package com.microsoft.omadm.platforms.android.certmgr;

import android.content.Context;
import android.security.KeyChainException;
import com.microsoft.identity.common.internal.eststelemetry.SchemaConstants;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.ICertificateStoreManager;
import com.microsoft.omadm.platforms.android.certmgr.data.CertStateData;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificate;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.state.RootCertInstallStateMachine;
import com.microsoft.omadm.platforms.android.certmgr.state.ScepCertInstallStateMachine;
import com.microsoft.omadm.utils.CertUtils;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public abstract class AbstractCertificateStoreManager implements ICertificateStoreManager {
    public static final String INTENT_EXTRA_CERT_KEY = "com.microsoft.omadm.certmgr.CertKey";
    public static final String INTENT_EXTRA_CERT_TYPE = "com.microsoft.omadm.certmgr.CertType";
    public static final String INTENT_EXTRA_CERT_USER_ID = "com.microsoft.omadm.certmgr.CertUserId";
    public static final String INTENT_EXTRA_FALLBACK_CERT_INSTALL = "com.microsoft.omadm.certmgr.FallbackCertInstall";
    private static final Logger LOGGER = Logger.getLogger(AbstractCertificateStoreManager.class.getName());
    public static final String ROOT_CERT_NOTIFICATION_TAG = "com.microsoft.omadm.certmgr.ROOT_CERT_NOTIFICATION_TAG";
    public static final String SCEP_CERT_NOTIFICATION_TAG = "com.microsoft.omadm.certmgr.SCEP_CERT_NOTIFICATION_TAG";
    protected KeyStore androidCAStore;
    protected CertStateData certStateData;
    protected Context context;
    protected RootCertInstallStateMachine rootCertStateMachine;
    protected ScepCertInstallStateMachine scepCertStateMachine;

    public AbstractCertificateStoreManager(CertStateData certStateData, RootCertInstallStateMachine rootCertInstallStateMachine, ScepCertInstallStateMachine scepCertInstallStateMachine, Context context) {
        this.certStateData = certStateData;
        this.rootCertStateMachine = rootCertInstallStateMachine;
        this.scepCertStateMachine = scepCertInstallStateMachine;
        this.context = context;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void addRootCert(RootCertificateState rootCertificateState) throws OMADMException {
        if (this.certStateData.getRootCertificateByThumbPrint(rootCertificateState.thumbPrint) == null) {
            this.certStateData.insert(rootCertificateState);
        }
        String existingCertificateAlias = getExistingCertificateAlias(rootCertificateState);
        if (existingCertificateAlias == null) {
            this.rootCertStateMachine.transition(rootCertificateState, CertStatus.CERT_INSTALL_REQUESTED);
            return;
        }
        LOGGER.info(MessageFormat.format("Root cert ({0}) found on device.  Setting status to success.", rootCertificateState.thumbPrint));
        rootCertificateState.status = CertStatus.CERT_INSTALL_SUCCESS;
        rootCertificateState.alias = existingCertificateAlias;
        this.certStateData.update(rootCertificateState);
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void addUserCert(ScepCertificateState scepCertificateState) throws OMADMException {
        ScepCertificateState userCertificateByRequestId = this.certStateData.getUserCertificateByRequestId(scepCertificateState.requestId, scepCertificateState.user);
        if (userCertificateByRequestId != null) {
            scepCertificateState.id = userCertificateByRequestId.id;
            if (!this.certStateData.update(scepCertificateState)) {
                throw new OMADMException("Couldn't update ScepCertificateState table. RequestId: " + scepCertificateState.requestId);
            }
        } else if (!this.certStateData.insert(scepCertificateState)) {
            throw new OMADMException("Couldn't insert ScepCertificateState in the database table. Requestid: " + scepCertificateState.requestId);
        }
        this.scepCertStateMachine.transition(scepCertificateState, CertStatus.CERT_INSTALL_REQUESTED);
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public boolean deleteCaCertFromDatabase(RootCertificateState rootCertificateState) {
        if (rootCertificateState != null) {
            LOGGER.fine("Removing CA certificate with alias from database " + rootCertificateState.alias);
            rootCertificateState.pendingDelete = true;
            try {
                this.rootCertStateMachine.transition(rootCertificateState, CertStatus.CERT_DELETED);
            } catch (OMADMException unused) {
                return false;
            }
        }
        return true;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public boolean deleteUserCertFromDatabase(ScepCertificate scepCertificate) {
        ScepCertificateState userCertificateByAlias = this.certStateData.getUserCertificateByAlias(scepCertificate.alias);
        if (userCertificateByAlias != null) {
            LOGGER.fine("Removing user certificate with alias from database " + scepCertificate.alias);
            userCertificateByAlias.pendingDelete = true;
            try {
                this.scepCertStateMachine.transition(userCertificateByAlias, CertStatus.CERT_DELETED);
            } catch (OMADMException unused) {
                return false;
            }
        }
        return true;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void deleteUserCertificate(ScepCertificateState scepCertificateState) {
        tryRemoveUserCertificate(new ScepCertificate(scepCertificateState));
        scepCertificateState.pendingDelete = true;
        scepCertificateState.status = CertStatus.CERT_DELETED;
        this.certStateData.update(scepCertificateState);
    }

    protected abstract String getExistingCertificateAlias(RootCertificateState rootCertificateState) throws OMADMException;

