package com.airwatch.sdk.certificate;

import android.content.SharedPreferences;
import android.util.Base64;
import com.airwatch.afw.lib.AfwApp;
import com.airwatch.agent.ConfigurationManager;
import com.airwatch.agent.enrollmentv2.model.state.handlers.createmdm.MdmInstallResponsePayload;
import com.airwatch.agent.profile.scep.ScepCertFetcher;
import com.airwatch.agent.utility.unenrollment.WipeLogger;
import com.airwatch.bizlib.util.JsonUtils;
import com.airwatch.mutualtls.ClientTLSAuthStorage;
import com.airwatch.sdk.certificate.CertificateFetchResult;
import com.airwatch.sdk.certificate.scep.SCEPEnrollmentDataModel;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.storage.SDKSecurePreferencesKeys;
import com.airwatch.util.Logger;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.util.Enumeration;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class SCEPUtility {
    public static final String CHALLENGE = "Challenge";
    public static final String KEY_SIZE = "KeySize";
    public static final String KEY_TYPE = "KeyType";
    public static final String KEY_USAGE = "KeyUsage";
    public static final String PASSWORD = "Password";
    public static final String PKCS12 = "Pkcs12";
    public static final String PKCS_12 = "PKCS12";
    public static final String RESPONSE_TYPE = "ResponseType";
    public static final String SCEP = "Scep";
    public static final String SUBJECT_ALTERNATE_NAME = "SubjectAlternateName";
    public static final String SUBJECT_NAME = "SubjectName";
    private static final String TAG = "SCEPUtility";
    public static final String TLS_MUTUAL_ON = "TLSMutualOn";
    public static final String URL = "Url";

    private SCEPUtility() {
    }

    public static CertificateFetchResult handleSCEPCertFetch(JSONObject jSONObject) {
        try {
            Logger.i(TAG, "Calling to fetch SCEP cert(${this@AEScepCertificateProfileGroup.uuid})");
            setSCEPInfo(jSONObject);
            return new ScepCertFetcher(new SCEPEnrollmentDataModel.Builder(jSONObject.getString("Url"), jSONObject.getString("Challenge"), jSONObject.getString("SubjectName")).setSubjectAlternativeName(jSONObject.getString("SubjectAlternateName")).setKeySize(jSONObject.getInt("KeySize")).setKeyType(jSONObject.getString("KeyType")).setKeyUsageFlags(jSONObject.getInt("KeyUsage")).build()).fetch();
        } catch (JSONException e) {
            Logger.e(TAG, "JSONException occurred handling SCEP Cert fetch. " + e.getMessage(), (Throwable) e);
            return new CertificateFetchResult(CertificateFetchResult.Status.FAILURE, null, -8, null, null);
        }
    }

    public static void handleSCEPInstructions(MdmInstallResponsePayload mdmInstallResponsePayload) {
        ScepInfo scepPayload = mdmInstallResponsePayload.getScepPayload();
        if (scepPayload == null) {
            Logger.i(TAG, "handleSCEPInstructions() scepPAyload is empty , so returning.");
            return;
        }
        try {
            setTLSMutualAuthCert(handleSCEPCertFetch(new JSONObject(JsonUtils.toJson(scepPayload))));
        } catch (JSONException e) {
            Logger.e(TAG, "handleSCEPInstructions() json exception ", (Throwable) e);
        }
    }

    public static KeyStore parseSCEPResult(CertificateFetchResult certificateFetchResult) {
        try {
            JSONObject jsonKeyStore = certificateFetchResult.getJsonKeyStore();
            String string = jsonKeyStore.getString("Pkcs12");
            String string2 = jsonKeyStore.getString("Password");
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new ByteArrayInputStream(Base64.decode(string, 0)), string2.toCharArray());
            return keyStore;
        } catch (JSONException e) {
            Logger.e(TAG, "Could not parse SCEP Result", (Throwable) e);
            return null;
        } catch (Exception e2) {
            Logger.e(TAG, "Could not load SCEP Cert to KS", (Throwable) e2);
            return null;
        }
    }

    private static void setSCEPInfo(JSONObject jSONObject) throws JSONException {
        try {
            SharedPreferences.Editor edit = SDKContextManager.getSDKContext().getSDKSecurePreferences().edit();
            edit.putString(SDKSecurePreferencesKeys.SCEP_ENROLLMENT_URL, jSONObject.getString("Url"));
            edit.putString(SDKSecurePreferencesKeys.SCEP_CHALLENGE, jSONObject.getString("Challenge"));
            edit.putString(SDKSecurePreferencesKeys.SCEP_SUBJECT_NAME, jSONObject.getString("SubjectName"));
            edit.putString(SDKSecurePreferencesKeys.SCEP_SUBJECT_ALTERNATIVE_NAME, jSONObject.getString("SubjectAlternateName"));
            edit.putInt(SDKSecurePreferencesKeys.SCEP_KEY_USAGE_FLAGS, jSONObject.getInt("KeyUsage"));
            edit.putInt(SDKSecurePreferencesKeys.SCEP_KEY_SIZE, jSONObject.getInt("KeySize"));
            edit.putString(SDKSecurePreferencesKeys.SCEP_KEY_TYPE, jSONObject.getString("KeyType"));
            edit.apply();
        } catch (JSONException e) {
            Logger.e(TAG, "Unable to persist SCEP Instructions", (Throwable) e);
            throw new JSONException(e.getMessage() + "\nUnable to persist SCEP Instructions");
        }
    }

    private static void setTLSMutualAuthCert(CertificateFetchResult certificateFetchResult) {
        if (certificateFetchResult.getErrorCode() < 0) {
            Logger.e(TAG, "Received SCEP Error. Code: " + certificateFetchResult.getErrorCode() + ". Wiping...");
            AfwApp.getAppContext().getClient().getEnterpriseManager().wipeEnterpriseData(WipeLogger.WipeTrigger.TLS_MUTUAL_AUTH);
            return;
        }
        try {
            KeyStore parseSCEPResult = parseSCEPResult(certificateFetchResult);
            if (parseSCEPResult == null) {
                Logger.e(TAG, "setTLSMutualAuthCert() keystore is null ");
                return;
            }
            Enumeration<String> aliases = parseSCEPResult.aliases();
            while (aliases.hasMoreElements()) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) parseSCEPResult.getEntry(aliases.nextElement(), null);
                ClientTLSAuthStorage clientTLSAuthStorage = SDKContextManager.getSDKContext().getClientTLSAuthStorage();
                ConfigurationManager configurationManager = ConfigurationManager.getInstance();
                clientTLSAuthStorage.addEntry(configurationManager.getBasicConnectionSettings().getHost(), privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain(), null);
                configurationManager.setTLSMutualAuthOn();
            }
        } catch (Exception e) {
            Logger.e(TAG, "Exception when parsing the JSON result. We have to quit", (Throwable) e);
            AfwApp.getAppContext().getClient().getEnterpriseManager().wipeEnterpriseData(WipeLogger.WipeTrigger.TLS_MUTUAL_AUTH);
        }
    }
}
