package com.centrify.directcontrol.certauth;

import android.app.Activity;
import android.app.AlertDialog;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import android.view.View;
import android.widget.AdapterView;
import android.widget.Button;
import android.widget.ListAdapter;
import android.widget.ListView;
import android.widget.RadioButton;
import android.widget.Toast;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.AppConfig;
import com.centrify.android.CentrifyHttpException;
import com.centrify.android.JobIdConstants;
import com.centrify.android.centrifypreference.CentrifyPreferenceUtils;
import com.centrify.android.keystore.KeyStoreManager;
import com.centrify.android.keystore.KeyStoreManagerFactory;
import com.centrify.android.model.DeviceProfile;
import com.centrify.android.rest.CentrifyRestService;
import com.centrify.android.rest.JSONTags;
import com.centrify.android.rest.RestServiceFactory;
import com.centrify.android.rest.data.RestResult;
import com.centrify.android.thread.RunOnUIThread;
import com.centrify.android.thread.ThreadModule;
import com.centrify.directcontrol.AbstractStateAwareIntentService;
import com.centrify.directcontrol.CentrifyApplication;
import com.centrify.directcontrol.CentrifyNotificationManager;
import com.centrify.directcontrol.base.dagger2.BaseComponentHolder;
import com.centrify.directcontrol.db.DBAdapter;
import com.centrify.directcontrol.db.DBConstants;
import com.centrify.directcontrol.utilities.AppUtils;
import com.centrify.directcontrol.utilities.GenericBackgroundService;
import com.samsung.knoxemm.mdm.R;
import com.sec.enterprise.knox.certenroll.CEPConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.spongycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes.dex */
public class DerivedCredentialManager {
    private static final String KEY_ALGORITHM = "KeyAlgorithm";
    private static final String KEY_AND_SIGNATURE_ALGORITHM = "KeyAndSignatureAlgorithm";
    private static final String KEY_BITS_LENGTH = "KeyBitsLength";
    private static final String KEY_CSR_SIGNATURE = "CsrSignature";
    private static final String KEY_DATA_TO_SIGN = "DataToSign";
    private static final String KEY_ENCODED_CSR = "Base64EncodedCsr";
    private static final String KEY_PUBLICLEY = "PublicKey";
    private static final String KEY_REQUEST_ID = "RequestId";
    private static final String KEY_SERVER_CONTEXT = "ServerContext";
    private static final String KEY_SIGNATURE_ALGORITHM = "SignatureAlgorithm";
    private static final long ONE_DAY_MILLISECONDS = 86400000;
    public static final String TAG = "DerivedCredentialManager";
    private static final long TWO_YEARS_MILLISECONDS = -1352509440;
    private static DerivedCredentialManager mInstance;
    private static int mOSVersion = Build.VERSION.SDK_INT;
    private static final HashMap<String, String> KEY_ALGORITH_MAPPING = new HashMap<String, String>() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.1
        {
            put("ECC", "EC");
        }
    };
    private static final HashMap<String, String> CERT_SIG_ALGORITH_MAPPING = new HashMap<String, String>() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.2
        {
            put(CEPConstants.CEP_KEYALGO_TYPE_RSA, "SHA256withRSA");
            put("EC", "SHA256withECDSA");
        }
    };
    private Context mAppContext = CentrifyApplication.getAppInstance();
    private KeyStoreManager mKeyStoreManager = KeyStoreManagerFactory.getKeystoreInstance(this.mAppContext, KeyStoreManagerFactory.KEYSTORE_USE.Derived_Credential);
    private DeviceProfile deviceProfile = BaseComponentHolder.getBaseComponent().getDeviceProfile();

