package com.airwatch.net.securechannel;

import android.text.TextUtils;
import com.airwatch.core.AirWatchDevice;
import com.airwatch.core.ByteArray;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.net.securechannel.ISecureChannel;
import com.airwatch.plist.PlistDictionary;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.storage.PreferenceErrorListener;
import com.airwatch.util.ArrayUtils;
import com.airwatch.util.Logger;
import com.airwatch.util.ReportAdapterUtil;
import java.io.File;
import java.io.IOException;
import java.util.Date;

/* loaded from: classes4.dex */
public class SecureChannel implements ISecureChannel {
    private final String TAG = SecureChannel.class.getSimpleName();
    SecureChannelConfiguration mConfig;

    public SecureChannel(SecureChannelConfiguration secureChannelConfiguration) {
        this.mConfig = secureChannelConfiguration == null ? new SecureChannelConfiguration() : secureChannelConfiguration;
    }

    @Override // com.airwatch.net.securechannel.ISecureChannel
    public byte[] decodeMessage(byte[] bArr) {
        return decodeMessage(bArr, ISecureChannel.Version.V2);
    }

    @Override // com.airwatch.net.securechannel.ISecureChannel
    public byte[] decodeMessage(byte[] bArr, ISecureChannel.Version version) {
        if (!this.mConfig.isValid()) {
            return new byte[0];
        }
        Logger.d(this.TAG, "Secure Channel Response Version " + version);
        return version == ISecureChannel.Version.V3 ? decryptMessage(verifySignature(bArr)) : verifySignature(decryptMessage(bArr));
    }

    public byte[] decryptMessage(byte[] bArr) {
        File file = new File(this.mConfig.getDeviceIdentity().privateKeyPath);
        if (ArrayUtils.isEmpty(bArr) || !file.exists()) {
            Logger.e(this.TAG, "Can't decrypt. Either the payload is empty or the key to decrypt is not found");
        } else {
            bArr = OpenSSLCryptUtil.getInstance().decryptEnvelopedCms(bArr, this.mConfig.getDeviceIdentity().privateKeyPath, AirWatchDevice.getSeedValue("VEVNUF9LRVkx"));
            String str = this.TAG;
            if (bArr == null) {
                Logger.e(str, "Decryption failed");
                File file2 = new File(this.mConfig.getDeviceIdentity().certificatePath);
                ReportAdapterUtil.reportAsHandledException(SDKContextManager.getSDKContext().getContext(), PreferenceErrorListener.PreferenceErrorCode.DECRYPTION_FAIL, String.format("%s Decryption failed. Certificate timestamp: %s, thumbprint: %s", this.TAG, new Date(file2.lastModified()), ArrayUtils.toHex(OpenSSLCryptUtil.sha256Hash(file2))));
            } else {
                Logger.d(str, "Message decrypted.");
            }
        }
        return bArr;
    }

    @Override // com.airwatch.net.securechannel.ISecureChannel
    public byte[] envelopeMessage(String str, byte[] bArr) {
        if (str == null || str.length() == 0) {
            return new byte[0];
        }
        if (!this.mConfig.isValid()) {
            return new byte[0];
        }
        PlistDictionary plistDictionary = new PlistDictionary();
        plistDictionary.put("bundleId", this.mConfig.getPackageId());
        plistDictionary.put("uid", this.mConfig.getDeviceUid());
        plistDictionary.put("deviceType", String.valueOf(5));
        if (!TextUtils.isEmpty(this.mConfig.getConfigVersion())) {
            plistDictionary.put("version", this.mConfig.getConfigVersion());
        }
        if (this.mConfig.getConfigTypeId().length() > 0) {
            plistDictionary.put("configtypeid", this.mConfig.getConfigTypeId());
        }
        byte[] bArr2 = null;
        if (bArr != null && bArr.length > 0) {
            File file = new File(this.mConfig.getDeviceIdentity().certificatePath);
            File file2 = new File(this.mConfig.getDeviceIdentity().privateKeyPath);
            if (file.exists() && file2.exists()) {
                bArr2 = OpenSSLCryptUtil.getInstance().createSignedCms(bArr, this.mConfig.getDeviceIdentity().certificatePath, this.mConfig.getDeviceIdentity().privateKeyPath, AirWatchDevice.getSeedValue("VEVNUF9LRVkx"));
            }
            File file3 = new File(this.mConfig.getServerCertificate());
            if (bArr2 != null && file3.exists()) {
                plistDictionary.put(str, new ByteArray(OpenSSLCryptUtil.getInstance().createEnvelopedCms(bArr2, this.mConfig.getServerCertificate())));
                return ("<plist>" + plistDictionary.toXml() + "</plist>").getBytes();
            }
        }
        plistDictionary.put(str, "");
        return ("<plist>" + plistDictionary.toXml() + "</plist>").getBytes();
    }

    @Override // com.airwatch.net.securechannel.ISecureChannel
    public boolean useSecureChannel() {
        return this.mConfig.isValid() && this.mConfig.getSecurityLevel() == SecurityLevel.SIGN_AND_ENCRYPT;
    }

    public byte[] verifySignature(byte[] bArr) {
        byte[] bArr2 = null;
        try {
            File airWatchRootCertificate = OpenSSLCryptUtil.getAirWatchRootCertificate();
            File file = new File(this.mConfig.getServerCertificate());
            if (!ArrayUtils.isEmpty(bArr) && airWatchRootCertificate.exists() && file.exists()) {
                bArr2 = OpenSSLCryptUtil.getInstance().verifySignatureAndGetMessagePKCS7(bArr, this.mConfig.getServerCertificate(), airWatchRootCertificate.getAbsolutePath());
                Logger.d(this.TAG, "Signature verification done");
            } else {
                Logger.e(this.TAG, "Signature verification failed.");
            }
        } catch (IOException e) {
            Logger.e(this.TAG, "Error fetching airwatch root certificate", (Throwable) e);
        }
        return bArr2;
    }
}
