package com.airwatch.agent.profile.group;

import android.text.Html;
import com.airwatch.afw.lib.AfwApp;
import com.airwatch.agent.utility.ax;
import com.airwatch.agent.utility.bd;
import com.airwatch.agent.utility.bh;
import com.airwatch.bizlib.model.CertificateDefinitionAnchorApp;
import com.airwatch.g.a.b;
import com.airwatch.log.eventreporting.ActionConstants;
import com.airwatch.log.eventreporting.Category;
import com.airwatch.log.eventreporting.EventType;
import com.airwatch.log.eventreporting.LogEvent;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;

/* loaded from: classes.dex */
public class o extends com.airwatch.bizlib.profile.e {
    public static String[] a = {"PayloadCertificateUUID", "SMIMESigningCertificateUUID", "SMIMEEncryptionCertificateUUID", "SMIMECertPayloadUUID", "CAPayloadCertificateUUID", "CertificatePayloadUUID", "VPNServerPublicSSLUUID", "VPNServerPublicSslUuidList"};
    static com.airwatch.agent.f.a b = new com.airwatch.agent.f.a(AfwApp.d());
    private com.airwatch.afw.lib.contract.a c;

    public o() {
        super("Certificate", "com.airwatch.android.certificate");
        this.c = AfwApp.d().k().g();
    }

    public o(String str, int i, String str2) {
        super("Certificate", "com.airwatch.android.certificate", str, i, str2);
        this.c = AfwApp.d().k().g();
    }

    public o(String str, String str2) {
        super(str, str2);
        this.c = AfwApp.d().k().g();
    }

    public o(String str, String str2, String str3, int i) {
        super(str, str2, str3, i);
        this.c = AfwApp.d().k().g();
    }

    public o(String str, String str2, String str3, int i, String str4) {
        super(str, str2, str3, i, str4);
        this.c = AfwApp.d().k().g();
    }

    public static o a(String str) {
        Vector<com.airwatch.bizlib.profile.e> e = com.airwatch.agent.database.a.a().e("com.airwatch.android.certificate");
        if (str != null) {
            try {
            } catch (Exception e2) {
                com.airwatch.util.ad.d("An unexcpected exception occurred while getting cert by UUID: " + e2.getMessage(), e2);
            }
            if (str.length() != 0) {
                Iterator<com.airwatch.bizlib.profile.e> it = e.iterator();
                while (it.hasNext()) {
                    com.airwatch.bizlib.profile.e next = it.next();
                    String x = next.x();
                    if (x != null && x.length() != 0) {
                        if (x.contentEquals(str)) {
                            return (o) next;
                        }
                    }
                    com.airwatch.util.ad.a("getCertByUUID: cert group UUID in profile is null or empty.  Skipping group.");
                }
                return null;
            }
        }
        com.airwatch.util.ad.a("getCertByUUID: certUUID parameter is null or empty.");
        return null;
    }

    public static CertificateDefinitionAnchorApp a(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar);
    }

    public static KeyStore.PrivateKeyEntry a(InputStream inputStream, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12);
        keyStore.load(inputStream, str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        while (true) {
            if (!aliases.hasMoreElements()) {
                return null;
            }
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.isKeyEntry(nextElement) ? keyStore.getEntry(nextElement, passwordProtection) : null;
            if (entry == null) {
                com.airwatch.util.ad.e("CertificateProfileGroup", "Keystore doesn't have any secret/private key entry, hasTrustedCertificateEntry ? " + a(keyStore));
            } else {
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    com.airwatch.util.ad.b("CertificateProfileGroup", "PrivateKeyEntry instance found");
                    return (KeyStore.PrivateKeyEntry) entry;
                }
                if (keyStore.entryInstanceOf(nextElement, KeyStore.SecretKeyEntry.class)) {
                    com.airwatch.util.ad.b("CertificateProfileGroup", "SecretKeyEntry instance found");
                } else if (a(keyStore)) {
                    com.airwatch.util.ad.b("CertificateProfileGroup", "TrustedCertificateEntry instance found");
                } else {
                    com.airwatch.util.ad.e("CertificateProfileGroup", "no entry key found in cert");
                }
            }
        }
    }

