package AGENT.jh;

import com.sds.emm.emmagent.core.data.actionentity.filters.AndroidSdk;
import com.sds.emm.emmagent.core.data.service.general.function.certificate.ExtractCertificatesFunctionEntity;
import com.sds.emm.emmagent.core.data.service.general.inventory.preprovision.PreProvisionInventoryEntity;
import com.sds.emm.emmagent.core.event.internal.agent.EMMAgentUpdateEventListener;
import com.sds.emm.emmagent.core.event.internal.enroll.EMMEnrollEventListener;
import com.sds.emm.emmagent.core.event.internal.enroll.EMMUnenrollEventListener;
import com.sds.emm.emmagent.core.event.internal.workprofile.EMMWorkProfileCreatePrepareEventListener;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.jetbrains.annotations.NotNull;

@AndroidSdk(from = AGENT.v9.a.NATIVE_BASE)
/* loaded from: classes2.dex */
public final class a extends AGENT.ha.a<ExtractCertificatesFunctionEntity> implements EMMEnrollEventListener, EMMAgentUpdateEventListener, EMMWorkProfileCreatePrepareEventListener, EMMUnenrollEventListener {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: AGENT.jh.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public class C0078a extends AGENT.ef.a {
        final /* synthetic */ ExtractCertificatesFunctionEntity c;
        final /* synthetic */ List d;
        final /* synthetic */ Set e;

        /* renamed from: AGENT.jh.a$a$a, reason: collision with other inner class name */
        /* loaded from: classes2.dex */
        class C0079a implements X509TrustManager {
            C0079a() {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                try {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(C0078a.this.d);
                    X509Certificate x509Certificate = x509CertificateArr[0];
                    Collections.addAll(C0078a.this.d, x509CertificateArr);
                    X509CertSelector x509CertSelector = new X509CertSelector();
                    x509CertSelector.setCertificate(x509Certificate);
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) C0078a.this.e, x509CertSelector);
                    pKIXBuilderParameters.setRevocationEnabled(false);
                    C0078a c0078a = C0078a.this;
                    PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) c0078a.i(pKIXBuilderParameters, c0078a.e, c0078a.d, x509CertificateArr[0]);
                    CertPath certPath = pKIXCertPathBuilderResult.getCertPath();
                    List<? extends Certificate> certificates = certPath.getCertificates();
                    if (AGENT.ff.g.c(certificates)) {
                        return;
                    }
                    C0078a c0078a2 = C0078a.this;
                    c0078a2.l(pKIXBuilderParameters, certPath, c0078a2.e);
                    List j = C0078a.this.j(arrayList, pKIXCertPathBuilderResult, certificates);
                    if (AGENT.ff.g.c(j)) {
                        return;
                    }
                    C0078a.this.k(j, new File(AGENT.g9.a.a().getFilesDir(), AGENT.lp.d.e("bksfornox.keystore")));
                } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | CertPathBuilderException | CertPathValidatorException e) {
                    AGENT.ud.b.d(e);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }

        C0078a(ExtractCertificatesFunctionEntity extractCertificatesFunctionEntity, List list, Set set) {
            this.c = extractCertificatesFunctionEntity;
            this.d = list;
            this.e = set;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CertPathBuilderResult i(PKIXBuilderParameters pKIXBuilderParameters, Set<TrustAnchor> set, List<X509Certificate> list, X509Certificate x509Certificate) {
            new X509CertSelector().setCertificate(x509Certificate);
            pKIXBuilderParameters.setCertStores(Collections.singletonList(CertStore.getInstance("Collection", new CollectionCertStoreParameters(list))));
            return CertPathBuilder.getInstance(CertPathBuilder.getDefaultType()).build(pKIXBuilderParameters);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public List<Certificate> j(List<Certificate> list, PKIXCertPathBuilderResult pKIXCertPathBuilderResult, List<? extends Certificate> list2) {
            ArrayList arrayList = new ArrayList();
            if (list.contains(pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert())) {
                arrayList.add(pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert());
            }
            for (Certificate certificate : list2) {
                if (list.contains(certificate)) {
                    arrayList.add(certificate);
                }
            }
            return arrayList;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void k(List<? extends Certificate> list, File file) {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            FileOutputStream fileOutputStream = null;
            keyStore.load(null, null);
            Iterator<? extends Certificate> it = list.iterator();
            int i = 0;
            while (it.hasNext()) {
                i++;
                keyStore.setCertificateEntry("emmcert:" + i, it.next());
            }
            try {
                if (file.exists()) {
                    file.delete();
                    file.createNewFile();
                }
                FileOutputStream fileOutputStream2 = new FileOutputStream(file);
                try {
                    keyStore.store(fileOutputStream2, null);
                    try {
                        fileOutputStream2.close();
                    } catch (IOException e) {
                        AGENT.ud.b.d(e);
                    }
                } catch (Throwable th) {
                    fileOutputStream = fileOutputStream2;
                    th = th;
                    if (fileOutputStream == null) {
                        throw th;
                    }
                    try {
                        fileOutputStream.close();
                        throw th;
                    } catch (IOException e2) {
                        AGENT.ud.b.d(e2);
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                th = th2;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CertPathValidatorResult l(PKIXParameters pKIXParameters, CertPath certPath, Set<TrustAnchor> set) {
            return CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(certPath, pKIXParameters);
        }