    /* loaded from: classes.dex */
    public interface CertAuthAliasCallBack {
        void certSelected(Activity activity, String str, boolean z);

        void certSelected(Activity activity, String str, boolean z, String str2);

        void certSelectionCancelled();
    }

    private DerivedCredentialManager() {
    }

    private void deleteAllCerts() {
        for (DcCertAuthInfo dcCertAuthInfo : getAllCertAuthInfoLst()) {
            LogUtil.info(TAG, "deleteAllCerts flow called:" + dcCertAuthInfo.getThumbprint());
            this.mKeyStoreManager.removeCert(dcCertAuthInfo.getAlias());
            deleteCertFromDB(dcCertAuthInfo.getThumbprint());
        }
    }

    private void deleteCertFromDB(String str) {
        DBAdapter dBInstance = DBAdapter.getDBInstance();
        String[] strArr = {str};
        LogUtil.debug(TAG, "wheredc_cert_thumbprint=?whereArgs" + strArr);
        int delete = dBInstance.delete(DBConstants.TABLE_DC_CERT_AUTH_INFO, "dc_cert_thumbprint=?", strArr);
        if (delete > 0) {
            displayDCConfigured(this.mAppContext.getString(R.string.derived_credentials_revoked_display_message));
        }
        LogUtil.info(TAG, "Cert " + str + " deleted result:" + delete);
    }

    private void displayDCConfigured(final String str) {
        boolean isAppOnForeground = AppUtils.isAppOnForeground();
        LogUtil.info(TAG, "DC config message:" + str + " app in foreground:" + isAppOnForeground);
        if (isAppOnForeground) {
            ThreadModule.getInstance().enqueueTask(this.mAppContext, new Runnable() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.6
                @Override // java.lang.Runnable
                @RunOnUIThread
                public void run() {
                    Toast.makeText(DerivedCredentialManager.this.mAppContext, str, 1).show();
                }
            });
        } else {
            CentrifyNotificationManager.getInstance().showDCNotification(str);
        }
    }

    public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String str, String str2) throws OperatorCreationException {
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(str2);
        jcaContentSignerBuilder.setProvider(AppConfig.SECURITY_PROVIDER);
        return pKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()));
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0030, code lost:
    
        if (r10.isClosed() != false) goto L11;
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x0032, code lost:
    
        r10.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x001c, code lost:
    
        if (r10.moveToFirst() != false) goto L6;
     */
    /* JADX WARN: Code restructure failed: missing block: B:5:0x001e, code lost:
    
        r9.add(new com.centrify.directcontrol.certauth.DcCertAuthInfo(r10));
     */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x002a, code lost:
    
        if (r10.moveToNext() != false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.List<com.centrify.directcontrol.certauth.DcCertAuthInfo> getAllCertAuthInfoLst() {
        /*
            r11 = this;
            r2 = 0
            java.util.ArrayList r9 = new java.util.ArrayList
            r9.<init>()
            com.centrify.directcontrol.db.DBAdapter r0 = com.centrify.directcontrol.db.DBAdapter.getDBInstance()
            java.lang.String r1 = "dc_cert_auth_info"
            r3 = r2
            r4 = r2
            r5 = r2
            r6 = r2
            r7 = r2
            android.database.Cursor r10 = r0.query(r1, r2, r3, r4, r5, r6, r7)
            if (r10 == 0) goto L35
            boolean r1 = r10.moveToFirst()
            if (r1 == 0) goto L2c
        L1e:
            com.centrify.directcontrol.certauth.DcCertAuthInfo r8 = new com.centrify.directcontrol.certauth.DcCertAuthInfo
            r8.<init>(r10)
            r9.add(r8)
            boolean r1 = r10.moveToNext()
            if (r1 != 0) goto L1e
        L2c:
            boolean r1 = r10.isClosed()
            if (r1 != 0) goto L35
            r10.close()
        L35:
            return r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.centrify.directcontrol.certauth.DerivedCredentialManager.getAllCertAuthInfoLst():java.util.List");
    }

