package net.soti.mobicontrol.cert;

import android.content.Context;
import com.google.common.base.Optional;
import java.util.List;
import net.soti.comm.McEvent;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.cert.PendingCertificateStore;
import net.soti.mobicontrol.core.R;
import net.soti.mobicontrol.device.security.KeyStoreLockManager;
import net.soti.mobicontrol.device.security.KeyStoreState;
import net.soti.mobicontrol.ds.message.DsMessage;
import net.soti.mobicontrol.ds.message.LogLevel;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.messagebus.Message;
import net.soti.mobicontrol.messagebus.MessageBus;
import net.soti.mobicontrol.messagebus.Subscribe;
import net.soti.mobicontrol.messagebus.Subscriber;
import net.soti.mobicontrol.messagebus.To;
import net.soti.mobicontrol.service.ServiceCommand;
import net.soti.mobicontrol.util.StringUtils;
import org.jetbrains.annotations.Nullable;

@Subscriber
/* loaded from: classes.dex */
public abstract class BaseCertificateManager implements CertificateManager {
    private final CertificateMetadataStorage a;
    private final CertificateDataStorage b;
    private final PendingCertificateStore c;
    protected final CredentialStorageManager credentialStorageManager;
    private final KeyStoreLockManager d;
    private final MessageBus e;
    private final Context f;
    private final Logger g;
    private final CertificateParametersProvider h;

    public BaseCertificateManager(KeyStoreLockManager keyStoreLockManager, CredentialStorageManager credentialStorageManager, CertificateMetadataStorage certificateMetadataStorage, CertificateDataStorage certificateDataStorage, PendingCertificateStore pendingCertificateStore, MessageBus messageBus, Context context, CertificateParametersProvider certificateParametersProvider, Logger logger) {
        this.d = keyStoreLockManager;
        this.credentialStorageManager = credentialStorageManager;
        this.a = certificateMetadataStorage;
        this.b = certificateDataStorage;
        this.c = pendingCertificateStore;
        this.e = messageBus;
        this.f = context;
        this.h = certificateParametersProvider;
        this.g = logger;
    }

    private void a() {
        if (this.c.getPendingCertificates().isEmpty()) {
            this.g.warn("[BaseCertificateManager][removePendingActionIfAllHaveBeenInstalled] Remove Zombie pending action");
            removePendingActions();
        }
    }

    private void a(CertificateMetadata certificateMetadata, byte[] bArr, String str) {
        if (this.a.findCertificate(CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber()) == null) {
            this.a.addCertificate(certificateMetadata);
            this.b.storeData(certificateMetadata, bArr, str);
        }
    }

