.this.getPackageName());
            return Process.myPid();
        }
    };

    public static void clearData(Context context) {
        setData(context, "workplaceJoin.key.cert.response", "");
        setData(context, "workplaceJoin.key.cert.pkcs12", "");
        setData(context, "workplaceJoin.key.cert.privateKey", "");
        setData(context, "workplaceJoin.key.cert.password", "");
        setData(context, "workplaceJoin.key.upn", "");
        setData(context, "workplaceJoin.key.deviceId", "");
        setData(context, "workplaceJoin.key.refresh.token", "");
        setData(context, "workplaceJoin.key.cert.installed", "");
        sData = null;
    }

    public static synchronized String getCertInstalledStatus(Context context) {
        String data;
        synchronized (WorkAccountService.class) {
            data = getData(context, "workplaceJoin.key.cert.installed");
        }
        return data;
    }

    private static String getData(Context context, String str) {
        return context.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).getString(str, "");
    }

    public static Bundle getDataBundle(Context context) {
        Bundle bundle = new Bundle();
        bundle.putString("workplaceJoin.key.cert.response", getData(context, "workplaceJoin.key.cert.response"));
        bundle.putString("workplaceJoin.key.cert.pkcs12", getData(context, "workplaceJoin.key.cert.pkcs12"));
        bundle.putString("workplaceJoin.key.cert.privateKey", getData(context, "workplaceJoin.key.cert.privateKey"));
        bundle.putString("workplaceJoin.key.cert.password", getData(context, "workplaceJoin.key.cert.password"));
        bundle.putString("workplaceJoin.key.upn", getData(context, "workplaceJoin.key.upn"));
        bundle.putString("workplaceJoin.key.deviceId", getData(context, "workplaceJoin.key.deviceId"));
        bundle.putString("workplaceJoin.key.refresh.token", getData(context, "workplaceJoin.key.refresh.token"));
        bundle.putString("workplaceJoin.key.cert.installed", getData(context, "workplaceJoin.key.cert.installed"));
        return bundle;
    }

    public static synchronized CertificateData load(Context context) {
        CertificateData certificateData;
        synchronized (WorkAccountService.class) {
            if (sData == null) {
                Logger.v("WorkAccountService#load", "Restoring data");
                CertificateData certificateData2 = new CertificateData();
                certificateData2.setResponse(getData(context, "workplaceJoin.key.cert.response"));
                String data = getData(context, "workplaceJoin.key.cert.pkcs12");
                String data2 = getData(context, "workplaceJoin.key.cert.privateKey");
                certificateData2.setUsername(getData(context, "workplaceJoin.key.upn"));
                certificateData2.setDeviceId(getData(context, "workplaceJoin.key.deviceId"));
                if (!TextUtils.isEmpty(data)) {
                    try {
                        Logger.v("WorkAccountService#load", "Decode pkcs12 cert");
                        certificateData2.setPKCS12Cert(Base64.decode(data.getBytes("UTF_8"), 0));
                    } catch (UnsupportedEncodingException e) {
                        Logger.e("WorkAccountService#load", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e);
                    }
                }
                Logger.v("WorkAccountService#load", "Restored cert info.", "DeviceId:" + certificateData2.getDeviceId());
                if (TextUtils.isEmpty(certificateData2.getResponse())) {
                    Logger.v("WorkAccountService#load", "DRS response is null");
                } else {
                    try {
                        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + certificateData2.getResponse() + "\n-----END CERTIFICATE-----").getBytes("UTF-8")));
                        certificateData2.setX509Cert((X509Certificate) generateCertificate);
                        certificateData2.setPrivateKey(Base64.decode(data2.getBytes("UTF_8"), 2));
                        certificateData2.setPublicKey(generateCertificate.getPublicKey().getEncoded());
                        Logger.v("WorkAccountService#load", "Restore completed successfully");
                    } catch (UnsupportedEncodingException e2) {
                        Logger.e("WorkAccountService#load", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e2);
                    } catch (CertificateException e3) {
                        Logger.e("WorkAccountService#load", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e3);
                    }
                }
                sData = certificateData2;
            }
            certificateData = sData;
        }
        return certificateData;
    }

    public static synchronized void saveData(Context context, CertificateData certificateData, String str, boolean z) {
        String str2;
        synchronized (WorkAccountService.class) {
            Logger.v("WorkAccountService#saveData", "Persisting data to SharedPreferences");
            String str3 = null;
            sData = null;
            if (certificateData.getPKCS12Cert() == null) {
                Logger.e("WorkAccountService#saveData", "PKCS12Cert is null", WorkplaceJoinFailure.CERTIFICATE);
                return;
            }
            try {
                str2 = new String(Base64.encode(certificateData.getPrivateKey(), 2), "UTF_8");
            } catch (UnsupportedEncodingException e) {
                Logger.e("WorkAccountService#saveData", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e);
                str2 = null;
            }
            try {
                str3 = new String(Base64.encode(certificateData.getPublicKey(), 2), "UTF_8");
            } catch (UnsupportedEncodingException e2) {
                Logger.e("WorkAccountService#saveData", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e2);
            }
            setData(context, "workplaceJoin.key.cert.response", certificateData.getResponse());
            try {
                setData(context, "workplaceJoin.key.cert.pkcs12", new String(Base64.encode(certificateData.getPKCS12Cert(), 0), "UTF_8"));
            } catch (UnsupportedEncodingException e3) {
                Logger.e("WorkAccountService#saveData", ENCODING_ERROR, WorkplaceJoinFailure.INTERNAL, e3);
            }
            setData(context, "workplaceJoin.key.cert.privateKey", str2);
            setData(context, "workplaceJoin.key.cert.publicKey", str3);
            setData(context, "workplaceJoin.key.cert.password", certificateData.getUsername());
            setData(context, "workplaceJoin.key.upn", certificateData.getUsername());
            setData(context, "workplaceJoin.key.deviceId", certificateData.getDeviceId());
            setData(context, "workplaceJoin.key.refresh.token", str);
            setData(context, "workplaceJoin.key.cert.installed", Boolean.toString(z));
        }
    }

    public static synchronized void setCertInstalleStatus(Context context, boolean z) {
        synchronized (WorkAccountService.class) {
            setData(context, "workplaceJoin.key.cert.installed", Boolean.toString(z));
        }
    }

    private static void setData(Context context, String str, String str2) {
        SharedPreferences.Editor edit = context.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).edit();
        edit.putString(str, str2);
        edit.apply();
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        Logger.v("WorkAccountService#onBind", "Context name:" + getApplicationContext().getPackageName() + " Binder-uid:" + Binder.getCallingUid() + " Binder-pid:" + Binder.getCallingPid() + " intent packagename:" + getPackageName());
        return this.mBinder;
    }
}