    private List<DcCertAuthInfo> getDerivedCredentialFromCloud(Context context) {
        ArrayList arrayList = null;
        try {
            RestResult derivedCredentials = RestServiceFactory.createRestService(context).getDerivedCredentials(this.deviceProfile.getDeviceUDID());
            if (derivedCredentials.success) {
                ArrayList arrayList2 = new ArrayList();
                try {
                    if (StringUtils.isNotEmpty(derivedCredentials.plainResult)) {
                        JSONArray jSONArray = new JSONArray(derivedCredentials.plainResult);
                        for (int i = 0; i < jSONArray.length(); i++) {
                            DcCertAuthInfo dcCertAuthInfo = new DcCertAuthInfo(jSONArray.getJSONObject(i));
                            if (StringUtils.isNotBlank(dcCertAuthInfo.getThumbprint())) {
                                arrayList2.add(dcCertAuthInfo);
                            }
                        }
                        arrayList = arrayList2;
                    } else {
                        arrayList = arrayList2;
                    }
                } catch (CentrifyHttpException e) {
                    e = e;
                    arrayList = arrayList2;
                    LogUtil.error(TAG, "Unable to fetch DC certs", e);
                    return arrayList;
                } catch (IOException e2) {
                    e = e2;
                    arrayList = arrayList2;
                    LogUtil.error(TAG, "Unable to fetch DC certs", e);
                    return arrayList;
                } catch (JSONException e3) {
                    e = e3;
                    arrayList = arrayList2;
                    LogUtil.error(TAG, "Unable to fetch DC certs", e);
                    return arrayList;
                }
            } else {
                LogUtil.warning(TAG, "Rest call to fetch DC certs failed:" + derivedCredentials.message);
            }
        } catch (CentrifyHttpException e4) {
            e = e4;
        } catch (IOException e5) {
            e = e5;
        } catch (JSONException e6) {
            e = e6;
        }
        return arrayList;
    }

    public static DerivedCredentialManager getInstance() {
        if (mInstance == null) {
            mInstance = new DerivedCredentialManager();
        }
        return mInstance;
    }

    private void removePendingDCRequest(JSONObject jSONObject, HashSet<String> hashSet) {
        if (jSONObject.length() > 0) {
            Iterator<String> keys = jSONObject.keys();
            while (keys.hasNext()) {
                String next = keys.next();
                if (!hashSet.contains(next)) {
                    LogUtil.info(TAG, "Delete Pending request id from key store:" + next);
                    KeyStoreManagerFactory.getKeystoreInstance(this.mAppContext, KeyStoreManagerFactory.KEYSTORE_USE.Derived_Credential).removeCert(StringUtils.join(next, DcCertAuthInfo.DC_CERT_AUTH));
                    keys.remove();
                }
            }
            CentrifyPreferenceUtils.putString("pref_dc_inprogress_request_ids", jSONObject.toString());
        }
    }

    private void storeCert(DcCertAuthInfo dcCertAuthInfo) {
        String str = "";
        try {
            try {
                str = CentrifyPreferenceUtils.getString("pref_dc_inprogress_request_ids", "");
                JSONObject jSONObject = StringUtils.isNotBlank(str) ? new JSONObject(str) : new JSONObject();
                if (jSONObject.has(dcCertAuthInfo.getRequestId())) {
                    jSONObject.remove(dcCertAuthInfo.getRequestId());
                    CentrifyPreferenceUtils.putString("pref_dc_inprogress_request_ids", jSONObject.toString());
                }
            } catch (JSONException e) {
                LogUtil.error(TAG, "Parsing json pending request failed::" + str, e);
                CentrifyPreferenceUtils.putString("pref_dc_inprogress_request_ids", "");
            }
            PrivateKey privateKey = this.mKeyStoreManager.getPrivateKey(dcCertAuthInfo.getAlias(), null);
            if (privateKey == null) {
                LogUtil.error(TAG, "Cannot find private key in store for request id or alias:" + dcCertAuthInfo.getRequestId() + " " + dcCertAuthInfo.getAlias());
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(Base64.decode(dcCertAuthInfo.getCertData(), 0)));
            if (x509Certificate != null) {
                dcCertAuthInfo.setNotBeforeDate(x509Certificate.getNotBefore());
                dcCertAuthInfo.setNotAfterDate(x509Certificate.getNotAfter());
            }
            dcCertAuthInfo.mStatus = this.mKeyStoreManager.saveCert(dcCertAuthInfo.getAlias(), privateKey, new Certificate[]{x509Certificate}) ? 1 : 3;
            long storeInDB = storeInDB(dcCertAuthInfo);
            if (dcCertAuthInfo.mStatus != 1 || storeInDB <= -1) {
                return;
            }
            displayDCConfigured(this.mAppContext.getString(R.string.derived_credentials_provisioned_display_message));
        } catch (CertificateException e2) {
            LogUtil.error(TAG, "Error occurred while retrieving private key or cert ", e2);
        }
    }