    public static X509Certificate a(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
        } catch (Exception e) {
            com.airwatch.util.ad.d("There was an error with the encoding of the certificate.", e);
            return null;
        }
    }

    public static boolean a(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                return keyStore.entryInstanceOf(nextElement, KeyStore.TrustedCertificateEntry.class);
            }
        }
        return false;
    }

    public static String b(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar).getCertificateString();
    }

    private boolean b(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        boolean z;
        if (bd.a((CharSequence) certificateDefinitionAnchorApp.getThumbprint())) {
            b.d("Cert Thumbprint is null " + certificateDefinitionAnchorApp.getUuid());
            z = true;
        } else {
            z = false;
        }
        if (!com.airwatch.util.m.a(certificateDefinitionAnchorApp.getCertificateData())) {
            return z;
        }
        b.d("Cert Data is null " + certificateDefinitionAnchorApp.getUuid());
        return true;
    }

    public static String c(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar).d();
    }

    public static byte[] d(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar).getCertificateData();
    }

    public static String e(o oVar) {
        if (oVar.a((com.airwatch.bizlib.profile.e) oVar, true) == 0) {
            return oVar.c.a(new CertificateDefinitionAnchorApp(oVar));
        }
        return null;
    }

    public static X509Certificate f(o oVar) {
        if (oVar == null) {
            return null;
        }
        try {
            byte[] d = d(oVar);
            if (!com.airwatch.util.m.a(d)) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(d);
                String i = i(oVar);
                if (i != null && i.length() != 0) {
                    KeyStore.PrivateKeyEntry a2 = a(byteArrayInputStream, i);
                    if (a2 != null) {
                        return a(a2.getCertificate());
                    }
                    return null;
                }
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            }
            com.airwatch.util.ad.d("CertificateProfileGroup", "certificate data is empty, unable to construct X509 certificate for cert: " + j(oVar) + " from profile: " + oVar.x());
            com.airwatch.agent.analytics.a a3 = com.airwatch.agent.analytics.a.a(AfwApp.d());
            StringBuilder sb = new StringBuilder();
            sb.append("com.airwatch.androidagent.getX509Cert");
            sb.append(oVar.x());
            a3.a(new com.airwatch.agent.analytics.c(sb.toString(), 0));
            return null;
        } catch (Exception e) {
            b.b("Exception in getX509Cert for cert id " + oVar.x() + e.toString());
            com.airwatch.util.ad.d("CertificateProfileGroup", "Could not convert certificate into x509 format.", e);
            return null;
        }
    }

    public static PrivateKey g(o oVar) {
        if (oVar == null) {
            return null;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(d(oVar));
        String i = i(oVar);
        if (i == null || i.length() == 0) {
            return null;
        }
        try {
            KeyStore.PrivateKeyEntry a2 = a(byteArrayInputStream, i);
            if (a2 != null) {
                return a2.getPrivateKey();
            }
            return null;
        } catch (Exception e) {
            com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the private key.", e);
            return null;
        }
    }

    public static KeyStore.PrivateKeyEntry h(o oVar) {
        String i;
        if (oVar != null && (i = i(oVar)) != null && i.length() != 0) {
            try {
                return a(new ByteArrayInputStream(d(oVar)), i);
            } catch (IOException e) {
                e = e;
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the entry key.", e);
                return null;
            } catch (KeyStoreException e2) {
                e = e2;
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the entry key.", e);
                return null;
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the entry key.", e);
                return null;
            } catch (UnrecoverableEntryException e4) {
                e = e4;
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the entry key.", e);
                return null;
            } catch (CertificateException e5) {
                e = e5;
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an error extracting the entry key.", e);
                return null;
            } catch (Exception e6) {
                com.airwatch.util.ad.d("CertificateProfileGroup", "There was an exception extracting the entry key.", e6);
            }
        }
        return null;
    }