        @Override // AGENT.ef.a
        public void c() {
            URL url;
            try {
                if (AGENT.op.g.d(this.c.I())) {
                    PreProvisionInventoryEntity preProvisionInventoryEntity = (PreProvisionInventoryEntity) AGENT.q9.n.u().K2(PreProvisionInventoryEntity.class);
                    url = new URL("https", preProvisionInventoryEntity.n0(), AGENT.pp.a.d(preProvisionInventoryEntity.o0()), "");
                } else {
                    url = new URL(this.c.I());
                }
                URLConnection openConnection = url.openConnection();
                if (openConnection instanceof HttpsURLConnection) {
                    C0079a c0079a = new C0079a();
                    SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
                    sSLContext.init(null, new TrustManager[]{c0079a}, null);
                    ((HttpsURLConnection) openConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                    openConnection.connect();
                }
            } catch (IOException e) {
                e = e;
                AGENT.ud.b.d(e);
            } catch (KeyManagementException e2) {
                e = e2;
                AGENT.ud.b.d(e);
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                AGENT.ud.b.d(e);
            }
        }
    }

    private boolean q(ExtractCertificatesFunctionEntity extractCertificatesFunctionEntity) {
        if (new File(AGENT.g9.a.a().getFilesDir(), AGENT.lp.d.e("bksfornox.keystore")).exists()) {
            return false;
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        try {
            s(hashSet, arrayList);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            AGENT.ud.b.d(e);
        }
        if (AGENT.ff.g.c(arrayList)) {
            return false;
        }
        new C0078a(extractCertificatesFunctionEntity, arrayList, hashSet).d("Extract-Certificate");
        return true;
    }

    private void s(Set<TrustAnchor> set, List<X509Certificate> list) {
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, null);
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                X509Certificate x509Certificate = (X509Certificate) ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                set.add(new TrustAnchor(x509Certificate, null));
                if (nextElement.startsWith("user:")) {
                    list.add(x509Certificate);
                }
            }
        }
    }

    @Override // com.sds.emm.emmagent.core.event.internal.agent.EMMAgentUpdateEventListener
    public void onAgentUpdated(String str, String str2, String str3, String str4, String str5) {
        q(new ExtractCertificatesFunctionEntity());
    }

    @Override // com.sds.emm.emmagent.core.event.internal.enroll.EMMEnrollEventListener
    public void onEnrolled(String str) {
        q(new ExtractCertificatesFunctionEntity());
    }

    @Override // com.sds.emm.emmagent.core.event.internal.workprofile.EMMWorkProfileCreatePrepareEventListener
    public void onKnoxContainerCreationRequested(String str, AGENT.oa.j jVar) {
    }

    @Override // com.sds.emm.emmagent.core.event.internal.workprofile.EMMWorkProfileCreatePrepareEventListener
    public void onKnoxContainerCreationStarted(@NotNull AGENT.pa.c cVar) {
        q(new ExtractCertificatesFunctionEntity());
    }

    @Override // com.sds.emm.emmagent.core.event.internal.workprofile.EMMWorkProfileCreatePrepareEventListener
    public void onKnoxContainerMakeInitialPolicyRequested() {
    }

    @Override // com.sds.emm.emmagent.core.event.internal.workprofile.EMMWorkProfileCreatePrepareEventListener
    public void onKnoxContainerPreCreated(int i) {
    }

    @Override // com.sds.emm.emmagent.core.event.internal.enroll.EMMUnenrollEventListener
    public void onUnenrolled(AGENT.pb.c cVar) {
        File file = new File(AGENT.g9.a.a().getFilesDir(), AGENT.lp.d.e("bksfornox.keystore"));
        if (file.exists()) {
            file.delete();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // AGENT.ha.a
    /* renamed from: r, reason: merged with bridge method [inline-methods] */
    public AGENT.w9.a o(com.sds.emm.emmagent.core.logger.b bVar, ExtractCertificatesFunctionEntity extractCertificatesFunctionEntity) {
        return q(extractCertificatesFunctionEntity) ? AGENT.w9.a.PENDING : AGENT.w9.a.SUCCESS;
    }
}
