package net.soti.mobicontrol.cert;

import android.content.Context;
import com.google.common.base.Optional;
import java.util.List;
import net.soti.comm.McEvent;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.cert.PendingCertificateStore;
import net.soti.mobicontrol.common.R;
import net.soti.mobicontrol.device.security.KeyStoreLockManager;
import net.soti.mobicontrol.device.security.KeyStoreState;
import net.soti.mobicontrol.ds.message.DsMessage;
import net.soti.mobicontrol.ds.message.LogLevel;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.messagebus.Message;
import net.soti.mobicontrol.messagebus.MessageBus;
import net.soti.mobicontrol.messagebus.Subscribe;
import net.soti.mobicontrol.messagebus.Subscriber;
import net.soti.mobicontrol.messagebus.To;
import net.soti.mobicontrol.service.ServiceCommand;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Subscriber
/* loaded from: classes.dex */
public abstract class BaseCertificateManager implements CertificateManager {
    private final CertificateMetadataStorage certificateMetadataStorage;
    private final Context context;
    protected final CredentialStorageManager credentialStorageManager;
    private final CertificateDataStorage dataStorage;
    private final KeyStoreLockManager keyStoreLockManager;
    private final Logger logger;
    private final MessageBus messageBus;
    private final PendingCertificateStore pendingCertificateStore;

    public BaseCertificateManager(KeyStoreLockManager keyStoreLockManager, CredentialStorageManager credentialStorageManager, CertificateMetadataStorage certificateMetadataStorage, CertificateDataStorage certificateDataStorage, PendingCertificateStore pendingCertificateStore, MessageBus messageBus, Context context, Logger logger) {
        this.keyStoreLockManager = keyStoreLockManager;
        this.credentialStorageManager = credentialStorageManager;
        this.certificateMetadataStorage = certificateMetadataStorage;
        this.dataStorage = certificateDataStorage;
        this.pendingCertificateStore = pendingCertificateStore;
        this.messageBus = messageBus;
        this.context = context;
        this.logger = logger;
    }

    private void addForPendingInstall(byte[] bArr, String str, String str2, String str3, String str4) {
        addForPendingInstall(bArr, str, str2, str3, str4, CertificateHelper.createAlias(str3, str4), null, null, PendingCertificateStore.SILENT_INSTALL_TYPE);
    }

    private void checkInCertificateStorage(CertificateMetadata certificateMetadata, byte[] bArr, String str) {
        if (this.certificateMetadataStorage.findCertificate(CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber()) == null) {
            this.certificateMetadataStorage.addCertificate(certificateMetadata);
            this.dataStorage.storeData(certificateMetadata, bArr, str);
        }
    }

    private String getActualCertificateType(String str, String str2) {
        if (str2.equals(str)) {
            return str;
        }
        this.logger.warn("[cert][%s][addCertificate] Corrected Certificate type to %s", getTag(), str2);
        return str2;
    }

    @Nullable
    private CertificateMetadata getCertificateMetadata(@NotNull Optional<CertificateMetadata> optional) {
        return optional.orNull();
    }

    private boolean isCertificateAlreadyInstalled(byte[] bArr, String str, CertificateMetadata certificateMetadata, String str2) {
        if (!this.credentialStorageManager.isCertificateInstalled(str2)) {
            return false;
        }
        this.logger.warn("[cert][%s][addCertificate] Certificate already installed, performing CERT sync ..", getTag());
        checkInCertificateStorage(certificateMetadata, bArr, str);
        performCertificateSync();
        return true;
    }

    private boolean isCredentialStorageUsable(byte[] bArr, String str, String str2, CertificateMetadata certificateMetadata) {
        KeyStoreState keyStoreState = this.keyStoreLockManager.getKeyStoreState();
        if (keyStoreState == KeyStoreState.USABLE) {
            return true;
        }
        this.logger.warn("[cert][%s][addCertificate] Certificate storage is unusable. State[%s]", getTag(), keyStoreState);
        addForPendingInstall(bArr, str, str2, CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber());
        return false;
    }

