package com.airwatch.agent.interrogator.certificate;

import com.airwatch.afw.lib.AfwApp;
import com.airwatch.agent.crittercism.CrittercismWrapper;
import com.airwatch.agent.database.AgentProfileDBAdapter;
import com.airwatch.agent.enterprise.IAppEnterpriseManagerCallback;
import com.airwatch.agent.enterprise.container.Container;
import com.airwatch.agent.google.mdm.android.work.comp.SampleCommunicationProcessor;
import com.airwatch.agent.interrogator.AffiliatedSampler;
import com.airwatch.agent.interrogator.classes.CertificateEntry;
import com.airwatch.agent.profile.group.CertificateProfileGroup;
import com.airwatch.agent.profile.group.google.mdm.GoogleCertificateProfileGroup;
import com.airwatch.agent.utility.ProfileUtils;
import com.airwatch.agent.utility.StringUtils;
import com.airwatch.bizlib.database.CertificateDbAdapter;
import com.airwatch.bizlib.database.SqlWhereClause;
import com.airwatch.bizlib.model.CertificateDefinitionAnchorApp;
import com.airwatch.bizlib.profile.ProfileGroup;
import com.airwatch.interrogator.InterrogatorSerializable;
import com.airwatch.interrogator.SamplerType;
import com.airwatch.util.Logger;
import com.workspaceone.peoplesdk.internal.util.Commons;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.io.IOUtils;

/* loaded from: classes3.dex */
public class CertificateListSampler extends AffiliatedSampler<CertificateSamplePayload> {
    public static final String CONTAINER_CERT_TYPE = "com.airwatch.android.container.certificate";
    private static final String ENCODING = "UTF-8";
    private static final String PLACEHOLDER_CERT_NAME = "placeholder.cer";
    private static final String TAG = "CertificateListSampler";
    private final Set<CertificateEntry> certificates;
    private CrittercismWrapper crittercismWrapper;

    public CertificateListSampler() {
        super(SamplerType.CERTIFICATE_LIST);
        this.crittercismWrapper = new CrittercismWrapper(AfwApp.getAppContext());
        this.certificates = new HashSet();
    }

    CertificateListSampler(SampleCommunicationProcessor sampleCommunicationProcessor) {
        super(SamplerType.CERTIFICATE_LIST, sampleCommunicationProcessor);
        this.crittercismWrapper = new CrittercismWrapper(AfwApp.getAppContext());
        this.certificates = new HashSet();
    }

    private synchronized void addCertDataEntry(X509Certificate x509Certificate, CertificateEntry certificateEntry) throws UnsupportedEncodingException, CertificateEncodingException {
        certificateEntry.certificateName = x509Certificate.getSubjectDN().getName();
        certificateEntry.certificateType = x509Certificate.getType();
        certificateEntry.commonNameSize = (short) x509Certificate.getSubjectDN().getName().getBytes("UTF-8").length;
        certificateEntry.commonNameData = x509Certificate.getSubjectDN().getName().getBytes("UTF-8");
        certificateEntry.certificateData = x509Certificate.getEncoded();
        certificateEntry.certificateSize = (short) x509Certificate.getEncoded().length;
        this.certificates.add(certificateEntry);
    }

    private void addCertificates(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp, ProfileGroup profileGroup) {
        try {
            Logger.d(TAG, "addCertificates() ");
            String password = certificateDefinitionAnchorApp.getPassword();
            if (password == null || password.length() <= 0) {
                Logger.d(TAG, "addCertificates() X509 ");
                addX509Sample((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certificateDefinitionAnchorApp.getCertificateData())), new CertificateEntry(), certificateDefinitionAnchorApp, profileGroup);
            } else {
                Logger.d(TAG, "addCertificates() PKCS12");
                addX509SamplesFromPKCS12(certificateDefinitionAnchorApp, profileGroup);
            }
        } catch (Exception e) {
            this.crittercismWrapper.reportCustomHandledException("Exception adding cert " + certificateDefinitionAnchorApp.getUuid() + e.toString());
            Logger.e(TAG, "addCertificates() exception with certificate ", (Throwable) e);
        }
    }

    private void addX509SamplesFromPKCS12(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp, ProfileGroup profileGroup) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new ByteArrayInputStream(certificateDefinitionAnchorApp.getCertificateData()), certificateDefinitionAnchorApp.getPassword().toCharArray());
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            CertificateEntry certificateEntry = new CertificateEntry();
            certificateEntry.isIdentity = (short) 1;
            addX509Sample((X509Certificate) keyStore.getCertificate(str), certificateEntry, certificateDefinitionAnchorApp, profileGroup);
        }
    }

    private void deleteOrphanCerts(CertificateDefinitionAnchorApp certificateDefinitionAnchorApp) {
        Logger.d(TAG, "deleteOrphanCerts() ");
        CertificateDbAdapter certificateDbAdapter = new CertificateDbAdapter(AfwApp.getAppContext());
        SqlWhereClause sqlWhereClause = new SqlWhereClause(SqlWhereClause.formAssignmentExpression("data"), certificateDefinitionAnchorApp.getIdentifier());
        sqlWhereClause.logicalAnd(SqlWhereClause.formAssignmentExpression("uuid"), certificateDefinitionAnchorApp.getUuid());
        certificateDbAdapter.deleteAllWhere(sqlWhereClause);
    }

