package com.microsoft.omadm.platforms.afw.certmgr;

import android.annotation.TargetApi;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.client.PolicyManagerReceiver;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import com.microsoft.omadm.platforms.android.certmgr.CertStorePasswords;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.utils.CertUtils;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class AfwCertificateStoreManager extends AbstractCertificateStoreManager {
    private static final Logger LOGGER = Logger.getLogger(AfwCertificateStoreManager.class.getName());
    private ComponentName componentName;
    private DevicePolicyManager devicePolicyManager;

    @Inject
    CertStorePasswords passwords;

    public static AfwCertificateStoreManager create(Context context) throws OMADMException {
        AfwCertificateStoreManager afwCertificateStoreManager = new AfwCertificateStoreManager();
        Services.injectMember(afwCertificateStoreManager);
        afwCertificateStoreManager.devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        if (afwCertificateStoreManager.devicePolicyManager == null) {
            throw new OMADMException("Cannot get system service DevicePolicyManager. Unable to create AfwCertificateStoreManager.");
        }
        afwCertificateStoreManager.componentName = new ComponentName(context, (Class<?>) PolicyManagerReceiver.class);
        return afwCertificateStoreManager;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager
    protected String getExistingCertificateAlias(RootCertificateState rootCertificateState) throws OMADMException {
        return CertUtils.tryGetCAAliasFromCertificate(rootCertificateState);
    }

    @TargetApi(21)
    public boolean installRootCert(RootCertificateState rootCertificateState) {
        boolean z = false;
        try {
            if (this.devicePolicyManager.installCaCert(this.componentName, rootCertificateState.certBlob)) {
                String existingCertificateAlias = getExistingCertificateAlias(rootCertificateState);
                if (StringUtils.isEmpty(existingCertificateAlias)) {
                    LOGGER.warning(MessageFormat.format("Could not retrieve CA certificate alias for AFW-installed CA cert (Thumbprint: {0})", rootCertificateState.thumbPrint));
                } else {
                    rootCertificateState.alias = existingCertificateAlias;
                    z = true;
                }
            } else {
                LOGGER.warning(MessageFormat.format("Install CA certificate (Thumbprint: {0}) returned unsuccessfully for certificate", rootCertificateState.thumbPrint));
            }
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to install certificate with alias " + rootCertificateState.alias, (Throwable) e);
        }
        return z;
    }

    @TargetApi(24)
    public boolean installUserCert(ScepCertificateState scepCertificateState, boolean z) {
        KeyStore loadKeyStore;
        try {
            loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, this.passwords.getStorePassword());
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to install certificate with request id " + scepCertificateState.requestId, (Throwable) e);
        }
        if (!loadKeyStore.containsAlias(scepCertificateState.alias)) {
            LOGGER.severe(MessageFormat.format("Unable to install certificate, as the certificate store does not contain certificate with alias {0} (RequestId: {1})", scepCertificateState.alias, scepCertificateState.requestId));
            return false;
        }
        Certificate certificate = loadKeyStore.getCertificate(scepCertificateState.alias);
        if (certificate == null) {
            LOGGER.severe(MessageFormat.format("Unable to install requested certificate, unable to load certificate from the certificate store (RequestId: {1})", scepCertificateState.requestId));
            return false;
        }
        PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(scepCertificateState.alias, this.passwords.getStorePassword());
        if (z ? this.devicePolicyManager.installKeyPair(this.componentName, privateKey, new Certificate[]{certificate}, scepCertificateState.alias, true) : this.devicePolicyManager.installKeyPair(this.componentName, privateKey, certificate, scepCertificateState.alias)) {
            return true;
        }
        Logger logger = LOGGER;
        Object[] objArr = new Object[2];
        objArr[0] = z ? " and request access" : "";
        objArr[1] = scepCertificateState.requestId;
        logger.warning(MessageFormat.format("installKeyPair{0} returned unsuccessfully (RequestId: {1})", objArr));
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    @TargetApi(21)
    public boolean loadRootCertificate(RootCertificateState rootCertificateState) {
        if (rootCertificateState == null || StringUtils.isEmpty(rootCertificateState.thumbPrint)) {
            return false;
        }
        if (CertStatus.CERT_INSTALL_SUCCESS == rootCertificateState.status) {
            for (byte[] bArr : this.devicePolicyManager.getInstalledCaCerts(this.componentName)) {
                try {
                } catch (OMADMException e) {
                    LOGGER.warning("Could not generate an X509Certificate from a blob returned by getInstalledCaCerts, skipping.");
                }
                if (rootCertificateState.thumbPrint.equals(CertUtils.getThumbPrint(CertUtils.generateX509Certificate(bArr)))) {
                    rootCertificateState.certBlob = bArr;
                    return true;
                }
                continue;
            }
            LOGGER.info(MessageFormat.format("Unable to find certificate with thumbprint {0} on the device; removing reference from database.", rootCertificateState.thumbPrint));
            deleteCaCertFromDatabase(rootCertificateState);
        }
        return false;
    }
}