    private boolean isMetadataPresent(String str, Optional<CertificateMetadata> optional) {
        if (optional.isPresent()) {
            return true;
        }
        this.logger.warn("[%s][addCertificate] Cannot read X509 certificate from raw data, probably it is CERT, \nconstructed alias from CERT name as %s", getTag(), str);
        this.messageBus.sendMessageSilently(DsMessage.make(this.context.getString(R.string.certificate_install_fail, this.context.getString(R.string.unknown) + " {" + str + "}"), McEvent.DEVICE_ERROR, LogLevel.ERROR));
        return false;
    }

    private void notifySuccessfulInstallation() {
        this.logger.warn("[BaseCertificateManager][notifySuccessfulInstallation] Sending device info");
        this.messageBus.sendMessageSilently(ServiceCommand.SEND_DEVICEINFO.asMessage());
    }

    private void removePendingActionIfAllHaveBeenInstalled() {
        if (this.pendingCertificateStore.getPendingCertificates().isEmpty()) {
            removePendingActions();
        }
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public boolean addCertificate(String str, byte[] bArr, String str2, String str3, String str4) {
        Optional<CertificateMetadata> certificateMetaData = getCertificateMetaData(bArr, str3);
        if (!isMetadataPresent(str, certificateMetaData)) {
            return false;
        }
        CertificateMetadata certificateMetadata = getCertificateMetadata(certificateMetaData);
        if (certificateMetadata == null) {
            this.logger.warn("[BaseCertificateManager][addCertificate] No certificate metadata found");
            return false;
        }
        String alias = certificateMetadata.getAlias();
        if (!isCredentialStorageUsable(bArr, str2, str3, certificateMetadata)) {
            return false;
        }
        if (isCertificateAlreadyInstalled(bArr, str3, certificateMetadata, alias)) {
            return true;
        }
        boolean doCertificateInstallation = doCertificateInstallation(bArr, getActualCertificateType(str2, CertificateHelper.getCertificateType(bArr, str3)), str3, certificateMetadata, alias);
        if (!doCertificateInstallation) {
            addForPendingInstall(bArr, str2, str3, CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber());
        }
        removePendingActionIfAllHaveBeenInstalled();
        return doCertificateInstallation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addForPendingInstall(byte[] bArr, String str, String str2, String str3, String str4, String str5, @Nullable byte[] bArr2, @Nullable byte[] bArr3, String str6) {
        if (this.pendingCertificateStore.findPendingCertificate(str3, str4) == null) {
            this.logger.info("[%s][addForPendingInstall] Storing cert '%s-%s' for later installation", getTag(), str3, str4);
            this.pendingCertificateStore.addPendingCertificate(str3, str4, bArr, str, str2, str5, bArr2, bArr3, str6);
        } else {
            this.logger.info("[BaseCertificateManager][addForPendingInstall] Certificate '%s-%s' is already in pending storage", str3, str4);
        }
        if (this.keyStoreLockManager.getKeyStoreState() != KeyStoreState.USABLE) {
            this.logger.warn("[%s][addForPendingInstall] Requesting credential storage to be unlocked!", getTag());
            this.keyStoreLockManager.requestUnlock(false);
        }
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public boolean deleteCertificate(String str, String str2) {
        this.pendingCertificateStore.removePendingCertificate(str, str2);
        if (this.pendingCertificateStore.getPendingCertificates().isEmpty()) {
            this.keyStoreLockManager.cancelUnlock();
            removePendingActions();
        }
        try {
            CertificateMetadata findCertificate = this.certificateMetadataStorage.findCertificate(str, str2);
            if (findCertificate == null) {
                this.logger.warn("[cert][%s][deleteCertificate] Nothing to delete cert[%s]", getTag(), str2);
                return false;
            }
            if (!this.credentialStorageManager.removeCertificate(findCertificate.getAlias(), false) && !this.credentialStorageManager.removeCertificate(findCertificate.getAlias(), true)) {
                this.logger.error("[cert][%s][deleteCertificate] Failed to delete certificate [%s]", getTag(), findCertificate.getAlias());
                return false;
            }
            this.logger.info("[cert][%s][deleteCertificate] Certificate deleted [%s]", getTag(), str2);
            this.certificateMetadataStorage.removeCertificate(findCertificate);
            return true;
        } catch (Exception e) {
            this.logger.error(String.format("[cert][%s][deleteCertificate] General error in deleting CERT", getTag()), e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doCertificateInstallation(byte[] bArr, String str, String str2, CertificateMetadata certificateMetadata, String str3) {
        if (!this.credentialStorageManager.installCertificate(str3, bArr, str, str2)) {
            return false;
        }
        this.certificateMetadataStorage.addCertificate(certificateMetadata);
        this.dataStorage.storeData(certificateMetadata, bArr, str2);
        notifySuccessfulInstallation();
        return true;
    }

