package com.microsoft.windowsintune.companyportal.enrollment;

import android.net.Uri;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentStateSettings;
import com.microsoft.intune.common.faultinjection.FaultCategoryType;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.common.xml.XMLUtils;
import com.microsoft.omadm.apppolicy.data.MAMServiceURITable;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.utils.AppUtils;
import java.io.IOException;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.lang3.StringUtils;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.util.encoders.Base64;
import org.w3c.dom.Node;

/* loaded from: classes3.dex */
public final class EnrollmentSecurityTokenParser {
    private static final String CERTIFICATE_EXTENSION_OID_FOR_DEVICE_ID = "1.2.840.113556.5.4";
    private static final String EMM_USER_DEVICE_AUTH_TOKEN = "/wap-provisioningdoc/characteristic[@type = 'AndroidForWorkUserAuthToken']/param[@name = 'EmmUserDeviceAuthToken' and @value]";
    private static final String XP_APPLICATION = "/wap-provisioningdoc/characteristic[@type = 'APPLICATION']";
    private static final String XP_CERTIFICATE_STORE = "/wap-provisioningdoc/characteristic[@type = 'CertificateStore']";
    private static final String XP_DEVICE_CERTIFICATE = "characteristic[@type = 'My']/characteristic[@type = 'User']/characteristic/parm[@name = 'EncodedCertificate' and @value]";
    private static final String XP_DEVICE_CERTIFICATE_HASH = "characteristic[@type = 'My']/characteristic[@type = 'User']/characteristic[@type]";
    private static final String XP_ENT_DEVICE_NAME = "/wap-provisioningdoc/characteristic[@type = 'DMClient']/characteristic[@type = 'Provider']/characteristic[@type = 'SCConfigMgr']/parm[@name = 'EntDeviceName' and @value]";
    private static final String XP_REGISTRY_ENROLLMENT = "/wap-provisioningdoc/characteristic[@type = 'Registry']/characteristic[@type = 'HKLM\\Software\\Microsoft\\Enrollment']";
    private static final String XP_REGISTRY_OMADM_RETRY = "/wap-provisioningdoc/characteristic[@type = 'Registry']/characteristic[@type = 'HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry']";
    private static final String XP_SAMSUNG_BACKWARDS_COMPATIBLE_KPE_KEY = "/wap-provisioningdoc/characteristic[@type = 'AndroidBackwardsCompatibleKpeKey']/param[@name = 'SamsungKnoxBackwardsCompatibleKpeKey' and @value]";
    private static final String XP_SAMSUNG_KPE_KEY = "/wap-provisioningdoc/characteristic[@type = 'AndroidKpeKey']/param[@name = 'SamsungKnoxKpeKey' and @value]";

    private EnrollmentSecurityTokenParser() {
    }

    private static String bytesToCSharpGuidFormat(byte[] bArr) throws EnrollmentParserException {
        if (bArr == null || bArr.length < 16) {
            throw new EnrollmentParserException("Error parsing device id. Not enough bytes.");
        }
        return String.format("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", Byte.valueOf(bArr[3]), Byte.valueOf(bArr[2]), Byte.valueOf(bArr[1]), Byte.valueOf(bArr[0]), Byte.valueOf(bArr[5]), Byte.valueOf(bArr[4]), Byte.valueOf(bArr[7]), Byte.valueOf(bArr[6]), Byte.valueOf(bArr[8]), Byte.valueOf(bArr[9]), Byte.valueOf(bArr[10]), Byte.valueOf(bArr[11]), Byte.valueOf(bArr[12]), Byte.valueOf(bArr[13]), Byte.valueOf(bArr[14]), Byte.valueOf(bArr[15]));
    }

    private static long getParmLongValue(XMLUtils xMLUtils, Node node, String str) throws EnrollmentParserException {
        try {
            return Long.parseLong(getParmStringValue(xMLUtils, node, str));
        } catch (NumberFormatException e) {
            throw new EnrollmentParserException("Error formatting value as long", e);
        }
    }

    private static String getParmStringValue(XMLUtils xMLUtils, Node node, String str) throws EnrollmentParserException {
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute("parm[@name = '" + str + "' and @value]", node, "value");
            if (nodeStringAttribute != null) {
                return nodeStringAttribute;
            }
            throw new EnrollmentParserException("Parm value not found.");
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error getting parm value.", e);
        }
    }

