package net.soti.mobicontrol.cert;

import android.content.Context;
import com.google.common.base.Optional;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ExecutorService;
import javax.inject.Inject;
import javax.inject.Singleton;
import net.soti.GeneratedEnums;
import net.soti.comm.McEvent;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.admin.DeviceAdministrationManager;
import net.soti.mobicontrol.cert.PendingCertificateStore;
import net.soti.mobicontrol.device.security.KeyStoreLockManager;
import net.soti.mobicontrol.device.security.KeyStoreState;
import net.soti.mobicontrol.ds.message.DsMessage;
import net.soti.mobicontrol.ds.message.LogLevel;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.messagebus.Message;
import net.soti.mobicontrol.messagebus.MessageBus;
import net.soti.mobicontrol.messagebus.Subscribe;
import net.soti.mobicontrol.messagebus.Subscriber;
import net.soti.mobicontrol.messagebus.To;
import net.soti.mobicontrol.pendingaction.PendingAction;
import net.soti.mobicontrol.pendingaction.PendingActionManager;
import net.soti.mobicontrol.pendingaction.PendingActionType;
import net.soti.mobicontrol.samsung.mdm2x.R;
import org.jetbrains.annotations.Nullable;

@Singleton
@Subscriber
/* loaded from: classes.dex */
public class SamsungCertificateManager extends BaseCertificateManager {
    private final DeviceAdministrationManager a;
    private final PendingCertificateStore b;
    private final PendingActionManager c;
    private final ExecutorService d;
    private final CertificateStorageSync e;
    private final SamsungAnyConnectVpnCertificateManager f;
    private final MessageBus g;
    private final Context h;
    private final CertificateMetadataStorage i;
    private final CertificateDataStorage j;
    private final CertificateParametersProvider k;

    @Inject
    public SamsungCertificateManager(CredentialStorageManager credentialStorageManager, KeyStoreLockManager keyStoreLockManager, SamsungAnyConnectVpnCertificateManager samsungAnyConnectVpnCertificateManager, DeviceAdministrationManager deviceAdministrationManager, CertificateMetadataStorage certificateMetadataStorage, CertificateDataStorage certificateDataStorage, CertificateStorageSync certificateStorageSync, PendingCertificateStore pendingCertificateStore, PendingActionManager pendingActionManager, ExecutorService executorService, MessageBus messageBus, Context context, CertificateParametersProvider certificateParametersProvider, Logger logger) {
        super(keyStoreLockManager, credentialStorageManager, certificateMetadataStorage, certificateDataStorage, pendingCertificateStore, messageBus, context, certificateParametersProvider, logger);
        this.a = deviceAdministrationManager;
        this.i = certificateMetadataStorage;
        this.j = certificateDataStorage;
        this.b = pendingCertificateStore;
        this.c = pendingActionManager;
        this.d = executorService;
        this.e = certificateStorageSync;
        this.g = messageBus;
        this.h = context;
        this.k = certificateParametersProvider;
        this.f = samsungAnyConnectVpnCertificateManager;
    }

    private boolean a(CertificateMetadata certificateMetadata, String str, String str2) {
        getLogger().warn("[SamsungCertificateManager][dirtyCertificateDeletion] : delete certificate in dirty way ...");
        byte[] data = this.j.getData(certificateMetadata);
        if (data == null) {
            getLogger().warn("[SamsungCertificateManager][dirtyCertificateDeletion] : data is null. nothing to delete");
            return true;
        }
        String password = this.j.getPassword(certificateMetadata);
        if (password == null) {
            getLogger().warn("[SamsungCertificateManager][dirtyCertificateDeletion] : password is null. nothing to delete");
            return true;
        }
        CertificateType certificateType = CertificateHelper.getCertificateType(data, password);
        String formatAlias = CertInstallHandler.formatAlias(certificateMetadata.getAlias());
        certificateMetadata.setAlias(formatAlias);
        super.doCertificateInstallation(data, certificateType, password, certificateMetadata, formatAlias);
        return super.deleteCertificate(str, str2);
    }