    private long storeInDB(DcCertAuthInfo dcCertAuthInfo) {
        long insertWithOnConflict = DBAdapter.getDBInstance().insertWithOnConflict(DBConstants.TABLE_DC_CERT_AUTH_INFO, dcCertAuthInfo.toContentValues(), 5);
        LogUtil.info(TAG, "Stored cert info:" + insertWithOnConflict);
        return insertWithOnConflict;
    }

    private boolean storeKeyPair(String str, KeyPair keyPair, String str2) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal("cn=fake cert");
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setSubjectDN(new X509Name("dc=name"));
        x509V3CertificateGenerator.setIssuerDN(x500Principal);
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 86400000));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + TWO_YEARS_MILLISECONDS));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm(CERT_SIG_ALGORITH_MAPPING.containsKey(str2) ? CERT_SIG_ALGORITH_MAPPING.get(str2) : "SHA256withRSA");
        boolean saveCert = this.mKeyStoreManager.saveCert(str, keyPair.getPrivate(), new Certificate[]{x509V3CertificateGenerator.generate(keyPair.getPrivate(), "BC")});
        LogUtil.info(TAG, "Generated key pair stored:" + saveCert + " requestId:" + str);
        return saveCert;
    }

    public void checkIfDCCertDataSyncRequired(JSONArray jSONArray) {
        try {
            String string = CentrifyPreferenceUtils.getString("pref_dc_inprogress_request_ids", "");
            JSONObject jSONObject = StringUtils.isNotBlank(string) ? new JSONObject(string) : new JSONObject();
            HashSet hashSet = new HashSet();
            HashSet<String> hashSet2 = new HashSet<>();
            if (jSONArray == null || jSONArray.length() == 0) {
                deleteAllCerts();
                removePendingDCRequest(jSONObject, hashSet2);
                return;
            }
            LogUtil.debug(TAG, "Cert meta data received from cloud:" + jSONArray.toString());
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject jSONObject2 = (JSONObject) jSONArray.get(i);
                String optString = jSONObject2.optString(JSONTags.CERT_AUTH_CERT_THUMBPRINT);
                if (StringUtils.isNotBlank(optString)) {
                    hashSet.add(optString);
                } else {
                    hashSet2.add(jSONObject2.optString("RequestId"));
                }
            }
            List<DcCertAuthInfo> allCertAuthInfoLst = getAllCertAuthInfoLst();
            if (allCertAuthInfoLst.size() == hashSet.size()) {
                LogUtil.debug(TAG, "Number of derived credential certs match with cloud, check data" + hashSet.size());
                Iterator<DcCertAuthInfo> it = allCertAuthInfoLst.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    DcCertAuthInfo next = it.next();
                    if (!hashSet.contains(next.getThumbprint())) {
                        LogUtil.info(TAG, "Derived credential cloud cert data did not match client, sync with cloud. " + next.getThumbprint());
                        syncDerivedCredential(this.mAppContext);
                        break;
                    }
                }
            } else {
                LogUtil.info(TAG, "Derived Credential Cert list did not match, perform sync with cloud");
                syncDerivedCredential(this.mAppContext);
            }
            removePendingDCRequest(jSONObject, hashSet2);
        } catch (JSONException e) {
            LogUtil.error(TAG, "Issue parsing jsonobject:" + jSONArray.toString(), e);
        }
    }

