package com.airwatch.agent.profile.group;

import android.text.Html;
import com.airwatch.afw.lib.AfwApp;
import com.airwatch.afw.lib.contract.AbstractCertificateManager;
import com.airwatch.agent.ConfigurationManager;
import com.airwatch.agent.analytics.AgentAnalyticsManager;
import com.airwatch.agent.analytics.AnalyticsEvent;
import com.airwatch.agent.analytics.HubAnalyticsConstants;
import com.airwatch.agent.crittercism.CrittercismWrapper;
import com.airwatch.agent.database.AgentProfileDBAdapter;
import com.airwatch.agent.utility.CertUtils;
import com.airwatch.agent.utility.SamplerUtility;
import com.airwatch.agent.utility.StringUtils;
import com.airwatch.agent.utility.Utils;
import com.airwatch.agent.vpn.container.ContainerVPNConfiguration;
import com.airwatch.bizlib.database.CertificateDbAdapter;
import com.airwatch.bizlib.model.CertificateDefinitionAnchorApp;
import com.airwatch.bizlib.profile.ProfileGroup;
import com.airwatch.bizlib.util.DeviceUtils;
import com.airwatch.lib.afw.R;
import com.airwatch.log.eventreporting.ActionConstants;
import com.airwatch.log.eventreporting.Category;
import com.airwatch.log.eventreporting.EventType;
import com.airwatch.log.eventreporting.LogEvent;
import com.airwatch.util.ArrayUtils;
import com.airwatch.util.Logger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;

/* loaded from: classes3.dex */
public class CertificateProfileGroup extends ProfileGroup {
    public static final String AUTHORIZED_CERT_INSTALL_PKG = "AuthorizedCertInstallPkg";
    public static final String DERIVED_CREDENTIALS = "DerivedCredentials";
    public static final String NAME = "Certificate";
    public static final String PRIVATE_CERT = "Pfx";
    public static final String PUREBRED_ENABLED = "isPureBredEnabled";
    private static final String TAG = "CertificateProfileGroup";
    public static final String TYPE = "com.airwatch.android.certificate";
    private AbstractCertificateManager certificateManager;
    public static String[] parentProfileCertificateUidParamNames = {"PayloadCertificateUUID", "SMIMESigningCertificateUUID", "SMIMEEncryptionCertificateUUID", "SMIMECertPayloadUUID", ContainerVPNConfiguration.CAPAYLOADCERTIFICATEUUID, ExchangeProfileGroup.CLIENT_CERTIFICATE_NAME, "VPNServerPublicSSLUUID", "VPNServerPublicSslUuidList"};
    static CrittercismWrapper crittercismWrapper = new CrittercismWrapper(AfwApp.getAppContext());

    /* loaded from: classes3.dex */
    public interface CertificateInstallStatus {
        public static final int CERT_INSTALL_FAIL = 3;
        public static final int CERT_INSTALL_NOT_DEFINED = 4;
        public static final int CERT_INSTALL_SUCCESS = 0;
        public static final int CRED_STORE_CLOSE = 2;
        public static final int CRED_STORE_OPEN = 1;

        @Retention(RetentionPolicy.SOURCE)
        /* loaded from: classes3.dex */
        public @interface Values {
        }
    }

    public CertificateProfileGroup() {
        super("Certificate", TYPE);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public CertificateProfileGroup(String str, int i) {
        super("Certificate", TYPE, str, i);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public CertificateProfileGroup(String str, int i, String str2) {
        super("Certificate", TYPE, str, i, str2);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public CertificateProfileGroup(String str, String str2) {
        super(str, str2);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public CertificateProfileGroup(String str, String str2, String str3, int i) {
        super(str, str2, str3, i);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public CertificateProfileGroup(String str, String str2, String str3, int i, String str4) {
        super(str, str2, str3, i, str4);
        this.certificateManager = AfwApp.getAppContext().getClient().getCertificateManager();
    }

