package com.microsoft.omadm.utils;

import com.microsoft.intune.common.xml.XMLUtils;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.wifimgr.OneX;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.lang3.StringUtils;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.w3c.dom.NodeList;

/* loaded from: classes2.dex */
public class CertSearchCriteria {
    static final String XP_EAP_P2_TLS_ALLPURPOSE = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AllPurposeEnabled";
    static final String XP_EAP_P2_TLS_CAHASHENABLED = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:CAHashList";
    static final String XP_EAP_P2_TLS_EKU_ANYPURPOSE = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AnyPurposeEKUList";
    static final String XP_EAP_P2_TLS_EKU_ANYPURPOSE_MAP = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AnyPurposeEKUList/tls3:EKUMapInList";
    static final String XP_EAP_P2_TLS_EKU_CLIENTAUTH = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:ClientAuthEKUList";
    static final String XP_EAP_P2_TLS_EKU_CLIENTAUTH_MAP = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:ClientAuthEKUList/tls3:EKUMapInList";
    static final String XP_EAP_P2_TLS_ISSUERHASHLIST = "//tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:CAHashList/tls3:IssuerHash";
    static final String XP_EAP_TLS_ALLPURPOSE = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AllPurposeEnabled";
    static final String XP_EAP_TLS_CAHASHENABLED = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:CAHashList";
    static final String XP_EAP_TLS_EKU_ANYPURPOSE = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AnyPurposeEKUList";
    static final String XP_EAP_TLS_EKU_ANYPURPOSE_MAP = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:AnyPurposeEKUList/tls3:EKUMapInList";
    static final String XP_EAP_TLS_EKU_CLIENTAUTH = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:ClientAuthEKUList";
    static final String XP_EAP_TLS_EKU_CLIENTAUTH_MAP = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:ClientAuthEKUList/tls3:EKUMapInList";
    static final String XP_EAP_TLS_ISSUERHASHLIST = "/wl:WLANProfile/wl:MSM/wl:security/oneX:OneX/oneX:EAPConfig/ehc:EapHostConfig/ehc:Config/ebc:Eap/tls:EapType/tls2:TLSExtensions/tls3:FilteringInfo/tls3:CAHashList/tls3:IssuerHash";
    public boolean allPurposeEnabled;
    public List<EKU> anyPurposeEKU;
    public List<String> caIssuerHash;
    public List<EKU> clientAuthEKU;
    public String rootCertThumbprint;
    public boolean allowExpiredCertificates = false;
    public boolean requireUpnInSubjectAlternativeNames = false;

    /* loaded from: classes2.dex */
    public static class EKU {
        public final String name;
        public final String oid;

        public EKU(String str, String str2) {
            this.name = str;
            this.oid = str2;
        }
    }

    public static CertSearchCriteria createFromStringIssuerAndEKU(String str, String str2) throws OMADMException {
        CertSearchCriteria certSearchCriteria = new CertSearchCriteria();
        certSearchCriteria.caIssuerHash = new ArrayList();
        if (!StringUtils.isEmpty(str)) {
            certSearchCriteria.caIssuerHash.add(CertUtils.normalizeThumbPrint(str));
        }
        if (!StringUtils.isEmpty(str2)) {
            List asList = Arrays.asList(str2.trim().split(" "));
            List<EKU> eKUListFromString = getEKUListFromString(asList);
            if (asList.contains(KeyPurposeId.anyExtendedKeyUsage.getId())) {
                certSearchCriteria.anyPurposeEKU = eKUListFromString;
            } else {
                if (!asList.contains(KeyPurposeId.id_kp_clientAuth.getId())) {
                    throw new OMADMException("Invalid user certificate criteria. Must be either an any purpose or client authentication certificate.");
                }
                certSearchCriteria.clientAuthEKU = eKUListFromString;
            }
        }
        return certSearchCriteria;
    }

    public static List<EKU> getEKUListFromString(List<String> list) throws OMADMException {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new EKU("", it.next()));
        }
        return arrayList;
    }

    private static List<EKU> getEKUListFromXML(XMLUtils xMLUtils, NodeList nodeList, Map<String, EKU> map) throws XPathExpressionException, OMADMException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            String nodeStringContent = xMLUtils.getNodeStringContent(OneX.XP_FC_EAP_TLS_EKU_NAME, nodeList.item(i));
            if (nodeStringContent == null) {
                nodeStringContent = xMLUtils.getNodeStringContent(OneX.XP_FC_EAP_TLS_EKU_OID, nodeList.item(i));
            }
            if (nodeStringContent == null) {
                throw new OMADMException("Expected EKU Name or OID in ClientAuth or AnyPurpose EKU Lists.");
            }
            arrayList.add(map.get(nodeStringContent));
        }
        return arrayList;
    }