    private static XMLUtils loadToken(String str) throws EnrollmentParserException {
        try {
            return new XMLUtils(str, (NamespaceContext) null);
        } catch (Exception e) {
            throw new EnrollmentParserException("Error loading token", e);
        }
    }

    private static void parseApplication(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        try {
            Node node = xMLUtils.getNode(XP_APPLICATION);
            if (node == null) {
                throw new EnrollmentParserException("APPLICATION node not found.");
            }
            enrollmentInfo.setDmpAddr(Uri.parse(getParmStringValue(xMLUtils, node, "ADDR")));
            enrollmentInfo.setConnRetryFreq(getParmStringValue(xMLUtils, node, "CONNRETRYFREQ"));
            enrollmentInfo.setInitialBackOffTime(getParmStringValue(xMLUtils, node, "INITIALBACKOFFTIME"));
            enrollmentInfo.setMaxBackOffTime(getParmStringValue(xMLUtils, node, "MAXBACKOFFTIME"));
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error parsing APPLICATION node.", e);
        }
    }

    private static void parseBackwardsCompatibleKpeKey(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        boolean isSamsungDevice = AppUtils.isSamsungDevice();
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(XP_SAMSUNG_BACKWARDS_COMPATIBLE_KPE_KEY, "value");
            if (!StringUtils.isEmpty(nodeStringAttribute)) {
                enrollmentInfo.setBackwardsCompatibleKpeKey(nodeStringAttribute);
            } else if (isSamsungDevice) {
                throw new EnrollmentParserException("Backwards compatible KPE key not found.");
            }
        } catch (XPathExpressionException e) {
            if (isSamsungDevice) {
                throw new EnrollmentParserException("Error getting backwards compatible KPE key value.", e);
            }
        }
    }

    private static void parseCertificateStore(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        try {
            Node node = xMLUtils.getNode(XP_CERTIFICATE_STORE);
            if (node == null) {
                throw new EnrollmentParserException("CertificateStore node not found.");
            }
            enrollmentInfo.setDeviceCertificateHash(parseDeviceCertificateHash(xMLUtils, node));
            parseDeviceCertificate(xMLUtils, enrollmentInfo, node);
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error getting CertificateStore node.", e);
        }
    }

    private static void parseDeviceCertificate(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo, Node node) throws EnrollmentParserException {
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(XP_DEVICE_CERTIFICATE, node, "value");
            if (nodeStringAttribute == null) {
                throw new EnrollmentParserException("Device certificate not found.");
            }
            enrollmentInfo.setDeviceCertificate(nodeStringAttribute);
            try {
                X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(Base64.decode(nodeStringAttribute));
                enrollmentInfo.setDeviceCertificateExpiration(x509CertificateHolder.getNotAfter());
                enrollmentInfo.setLocalDeviceId(bytesToCSharpGuidFormat(x509CertificateHolder.getExtension(new ASN1ObjectIdentifier(CERTIFICATE_EXTENSION_OID_FOR_DEVICE_ID)).getExtnValue().getOctets()));
            } catch (IOException e) {
                throw new EnrollmentParserException("Error parsing device certificate. " + e.getMessage(), e);
            }
        } catch (XPathExpressionException e2) {
            throw new EnrollmentParserException("Error getting device certificate.", e2);
        }
    }

    private static String parseDeviceCertificateHash(XMLUtils xMLUtils, Node node) throws EnrollmentParserException {
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(XP_DEVICE_CERTIFICATE_HASH, node, "type");
            if (nodeStringAttribute != null) {
                return nodeStringAttribute;
            }
            throw new EnrollmentParserException("Device certificate hash not found.");
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error getting device certificate hash.", e);
        }
    }

    private static void parseDmClient(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(XP_ENT_DEVICE_NAME, "value");
            if (nodeStringAttribute == null) {
                throw new EnrollmentParserException("Device name not found.");
            }
            enrollmentInfo.setEntDeviceName(nodeStringAttribute);
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error getting DMClient value.", e);
        }
    }