    public static X509Certificate CertificateToX509(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
        } catch (Exception e) {
            Logger.e(TAG, "There was an error with the encoding of the certificate.", (Throwable) e);
            return null;
        }
    }

    public static CertificateProfileGroup getCertByUUID(String str) {
        return getCertByUUID(str, TYPE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertificateProfileGroup getCertByUUID(String str, String str2) {
        Vector<ProfileGroup> profileGroups = AgentProfileDBAdapter.getInstance().getProfileGroups(str2);
        if (str != null) {
            try {
            } catch (Exception e) {
                Logger.e(TAG, "An unexpected exception occurred while getting cert by UUID: " + e.getMessage(), (Throwable) e);
            }
            if (str.length() != 0) {
                Iterator<ProfileGroup> it = profileGroups.iterator();
                while (it.hasNext()) {
                    ProfileGroup next = it.next();
                    String uuid = next.getUUID();
                    if (uuid != null && uuid.length() != 0) {
                        if (uuid.contentEquals(str)) {
                            return (CertificateProfileGroup) next;
                        }
                    }
                    Logger.d(TAG, "getCertByUUID: cert group UUID in profile is null or empty.  Skipping group.");
                }
                return null;
            }
        }
        Logger.d(TAG, "getCertByUUID: certUUID parameter is null or empty.");
        return null;
    }

    public static byte[] getCertBytes(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup).getCertificateData();
    }

    public static String getCertData(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup).getCertificateString();
    }

    public static String getCertFullName(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup).getFullName();
    }

    public static String getCertName(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup).getName();
    }

    public static String getCertPassword(CertificateProfileGroup certificateProfileGroup) {
        if (certificateProfileGroup != null) {
            return new CertificateDefinitionAnchorApp(certificateProfileGroup).getPassword();
        }
        return null;
    }

    public static String getCertSource(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup).getCertificateSource();
    }

    public static String getCertThumbprint(CertificateProfileGroup certificateProfileGroup) {
        if (certificateProfileGroup != null) {
            return new CertificateDefinitionAnchorApp(certificateProfileGroup).getThumbprint();
        }
        return null;
    }

    public static String getCertificateAliasName(CertificateProfileGroup certificateProfileGroup) {
        if (certificateProfileGroup.persistCertData(certificateProfileGroup, true) == 0) {
            return certificateProfileGroup.certificateManager.getCertificateAlias(new CertificateDefinitionAnchorApp(certificateProfileGroup));
        }
        return null;
    }

    public static CertificateDefinitionAnchorApp getCertificateDefinition(CertificateProfileGroup certificateProfileGroup) {
        return new CertificateDefinitionAnchorApp(certificateProfileGroup);
    }

    public static PrivateKey getPrivateKey(CertificateProfileGroup certificateProfileGroup) {
        if (certificateProfileGroup == null) {
            return null;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(getCertBytes(certificateProfileGroup));
        String certPassword = getCertPassword(certificateProfileGroup);
        if (certPassword == null || certPassword.length() == 0) {
            return null;
        }
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = CertUtils.getPrivateKeyEntry(byteArrayInputStream, certPassword);
            if (privateKeyEntry != null) {
                return privateKeyEntry.getPrivateKey();
            }
            return null;
        } catch (Exception e) {
            Logger.e(TAG, "There was an error extracting the private key.", (Throwable) e);
            return null;
        }
    }

    public static KeyStore.PrivateKeyEntry getPrivateKeyEntry(CertificateProfileGroup certificateProfileGroup) {
        String certPassword;
        if (certificateProfileGroup != null && (certPassword = getCertPassword(certificateProfileGroup)) != null && certPassword.length() != 0) {
            try {
                return CertUtils.getPrivateKeyEntry(new ByteArrayInputStream(getCertBytes(certificateProfileGroup)), certPassword);
            } catch (IOException e) {
                e = e;
                Logger.e(TAG, "There was an error extracting the entry key.", e);
                return null;
            } catch (KeyStoreException e2) {
                e = e2;
                Logger.e(TAG, "There was an error extracting the entry key.", e);
                return null;
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                Logger.e(TAG, "There was an error extracting the entry key.", e);
                return null;
            } catch (UnrecoverableEntryException e4) {
                e = e4;
                Logger.e(TAG, "There was an error extracting the entry key.", e);
                return null;
            } catch (CertificateException e5) {
                e = e5;
                Logger.e(TAG, "There was an error extracting the entry key.", e);
                return null;
            } catch (Exception e6) {
                Logger.e(TAG, "There was an exception extracting the entry key.", (Throwable) e6);
            }
        }
        return null;
    }