    private void a(byte[] bArr, CertificateType certificateType, String str, CertificateMetadata certificateMetadata, String str2) {
        addForPendingInstall(bArr, certificateType, str, CertificateHelper.getCommonName(certificateMetadata.getIssuerDN()), certificateMetadata.getSerialNumber(), str2, null, null, PendingCertificateStore.SILENT_INSTALL_TYPE);
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public boolean addCertificate(CertificateParameters certificateParameters) {
        String certPath = certificateParameters.getCertPath();
        byte[] data = certificateParameters.getData();
        String certPassword = certificateParameters.getCertPassword();
        this.g.debug("[BaseCertificateManager][addCertificate] begin");
        Optional<CertificateMetadata> certificateMetaData = getCertificateMetaData(data, certPassword);
        if (!isMetadataPresent(certPath, certificateMetaData)) {
            this.g.debug("[BaseCertificateManager][addCertificate] metadata is not present");
            return false;
        }
        CertificateMetadata orNull = certificateMetaData.orNull();
        if (orNull == null) {
            this.g.warn("[BaseCertificateManager][addCertificate] No certificate metadata found");
            return false;
        }
        CertificateType certType = certificateParameters.getCertType();
        String alias = certificateParameters.getAlias();
        if (StringUtils.isEmpty(alias)) {
            alias = orNull.getAlias();
        } else {
            orNull.setAlias(alias);
        }
        if (CertificateType.PKCS12.toString().equalsIgnoreCase(certType.toString()) && !isCredentialStorageUsable(data, certType, certPassword, orNull, alias)) {
            this.g.debug("[BaseCertificateManager][addCertificate] credential storage is not usable");
            return false;
        }
        if (isCertificateInstalled(alias)) {
            this.g.debug("[BaseCertificateManager][addCertificate] certificate already installed");
            synchronizeTrustStores(data, certPassword, orNull);
            return true;
        }
        CertificateType certificateType = CertificateHelper.getCertificateType(data, certPassword);
        if (certificateType != certType) {
            this.g.warn("[BaseCertificateManager][addCertificate] Corrected Certificate type to %s", certificateType);
        }
        boolean doCertificateInstallation = doCertificateInstallation(certPath, data, certificateType, certPassword, orNull, alias);
        this.g.debug("[BaseCertificateManager][addCertificate] certificate installation result: %s", Boolean.valueOf(doCertificateInstallation));
        if (!doCertificateInstallation) {
            a(data, certType, certPassword, orNull, alias);
        }
        a();
        return doCertificateInstallation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addForPendingInstall(byte[] bArr, CertificateType certificateType, String str, String str2, String str3, String str4, @Nullable byte[] bArr2, @Nullable byte[] bArr3, String str5) {
        if (this.c.findPendingCertificate(str2, str3).isPresent()) {
            this.g.info("[BaseCertificateManager][addForPendingInstall] Certificate '%s-%s' is already in pending storage", str2, str3);
        } else {
            this.g.info("[BaseCertificateManager][addForPendingInstall] Storing cert '%s-%s' for later installation", str2, str3);
            this.c.addPendingCertificate(str2, str3, bArr, certificateType, str, str4, bArr2, bArr3, str5);
        }
        if (this.d.getKeyStoreState() != KeyStoreState.USABLE) {
            this.g.warn("[BaseCertificateManager][addForPendingInstall] Requesting credential storage to be unlocked!");
            this.d.requestUnlock(false);
        }
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public boolean deleteCertificate(String str, String str2) {
        this.g.debug("[BaseCertificateManager][deleteCertificate] Issuer: %s, SN: %s", str, str2);
        this.c.removeAllPendingCertificates(str, str2);
        if (this.c.getPendingCertificates().isEmpty()) {
            this.d.cancelUnlock();
            removePendingActions();
        }
        try {
            CertificateMetadata findCertificate = this.a.findCertificate(str, str2);
            if (findCertificate != null) {
                return removeCertificate(str2, findCertificate);
            }
            this.g.warn("[BaseCertificateManager][deleteCertificate][cert] Nothing to delete cert[%s]", str2);
            return true;
        } catch (Exception e) {
            this.g.error("[BaseCertificateManager][deleteCertificate][cert] General error in deleting CERT", e);
            return false;
        }
    }

    protected boolean doCertificateInstallation(String str, byte[] bArr, CertificateType certificateType, String str2, CertificateMetadata certificateMetadata, String str3) {
        return doCertificateInstallation(bArr, certificateType, str2, certificateMetadata, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doCertificateInstallation(byte[] bArr, CertificateType certificateType, String str, CertificateMetadata certificateMetadata, String str2) {
        if (!this.credentialStorageManager.installCertificate(str2, bArr, certificateType, str)) {
            return false;
        }
        this.a.addCertificate(certificateMetadata);
        this.b.storeData(certificateMetadata, bArr, str);
        notifySuccessfulInstallation();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Optional<CertificateMetadata> getCertificateMetaData(byte[] bArr, String str) {
        return CertificateHelper.fromRawData(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CredentialStorageManager getCredentialStorageManager() {
        return this.credentialStorageManager;
    }

    public KeyStoreLockManager getKeyStoreLockManager() {
        return this.d;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Logger getLogger() {
        return this.g;
    }

