package com.baramundi.dpc.controller.logic;

import android.app.KeyguardManager;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import com.baramundi.dpc.DeviceAdminReceiver;
import com.baramundi.dpc.R;
import com.baramundi.dpc.common.model.results.ControllerExecutionResult;
import com.baramundi.dpc.common.model.wifi.WiFiConfData;
import com.baramundi.dpc.persistence.databases.CertificateWithPWDatabase;
import com.baramundi.dpc.persistence.entities.CertificateWithPW;
import com.baramundi.dpc.rest.DataTransferObjects.Enums.ErrorCode;
import com.baramundi.dpc.util.X509Utils;
import java.util.List;
import java.util.Locale;
import org.tinylog.Logger;

/* loaded from: classes.dex */
public class CertificateInstallLogicSystem {
    private static ControllerExecutionResult installCA(Context context, CertificateWithPW certificateWithPW) {
        Logger.info("Installing CA into user store");
        DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        ComponentName componentName = DeviceAdminReceiver.getComponentName(context);
        boolean z = false;
        ControllerExecutionResult failed = ControllerExecutionResult.failed("", false);
        failed.setErrorCode(ErrorCode.CACertInstallationError);
        try {
            z = devicePolicyManager.installCaCert(componentName, certificateWithPW.getCertificate());
        } catch (SecurityException unused) {
            failed.setErrorMessage(context.getString(R.string.error_no_permission_CA_install));
        } catch (Exception e) {
            Logger.error(e.getMessage());
        }
        Logger.info(z ? "CA was installed successfully: {}" : "Error during CA installation: {}", certificateWithPW);
        return z ? ControllerExecutionResult.success() : failed;
    }

    private static ControllerExecutionResult installSCEP(Context context, CertificateWithPW certificateWithPW) {
        boolean z;
        Logger.info("Installing SCEP certificate into user store");
        DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        ComponentName componentName = DeviceAdminReceiver.getComponentName(context);
        WiFiConfData parseCertificateData = WiFiConfigurationLogic.parseCertificateData(certificateWithPW);
        try {
            z = devicePolicyManager.installKeyPair(componentName, parseCertificateData.getPrivateKey(), parseCertificateData.getClientCertificate(), X509Utils.getCertificateSHA1Fingerprint(parseCertificateData.getClientCertificate(), "").toLowerCase(Locale.ROOT));
        } catch (Exception e) {
            Logger.error(e.getMessage());
            z = false;
        }
        Logger.info(z ? "SCEP certificate was installed successfully: {}" : "Error during SCEP certificate installation: {}", certificateWithPW);
        if (z) {
            return ControllerExecutionResult.success();
        }
        ControllerExecutionResult failed = ControllerExecutionResult.failed("");
        failed.setErrorCode(ErrorCode.SCEPCertificateInstallationError);
        failed.setRetriable(false);
        if (!((KeyguardManager) context.getSystemService("keyguard")).isDeviceSecure()) {
            Logger.error("The device is not locked with a pattern, pin or password. Needs to be locked for accessing the keyStore in order to install certificates.");
            failed.setErrorMessage(context.getString(R.string.error_certificateInstallation_displayNotSecuredWithPassword));
        }
        return failed;
    }

    public static ControllerExecutionResult installStandaloneCertificates(Context context) {
        CertificateWithPWDatabase certificateWithPWDatabase = CertificateWithPWDatabase.getInstance(context);
        List<CertificateWithPW> allWithUsageAndAlreadyUsed = certificateWithPWDatabase.certificateWithPWDao().getAllWithUsageAndAlreadyUsed(CertificateWithPW.CERT_USE_DEFAULT, false);
        if (!allWithUsageAndAlreadyUsed.isEmpty()) {
            Logger.info("Installing all certificates into user store, which were not linked in any WiFi profile.");
        }
        ControllerExecutionResult success = ControllerExecutionResult.success();
        for (CertificateWithPW certificateWithPW : allWithUsageAndAlreadyUsed) {
            ControllerExecutionResult failed = ControllerExecutionResult.failed("Certificate type not found.");
            if (certificateWithPW.getCertificateType().equals(CertificateWithPW.CERT_TYPE_CA)) {
                failed = installCA(context, certificateWithPW);
            } else if (certificateWithPW.getCertificateType().equals(CertificateWithPW.CERT_TYPE_SCEP)) {
                failed = installSCEP(context, certificateWithPW);
            }
            if (failed == null || failed.getErrorCode() != ErrorCode.OK) {
                certificateWithPWDatabase.certificateWithPWDao().deleteAllWith(certificateWithPW.getProfileIdentifier(), certificateWithPW.getProfileEntryId(), certificateWithPW.getUid());
                if (failed.getErrorMessage() == null || failed.getErrorMessage().isEmpty()) {
                    failed.setErrorMessage("Error during installation of standalone certificate: " + certificateWithPW.getProfileIdentifier() + "_" + certificateWithPW.getProfileEntryId());
                }
                success = failed;
            } else {
                certificateWithPWDatabase.certificateWithPWDao().setCertificateUsage(certificateWithPW.getProfileIdentifier(), certificateWithPW.getProfileEntryId(), CertificateWithPW.CERT_USE_STANDALONE);
                certificateWithPWDatabase.certificateWithPWDao().setIsAlreadyUsed(certificateWithPW.getProfileIdentifier(), certificateWithPW.getProfileEntryId(), true);
            }
        }
        return success;
    }
}