    public static X509Certificate getX509Cert(CertificateProfileGroup certificateProfileGroup) {
        if (certificateProfileGroup == null) {
            return null;
        }
        try {
            byte[] certBytes = getCertBytes(certificateProfileGroup);
            if (!ArrayUtils.isEmpty(certBytes)) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certBytes);
                String certPassword = getCertPassword(certificateProfileGroup);
                if (certPassword != null && certPassword.length() != 0) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = CertUtils.getPrivateKeyEntry(byteArrayInputStream, certPassword);
                    if (privateKeyEntry != null) {
                        return CertificateToX509(privateKeyEntry.getCertificate());
                    }
                    return null;
                }
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            }
            Logger.e(TAG, "certificate data is empty, unable to construct X509 certificate for cert: " + getCertThumbprint(certificateProfileGroup) + " from profile: " + certificateProfileGroup.getUUID());
            AgentAnalyticsManager agentAnalyticsManager = AgentAnalyticsManager.getInstance(AfwApp.getAppContext());
            StringBuilder sb = new StringBuilder();
            sb.append(HubAnalyticsConstants.GET_CERTIFICATE_X509);
            sb.append(certificateProfileGroup.getUUID());
            agentAnalyticsManager.reportEvent(new AnalyticsEvent(sb.toString(), 0));
            return null;
        } catch (Exception e) {
            crittercismWrapper.reportMessage("Exception in getX509Cert for cert id " + certificateProfileGroup.getUUID() + e.toString());
            Logger.e(TAG, "Could not convert certificate into x509 format.", (Throwable) e);
            return null;
        }
    }

    public static boolean isPGExistsWithSameCert(CertificateProfileGroup certificateProfileGroup) {
        X509Certificate x509Cert = getX509Cert(certificateProfileGroup);
        for (ProfileGroup profileGroup : AgentProfileDBAdapter.getInstance().getProfileGroups(certificateProfileGroup.getType())) {
            if ((profileGroup instanceof CertificateProfileGroup) && x509Cert != null && x509Cert.equals(getX509Cert((CertificateProfileGroup) profileGroup)) && !profileGroup.getUUID().equals(certificateProfileGroup.getUUID())) {
                crittercismWrapper.postBreadcrumb("isPGExistsWithSameCert: same cert exists in other PG " + certificateProfileGroup.getUUID());
                Logger.i(TAG, "isPGExistsWithSameCert: same cert exists in other PG ");
                return true;
            }
        }
        return false;
    }