    private boolean isCredStoreNotAccessabile(IAppEnterpriseManagerCallback iAppEnterpriseManagerCallback, Container container) {
        AgentProfileDBAdapter agentProfileDBAdapter = AgentProfileDBAdapter.getInstance();
        return !(iAppEnterpriseManagerCallback.isCredStoreOpen() || container.isContainerOnlyMode()) || (agentProfileDBAdapter.getProfileGroups(CertificateProfileGroup.TYPE).isEmpty() && agentProfileDBAdapter.getProfileGroups("com.airwatch.android.container.certificate").isEmpty());
    }

    void addKnoxCertificate(X509Certificate x509Certificate, CertificateEntry certificateEntry, CertificateDefinitionAnchorApp certificateDefinitionAnchorApp, Container container) throws UnsupportedEncodingException, CertificateEncodingException {
        Logger.d(TAG, "addTimaCertificate() ");
        if (!container.isContainerActive()) {
            Logger.d(TAG, "addTimaCertificate() container is not Active , so reporting");
            addCertDataEntry(x509Certificate, certificateEntry);
        } else if (container.isCertInstalledInSystemCredStore(x509Certificate, certificateDefinitionAnchorApp)) {
            Logger.d(TAG, "addTimaCertificate() container is  Active and cert installed ");
            addCertDataEntry(x509Certificate, certificateEntry);
        }
    }

    void addPlaceholderSample() {
        BufferedInputStream bufferedInputStream;
        InputStream inputStream = null;
        try {
            try {
                InputStream open = AfwApp.getAppContext().getAssets().open(PLACEHOLDER_CERT_NAME, 0);
                try {
                    bufferedInputStream = new BufferedInputStream(open);
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
                        CertificateEntry certificateEntry = new CertificateEntry();
                        certificateEntry.isIdentity = (short) 0;
                        addCertDataEntry(x509Certificate, certificateEntry);
                        IOUtils.closeQuietly(open);
                    } catch (IOException e) {
                        e = e;
                        inputStream = open;
                        this.crittercismWrapper.reportCustomHandledException("Error loading placeholder certificate." + e.toString());
                        Logger.e(TAG, "Error loading placeholder certificate.", (Throwable) e);
                        IOUtils.closeQuietly(inputStream);
                        IOUtils.closeQuietly((InputStream) bufferedInputStream);
                    } catch (CertificateException e2) {
                        e = e2;
                        inputStream = open;
                        this.crittercismWrapper.reportCustomHandledException("Error generating placeholder certificate." + e.toString());
                        Logger.e(TAG, "Error generating placeholder certificate.", (Throwable) e);
                        IOUtils.closeQuietly(inputStream);
                        IOUtils.closeQuietly((InputStream) bufferedInputStream);
                    } catch (Throwable th) {
                        th = th;
                        inputStream = open;
                        IOUtils.closeQuietly(inputStream);
                        IOUtils.closeQuietly((InputStream) bufferedInputStream);
                        throw th;
                    }
                } catch (IOException e3) {
                    e = e3;
                    bufferedInputStream = null;
                } catch (CertificateException e4) {
                    e = e4;
                    bufferedInputStream = null;
                } catch (Throwable th2) {
                    th = th2;
                    bufferedInputStream = null;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (IOException e5) {
            e = e5;
            bufferedInputStream = null;
        } catch (CertificateException e6) {
            e = e6;
            bufferedInputStream = null;
        } catch (Throwable th4) {
            th = th4;
            bufferedInputStream = null;
        }
        IOUtils.closeQuietly((InputStream) bufferedInputStream);
    }

    void addX509Sample(X509Certificate x509Certificate, CertificateEntry certificateEntry, CertificateDefinitionAnchorApp certificateDefinitionAnchorApp, ProfileGroup profileGroup) throws CertificateEncodingException, UnsupportedEncodingException {
        Container container = AfwApp.getAppContext().getClient().getContainer();
        if (x509Certificate == null || certificateEntry == null) {
            return;
        }
        if (!ProfileUtils.hasCredentialStorageProfileGroup(certificateDefinitionAnchorApp)) {
            addCertDataEntry(x509Certificate, certificateEntry);
            return;
        }
        if (AfwApp.getAppContext().getClient().getEnterpriseManager().isCertInstalledInSystemCredStore(x509Certificate, certificateDefinitionAnchorApp)) {
            addCertDataEntry(x509Certificate, certificateEntry);
            return;
        }
        if (certificateDefinitionAnchorApp.getEnableTima()) {
            addKnoxCertificate(x509Certificate, certificateEntry, certificateDefinitionAnchorApp, container);
        } else {
            if (certificateDefinitionAnchorApp.getEnableTima() || !"com.airwatch.android.container.certificate".equals(profileGroup.getType())) {
                return;
            }
            addCertDataEntry(x509Certificate, certificateEntry);
        }
    }

    public synchronized List<CertificateEntry> getCertificates() {
        return new ArrayList(this.certificates);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.agent.interrogator.AffiliatedSampler
    public synchronized CertificateSamplePayload getData() {
        return new CertificateSamplePayload(new ArrayList(this.certificates));
    }

