package com.airwatch.sdk.certificate;

import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.text.TextUtils;
import android.webkit.ClientCertRequest;
import android.webkit.ClientCertRequestHandler;
import com.airwatch.app.KoinModule;
import com.airwatch.sdk.AirWatchSDKException;
import com.airwatch.sdk.SDKStatusCode;
import com.airwatch.sdk.configuration.SDKConfiguration;
import com.airwatch.sdk.configuration.SDKConfigurationKeys;
import com.airwatch.sdk.context.SDKContext;
import com.airwatch.sdk.context.awsdkcontext.SDKContextHelper;
import com.airwatch.storage.SDKKeyStore;
import com.airwatch.storage.SDKKeyStoreUtils;
import com.airwatch.storage.SDKSecurePreferencesKeys;
import com.airwatch.task.IFutureCallback;
import com.airwatch.task.TaskQueue;
import com.airwatch.util.Logger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.List;
import java.util.concurrent.Callable;
import org.koin.java.KoinJavaComponent;

/* loaded from: classes4.dex */
public class CertificateFetchUtility {
    public static final String CERT_FETCH_TASK_QUEUE_KEY = "FetchCertificate";
    public static final String DERIVED_CREDENTIALS = "DerivedCredentials";
    private static final String TAG = "CertAuth";

    public static void authHandlerWithCertFromKeyChain(final Context context, final Object obj) {
        KeyChain.choosePrivateKeyAlias((Activity) context, new KeyChainAliasCallback() { // from class: com.airwatch.sdk.certificate.-$$Lambda$CertificateFetchUtility$jbleg5Oor-SpLqlcUZMMz0xT2ck
            @Override // android.security.KeyChainAliasCallback
            public final void alias(String str) {
                CertificateFetchUtility.getCertChainAndAuth(str, context, obj);
            }
        }, new String[0], null, "localhost", -1, "tomcat");
    }

    public static void authHandlerWithCertFromKeyStore(KeyStore keyStore, Object obj) {
        PrivateKey privateKey;
        X509Certificate[] x509CertificateArr;
        if (keyStore == null || obj == null) {
            return;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (true) {
                privateKey = null;
                if (!aliases.hasMoreElements()) {
                    x509CertificateArr = null;
                    break;
                }
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, null);
                    privateKey = privateKeyEntry.getPrivateKey();
                    x509CertificateArr = (X509Certificate[]) privateKeyEntry.getCertificateChain();
                    break;
                }
            }
            if (privateKey == null || x509CertificateArr == null) {
                Logger.d(TAG, "Cancelling the cert auth request.");
                cancelCertAuthRequest(obj);
                return;
            }
            Logger.d(TAG, "Proceeding with Cert " + x509CertificateArr[0].getSubjectDN());
            proceedCertAuthRequest(obj, x509CertificateArr, privateKey);
        } catch (Exception e) {
            Logger.e(TAG, "exception while handling authentication", (Throwable) e);
        }
    }

    public static void cancelCertAuthRequest(Object obj) {
        if (obj instanceof ClientCertRequestHandler) {
            ((ClientCertRequestHandler) obj).cancel();
        } else if (obj instanceof ClientCertRequest) {
            ((ClientCertRequest) obj).cancel();
        }
    }

    public static void clearCertificate() {
        SDKKeyStore keyStore = getSDKContext().getKeyStore();
        String iACertIdentifier = getIACertIdentifier();
        if (TextUtils.isEmpty(iACertIdentifier)) {
            return;
        }
        keyStore.removeEntry(iACertIdentifier);
    }

    public static synchronized KeyStore fetchKey(Context context, boolean z) {
        KeyStore key;
        synchronized (CertificateFetchUtility.class) {
            if (!isCertAuthEnabled()) {
                return null;
            }
            if (!z && (key = getKey()) != null) {
                return key;
            }
            CertificateManager certificateManager = (CertificateManager) KoinJavaComponent.get(CertificateManager.class);
            try {
                certificateManager.fetchCertificate(context, certificateManager.getCertificateFetchDetails(getIACertIdentifier()), true);
            } catch (AirWatchSDKException e) {
                Logger.e(TAG, "Exception while refetchtching IA certificate " + e.getErrorCode(), (Throwable) e);
            }
            return getKey();
        }
    }

