package com.microsoft.intune.mam.http;

import android.os.Build;
import androidx.annotation.Keep;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import okio.AuthenticationContext;
import okio.serialize;

@Keep
@AuthenticationContext.AnonymousClass2
/* loaded from: classes4.dex */
public class TrustedRootCertsManagerBehaviorImpl implements TrustedRootCertsManagerBehavior {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(TrustedRootCertsManagerBehaviorImpl.class);
    private final IdentityResolver mIdentityResolver;
    private final MAMIdentityManager mMamIdentityManager;
    private final MAMLogPIIFactory mMamLogPIIFactory;
    private final MAMTrustedRootCertsTrustManagerFactory mTrustedRootCertsTrustManagerFactory;

    @serialize
    public TrustedRootCertsManagerBehaviorImpl(MAMIdentityManager mAMIdentityManager, IdentityResolver identityResolver, MAMLogPIIFactory mAMLogPIIFactory, MAMTrustedRootCertsTrustManagerFactory mAMTrustedRootCertsTrustManagerFactory) {
        this.mMamIdentityManager = mAMIdentityManager;
        this.mIdentityResolver = identityResolver;
        this.mMamLogPIIFactory = mAMLogPIIFactory;
        this.mTrustedRootCertsTrustManagerFactory = mAMTrustedRootCertsTrustManagerFactory;
    }

    private SSLContext createSslContext(MAMIdentity mAMIdentity, String str) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance(getProtocol(str));
        sSLContext.init(null, createTrustManagers(mAMIdentity), null);
        return sSLContext;
    }

    private TrustManager[] createTrustManagers(MAMIdentity mAMIdentity) throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException {
        return this.mTrustedRootCertsTrustManagerFactory.getMAMTrustedRootCertsTrustManagers(mAMIdentity);
    }

    private MAMIdentity getEffectiveIdentity(String str) {
        MAMIdentity fromString = this.mMamIdentityManager.fromString(str);
        if (!MAMIdentity.isNullOrEmpty(fromString)) {
            LOGGER.info("Detected trusted root certs effective identity from string: {0}.", this.mMamLogPIIFactory.getPIIUPN(str));
            return fromString;
        }
        MAMIdentity currentIdentity = this.mIdentityResolver.getCurrentIdentity(null);
        if (MAMIdentity.isNullOrEmpty(currentIdentity)) {
            LOGGER.warning("Unable to detect trusted root certs effective identity.", new Object[0]);
            return MAMIdentity.EMPTY;
        }
        LOGGER.info("Identity not provided for trusted root certs, using resolved identity: {0}.", this.mMamLogPIIFactory.getPIIUPN(currentIdentity));
        return currentIdentity;
    }

    private static String getProtocol(String str) {
        if (str == null) {
            str = Build.VERSION.SDK_INT >= 29 ? "TLSv1.3" : "TLSv1.2";
            LOGGER.fine("No SSL/TLS protocol provided. Using {0}.", str);
        } else {
            LOGGER.fine("Using the provided SSL/TLS protocol {0}.", str);
        }
        return str;
    }

    @Override // com.microsoft.intune.mam.http.TrustedRootCertsManagerBehavior
    public SSLContext createSslContext(String str, String str2) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, GeneralSecurityException {
        return createSslContext(getEffectiveIdentity(str), str2);
    }

    @Override // com.microsoft.intune.mam.http.TrustedRootCertsManagerBehavior
    public TrustManager[] createTrustManagers(String str) throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException {
        return createTrustManagers(getEffectiveIdentity(str));
    }
}