    @Override // com.airwatch.interrogator.Sampler
    protected InterrogatorSerializable getSerializer() {
        return new CertificateListSamplerSerializer(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.airwatch.agent.interrogator.AffiliatedSampler
    public synchronized void performClosure(CertificateSamplePayload certificateSamplePayload) {
        this.certificates.addAll(certificateSamplePayload.getCertificates());
    }

    @Override // com.airwatch.agent.interrogator.AffiliatedSampler
    protected synchronized void sampleDataImpl() {
        CrittercismWrapper crittercismWrapper;
        String str;
        IAppEnterpriseManagerCallback enterpriseManager;
        List<CertificateDefinitionAnchorApp> emptyList = Collections.emptyList();
        try {
            try {
                this.certificates.clear();
                enterpriseManager = AfwApp.getAppContext().getClient().getEnterpriseManager();
            } finally {
                String str2 = this.certificates.size() == emptyList.size() ? "Success for cert list sample: " : "Error for cert list sample: ";
                this.crittercismWrapper.reportCustomHandledException(str2 + emptyList.size() + Commons.COMMA_STRING + this.certificates.size());
            }
        } catch (Exception e) {
            this.crittercismWrapper.reportCustomHandledException("Exception getting cert data " + emptyList.size() + Commons.COMMA_STRING + this.certificates.size() + Commons.COMMA_STRING + e.toString());
            Logger.e(TAG, "There was an error getting certificate data", (Throwable) e);
            String str3 = this.certificates.size() == emptyList.size() ? "Success for cert list sample: " : "Error for cert list sample: ";
            crittercismWrapper = this.crittercismWrapper;
            str = str3 + emptyList.size() + Commons.COMMA_STRING + this.certificates.size();
        }
        if (isCredStoreNotAccessabile(enterpriseManager, AfwApp.getAppContext().getClient().getContainer()) && enterpriseManager.checksCredstoreForCerts()) {
            return;
        }
        emptyList = new CertificateDbAdapter(AfwApp.getAppContext()).getCertList();
        this.crittercismWrapper.postBreadcrumb("start certificate list sample: " + emptyList.size());
        if (emptyList.isEmpty()) {
            AgentProfileDBAdapter agentProfileDBAdapter = AgentProfileDBAdapter.getInstance();
            if (agentProfileDBAdapter.getProfileGroups(CertificateProfileGroup.TYPE).size() + agentProfileDBAdapter.getProfileGroups(GoogleCertificateProfileGroup.TYPE).size() > 0) {
                this.crittercismWrapper.reportCustomHandledException("certificate profiles present but absent from certificate database");
                Logger.i(TAG, "certificate profiles present but absent from certificate database");
            }
        }
        for (CertificateDefinitionAnchorApp certificateDefinitionAnchorApp : emptyList) {
            ProfileGroup profileGroupByUUID = AgentProfileDBAdapter.getInstance().getProfileGroupByUUID(certificateDefinitionAnchorApp.getUuid());
            if (profileGroupByUUID != null || StringUtils.isAnyEmptyOrNull(certificateDefinitionAnchorApp.getUuid(), certificateDefinitionAnchorApp.getIdentifier())) {
                if (profileGroupByUUID != null) {
                    CertificateDefinitionAnchorApp certificateDefinitionAnchorApp2 = new CertificateDefinitionAnchorApp(profileGroupByUUID);
                    certificateDefinitionAnchorApp.setFullName(certificateDefinitionAnchorApp2.getFullName());
                    certificateDefinitionAnchorApp.setEnableTima(certificateDefinitionAnchorApp2.getEnableTima());
                }
                this.crittercismWrapper.postBreadcrumb("add cert sample: " + certificateDefinitionAnchorApp.getUuid());
                addCertificates(certificateDefinitionAnchorApp, profileGroupByUUID);
            } else {
                this.crittercismWrapper.reportCustomHandledException("deleting OrphanCerts: " + certificateDefinitionAnchorApp.getUuid());
                Logger.w(TAG, "sampleData() certificate was bound to profile group, but profile is missing now.");
                deleteOrphanCerts(certificateDefinitionAnchorApp);
            }
        }
        if (this.certificates.isEmpty() && !emptyList.isEmpty()) {
            this.crittercismWrapper.reportCustomHandledException("AirWatch adding the placeholder cert");
            Logger.e("AirWatch adding the placeholder cert");
            addPlaceholderSample();
        }
        String str4 = this.certificates.size() == emptyList.size() ? "Success for cert list sample: " : "Error for cert list sample: ";
        crittercismWrapper = this.crittercismWrapper;
        str = str4 + emptyList.size() + Commons.COMMA_STRING + this.certificates.size();
        crittercismWrapper.reportCustomHandledException(str);
    }
}