    private boolean reportExceptionIfThumbprintOrDataIsNull(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        boolean z;
        if (StringUtils.isEmptyOrNull(certificateDefinitionAnchorApp.getThumbprint())) {
            crittercismWrapper.reportCustomHandledException("Cert Thumbprint is null " + certificateDefinitionAnchorApp.getUuid());
            z = true;
        } else {
            z = false;
        }
        if (!ArrayUtils.isEmpty(certificateDefinitionAnchorApp.getCertificateData())) {
            return z;
        }
        crittercismWrapper.reportCustomHandledException("Cert Data is null " + certificateDefinitionAnchorApp.getUuid());
        return true;
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public void actOnGroupRemovedIntent(ProfileGroup profileGroup) {
        DeviceUtils.sendEventLog(LogEvent.builder().eventType(EventType.Information).category(Category.Certificates).action(ActionConstants.RemoveProfileConfirmed).createdOn(System.currentTimeMillis()).attribute("Profile UUID", profileGroup.getIdentifier()).build());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean applyImpl() {
        AgentProfileDBAdapter agentProfileDBAdapter = AgentProfileDBAdapter.getInstance();
        Vector<ProfileGroup> profileGroups = agentProfileDBAdapter.getProfileGroups(getType());
        ConfigurationManager configurationManager = ConfigurationManager.getInstance();
        configurationManager.setCheckForCommandsRequired(true);
        for (ProfileGroup profileGroup : profileGroups) {
            if (profileGroup.getSttsId() == 1) {
                Logger.i(TAG, "cert install: already installed: " + profileGroup.getUUID());
                crittercismWrapper.postBreadcrumb("cert install: already installed: " + profileGroup.getUUID());
            } else {
                crittercismWrapper.postBreadcrumb("cert install: " + profileGroup.getUUID());
                if ("DerivedCredentials".equals(new CertificateDefinitionAnchorApp(profileGroup).getCertificateSource())) {
                    if (configurationManager.getBooleanValue(PUREBRED_ENABLED, false)) {
                        crittercismWrapper.postBreadcrumb("cert install: purged enabled: " + profileGroup.getUUID());
                        agentProfileDBAdapter.updateProfileGroupStts(profileGroup.getUUID(), 1);
                    } else if (StringUtils.isEmptyOrNull(getCertData(this))) {
                        CertUtils.fetchCertificate(this);
                        crittercismWrapper.postBreadcrumb("cert install: fetch certificate: " + profileGroup.getUUID());
                    }
                }
                boolean shouldInstallCertificate = this.certificateManager.shouldInstallCertificate(agentProfileDBAdapter.getParentProfileGroups(profileGroup.getUUID(), parentProfileCertificateUidParamNames));
                int persistCertData = persistCertData(profileGroup, shouldInstallCertificate);
                Logger.d(TAG, "Certificate Install Status: " + persistCertData);
                crittercismWrapper.postBreadcrumb("cert install: status " + persistCertData);
                if (persistCertData == 0) {
                    agentProfileDBAdapter.updateProfileGroupStts(profileGroup.getUUID(), 1);
                } else if (shouldInstallCertificate) {
                    if (2 == persistCertData) {
                        agentProfileDBAdapter.updateProfileGroupStts(profileGroup.getUUID(), 2);
                    } else if (4 == persistCertData) {
                        agentProfileDBAdapter.updateProfileGroupStts(profileGroup.getUUID(), 4);
                    } else if (3 == persistCertData) {
                        agentProfileDBAdapter.updateProfileGroupStts(profileGroup.getUUID(), 7);
                    }
                }
            }
        }
        Logger.i(TAG, "Done: install cert profiles: " + profileGroups.size());
        crittercismWrapper.reportCustomHandledException("Done: install cert profiles: " + profileGroups.size());
        return true;
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean certContainsPassword() {
        return Utils.isCertDefContainPassword(new CertificateDefinitionAnchorApp(this));
    }