    public void chooseAuthCert(final Activity activity, final CertAuthAliasCallBack certAuthAliasCallBack, boolean z) {
        List<DcCertAuthInfo> allDerivedCredCertAuthInfoLst = getAllDerivedCredCertAuthInfoLst();
        if (allDerivedCredCertAuthInfoLst == null || allDerivedCredCertAuthInfoLst.size() == 0) {
            if (certAuthAliasCallBack != null) {
                LogUtil.info(TAG, "No cert available send empty cert alias");
                certAuthAliasCallBack.certSelected(activity, "", false);
                return;
            }
            return;
        }
        if (allDerivedCredCertAuthInfoLst.size() == 1 && allDerivedCredCertAuthInfoLst.get(0).isValidCert() && z) {
            LogUtil.info(TAG, "Auto select cert and return the alias");
            if (certAuthAliasCallBack != null) {
                DcCertAuthInfo dcCertAuthInfo = allDerivedCredCertAuthInfoLst.get(0);
                LogUtil.info(TAG, "Alias return=" + dcCertAuthInfo.getAlias());
                certAuthAliasCallBack.certSelected(activity, dcCertAuthInfo.getAlias(), dcCertAuthInfo.getIsIntercede(), dcCertAuthInfo.getThumbprint());
                return;
            }
            return;
        }
        AlertDialog.Builder builder = new AlertDialog.Builder(activity);
        builder.setCancelable(false);
        builder.setTitle(activity.getString(R.string.dc_cert_chooser_title));
        final DcCertificateListAdapter dcCertificateListAdapter = new DcCertificateListAdapter(allDerivedCredCertAuthInfoLst, activity);
        final ListView listView = (ListView) View.inflate(activity, R.layout.certinfo_chooser, null);
        listView.setAdapter((ListAdapter) dcCertificateListAdapter);
        listView.setChoiceMode(1);
        builder.setView(listView);
        builder.setPositiveButton(android.R.string.ok, new DialogInterface.OnClickListener() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.3
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                int checkedItemPosition = listView.getCheckedItemPosition();
                DcCertAuthInfo item = checkedItemPosition >= 0 ? dcCertificateListAdapter.getItem(checkedItemPosition) : null;
                LogUtil.info(DerivedCredentialManager.TAG, "User selected cert for auth:" + item.getAlias());
                certAuthAliasCallBack.certSelected(activity, item.getAlias(), item.getIsIntercede(), item.getThumbprint());
            }
        });
        builder.setNegativeButton(android.R.string.cancel, new DialogInterface.OnClickListener() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.4
            @Override // android.content.DialogInterface.OnClickListener
            public void onClick(DialogInterface dialogInterface, int i) {
                dialogInterface.cancel();
                LogUtil.info(DerivedCredentialManager.TAG, "User cancelled cert selection");
                certAuthAliasCallBack.certSelectionCancelled();
            }
        });
        final AlertDialog create = builder.create();
        create.setOnShowListener(new DialogInterface.OnShowListener() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.5
            @Override // android.content.DialogInterface.OnShowListener
            public void onShow(DialogInterface dialogInterface) {
                final Button button = create.getButton(-1);
                button.setEnabled(false);
                listView.setOnItemClickListener(new AdapterView.OnItemClickListener() { // from class: com.centrify.directcontrol.certauth.DerivedCredentialManager.5.1
                    @Override // android.widget.AdapterView.OnItemClickListener
                    public void onItemClick(AdapterView<?> adapterView, View view, int i, long j) {
                        RadioButton radioButton = (RadioButton) view.findViewById(R.id.cert_item_selected);
                        if (radioButton == null || !radioButton.isEnabled()) {
                            return;
                        }
                        button.setEnabled(true);
                        listView.setItemChecked(i, true);
                        dcCertificateListAdapter.notifyDataSetChanged();
                    }
                });
            }
        });
        create.show();
    }