    private static void parseEmmUserDeviceAuthToken(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(EMM_USER_DEVICE_AUTH_TOKEN, "value");
            if (((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).isFaultEnabled(FaultCategoryType.AndroidForWork, "parseEmmUserDeviceAuthToken")) {
                nodeStringAttribute = null;
            }
            if (StringUtils.isEmpty(nodeStringAttribute)) {
                throw new EnrollmentParserException("EMM user device auth token not found.");
            }
            enrollmentInfo.setEmmUserDeviceAuthToken(nodeStringAttribute);
        } catch (XPathExpressionException e) {
            throw new EnrollmentParserException("Error getting EMM user device auth token value.", e);
        }
    }

    public static IEnrollmentInfo parseEnrollmentToken(String str) throws EnrollmentParserException {
        XMLUtils loadToken = loadToken(str);
        EnrollmentInfo enrollmentInfo = new EnrollmentInfo();
        parseCertificateStore(loadToken, enrollmentInfo);
        parseApplication(loadToken, enrollmentInfo);
        parseRegistry(loadToken, enrollmentInfo);
        parseDmClient(loadToken, enrollmentInfo);
        parseBackwardsCompatibleKpeKey(loadToken, enrollmentInfo);
        parseKpeKey(loadToken, enrollmentInfo);
        if (((EnrollmentStateSettings) ServiceLocator.getInstance().get(EnrollmentStateSettings.class)).enrollingAsAfw()) {
            parseEmmUserDeviceAuthToken(loadToken, enrollmentInfo);
        }
        return enrollmentInfo;
    }

    private static void parseKpeKey(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        boolean isSamsungDevice = AppUtils.isSamsungDevice();
        try {
            String nodeStringAttribute = xMLUtils.getNodeStringAttribute(XP_SAMSUNG_KPE_KEY, "value");
            if (!StringUtils.isEmpty(nodeStringAttribute)) {
                enrollmentInfo.setKpeKey(nodeStringAttribute);
            } else if (isSamsungDevice) {
                throw new EnrollmentParserException("KPE key not found.");
            }
        } catch (XPathExpressionException e) {
            if (isSamsungDevice) {
                throw new EnrollmentParserException("Error getting KPE key value.", e);
            }
        }
    }

    private static void parseRegistry(XMLUtils xMLUtils, EnrollmentInfo enrollmentInfo) throws EnrollmentParserException {
        try {
            Node node = xMLUtils.getNode(XP_REGISTRY_ENROLLMENT);
            if (node == null) {
                throw new EnrollmentParserException("Registry Enrollment node not found.");
            }
            enrollmentInfo.setRenewalPeriod(getParmLongValue(xMLUtils, node, EnrollmentSettings.RENEWAL_PERIOD));
            try {
                Node node2 = xMLUtils.getNode(XP_REGISTRY_OMADM_RETRY);
                if (node2 == null) {
                    throw new EnrollmentParserException("Registry Omadm Retry node not found.");
                }
                enrollmentInfo.setOmaDmNumRetries(getParmLongValue(xMLUtils, node2, "NumRetries"));
                enrollmentInfo.setOmaDmRetryInterval(getParmLongValue(xMLUtils, node2, MAMServiceURITable.COLUMN_RETRY_INTERVAL));
                enrollmentInfo.setOmaDmAuxNumRetries(getParmLongValue(xMLUtils, node2, "AuxNumRetries"));
                enrollmentInfo.setOmaDmAuxRetryInterval(getParmLongValue(xMLUtils, node2, "AuxRetryInterval"));
                enrollmentInfo.setOmaDmAux2NumRetries(getParmLongValue(xMLUtils, node2, "Aux2NumRetries"));
                enrollmentInfo.setOmaDmAux2RetryInterval(getParmLongValue(xMLUtils, node2, "Aux2RetryInterval"));
            } catch (XPathExpressionException e) {
                throw new EnrollmentParserException("Error parsing Registry Omadm Retry node.", e);
            }
        } catch (XPathExpressionException e2) {
            throw new EnrollmentParserException("Error parsing Registry Enrollment node.", e2);
        }
    }

    public static ICertificateInfo parseRenewalToken(String str) throws EnrollmentParserException {
        XMLUtils loadToken = loadToken(str);
        EnrollmentInfo enrollmentInfo = new EnrollmentInfo();
        parseCertificateStore(loadToken, enrollmentInfo);
        return enrollmentInfo;
    }
}
