package com.microsoft.omadm.platforms.android.certmgr;

import android.content.Context;
import android.net.ConnectivityManager;
import android.net.NetworkInfo;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.ICertificateEnrollmentManager;
import com.microsoft.omadm.platforms.ICertificateStoreManager;
import com.microsoft.omadm.platforms.android.certmgr.data.CertRequestData;
import com.microsoft.omadm.platforms.android.certmgr.data.CertStateData;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificate;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepEnrollCertificateRequest;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.lang3.StringUtils;

@Singleton
/* loaded from: classes.dex */
public class CertificateEnrollmentManager implements ICertificateEnrollmentManager {

    @Inject
    ICertificateStoreManager certMgr;

    @Inject
    CertRequestData certRequestData;

    @Inject
    CertificateRequestHandler certRequestHandler;

    @Inject
    CertStateData certStateData;

    @Inject
    Context context;
    private final Logger logger = Logger.getLogger(CertificateEnrollmentManager.class.getName());

    @Inject
    CertStorePasswords passwords;

    private boolean shouldProcessCertificateRequest(ScepCertificateRequest scepCertificateRequest) throws OMADMException {
        boolean z = true;
        NetworkInfo activeNetworkInfo = ((ConnectivityManager) this.context.getSystemService("connectivity")).getActiveNetworkInfo();
        if (activeNetworkInfo == null || !activeNetworkInfo.isConnected()) {
            this.logger.fine("Skipping certificate enrollment due to lack of network connectivity");
            z = false;
        }
        if (!scepCertificateRequest.isRenewRequest() && !scepCertificateRequest.isReplaceRequest()) {
            RootCertificateState rootCertificateByIssuers = this.certMgr.getRootCertificateByIssuers(((ScepEnrollCertificateRequest) scepCertificateRequest).issuers);
            if (rootCertificateByIssuers == null || rootCertificateByIssuers.status != CertStatus.CERT_INSTALL_SUCCESS) {
                this.logger.finer("Skipping certificate enrollment, issuer root ca cert has not yet been installed.");
                scepCertificateRequest.status = CertStatus.CERT_ENROLL_PENDING_ROOT_CERT;
                z = false;
            }
            for (RootCertificateState rootCertificateState : this.certStateData.getAllRootCertificates()) {
                if (rootCertificateState == null || rootCertificateState.status != CertStatus.CERT_INSTALL_SUCCESS) {
                    this.logger.finer("Skipping certificate enrollment, there are ca certs that have not yet been installed.");
                    scepCertificateRequest.status = CertStatus.CERT_ENROLL_PENDING_ROOT_CERT;
                    z = false;
                    break;
                }
            }
        } else {
            ScepCertificateState userCertificateByRequestId = this.certStateData.getUserCertificateByRequestId(scepCertificateRequest.requestId, scepCertificateRequest.userId);
            if (userCertificateByRequestId == null || CertStatus.CERT_ACCESS_GRANTED != userCertificateByRequestId.status) {
                this.logger.fine(MessageFormat.format("Cannot renew an existing certificate (RequestId={0}, UserId={1}) until user gives us access;", scepCertificateRequest.requestId, scepCertificateRequest.userId));
                scepCertificateRequest.status = CertStatus.CERT_RENEW_PENDING_EXISTING_CERT;
                z = false;
            } else if (userCertificateByRequestId != null && !StringUtils.isEmpty(userCertificateByRequestId.alias)) {
                this.logger.fine(MessageFormat.format("Renewing certificate. Setting alias to existing certificate alias: {0}", userCertificateByRequestId.alias));
                scepCertificateRequest.alias = userCertificateByRequestId.alias;
                this.certRequestData.updateRequest(scepCertificateRequest);
            }
        }
        if (!z) {
            scepCertificateRequest.timeLastRequested = new Date();
            this.certRequestData.updateRequest(scepCertificateRequest);
        }
        return z;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateEnrollmentManager
    public void enrollPendingCertificates(Long l) throws OMADMException {
        this.logger.fine(MessageFormat.format("Trying to enroll pending SCEP certificates for user: {0}", l));
        List<ScepCertificateRequest> allRequests = this.certRequestData.getAllRequests(l);
        this.logger.fine(MessageFormat.format("There are {0} requests", Integer.valueOf(allRequests.size())));
        for (ScepCertificateRequest scepCertificateRequest : allRequests) {
            this.logger.fine(MessageFormat.format("Trying to enroll certificate request: {0}", scepCertificateRequest.requestId));
            tryEnrollCertificate(scepCertificateRequest);
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateEnrollmentManager
    public void tryEnrollCertificate(ScepCertificateRequest scepCertificateRequest) throws OMADMException {
        if (!shouldProcessCertificateRequest(scepCertificateRequest)) {
            this.logger.fine(MessageFormat.format("Skipping certificate enrollment because it is not ready yet. Request ID: {0}, User ID: {1}", scepCertificateRequest.requestId, scepCertificateRequest.userId));
            return;
        }
        ScepCertificateState scepCertificateState = null;
        if (scepCertificateRequest.requestRetryCount.longValue() <= scepCertificateRequest.retryCount.longValue()) {
            scepCertificateState = this.certRequestHandler.processRequest(scepCertificateRequest);
            scepCertificateRequest.timeLastRequested = new Date();
            this.certRequestData.updateRequest(scepCertificateRequest);
        }
        if (scepCertificateState == null && scepCertificateRequest.status != CertStatus.CERT_ENROLL_PENDING) {
            scepCertificateRequest.status = CertStatus.CERT_ENROLL_ERROR;
            Long l = scepCertificateRequest.requestRetryCount;
            scepCertificateRequest.requestRetryCount = Long.valueOf(scepCertificateRequest.requestRetryCount.longValue() + 1);
            this.certRequestData.updateRequest(scepCertificateRequest);
            if (scepCertificateRequest.requestRetryCount.longValue() > scepCertificateRequest.retryCount.longValue() || CertificateRequestHandler.isUnrecoverableError(scepCertificateRequest.lastError.intValue())) {
                this.certRequestData.deleteRequest(scepCertificateRequest.requestId, scepCertificateRequest.userId);
                return;
            }
            return;
        }
        if (scepCertificateState != null) {
            ScepCertificate scepCertificate = new ScepCertificate(scepCertificateState);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(scepCertificateState.certStoreBlob);
                try {
                    try {
                        keyStore.load(byteArrayInputStream, this.passwords.getStorePassword());
                        try {
                            Enumeration<String> aliases = keyStore.aliases();
                            if (aliases.hasMoreElements()) {
                                scepCertificate.certBlob = keyStore.getCertificate(aliases.nextElement()).getEncoded();
                            }
                            scepCertificateState.configParameters = scepCertificateRequest.configParameters;
                            if (this.certRequestData.getRequestById(scepCertificateRequest.requestId, scepCertificateRequest.userId) != null) {
                                this.certMgr.addUserCert(scepCertificateState);
                                this.certRequestData.deleteRequest(scepCertificateRequest.requestId, scepCertificateRequest.userId);
                            }
                        } catch (KeyStoreException e) {
                            throw new OMADMException("Couldn't enumerate aliases of the SCEP PKCS12 KeyStore");
                        } catch (CertificateEncodingException e2) {
                            throw new OMADMException("Couldn't get the encoded certificate");
                        }
                    } catch (Exception e3) {
                        throw new OMADMException("Couldn't load the SCEP PKCS12 KeyStore");
                    }
                } finally {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e4) {
                    }
                }
            } catch (KeyStoreException e5) {
                throw new OMADMException("Couldn't open a PKCS12 KeyStore instance");
            }
        }
    }
}