    public void generateDerivedCredentialCSR(String str) {
        if (StringUtils.isBlank(str)) {
            LogUtil.warning(TAG, "generateDerivedCredentialCSR is blank");
            return;
        }
        LogUtil.debug(TAG, "generateDerivedCredentialCSR " + str);
        try {
            JSONObject jSONObject = new JSONObject(str);
            String optString = jSONObject.optString("RequestId", "");
            String optString2 = jSONObject.optString(KEY_ALGORITHM, "");
            if (KEY_ALGORITH_MAPPING.containsKey(optString2)) {
                optString2 = KEY_ALGORITH_MAPPING.get(optString2);
            }
            int optInt = jSONObject.optInt(KEY_BITS_LENGTH);
            String optString3 = jSONObject.optString(JSONTags.CERT_AUTH_CERT_SUBJECT, "");
            String optString4 = jSONObject.optString(KEY_SIGNATURE_ALGORITHM, "");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(optString2, "BC");
            keyPairGenerator.initialize(optInt, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (!storeKeyPair(StringUtils.join(optString, DcCertAuthInfo.DC_CERT_AUTH), generateKeyPair, optString2)) {
                LogUtil.error(TAG, "Generated private key could not be stored, abort DC provisioning!!!");
                return;
            }
            String encodeToString = Base64.encodeToString(generateCSR(generateKeyPair, optString3, optString4).getEncoded(), 0);
            CentrifyRestService createRestService = RestServiceFactory.createRestService(this.mAppContext);
            try {
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("udid", this.deviceProfile.getDeviceUDID());
                jSONObject2.put("RequestId", optString);
                jSONObject2.put(KEY_ENCODED_CSR, encodeToString);
                RestResult submitDerivedCredCSR = createRestService.submitDerivedCredCSR(jSONObject2);
                LogUtil.info(TAG, "DC CSR uploaded :" + (submitDerivedCredCSR != null ? submitDerivedCredCSR.success : false));
                String string = CentrifyPreferenceUtils.getString("pref_dc_inprogress_request_ids", "");
                JSONObject jSONObject3 = StringUtils.isNotBlank(string) ? new JSONObject(string) : new JSONObject();
                jSONObject3.put(optString, "");
                CentrifyPreferenceUtils.putString("pref_dc_inprogress_request_ids", jSONObject3.toString());
            } catch (CentrifyHttpException e) {
                LogUtil.error(TAG, "Error uploading csr to cloud:" + str, e);
            }
        } catch (IOException e2) {
            LogUtil.error(TAG, "Error generating encoded CSR:" + str, e2);
        } catch (InvalidKeyException e3) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e3);
        } catch (NoSuchAlgorithmException e4) {
            LogUtil.error(TAG, "Key type error" + str, e4);
        } catch (NoSuchProviderException e5) {
            LogUtil.error(TAG, "Error creating key pair:" + str, e5);
        } catch (SignatureException e6) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e6);
        } catch (CertificateEncodingException e7) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e7);
        } catch (JSONException e8) {
            LogUtil.error(TAG, "Exception parsing:" + str, e8);
        } catch (OperatorCreationException e9) {
            LogUtil.error(TAG, "Error generating CSR:" + str, e9);
        }
    }