    public MessageBus getMessageBus() {
        return this.e;
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public void installPendingCertificates() {
        List<PendingCertificateStore.PendingCertificate> pendingCertificates = this.c.getPendingCertificates();
        KeyStoreState keyStoreState = this.d.getKeyStoreState();
        if (keyStoreState != KeyStoreState.USABLE) {
            if (pendingCertificates.isEmpty()) {
                return;
            }
            this.g.warn("[BaseCertificateManager][installPendingCertificates] Cannot install pending CERTs, storage status=%s", keyStoreState);
            this.g.debug("[BaseCertificateManager][installPendingCertificates] Requesting storage unlock ..");
            this.d.requestUnlock(false);
            return;
        }
        this.d.cancelUnlock();
        if (pendingCertificates.isEmpty()) {
            return;
        }
        this.g.debug("[BaseCertificateManager][installPendingCertificates] Installing pending CERTs, count=%s", Integer.valueOf(pendingCertificates.size()));
        for (PendingCertificateStore.PendingCertificate pendingCertificate : pendingCertificates) {
            if (!addCertificate(this.h.get(pendingCertificate))) {
                this.g.error("[BaseCertificateManager][installPendingCertificates] Failed to install certificate with alias '%s'", pendingCertificate.getAlias());
                this.e.sendMessageSilently(DsMessage.make(this.f.getString(R.string.certificate_install_fail, pendingCertificate.getAlias()), McEvent.DEVICE_ERROR, LogLevel.ERROR));
            }
        }
        this.c.clearPendingCertificates();
        this.g.warn("[BaseCertificateManager][installPendingCertificates] Cleared pending CERTs ..");
    }

    protected boolean isCertificateInstalled(String str) {
        return this.credentialStorageManager.isCertificateInstalled(str);
    }

    protected boolean isCredentialStorageUsable(byte[] bArr, CertificateType certificateType, String str, CertificateMetadata certificateMetadata, String str2) {
        KeyStoreState keyStoreState = this.d.getKeyStoreState();
        if (keyStoreState == KeyStoreState.USABLE) {
            return true;
        }
        this.g.warn("[BaseCertificateManager][isCredentialStorageUsable][cert] Certificate storage is unusable. State[%s]", keyStoreState);
        a(bArr, certificateType, str, certificateMetadata, str2);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isMetadataPresent(String str, Optional<CertificateMetadata> optional) {
        if (optional.isPresent()) {
            return true;
        }
        this.g.warn("[BaseCertificateManager][isMetadataPresent] Cannot read X509 certificate from raw data, probably it is CERT, \n constructed alias from CERT name as %s", str);
        this.e.sendMessageSilently(DsMessage.make(this.f.getString(R.string.certificate_install_fail, this.f.getString(R.string.unknown) + " {" + str + "}"), McEvent.DEVICE_ERROR, LogLevel.ERROR));
        return false;
    }

    @Override // net.soti.mobicontrol.cert.CertificateManager
    public List<CertificateMetadata> listCertificates() {
        return this.a.getCertificates();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifySuccessfulInstallation() {
        this.g.warn("[BaseCertificateManager][notifySuccessfulInstallation] Sending device info");
        this.e.sendMessageSilently(ServiceCommand.SEND_DEVICEINFO.asMessage());
    }

    protected abstract void onCredentialStorageUnlocked();

    protected abstract void performCertificateSync();

    @Subscribe({@To(Messages.Destinations.DEVICE_ADMINISTRATOR_PASSWORD_SET), @To(Messages.Destinations.BROADCAST_USER_PRESENT), @To(Messages.Destinations.CREDENTIALS_STORAGE_PASSWORD_SET)})
    public void receive(Message message) {
        getLogger().debug("[BaseCertificateManager][receive] Got message: %s", message);
        if (getKeyStoreLockManager().isKeyStoreUnlocked()) {
            onCredentialStorageUnlocked();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean removeCertificate(String str, CertificateMetadata certificateMetadata) {
        String alias = certificateMetadata.getAlias();
        boolean z = this.credentialStorageManager.removeCertificate(alias, false) || this.credentialStorageManager.removeCertificate(alias, true);
        if (z) {
            this.g.info("[BaseCertificateManager][removeCertificate] Certificate deleted [%s] from storage", str);
            this.a.removeCertificate(certificateMetadata);
        } else {
            this.g.error("[BaseCertificateManager][removeCertificate] Failed to delete certificate [%s]", certificateMetadata.getAlias());
        }
        return z;
    }

    protected abstract void removePendingActions();

    /* JADX INFO: Access modifiers changed from: protected */
    public void synchronizeTrustStores(byte[] bArr, String str, CertificateMetadata certificateMetadata) {
        this.g.warn("[BaseCertificateManager][synchronizeTrustStores] Certificate already installed, performing CERT sync ..");
        a(certificateMetadata, bArr, str);
        performCertificateSync();
    }
}