    public static String i(o oVar) {
        if (oVar != null) {
            return new CertificateDefinitionAnchorApp(oVar).getPassword();
        }
        return null;
    }

    public static String j(o oVar) {
        if (oVar != null) {
            return new CertificateDefinitionAnchorApp(oVar).getThumbprint();
        }
        return null;
    }

    public static String k(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar).getName();
    }

    public static String l(o oVar) {
        return new CertificateDefinitionAnchorApp(oVar).e();
    }

    public static boolean m(o oVar) {
        X509Certificate f = f(oVar);
        for (com.airwatch.bizlib.profile.e eVar : com.airwatch.agent.database.a.a().e(oVar.Y_())) {
            if ((eVar instanceof o) && f != null && f.equals(f((o) eVar)) && !eVar.x().equals(oVar.x())) {
                b.a("isPGExistsWithSameCert: same cert exists in other PG " + oVar.x());
                com.airwatch.util.ad.b("CertificateProfileGroup", "isPGExistsWithSameCert: same cert exists in other PG ");
                return true;
            }
        }
        return false;
    }

    @Override // com.airwatch.bizlib.profile.e
    public List<String> Z_() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("CertificateName");
        arrayList.add("CertificatePassword");
        arrayList.add("CertificateThumbprint");
        return arrayList;
    }

    int a(com.airwatch.bizlib.profile.e eVar, CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        return this.c.a(eVar, certificateDefinitionAnchorApp);
    }

    public int a(com.airwatch.bizlib.profile.e eVar, boolean z) {
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(eVar);
        com.airwatch.bizlib.c.g gVar = new com.airwatch.bizlib.c.g(AfwApp.d());
        if (!(!b(certificateDefinitionAnchorApp))) {
            return 3;
        }
        gVar.a(certificateDefinitionAnchorApp);
        b.a("cert added to db: " + eVar.x());
        if (!certificateDefinitionAnchorApp.isCertificateInstallable()) {
            com.airwatch.util.ad.a("CertificateProfileGroup", "persistCertData() certificate is not installable, so returning! ");
            return 0;
        }
        com.airwatch.util.ad.a("CertificateProfileGroup", "persistCertData() installableCertificate : " + z);
        if (z) {
            com.airwatch.util.ad.a("CertificateProfileGroup", "persistCertData() certificate installation failed");
            int a2 = a(eVar, certificateDefinitionAnchorApp);
            if (a2 != 0) {
                b.d("Fail: cert install status:" + a2 + ", Uuid:" + certificateDefinitionAnchorApp.getUuid());
                return a2;
            }
        }
        com.airwatch.agent.i.d().A(true);
        ax.b(AfwApp.d());
        return 0;
    }

    public boolean a(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        if (!"DerivedCredentials".equals(certificateDefinitionAnchorApp.d())) {
            return false;
        }
        if (!com.airwatch.agent.i.d().b("isPureBredEnabled", false) && bd.a((CharSequence) b(this))) {
            com.airwatch.agent.utility.m.a(this);
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.bizlib.profile.e
    public boolean a(com.airwatch.bizlib.profile.e eVar) {
        b.a("cert remove: " + eVar.x());
        if (com.airwatch.agent.i.d().cW()) {
            b.a("cert remove: updating exchange email without removing ");
            return true;
        }
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(eVar);
        if (b(certificateDefinitionAnchorApp)) {
            com.airwatch.util.ad.d("CertificateProfileGroup", "can't uninstall null certificate");
            b.d("cert removal impossible due to null data " + eVar.x());
            return true;
        }
        try {
            if (this.c.b(eVar, certificateDefinitionAnchorApp)) {
                b.a("cert remove: delete db ");
                new com.airwatch.bizlib.c.g(AfwApp.d()).a((com.airwatch.bizlib.model.c) certificateDefinitionAnchorApp);
            }
        } catch (Exception e) {
            String name = certificateDefinitionAnchorApp.getName();
            if (name == null || name.length() <= 0) {
                name = "cert name not available!!!";
            }
            String str = "Error while removing certificate: " + name;
            b.a(str);
            com.airwatch.util.ad.d(str, e);
        }
        b.d("cert remove: done " + eVar.x());
        return true;
    }