    public void generateDerivedCredentialPublicKeyAndSendSignature(String str) {
        if (StringUtils.isBlank(str)) {
            LogUtil.warning(TAG, "generateDerivedCredentialPublicKeyAndSendSignature is Blank.");
            return;
        }
        LogUtil.debug(TAG, "generateDerivedCredentialPublicKeyAndSendSignature " + str);
        try {
            JSONObject jSONObject = new JSONObject(str);
            String optString = jSONObject.optString("RequestId", "");
            String upperCase = jSONObject.optString(KEY_ALGORITHM, "").toUpperCase();
            int optInt = jSONObject.optInt(KEY_BITS_LENGTH);
            if (KEY_ALGORITH_MAPPING.containsKey(upperCase)) {
                upperCase = KEY_ALGORITH_MAPPING.get(upperCase);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(upperCase, "BC");
            keyPairGenerator.initialize(optInt, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (!storeKeyPair(StringUtils.join(optString, DcCertAuthInfo.DC_CERT_AUTH), generateKeyPair, upperCase)) {
                LogUtil.error(TAG, "Generated private key could not be stored, abort DC provisioning!!!");
                return;
            }
            CentrifyRestService createRestService = RestServiceFactory.createRestService(this.mAppContext);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("udid", this.deviceProfile.getDeviceUDID());
            jSONObject2.put("RequestId", optString);
            jSONObject2.put(KEY_PUBLICLEY, Base64.encodeToString(generateKeyPair.getPublic().getEncoded(), 0));
            RestResult submitDCPublicKeyAndGetData = createRestService.submitDCPublicKeyAndGetData(jSONObject2);
            boolean z = submitDCPublicKeyAndGetData != null ? submitDCPublicKeyAndGetData.success : false;
            String str2 = submitDCPublicKeyAndGetData != null ? submitDCPublicKeyAndGetData.plainResult : "";
            LogUtil.info(TAG, "DC public key submission and get CSR data result:" + z);
            if (!z) {
                LogUtil.warning(TAG, "Public submission failed:" + str2);
                this.mKeyStoreManager.removeCerts(new String[]{optString});
                return;
            }
            JSONObject jSONObject3 = new JSONObject(str2);
            String string = jSONObject3.getString(KEY_DATA_TO_SIGN);
            String string2 = jSONObject3.getString(KEY_AND_SIGNATURE_ALGORITHM);
            String string3 = jSONObject3.getString(KEY_SERVER_CONTEXT);
            if (TextUtils.isEmpty(string)) {
                LogUtil.warning(TAG, "Did not receive CSR data:" + string);
                this.mKeyStoreManager.removeCerts(new String[]{optString});
                return;
            }
            Signature signature = Signature.getInstance(string2);
            signature.initSign(generateKeyPair.getPrivate());
            signature.update(Base64.decode(string, 0));
            String encodeToString = Base64.encodeToString(signature.sign(), 0);
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put("udid", this.deviceProfile.getDeviceUDID());
            jSONObject4.put("RequestId", optString);
            jSONObject4.put(KEY_SERVER_CONTEXT, string3);
            jSONObject4.put(KEY_CSR_SIGNATURE, encodeToString);
            RestResult submitDCCSRSignature = createRestService.submitDCCSRSignature(jSONObject4);
            boolean z2 = submitDCCSRSignature != null ? submitDCCSRSignature.success : false;
            String str3 = submitDCCSRSignature != null ? submitDCCSRSignature.plainResult : "";
            if (!z2) {
                LogUtil.warning(TAG, "CSR signature submission failed:" + str3);
                this.mKeyStoreManager.removeCerts(new String[]{optString});
                return;
            }
            LogUtil.info(TAG, "Public key and signature submission completed successfully..");
            String string4 = CentrifyPreferenceUtils.getString("pref_dc_inprogress_request_ids", "");
            JSONObject jSONObject5 = StringUtils.isNotBlank(string4) ? new JSONObject(string4) : new JSONObject();
            jSONObject5.put(optString, "");
            CentrifyPreferenceUtils.putString("pref_dc_inprogress_request_ids", jSONObject5.toString());
        } catch (CentrifyHttpException e) {
            LogUtil.error(TAG, "Error sending publickey to cloud:" + str, e);
        } catch (IOException e2) {
            LogUtil.error(TAG, "Error sending publickey to cloud:" + str, e2);
        } catch (InvalidKeyException e3) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e3);
        } catch (NoSuchAlgorithmException e4) {
            LogUtil.error(TAG, "Key type error" + str, e4);
        } catch (NoSuchProviderException e5) {
            LogUtil.error(TAG, "Error creating key pair:" + str, e5);
        } catch (SignatureException e6) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e6);
        } catch (CertificateEncodingException e7) {
            LogUtil.error(TAG, "Error storing generated key pair:" + str, e7);
        } catch (JSONException e8) {
            LogUtil.error(TAG, "Exception parsing:" + str, e8);
        }
    }

