package com.microsoft.intune.mam.client.identity;

import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.backup.BackupConfiguration;
import com.microsoft.intune.mam.client.fileencryption.CipherUtils;
import com.microsoft.intune.mam.client.fileencryption.EncryptionAlgorithm;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager;
import com.microsoft.intune.mam.client.fileencryption.MAMKeyAccessNotAllowedException;
import com.microsoft.intune.mam.client.identity.DataProtectionManagerBehaviorBase;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import com.microsoft.intune.mam.policy.PolicyResolver;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import kotlin.HubConnectionExternalSyntheticLambda36;

/* loaded from: classes4.dex */
public class DataProtectionManagerBehaviorImpl extends DataProtectionManagerBehaviorBase {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(DataProtectionManagerBehaviorImpl.class);
    BackupConfiguration mBackupConfiguration;
    private final FileEncryptionManager mEncMgr;
    private final MAMLogPIIFactory mMAMLogPIIFactory;
    private final MAMUserInfoInternal mMAMUserInfo;
    private final PolicyResolver mPolicyResolver;

    @HubConnectionExternalSyntheticLambda36
    public DataProtectionManagerBehaviorImpl(FileEncryptionManager fileEncryptionManager, BackupConfiguration backupConfiguration, MAMIdentityManager mAMIdentityManager, PolicyResolver policyResolver, MAMUserInfoInternal mAMUserInfoInternal, MAMLogPIIFactory mAMLogPIIFactory, IdentityParamConverter identityParamConverter) {
        super(mAMIdentityManager, identityParamConverter);
        this.mEncMgr = fileEncryptionManager;
        this.mBackupConfiguration = backupConfiguration;
        this.mPolicyResolver = policyResolver;
        this.mMAMUserInfo = mAMUserInfoInternal;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
    }

    private boolean isBackupAllowed(MAMDataProtectionInfo mAMDataProtectionInfo) {
        MAMIdentity create;
        boolean isBlocked;
        if (!MAMInfo.isMultiIdentityEnabled()) {
            isBlocked = this.mBackupConfiguration.isBlocked();
        } else {
            if (mAMDataProtectionInfo == null || (create = this.mMAMIdentityManager.create(mAMDataProtectionInfo.getIdentity(), mAMDataProtectionInfo.getIdentityOID())) == null) {
                return true;
            }
            isBlocked = this.mBackupConfiguration.isBlocked(create);
        }
        return !isBlocked;
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehaviorBase, com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public MAMDataProtectionInfo getProtectionInfo(InputStream inputStream) throws IOException {
        return inputStream instanceof DataProtectionInputStream ? protectionInfoFromHeader(((DataProtectionInputStream) inputStream).getHeader()) : super.getProtectionInfo(inputStream);
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public boolean isBackupAllowed(InputStream inputStream) throws IOException {
        return isBackupAllowed(getProtectionInfo(inputStream));
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public boolean isBackupAllowed(byte[] bArr) throws IOException {
        return isBackupAllowed(getProtectionInfo(bArr));
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public InputStream protect(InputStream inputStream, MAMIdentity mAMIdentity) throws IOException {
        if (mAMIdentity == null) {
            throw new IOException("identity may not be null");
        }
        DataProtectionManagerBehaviorBase.IsProtectedAndStream protectionInfoAndNonAdvancedStream = getProtectionInfoAndNonAdvancedStream(inputStream);
        if (!protectionInfoAndNonAdvancedStream.isProtected) {
            return DataProtectionInputStream.createForProtect(protectionInfoAndNonAdvancedStream.stream, mAMIdentity, this.mEncMgr, this.mPolicyResolver, this.mMAMUserInfo, this.mMAMLogPIIFactory);
        }
        MAMIdentity mAMIdentity2 = protectionInfoAndNonAdvancedStream.identityIfKnown;
        return (mAMIdentity2 == null || !mAMIdentity.equals(mAMIdentity2)) ? DataProtectionInputStream.createForProtect(unprotect(protectionInfoAndNonAdvancedStream.stream), mAMIdentity, this.mEncMgr, this.mPolicyResolver, this.mMAMUserInfo, this.mMAMLogPIIFactory) : protectionInfoAndNonAdvancedStream.stream;
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public InputStream unprotect(InputStream inputStream) throws IOException {
        DataProtectionManagerBehaviorBase.IsProtectedAndStream protectionInfoAndNonAdvancedStream = getProtectionInfoAndNonAdvancedStream(inputStream);
        return !protectionInfoAndNonAdvancedStream.isProtected ? protectionInfoAndNonAdvancedStream.stream : DataProtectionInputStream.createForUnprotect(protectionInfoAndNonAdvancedStream.stream, this.mEncMgr);
    }

    @Override // com.microsoft.intune.mam.client.identity.DataProtectionManagerBehaviorBase, com.microsoft.intune.mam.client.identity.DataProtectionManagerBehavior
    public byte[] unprotect(byte[] bArr) throws IOException {
        try {
            if (!DataProtectionHeaderBase.isProtectedData(bArr)) {
                return bArr;
            }
            DataProtectionHeader dataProtectionHeader = new DataProtectionHeader(bArr);
            if (!dataProtectionHeader.getCipherSpec().equals(EncryptionAlgorithm.AES_CBC_PKCS5.getCipherSpec())) {
                return super.unprotect(bArr);
            }
            byte[] iv = dataProtectionHeader.getIV();
            return CipherUtils.cryptData(EncryptionAlgorithm.fromCipherSpec(dataProtectionHeader.getCipherSpec()), CipherUtils.Mode.DECRYPT, this.mEncMgr.decryptData(dataProtectionHeader.getKey(), iv), iv, bArr, dataProtectionHeader.mHeaderSize);
        } catch (MAMKeyAccessNotAllowedException e) {
            throw new MAMKeyNotAvailableException(e);
        } catch (MAMException e2) {
            e = e2;
            throw new IOException(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new IOException(e);
        }
    }
}
