package com.microsoft.identity.broker.components;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import com.microsoft.identity.broker4j.broker.crypto.IAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.RawAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.flighting.Broker4jFlightsManager;
import com.microsoft.identity.broker4j.broker.flighting.BrokerFlight;
import com.microsoft.identity.broker4j.broker.flighting.IBrokerFlightsProvider;
import com.microsoft.identity.broker4j.broker.platform.components.IWpjCertManager;
import com.microsoft.identity.broker4j.opentelemetry.AttributeName;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.broker4j.workplacejoin.data.CertificateData;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.opentelemetry.OTelUtility;
import com.microsoft.identity.common.java.opentelemetry.SpanExtension;
import com.microsoft.identity.common.java.util.ThrowableUtil;
import com.microsoft.workaccount.workplacejoin.core.InstallCertActivity;
import io.opentelemetry.api.common.Attributes;
import io.opentelemetry.api.metrics.LongCounter;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.api.trace.StatusCode;
import java.security.KeyPair;
import java.security.cert.Certificate;
import kotlin.IRegisteredDevicePrtSetupTaskDefaultImpls;
import kotlin.RegisteredDevicePrtUsingBrtTaskCompanion;
import lombok.NonNull;

/* loaded from: classes2.dex */
public class AndroidWpjCertManager implements IWpjCertManager {
    private static final String TAG = "AndroidWpjCertManager";
    private static final LongCounter sFailedSilentCertInstallationCount = OTelUtility.createLongCounter("failed_silent_cert_installation_count", "Number of failed silent cert installations");
    private final Context mContext;

    public AndroidWpjCertManager(@NonNull Context context) {
        if (context == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        this.mContext = context;
    }

    private boolean installCertUsingDevicePolicyManager(@NonNull CertificateData certificateData, @NonNull KeyPair keyPair) {
        if (certificateData == null) {
            throw new NullPointerException("certificate is marked non-null but is null");
        }
        if (keyPair == null) {
            throw new NullPointerException("keyPair is marked non-null but is null");
        }
        String str = TAG + ":installCertUsingDevicePolicyManager";
        try {
            boolean installKeyPair = ((DevicePolicyManager) this.mContext.getSystemService("device_policy")).installKeyPair((ComponentName) null, keyPair.getPrivate(), new Certificate[]{certificateData.getX509Cert()}, certificateData.getAlias(), true);
            Logger.info(str, "Cert installed silently: " + installKeyPair);
            return installKeyPair;
        } catch (SecurityException e) {
            Logger.error(str, "Failed to install cert silently, The caller must be delegated with DELEGATION_CERT_INSTALL by the device/profile owner. ", e);
            sFailedSilentCertInstallationCount.add(1L, Attributes.builder().put(AttributeName.error_type.name(), e.getClass().getSimpleName()).put(AttributeName.stack_trace.name(), ThrowableUtil.getStackTraceAsString(e)).build());
            SpanExtension.current().setStatus(StatusCode.ERROR);
            SpanExtension.current().recordException(e);
            return false;
        }
    }

    private void launchInstallCertActivity(@NonNull String str, @NonNull KeyPair keyPair) {
        if (str == null) {
            throw new NullPointerException("tenantId is marked non-null but is null");
        }
        if (keyPair == null) {
            throw new NullPointerException("deviceKeyPair is marked non-null but is null");
        }
        Intent intent = new Intent(this.mContext, (Class<?>) InstallCertActivity.class);
        intent.putExtra("com.microsoft.workaccount.tenantId", str);
        intent.putExtra("device.key.pair", keyPair);
        intent.setFlags(268435456);
        this.mContext.startActivity(intent);
    }

    private void tryRemovingCertFromAndroidUserStoreSilently(@NonNull CertificateData certificateData) {
        if (certificateData == null) {
            throw new NullPointerException("certData is marked non-null but is null");
        }
        String str = TAG + ":tryRemovingCertSilently";
        try {
            boolean removeKeyPair = ((DevicePolicyManager) this.mContext.getSystemService("device_policy")).removeKeyPair(null, certificateData.getAlias());
            StringBuilder sb = new StringBuilder();
            sb.append("Certificate removal");
            sb.append(removeKeyPair ? " did " : " DID NOT ");
            sb.append("succeed. ");
            sb.append(WorkplaceJoinFailure.CERTIFICATE.toString());
            Logger.warn(str, sb.toString());
        } catch (SecurityException e) {
            Logger.warn(str, "Certificate removal DID NOT succeed: The caller must be delegated with DELEGATION_CERT_INSTALL by the device/profile owner. " + e.getMessage() + " " + WorkplaceJoinFailure.CERTIFICATE.toString());
        }
    }