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public X509Certificate getRootCertificate(String str) {
        try {
            return (X509Certificate) this.androidCAStore.getCertificate(str);
        } catch (Exception unused) {
            LOGGER.warning("Failed to read CA certificate with alias " + str);
            return null;
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public RootCertificateState getRootCertificateByIssuers(String str) throws OMADMException {
        RootCertificateState rootCertificateState;
        List<RootCertificateState> allRootCertificates = this.certStateData.getAllRootCertificates();
        String name = X500PrincipalFactory.newPrincipal(str).getName();
        String[] split = name.split(SchemaConstants.SEPARATOR_COMMA);
        Iterator<RootCertificateState> it = allRootCertificates.iterator();
        while (true) {
            if (!it.hasNext()) {
                rootCertificateState = null;
                break;
            }
            rootCertificateState = it.next();
            if (rootCertificateState.issuers.equalsIgnoreCase(name)) {
                break;
            }
            String[] split2 = rootCertificateState.issuers.split(SchemaConstants.SEPARATOR_COMMA);
            if (split2.length == split.length) {
                int i = 0;
                int length = split.length;
                while (true) {
                    length--;
                    if (i >= split2.length || length < 0 || !split2[i].equalsIgnoreCase(split2[length])) {
                        break;
                    }
                    i++;
                }
            }
        }
        if (loadRootCertificate(rootCertificateState)) {
            return rootCertificateState;
        }
        return null;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public RootCertificateState getRootCertificateByThumbPrint(String str) throws OMADMException {
        RootCertificateState rootCertificateByThumbPrint = this.certStateData.getRootCertificateByThumbPrint(str);
        if (loadRootCertificate(rootCertificateByThumbPrint)) {
            return rootCertificateByThumbPrint;
        }
        return null;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public PrivateKey getUserCertPrivateKey(String str) throws OMADMException {
        if (StringUtils.isEmpty(str)) {
            throw new OMADMException("Cannot get private key for certificate. Invalid alias");
        }
        ScepCertificateState userCertificateByAlias = this.certStateData.getUserCertificateByAlias(str);
        if (userCertificateByAlias == null) {
            throw new OMADMException(String.format("Cannot get private key for certificate. Certificate with alias '%s' does not exist.", str));
        }
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(userCertificateByAlias.privateKey));
        } catch (NoSuchAlgorithmException e) {
            throw new OMADMException("KeyFactory could find RSA algorithm", e);
        } catch (InvalidKeySpecException e2) {
            throw new OMADMException("PrivateKey is not in a valid PKCS8 format", e2);
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public X509Certificate getUserCertificate(String str) {
        try {
            X509Certificate[] certificateChain = CertUtils.getCertificateChain(this.context, str);
            if (certificateChain != null && certificateChain.length >= 1) {
                return certificateChain[0];
            }
            return null;
        } catch (Exception unused) {
            LOGGER.warning("Failed to read user certificate with alias " + str);
            return null;
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public List<RootCertificateState> loadManagedRootCertificates() throws OMADMException {
        List<RootCertificateState> allRootCertificates = this.certStateData.getAllRootCertificates();
        int i = 0;
        while (i < allRootCertificates.size()) {
            if (loadRootCertificate(allRootCertificates.get(i))) {
                i++;
            } else {
                allRootCertificates.remove(i);
            }
        }
        return allRootCertificates;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public List<ScepCertificate> loadManagedUserCertificates(Long l) throws OMADMException, KeyChainException {
        List<ScepCertificateState> allUserCertificates = this.certStateData.getAllUserCertificates(l);
        ArrayList arrayList = new ArrayList();
        for (ScepCertificateState scepCertificateState : allUserCertificates) {
            ScepCertificate scepCertificate = new ScepCertificate(scepCertificateState);
            if (CertStatus.CERT_ACCESS_GRANTED == scepCertificateState.status && loadUserCertificate(scepCertificate)) {
                arrayList.add(scepCertificate);
            }
        }
        return arrayList;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public boolean loadRootCertificate(RootCertificateState rootCertificateState) {
        if (rootCertificateState != null && CertStatus.CERT_INSTALL_SUCCESS == rootCertificateState.status) {
            X509Certificate rootCertificate = getRootCertificate(rootCertificateState.alias);
            if (rootCertificate != null) {
                try {
                    rootCertificateState.certBlob = rootCertificate.getEncoded();
                    return true;
                } catch (CertificateEncodingException unused) {
                    LOGGER.warning(MessageFormat.format("Failed to encode certificate with alias {0}", rootCertificateState.alias));
                    return false;
                }
            }
            LOGGER.info(MessageFormat.format("Certificate {0} was removed from the device; removing reference from database.", rootCertificateState.alias));
            deleteCaCertFromDatabase(rootCertificateState);
        }
        return false;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public boolean loadUserCertificate(ScepCertificate scepCertificate) throws KeyChainException {
        X509Certificate[] certificateChain = CertUtils.getCertificateChain(this.context, scepCertificate.alias);
        if (certificateChain != null) {
            for (X509Certificate x509Certificate : certificateChain) {
                try {
                } catch (CertificateEncodingException e) {
                    LOGGER.warning("Couldn't decode cert blob for cert with alias " + scepCertificate.alias + ". Error was: " + e.getMessage());
                } catch (Exception e2) {
                    LOGGER.fine("Skipping cert with alias " + scepCertificate.alias + ". Couldn't get the thumbprint. Error was: " + e2.getMessage());
                }
                if (CertUtils.getThumbPrint(x509Certificate).equals(scepCertificate.thumbprint)) {
                    scepCertificate.certBlob = x509Certificate.getEncoded();
                    return true;
                }
                continue;
            }
        }
        deleteUserCertFromDatabase(scepCertificate);
        return false;
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveCACertificate(RootCertificateState rootCertificateState) {
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveCACertificates() {
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificate(ScepCertificate scepCertificate) {
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificates() {
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificates(Long l) {
    }
}
