package net.soti.mobicontrol.cert;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.EnterpriseVpnPolicy;
import android.content.Context;
import android.os.Build;
import com.google.common.base.Optional;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ExecutorService;
import javax.inject.Inject;
import javax.inject.Singleton;
import net.soti.comm.McEvent;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.admin.DeviceAdministrationManager;
import net.soti.mobicontrol.cert.PendingCertificateStore;
import net.soti.mobicontrol.common.R;
import net.soti.mobicontrol.device.AndroidPlatform;
import net.soti.mobicontrol.device.security.KeyStoreLockManager;
import net.soti.mobicontrol.device.security.KeyStoreState;
import net.soti.mobicontrol.ds.message.DsMessage;
import net.soti.mobicontrol.ds.message.LogLevel;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.messagebus.Message;
import net.soti.mobicontrol.messagebus.MessageBus;
import net.soti.mobicontrol.messagebus.Subscribe;
import net.soti.mobicontrol.messagebus.Subscriber;
import net.soti.mobicontrol.messagebus.To;
import net.soti.mobicontrol.pendingaction.PendingAction;
import net.soti.mobicontrol.pendingaction.PendingActionManager;
import net.soti.mobicontrol.pendingaction.PendingActionType;
import org.jetbrains.annotations.Nullable;

@Singleton
@Subscriber
/* loaded from: classes.dex */
public class SamsungCertificateManager extends BaseCertificateManager {
    private final DeviceAdministrationManager adminManager;
    private final Context context;
    private final CertificateDataStorage dataStorage;
    private final CertificateMetadataStorage dbStorage;
    private final EnterpriseVpnPolicy enterpriseVpnPolicy;
    private final ExecutorService executorService;
    private final MessageBus messageBus;
    private final PendingActionManager pendingActionManager;
    private final PendingCertificateStore pendingCertificateStore;
    private final CertificateStorageSync storageSync;

    @Inject
    public SamsungCertificateManager(CredentialStorageManager credentialStorageManager, KeyStoreLockManager keyStoreLockManager, EnterpriseVpnPolicy enterpriseVpnPolicy, DeviceAdministrationManager deviceAdministrationManager, CertificateMetadataStorage certificateMetadataStorage, CertificateDataStorage certificateDataStorage, CertificateStorageSync certificateStorageSync, PendingCertificateStore pendingCertificateStore, PendingActionManager pendingActionManager, ExecutorService executorService, MessageBus messageBus, Context context, Logger logger) {
        super(keyStoreLockManager, credentialStorageManager, certificateMetadataStorage, certificateDataStorage, pendingCertificateStore, messageBus, context, logger);
        this.adminManager = deviceAdministrationManager;
        this.dbStorage = certificateMetadataStorage;
        this.dataStorage = certificateDataStorage;
        this.pendingCertificateStore = pendingCertificateStore;
        this.pendingActionManager = pendingActionManager;
        this.executorService = executorService;
        this.storageSync = certificateStorageSync;
        this.enterpriseVpnPolicy = enterpriseVpnPolicy;
        this.messageBus = messageBus;
        this.context = context;
    }

    private boolean dirtyCertificateDeletion(CertificateMetadata certificateMetadata, String str, String str2) {
        getLogger().warn("[%s][deleteCertificate] : delete certificate in dirty way ...", getClass());
        byte[] data = this.dataStorage.getData(certificateMetadata);
        if (data == null) {
            getLogger().warn("[%s][deleteCertificate] : data is null. nothing to delete");
            return true;
        }
        String password = this.dataStorage.getPassword(certificateMetadata);
        if (password == null) {
            getLogger().warn("[%s][deleteCertificate] : password is null. nothing to delete");
            return true;
        }
        String certificateType = CertificateHelper.getCertificateType(data, password);
        String formatAlias = CertInstallHandler.formatAlias(certificateMetadata.getAlias());
        certificateMetadata.setAlias(formatAlias);
        super.doCertificateInstallation(data, certificateType, password, certificateMetadata, formatAlias);
        return super.deleteCertificate(str, str2);
    }