    private boolean a(PendingCertificateStore.PendingCertificate pendingCertificate) {
        Logger logger = getLogger();
        KeyStoreState keyStoreState = getKeyStoreLockManager().getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            logger.warn("[SamsungCertificateManager][showInstallationUI][cert] Certificate storage is unusable. State[%s]", keyStoreState);
            return true;
        }
        if (!getCredentialStorageManager().isCertificateInstalled(pendingCertificate.getAlias())) {
            CertInstallHandler.install(this.h, logger, pendingCertificate.getAlias(), pendingCertificate.getPassword());
            return true;
        }
        logger.warn("[SamsungCertificateManager][showInstallationUI][cert] Certificate already installed, performing CERT sync ..");
        performCertificateSync();
        return true;
    }

    private boolean a(byte[] bArr, String str, CertificateMetadata certificateMetadata, String str2, CertificateType certificateType, CertInstallHandler certInstallHandler) {
        String commonName = CertificateHelper.getCommonName(certificateMetadata.getIssuerDN());
        String serialNumber = certificateMetadata.getSerialNumber();
        installCaCertificateFromChain(certInstallHandler.getCertificateChain(), str2);
        addCertToPendingList(bArr, certificateType, str, commonName, serialNumber, str2, certInstallHandler.getPublicKey(), certInstallHandler.getPrivateKey(), PendingCertificateStore.UI_INSTALL_TYPE);
        return true;
    }

    boolean a(String str, CertificateType certificateType) {
        return !PendingCertificateStore.SILENT_INSTALL_TYPE.equalsIgnoreCase(str) && certificateType == CertificateType.PKCS12;
    }

    protected void addCertToPendingList(byte[] bArr, CertificateType certificateType, String str, String str2, String str3, String str4, @Nullable byte[] bArr2, @Nullable byte[] bArr3, String str5) {
        addForPendingInstall(bArr, certificateType, str, str2, str3, str4, bArr2, bArr3, str5);
        if (this.c.getPendingActionsByType(PendingActionType.INSTALL_CERTIFICATE).isEmpty()) {
            this.c.add(new PendingAction(PendingActionType.INSTALL_CERTIFICATE, this.h.getString(R.string.pending_certificate_installation_label), this.h.getString(R.string.pending_certificate_installation_detail)));
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager, net.soti.mobicontrol.cert.CertificateManager
    public boolean addCertificate(CertificateParameters certificateParameters) {
        CertificateType certificateType;
        String certPath = certificateParameters.getCertPath();
        byte[] data = certificateParameters.getData();
        String certPassword = certificateParameters.getCertPassword();
        Logger logger = getLogger();
        Optional<CertificateMetadata> fromRawData = CertificateHelper.fromRawData(data, certPassword);
        boolean z = false;
        if (!fromRawData.isPresent()) {
            logger.error("[SamsungCertificateManager][addCertificate][cert] Cannot convert data into cert object fileName[%s]", certPath);
            this.g.sendMessageSilently(DsMessage.make(this.h.getString(R.string.certificate_install_fail, this.h.getString(R.string.unknown) + " {" + certPath + "}"), McEvent.DEVICE_ERROR, LogLevel.ERROR));
            return false;
        }
        CertificateMetadata certificateMetadata = fromRawData.get();
        String alias = certificateMetadata.getAlias();
        if (this.credentialStorageManager.isCertificateInstalled(alias)) {
            logger.warn("[SamsungCertificateManager][addCertificate][cert] Certificate already installed, performing CERT sync ..");
            performCertificateSync();
            return true;
        }
        CertificateType certType = certificateParameters.getCertType();
        CertificateType certificateType2 = CertificateHelper.getCertificateType(data, certPassword);
        if (certificateType2 != certType) {
            logger.warn("[SamsungCertificateManager][addCertificate][cert] Corrected Certificate type to %s", certificateType2);
            certificateType = certificateType2;
        } else {
            certificateType = certType;
        }
        KeyStoreState keyStoreState = getKeyStoreLockManager().getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            logger.warn("[SamsungCertificateManager][addCertificate][cert] Certificate storage is unusable. State[%s]", keyStoreState);
            z = true;
        }
        String installType = certificateParameters.getInstallType();
        if (a(installType, certificateType)) {
            try {
                CertInstallHandler certInstallHandler = new CertInstallHandler(logger, ByteBuffer.wrap(data), certPassword);
                if (certInstallHandler.hasPrivateKey()) {
                    return a(data, certPassword, certificateMetadata, alias, certificateType, certInstallHandler);
                }
            } catch (CertificateException e) {
                logger.error(GeneratedEnums.AndroidWorkGlobalHttpProxySectionConstants.EXCEPTIONS, e);
            }
        } else {
            if (!z) {
                return doCertificateInstallation(data, certificateType, certPassword, certificateMetadata, alias);
            }
            addForPendingInstall(data, certificateType, certPassword, CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber(), alias, null, null, installType);
        }
        return true;
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager, net.soti.mobicontrol.cert.CertificateManager
    public boolean deleteCertificate(String str, String str2) {
        if (super.deleteCertificate(str, str2)) {
            return true;
        }
        CertificateMetadata findCertificate = this.i.findCertificate(str, str2);
        if (findCertificate == null || !a(findCertificate, str, str2)) {
            return false;
        }
        this.i.removeCertificate(findCertificate);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    public boolean doCertificateInstallation(byte[] bArr, CertificateType certificateType, String str, CertificateMetadata certificateMetadata, String str2) {
        if (certificateType == CertificateType.PKCS12 && !this.f.findCertificateInfo(certificateMetadata)) {
            if (this.f.installClientCertificate(bArr, str)) {
                getLogger().debug("[SamsungCertificateManager][doCertificateInstallation] Installed CERT with alias {%s} into the AnyConnect VPN keystore", str2);
            } else {
                getLogger().debug("[SamsungCertificateManager][doCertificateInstallation] Failed to install %s with alias {%s} into the AnyConnect VPN keystore", certificateType, str2);
            }
        }
        return super.doCertificateInstallation(bArr, certificateType, str, certificateMetadata, str2);
    }