    protected Optional<CertificateMetadata> getCertificateMetaData(byte[] bArr, String str) {
        return CertificateHelper.fromRawData(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CredentialStorageManager getCredentialStorageManager() {
        return this.credentialStorageManager;
    }

    public KeyStoreLockManager getKeyStoreLockManager() {
        return this.keyStoreLockManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Logger getLogger() {
        return this.logger;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTag() {
        return getClass().getSimpleName();
    }

    protected void installPendingCertificates() {
        List<PendingCertificateStore.PendingCertificate> pendingCertificates = this.pendingCertificateStore.getPendingCertificates();
        if (!this.pendingCertificateStore.isCertificatePolicyEnabled()) {
            this.logger.warn("[%s] Cancelled pending CERTs as policy is disabled!", getTag());
            this.pendingCertificateStore.clearPendingCertificates();
            this.keyStoreLockManager.cancelUnlock();
            return;
        }
        KeyStoreState keyStoreState = this.keyStoreLockManager.getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            if (pendingCertificates.isEmpty()) {
                return;
            }
            this.logger.warn("[%s] Cannot install pending CERTs, storage status=%s", getTag(), keyStoreState);
            this.logger.debug("[%s] Requesting storage unlock ..", getTag());
            this.keyStoreLockManager.requestUnlock(false);
            return;
        }
        this.keyStoreLockManager.cancelUnlock();
        if (pendingCertificates.isEmpty()) {
            return;
        }
        this.logger.debug("[%s] Installing pending CERTs, count=%s", getTag(), Integer.valueOf(pendingCertificates.size()));
        for (PendingCertificateStore.PendingCertificate pendingCertificate : pendingCertificates) {
            if (!addCertificate(CertificateHelper.createAlias(CertificateHelper.getCommonName(pendingCertificate.getIssuerDn()), pendingCertificate.getSerialNumber()), pendingCertificate.getCertificate(), pendingCertificate.getCertificateType(), pendingCertificate.getPassword(), pendingCertificate.getInstallationType())) {
                this.logger.error("[%s][addCertificate] Failed to install certificate with alias '%s'", getTag(), pendingCertificate.getAlias());
                this.messageBus.sendMessageSilently(DsMessage.make(this.context.getString(R.string.certificate_install_fail, pendingCertificate.getAlias()), McEvent.DEVICE_ERROR, LogLevel.ERROR));
            }
        }
        this.pendingCertificateStore.clearPendingCertificates();
        this.logger.warn("[%s] Cleared pending CERTs ..", getTag());
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public List<CertificateMetadata> listCertificates() {
        return this.certificateMetadataStorage.getCertificates();
    }

    protected abstract void onCredentialStorageUnlocked();

    protected abstract void performCertificateSync();

    @Subscribe({@To(Messages.Destinations.DEVICE_ADMINISTRATOR_PASSWORD_SET), @To(Messages.Destinations.BROADCAST_USER_PRESENT), @To(Messages.Destinations.CREDENTIALS_STORAGE_PASSWORD_SET)})
    public void receive(Message message) {
        getLogger().debug("[%s][receive] Got message: %s", getTag(), message);
        if (getKeyStoreLockManager().isKeyStoreUnlocked()) {
            onCredentialStorageUnlocked();
        }
    }

    protected abstract void removePendingActions();
}