    public static void fetchKey(final Context context, final SDKContextHelper.AWContextCallBack aWContextCallBack, SDKConfiguration sDKConfiguration) {
        new SDKContextHelper();
        if (isCertAuthEnabled()) {
            String iACertIdentifier = getIACertIdentifier();
            List<Bundle> settingList = sDKConfiguration.getSettingList("CertificatesV2");
            if (settingList.isEmpty()) {
                return;
            }
            for (Bundle bundle : settingList) {
                String str = SDKConfigurationKeys.CERTIFICATE_ISSUER;
                if (bundle.getString(SDKConfigurationKeys.CERTIFICATE_ISSUER) == null) {
                    str = "ConfigurationGroupID";
                }
                final String string = bundle.getString(str);
                final String string2 = bundle.getString(SDKConfigurationKeys.ISSUER_TOKEN);
                final String string3 = bundle.getString("CertificateSource");
                if (iACertIdentifier.equals(string)) {
                    TaskQueue.getInstance().post(CERT_FETCH_TASK_QUEUE_KEY, new Callable() { // from class: com.airwatch.sdk.certificate.-$$Lambda$CertificateFetchUtility$WWBQORdASZ16KGCj1bEHQBaqYpk
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            CertificateFetchResult fetchCertificate;
                            fetchCertificate = ((CertificateManager) KoinJavaComponent.get(CertificateManager.class)).fetchCertificate(context, new CertificateFetchDetails(string, string3, r1, string2), true);
                            return fetchCertificate;
                        }
                    }).on((IFutureCallback) new IFutureCallback<CertificateFetchResult>() { // from class: com.airwatch.sdk.certificate.CertificateFetchUtility.1
                        @Override // com.airwatch.task.IFutureSuccessCallback
                        /* renamed from: a, reason: merged with bridge method [inline-methods] */
                        public void onSuccess(CertificateFetchResult certificateFetchResult) {
                            SDKContextHelper.AWContextCallBack.this.onSuccess(0, CertificateFetchUtility.getKey());
                        }

                        @Override // com.airwatch.task.IFutureFailureCallback
                        public void onFailure(Exception exc) {
                            SDKContextHelper.AWContextCallBack.this.onFailed(exc instanceof AirWatchSDKException ? (AirWatchSDKException) exc : new AirWatchSDKException(SDKStatusCode.SDK_RES_UNEXPECTED_EXCEPTION));
                        }
                    });
                    return;
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void getCertChainAndAuth(String str, Context context, Object obj) {
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
            if (certificateChain == null) {
                Logger.d(TAG, "X509 chain is null");
                cancelCertAuthRequest(obj);
            } else {
                proceedCertAuthRequest(obj, certificateChain, KeyChain.getPrivateKey(context, str));
            }
        } catch (KeyChainException | InterruptedException e) {
            Logger.e(TAG, "Unable to do cert auth from keychain ", e);
        }
    }

    private static String getIACertIdentifier() {
        return getSDKContext().getSDKSecurePreferences().getString(SDKSecurePreferencesKeys.IA_CERT_ALIAS, "");
    }

    public static KeyStore getKey() {
        SDKKeyStore keyStore = getSDKContext().getKeyStore();
        String iACertIdentifier = getIACertIdentifier();
        if (TextUtils.isEmpty(iACertIdentifier) || !keyStore.hasEntry(iACertIdentifier)) {
            return null;
        }
        try {
            KeyStore pkcs12 = ((SDKKeyStoreUtils) KoinModule.get(SDKKeyStoreUtils.class)).getPKCS12(iACertIdentifier);
            if (pkcs12 == null) {
                return null;
            }
            Logger.d(TAG, "Returning Key Store");
            return pkcs12;
        } catch (KeyStoreException | CertificateException e) {
            Logger.e(TAG, e);
            return null;
        }
    }

    private static SDKContext getSDKContext() {
        return (SDKContext) KoinJavaComponent.get(SDKContext.class);
    }

    public static boolean isCertAuthEnabled() {
        return !TextUtils.isEmpty(getIACertIdentifier());
    }

    public static void proceedCertAuthRequest(Object obj, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        if (obj instanceof ClientCertRequestHandler) {
            ((ClientCertRequestHandler) obj).proceed(privateKey, x509CertificateArr);
        } else if (obj instanceof ClientCertRequest) {
            ((ClientCertRequest) obj).proceed(privateKey, x509CertificateArr);
        }
    }
}