    @Override // com.airwatch.bizlib.profile.e
    public boolean ad_() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.bizlib.profile.e
    public boolean b() {
        com.airwatch.agent.database.a a2 = com.airwatch.agent.database.a.a();
        Vector<com.airwatch.bizlib.profile.e> e = a2.e(Y_());
        com.airwatch.agent.i d = com.airwatch.agent.i.d();
        d.D(true);
        for (com.airwatch.bizlib.profile.e eVar : e) {
            if (eVar.z() == 1) {
                b.a("cert install: already installed: " + eVar.x());
            } else {
                b.a("cert install: " + eVar.x());
                if ("DerivedCredentials".equals(new CertificateDefinitionAnchorApp(eVar).d())) {
                    if (d.b("isPureBredEnabled", false)) {
                        b.a("cert install: purged enabled: " + eVar.x());
                        a2.c(eVar.x(), 1);
                    } else if (bd.a((CharSequence) b(this))) {
                        com.airwatch.agent.utility.m.a(this);
                        b.a("cert install: fetch certificate: " + eVar.x());
                    }
                }
                boolean a3 = this.c.a(a2.a(eVar.x(), a));
                int a4 = a(eVar, a3);
                com.airwatch.util.ad.a("CertificateProfileGroup", "Certificate Install Status: " + a4);
                b.a("cert install: status " + a4);
                if (a4 == 0) {
                    a2.c(eVar.x(), 1);
                } else if (a3) {
                    if (2 == a4) {
                        a2.c(eVar.x(), 2);
                    } else if (4 == a4) {
                        a2.c(eVar.x(), 4);
                    } else if (3 == a4) {
                        a2.c(eVar.x(), 7);
                    }
                }
            }
        }
        b.d("Done: install cert profiles: " + e.size());
        return true;
    }

    @Override // com.airwatch.bizlib.profile.e
    public boolean b(com.airwatch.bizlib.profile.e eVar) {
        return f(eVar);
    }

    @Override // com.airwatch.bizlib.profile.e
    public CharSequence c() {
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(this);
        return Html.fromHtml(AfwApp.d().getString(b.e.aC, new Object[]{certificateDefinitionAnchorApp.getType(), certificateDefinitionAnchorApp.e(), certificateDefinitionAnchorApp.getThumbprint()}));
    }

    @Override // com.airwatch.bizlib.profile.e
    public void c(com.airwatch.bizlib.profile.e eVar) {
        com.airwatch.bizlib.util.a.a(LogEvent.builder().eventType(EventType.Information).category(Category.Certificates).action(ActionConstants.RemoveProfileConfirmed).createdOn(System.currentTimeMillis()).attribute("Profile UUID", eVar.r_()).build());
    }

    @Override // com.airwatch.bizlib.profile.e
    public boolean j() {
        List<com.airwatch.bizlib.profile.e> a2 = com.airwatch.agent.database.a.a().a(x(), a);
        return (a2 != null ? a2.size() : 0) == 0;
    }

    @Override // com.airwatch.bizlib.profile.e
    public boolean k() {
        return bh.a(new CertificateDefinitionAnchorApp(this));
    }

    @Override // com.airwatch.bizlib.profile.e
    public String q_() {
        return AfwApp.d().getResources().getString(b.e.aD);
    }
}