    private CertificateInfo findCertificateInfo(byte[] bArr) {
        List<CertificateInfo> clientCertificates = this.enterpriseVpnPolicy.getClientCertificates("anyconnect");
        if (clientCertificates == null) {
            return null;
        }
        for (CertificateInfo certificateInfo : clientCertificates) {
            if (Arrays.equals(toArrayOfByte(certificateInfo), bArr)) {
                return certificateInfo;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void installPendingCertificates2() {
        PendingCertificateStore.PendingCertificate pendingCertificate = null;
        for (PendingCertificateStore.PendingCertificate pendingCertificate2 : this.pendingCertificateStore.getPendingCertificates()) {
            if (pendingCertificate2.isNotSilent() && pendingCertificate2.hasPrivateKey()) {
                pendingCertificate = pendingCertificate2;
            } else {
                this.pendingCertificateStore.removePendingCertificate(pendingCertificate2.getIssuerDn(), pendingCertificate2.getSerialNumber());
                addCertificate(pendingCertificate2.getAlias(), pendingCertificate2.getCertificate(), pendingCertificate2.getCertificateType(), pendingCertificate2.getPassword(), pendingCertificate2.getInstallationType());
            }
        }
        if (pendingCertificate != null) {
            showInstallationUI(pendingCertificate);
        }
    }

    private boolean showInstallationUI(PendingCertificateStore.PendingCertificate pendingCertificate) {
        Logger logger = getLogger();
        KeyStoreState keyStoreState = getKeyStoreLockManager().getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            logger.warn("[cert][%s][addCertificate] Certificate storage is unusable. State[%s]", getTag(), keyStoreState);
        } else if (getCredentialStorageManager().isCertificateInstalled(pendingCertificate.getAlias())) {
            logger.warn("[cert][%s][addCertificate] Certificate already installed, performing CERT sync ..", getTag());
            performCertificateSync();
        } else {
            CertInstallHandler.install(this.context, logger, pendingCertificate.getAlias(), pendingCertificate.getPassword());
        }
        return true;
    }

    private byte[] toArrayOfByte(CertificateInfo certificateInfo) {
        try {
            return certificateInfo.getCertificate().getEncoded();
        } catch (CertificateEncodingException e) {
            return new byte[0];
        }
    }