    private static HashMap<String, EKU> getEKUMappingFromXML(XMLUtils xMLUtils) throws XPathExpressionException {
        NodeList nodeList = xMLUtils.getNodeList(OneX.XP_EAP_P2_TLS_EKU_MAP);
        HashMap<String, EKU> hashMap = new HashMap<>();
        for (int i = 0; i < nodeList.getLength(); i++) {
            String nodeStringContent = xMLUtils.getNodeStringContent(OneX.XP_FC_EAP_TLS_EKU_NAME, nodeList.item(i));
            String nodeStringContent2 = xMLUtils.getNodeStringContent(OneX.XP_FC_EAP_TLS_EKU_OID, nodeList.item(i));
            EKU eku = new EKU(nodeStringContent, nodeStringContent2);
            hashMap.put(nodeStringContent, eku);
            hashMap.put(nodeStringContent2, eku);
        }
        return hashMap;
    }

    private static List<EKU> getEkuListIfEnabled(XMLUtils xMLUtils, Map<String, EKU> map, String str, String str2) throws XPathExpressionException, OMADMException {
        if (xMLUtils.getNodeBooleanAttribute(str, "Enabled", "true", true, false)) {
            return getEKUListFromXML(xMLUtils, xMLUtils.getNodeList(str2), map);
        }
        return null;
    }

    private static List<String> getIssuerHashListIfEnabled(XMLUtils xMLUtils, String str, String str2) throws XPathExpressionException {
        if (xMLUtils.getNodeBooleanAttribute(str, "Enabled", "true", true, false)) {
            return CertUtils.normalizeThumbPrintList(xMLUtils.getNodeListStringContents(str2));
        }
        return null;
    }

    public boolean areCaCertsRequired() {
        return !StringUtils.isEmpty(this.rootCertThumbprint);
    }

    public boolean areClientCertsRequired() {
        return (this.anyPurposeEKU == null && this.clientAuthEKU == null) ? false : true;
    }

    public void updateFromTlsEapXml(XMLUtils xMLUtils) throws XPathExpressionException, OMADMException {
        this.allPurposeEnabled = xMLUtils.getNodeBooleanContent(XP_EAP_TLS_ALLPURPOSE, "true", true, false);
        this.caIssuerHash = getIssuerHashListIfEnabled(xMLUtils, XP_EAP_TLS_CAHASHENABLED, XP_EAP_TLS_ISSUERHASHLIST);
        HashMap<String, EKU> eKUMappingFromXML = getEKUMappingFromXML(xMLUtils);
        this.anyPurposeEKU = getEkuListIfEnabled(xMLUtils, eKUMappingFromXML, XP_EAP_TLS_EKU_ANYPURPOSE, XP_EAP_TLS_EKU_ANYPURPOSE_MAP);
        this.clientAuthEKU = getEkuListIfEnabled(xMLUtils, eKUMappingFromXML, XP_EAP_TLS_EKU_CLIENTAUTH, XP_EAP_TLS_EKU_CLIENTAUTH_MAP);
    }

    public void updateFromTtlsPhase2EapXml(XMLUtils xMLUtils) throws XPathExpressionException, OMADMException {
        this.allPurposeEnabled = xMLUtils.getNodeBooleanContent(XP_EAP_P2_TLS_ALLPURPOSE, "true", true, false);
        this.caIssuerHash = getIssuerHashListIfEnabled(xMLUtils, XP_EAP_P2_TLS_CAHASHENABLED, XP_EAP_P2_TLS_ISSUERHASHLIST);
        HashMap<String, EKU> eKUMappingFromXML = getEKUMappingFromXML(xMLUtils);
        this.anyPurposeEKU = getEkuListIfEnabled(xMLUtils, eKUMappingFromXML, XP_EAP_P2_TLS_EKU_ANYPURPOSE, XP_EAP_P2_TLS_EKU_ANYPURPOSE_MAP);
        this.clientAuthEKU = getEkuListIfEnabled(xMLUtils, eKUMappingFromXML, XP_EAP_P2_TLS_EKU_CLIENTAUTH, XP_EAP_P2_TLS_EKU_CLIENTAUTH_MAP);
    }
}