    public void installCaCertificateFromChain(Certificate[] certificateArr, String str) {
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (CertificateHelper.isCA(x509Certificate)) {
                try {
                    this.credentialStorageManager.installCertificate(str, x509Certificate.getEncoded(), CertificateType.CERT, "");
                } catch (CertificateEncodingException e) {
                    getLogger().error("[%s][installCertificateChain] error :", e);
                }
            }
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager, net.soti.mobicontrol.cert.CertificateManager
    public void installPendingCertificates() {
        PendingCertificateStore.PendingCertificate pendingCertificate = null;
        for (PendingCertificateStore.PendingCertificate pendingCertificate2 : this.b.getPendingCertificates()) {
            if (pendingCertificate2.isNotSilent() && pendingCertificate2.hasPrivateKey()) {
                pendingCertificate = pendingCertificate2;
            } else {
                this.b.removePendingCertificate(pendingCertificate2.getIssuerDn(), pendingCertificate2.getSerialNumber());
                addCertificate(this.k.get(pendingCertificate2.getAlias(), pendingCertificate2.getCertificate(), pendingCertificate2.getCertificateType(), pendingCertificate2.getPassword(), pendingCertificate2.getInstallationType()));
            }
        }
        if (pendingCertificate != null) {
            a(pendingCertificate);
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void onCredentialStorageUnlocked() {
        this.d.submit(new Runnable() { // from class: net.soti.mobicontrol.cert.SamsungCertificateManager.1
            @Override // java.lang.Runnable
            public void run() {
                SamsungCertificateManager.this.c.deleteByType(PendingActionType.CREDENTIAL_STORAGE_UNLOCK);
                SamsungCertificateManager.this.installPendingCertificates();
            }
        });
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void performCertificateSync() {
        this.e.sync();
    }

    @Subscribe({@To(Messages.Destinations.LIFECYCLE_POST_STARTUP)})
    public void receiveLifePostStartup(Message message) {
        if (message.isSameDestination(Messages.Destinations.DEVICE_ADMINISTRATOR_ON_ENABLED) && this.a.isAdminActive()) {
            performCertificateSync();
        }
    }

    @Override // net.soti.mobicontrol.cert.BaseCertificateManager
    protected void removePendingActions() {
        this.c.deleteByType(PendingActionType.INSTALL_CERTIFICATE);
    }
}