    private void uninstallSamsungCert(@NonNull CertificateData certificateData) {
        if (certificateData == null) {
            throw new NullPointerException("certData is marked non-null but is null");
        }
        String str = TAG + ":uninstallSamsungCert";
        Logger.verbose(str, "Uninstall cert with Samsung API if available");
        IRegisteredDevicePrtSetupTaskDefaultImpls INotificationSideChannelDefault = RegisteredDevicePrtUsingBrtTaskCompanion.INotificationSideChannelDefault(this.mContext, RegisteredDevicePrtUsingBrtTaskCompanion.sendVolumeInfoChanged(this.mContext));
        if (INotificationSideChannelDefault != null) {
            boolean notify = INotificationSideChannelDefault.notify(this.mContext, certificateData);
            Logger.verbose(str, "Cert uninstall status:" + notify);
            if (notify) {
                return;
            }
        }
        Logger.verbose(str, "Certificate is not removed from the device.");
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IWpjCertManager
    public void installWpjCertToDevice(@NonNull WorkplaceJoinData workplaceJoinData, @NonNull IAsymmetricKeyEntry iAsymmetricKeyEntry) {
        if (workplaceJoinData == null) {
            throw new NullPointerException("wpjData is marked non-null but is null");
        }
        if (iAsymmetricKeyEntry == null) {
            throw new NullPointerException("deviceKey is marked non-null but is null");
        }
        String str = TAG + ":installWpjCertToDevice";
        if (!(iAsymmetricKeyEntry instanceof RawAsymmetricKeyEntry)) {
            Logger.warn(str, "Device key is not an instance of RawAsymmetricKeyEntry, cannot install cert");
            return;
        }
        KeyPair keyPair = ((RawAsymmetricKeyEntry) iAsymmetricKeyEntry).getKeyPair();
        IBrokerFlightsProvider flightsProvider = Broker4jFlightsManager.INSTANCE.getFlightsProvider();
        boolean isFlightEnabled = flightsProvider.isFlightEnabled(BrokerFlight.ENABLE_SILENT_CERT_INSTALLATION_ON_DEVICE_REGISTRATION);
        boolean isFlightEnabled2 = flightsProvider.isFlightEnabled(BrokerFlight.ENABLE_BACKUP_INTERACTIVE_CERT_INSTALLATION_ON_DEVICE_REGISTRATION);
        Logger.info(str, "shouldTrySilentCertInstallation: " + isFlightEnabled);
        Logger.info(str, "shouldTryInteractiveCertInstallation: " + isFlightEnabled2);
        Span current = SpanExtension.current();
        current.setAttribute(AttributeName.interactive_cert_flag_status.name(), isFlightEnabled2);
        current.setAttribute(AttributeName.silent_cert_flag_status.name(), isFlightEnabled);
        if (isFlightEnabled) {
            boolean installCertUsingDevicePolicyManager = installCertUsingDevicePolicyManager(workplaceJoinData.getCertificateData(), keyPair);
            current.setAttribute(AttributeName.silent_cert_request_status.name(), installCertUsingDevicePolicyManager);
            if (installCertUsingDevicePolicyManager) {
                Logger.info(str, "Cert installed silently");
                return;
            }
        }
        if (isFlightEnabled2) {
            Logger.warn(str, "Failed to install cert silently, falling back to interactive");
            launchInstallCertActivity(workplaceJoinData.getTenantId(), keyPair);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IWpjCertManager
    public void tryUninstallWpjCertFromDevice(@NonNull WorkplaceJoinData workplaceJoinData) {
        if (workplaceJoinData == null) {
            throw new NullPointerException("workplaceJoinData is marked non-null but is null");
        }
        CertificateData certificateData = workplaceJoinData.getCertificateData();
        tryRemovingCertFromAndroidUserStoreSilently(certificateData);
        uninstallSamsungCert(certificateData);
    }
}