    protected void addCertToPendingList(byte[] bArr, String str, String str2, String str3, String str4, String str5, @Nullable byte[] bArr2, @Nullable byte[] bArr3, String str6) {
        addForPendingInstall(bArr, str, str2, str3, str4, str5, bArr2, bArr3, str6);
        if (this.pendingActionManager.getPendingActionsByType(PendingActionType.INSTALL_CERTIFICATE).isEmpty()) {
            this.pendingActionManager.add(new PendingAction(PendingActionType.INSTALL_CERTIFICATE, this.context.getString(R.string.pending_certificate_installation_label), this.context.getString(R.string.pending_certificate_installation_detail)));
        }
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:31:0x016e -> B:29:0x0177). Please report as a decompilation issue!!! */
    @Override // net.soti.mobicontrol.cert.BaseCertificateManager, net.soti.mobicontrol.cert.CertificateManager
    public boolean addCertificate(String str, byte[] bArr, String str2, String str3, String str4) {
        boolean z;
        CertInstallHandler certInstallHandler;
        Logger logger = getLogger();
        Optional<CertificateMetadata> fromRawData = CertificateHelper.fromRawData(bArr, str3);
        if (!fromRawData.isPresent()) {
            logger.error("[cert][%s][addCertificate] Cannot convert data into cert object fileName[%s]", getTag(), str);
            this.messageBus.sendMessageSilently(DsMessage.make(this.context.getString(R.string.certificate_install_fail, this.context.getString(R.string.unknown) + " {" + str + "}"), McEvent.DEVICE_ERROR, LogLevel.ERROR));
            return false;
        }
        CertificateMetadata certificateMetadata = fromRawData.get();
        String alias = certificateMetadata.getAlias();
        if (this.credentialStorageManager.isCertificateInstalled(alias)) {
            logger.warn("[cert][%s][addCertificate] Certificate already installed, performing CERT sync ..", getTag());
            performCertificateSync();
            return true;
        }
        String certificateType = CertificateHelper.getCertificateType(bArr, str3);
        String str5 = str2;
        if (!certificateType.equals(str2)) {
            str5 = certificateType;
            logger.warn("[cert][%s][addCertificate] Corrected Certificate type to %s", getTag(), certificateType);
        }
        boolean z2 = false;
        KeyStoreState keyStoreState = getKeyStoreLockManager().getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            logger.warn("[cert][%s][addCertificate] Certificate storage is unusable. State[%s]", getTag(), keyStoreState);
            z2 = true;
        }
        if (!PendingCertificateStore.SILENT_INSTALL_TYPE.equalsIgnoreCase(str4) && str5.equalsIgnoreCase(CertificateHelper.PKCS12)) {
            try {
                certInstallHandler = new CertInstallHandler(logger, ByteBuffer.wrap(bArr), str3);
            } catch (CertificateException e) {
                logger.error("Exception", e);
            }
            if (certInstallHandler.hasPrivateKey()) {
                if (Build.VERSION.SDK_INT < AndroidPlatform.ICE_CREAM_SANDWICH.getVersion()) {
                    logger.error("[ImportCertificateCommand][execute] feature is not supported for [%s]", certificateMetadata.getSerialNumber());
                    this.messageBus.sendMessageSilently(DsMessage.make("", McEvent.FEATURE_NOT_SUPPORTED, LogLevel.ERROR));
                    z = false;
                } else {
                    String commonName = CertificateHelper.getCommonName(certificateMetadata.getIssuerDN());
                    String serialNumber = certificateMetadata.getSerialNumber();
                    installCaCertificateFromChain(certInstallHandler.getCertificateChain(), alias);
                    addCertToPendingList(bArr, str5, str3, commonName, serialNumber, alias, certInstallHandler.getPublicKey(), certInstallHandler.getPrivateKey(), str4);
                    z = true;
                }
                return z;
            }
        } else if (z2) {
            addForPendingInstall(bArr, str5, str3, CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber(), alias, null, null, str4);
        } else {
            doCertificateInstallation(bArr, str5, str3, certificateMetadata, alias);
        }
        z = true;
        return z;
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager, net.soti.mobicontrol.cert.CertificateManager
    public boolean deleteCertificate(String str, String str2) {
        if (super.deleteCertificate(str, str2)) {
            return true;
        }
        CertificateMetadata findCertificate = this.dbStorage.findCertificate(str, str2);
        if (findCertificate == null || !dirtyCertificateDeletion(findCertificate, str, str2)) {
            return false;
        }
        this.dbStorage.removeCertificate(findCertificate);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    public boolean doCertificateInstallation(byte[] bArr, String str, String str2, CertificateMetadata certificateMetadata, String str3) {
        Logger logger = getLogger();
        if (str.equals(CertificateHelper.PKCS12) && findCertificateInfo(bArr) == null) {
            if (this.enterpriseVpnPolicy.installClientCertificate("anyconnect", bArr, str2)) {
                logger.debug("[%s] Installed CERT with alias {%s} into the AnyConnect VPN keystore", getClass().getSimpleName(), str3);
            } else {
                logger.error("[%s] Failed to install CERT with alias {%s} into the AnyConnect VPN keystore", getClass().getSimpleName(), str3);
            }
        }
        return super.doCertificateInstallation(bArr, str, str2, certificateMetadata, str3);
    }

    public void installCaCertificateFromChain(Certificate[] certificateArr, String str) {
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (CertificateHelper.isCA(x509Certificate)) {
                try {
                    this.credentialStorageManager.installCertificate(str, x509Certificate.getEncoded(), CertificateHelper.CA_CERTIFICATE, "");
                } catch (CertificateEncodingException e) {
                    getLogger().error("[%s][installCertificateChain] error :", e);
                }
            }
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void onCredentialStorageUnlocked() {
        this.executorService.submit(new Runnable() { // from class: net.soti.mobicontrol.cert.SamsungCertificateManager.1
            @Override // java.lang.Runnable
            public void run() {
                SamsungCertificateManager.this.pendingActionManager.deleteByType(PendingActionType.CREDENTIAL_STORAGE_UNLOCK);
                SamsungCertificateManager.this.installPendingCertificates2();
            }
        });
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void performCertificateSync() {
        this.storageSync.sync();
    }

    @Subscribe({@To(Messages.Destinations.LIFECYCLE_POST_STARTUP)})
    public void receiveLifePostStartup(Message message) {
        if (message.isSameDestination(Messages.Destinations.DEVICE_ADMINISTRATOR_ON_ENABLED) && this.adminManager.isAdminActive()) {
            this.storageSync.sync();
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void removePendingActions() {
        this.pendingActionManager.deleteByType(PendingActionType.INSTALL_CERTIFICATE);
    }
}