    public boolean checkAndProcessDerivedCredentialsCert(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        if (!"DerivedCredentials".equals(certificateDefinitionAnchorApp.getCertificateSource())) {
            return false;
        }
        if (!ConfigurationManager.getInstance().getBooleanValue(PUREBRED_ENABLED, false) && StringUtils.isEmptyOrNull(getCertData(this))) {
            CertUtils.fetchCertificate(this);
        }
        return true;
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public String getLocalizedName() {
        return AfwApp.getAppContext().getResources().getString(R.string.certificates_profile_name);
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public CharSequence getProfileDescription() {
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(this);
        return Html.fromHtml(AfwApp.getAppContext().getString(R.string.certificates_profile_description, new Object[]{certificateDefinitionAnchorApp.getType(), certificateDefinitionAnchorApp.getFullName(), certificateDefinitionAnchorApp.getThumbprint()}));
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public List<String> getWipeParamNames() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("CertificateName");
        arrayList.add("CertificatePassword");
        arrayList.add("CertificateThumbprint");
        return arrayList;
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean groupRemovedEntWipe(ProfileGroup profileGroup) {
        return groupRemoved(profileGroup);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean groupRemovedImpl(ProfileGroup profileGroup) {
        crittercismWrapper.postBreadcrumb("cert remove: " + profileGroup.getUUID());
        if (ConfigurationManager.getInstance().isUpdatingExchangeEmailWithoutRemoving()) {
            crittercismWrapper.postBreadcrumb("cert remove: updating exchange email without removing ");
            return true;
        }
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(profileGroup);
        if (reportExceptionIfThumbprintOrDataIsNull(certificateDefinitionAnchorApp)) {
            Logger.w(TAG, "can't uninstall null certificate");
            crittercismWrapper.reportCustomHandledException("cert removal impossible due to null data " + profileGroup.getUUID());
            return true;
        }
        try {
            if (this.certificateManager.removeCertificate(profileGroup, certificateDefinitionAnchorApp)) {
                crittercismWrapper.postBreadcrumb("cert remove: delete db ");
                new CertificateDbAdapter(AfwApp.getAppContext()).delete(certificateDefinitionAnchorApp);
            }
        } catch (Exception e) {
            String name = certificateDefinitionAnchorApp.getName();
            if (name == null || name.length() <= 0) {
                name = "cert name not available!!!";
            }
            String str = "Error while removing certificate: " + name;
            crittercismWrapper.postBreadcrumb(str);
            Logger.e(str, e);
        }
        crittercismWrapper.reportCustomHandledException("cert remove: done " + profileGroup.getUUID());
        return true;
    }

    int installCertificate(ProfileGroup profileGroup, CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        return this.certificateManager.handleCertificateInstallation(profileGroup, certificateDefinitionAnchorApp);
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean isCredStorageProfileGroup() {
        List<ProfileGroup> parentProfileGroups = AgentProfileDBAdapter.getInstance().getParentProfileGroups(getUUID(), parentProfileCertificateUidParamNames);
        return (parentProfileGroups != null ? parentProfileGroups.size() : 0) == 0;
    }

    @Override // com.airwatch.bizlib.profile.ProfileGroup
    public boolean isRequiredProfileGroup() {
        return true;
    }

    public int persistCertData(ProfileGroup profileGroup, boolean z) {
        CertificateDefinitionAnchorApp certificateDefinitionAnchorApp = new CertificateDefinitionAnchorApp(profileGroup);
        CertificateDbAdapter certificateDbAdapter = new CertificateDbAdapter(AfwApp.getAppContext());
        if (!(!reportExceptionIfThumbprintOrDataIsNull(certificateDefinitionAnchorApp))) {
            Logger.e(TAG, "certificate is not valid");
            return 3;
        }
        certificateDbAdapter.addOrUpdateCertificate(certificateDefinitionAnchorApp);
        Logger.i(TAG, "cert added to db: " + profileGroup.getUUID());
        crittercismWrapper.postBreadcrumb("cert added to db: " + profileGroup.getUUID());
        if (!certificateDefinitionAnchorApp.isCertificateInstallable()) {
            Logger.i(TAG, "persistCertData() certificate is not installable, so returning! ");
            return 0;
        }
        Logger.i(TAG, "persistCertData() installableCertificate : " + z);
        if (z) {
            Logger.d(TAG, "persistCertData() certificate installation failed");
            int installCertificate = installCertificate(profileGroup, certificateDefinitionAnchorApp);
            if (installCertificate != 0) {
                crittercismWrapper.reportCustomHandledException("Fail: cert install status:" + installCertificate + ", Uuid:" + certificateDefinitionAnchorApp.getUuid());
                return installCertificate;
            }
        }
        ConfigurationManager.getInstance().setCredentialStorageInstalled(true);
        SamplerUtility.requestSampleCertificates(AfwApp.getAppContext());
        return 0;
    }

    void setCertificateManager(AbstractCertificateManager abstractCertificateManager) {
        this.certificateManager = abstractCertificateManager;
    }
}