    public List<DcCertAuthInfo> getAllDerivedCredCertAuthInfoLst() {
        List<DcCertAuthInfo> certAuthInfoLst = getCertAuthInfoLst();
        List<DcCertAuthInfo> intercedeCertList = IntercedeManager.getInstance().getIntercedeCertList();
        if (intercedeCertList != null && intercedeCertList.size() > 0) {
            certAuthInfoLst.addAll(intercedeCertList);
        }
        return certAuthInfoLst;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0060, code lost:
    
        if (r10.isClosed() != false) goto L11;
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x0062, code lost:
    
        r10.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x004c, code lost:
    
        if (r10.moveToFirst() != false) goto L6;
     */
    /* JADX WARN: Code restructure failed: missing block: B:5:0x004e, code lost:
    
        r9.add(new com.centrify.directcontrol.certauth.DcCertAuthInfo(r10));
     */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x005a, code lost:
    
        if (r10.moveToNext() != false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.List<com.centrify.directcontrol.certauth.DcCertAuthInfo> getCertAuthInfoLst() {
        /*
            r11 = this;
            r5 = 1
            r2 = 0
            java.util.ArrayList r9 = new java.util.ArrayList
            r9.<init>()
            com.centrify.directcontrol.db.DBAdapter r0 = com.centrify.directcontrol.db.DBAdapter.getDBInstance()
            java.lang.String r3 = "status=?"
            java.lang.String[] r4 = new java.lang.String[r5]
            r1 = 0
            java.lang.String r5 = java.lang.Integer.toString(r5)
            r4[r1] = r5
            java.lang.String r1 = "DerivedCredentialManager"
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            r5.<init>()
            java.lang.String r6 = "where"
            java.lang.StringBuilder r5 = r5.append(r6)
            java.lang.StringBuilder r5 = r5.append(r3)
            java.lang.String r6 = "whereArgs"
            java.lang.StringBuilder r5 = r5.append(r6)
            java.lang.StringBuilder r5 = r5.append(r4)
            java.lang.String r5 = r5.toString()
            com.centrify.agent.samsung.utils.LogUtil.debug(r1, r5)
            java.lang.String r1 = "dc_cert_auth_info"
            r5 = r2
            r6 = r2
            r7 = r2
            android.database.Cursor r10 = r0.query(r1, r2, r3, r4, r5, r6, r7)
            if (r10 == 0) goto L65
            boolean r1 = r10.moveToFirst()
            if (r1 == 0) goto L5c
        L4e:
            com.centrify.directcontrol.certauth.DcCertAuthInfo r8 = new com.centrify.directcontrol.certauth.DcCertAuthInfo
            r8.<init>(r10)
            r9.add(r8)
            boolean r1 = r10.moveToNext()
            if (r1 != 0) goto L4e
        L5c:
            boolean r1 = r10.isClosed()
            if (r1 != 0) goto L65
            r10.close()
        L65:
            return r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.centrify.directcontrol.certauth.DerivedCredentialManager.getCertAuthInfoLst():java.util.List");
    }

    public boolean handleDerivedCredentialAction(String str, String str2) {
        LogUtil.debug(TAG, "handleDerivedCredentialAction " + str);
        this.mAppContext = CentrifyApplication.getAppInstance();
        if (!AppUtils.isAuthenticated()) {
            LogUtil.warning(TAG, "device is not enrolled");
            return false;
        }
        if (!isDCFlowEnabled()) {
            LogUtil.warning(TAG, "Dc is not enabled.");
            return false;
        }
        AbstractStateAwareIntentService.startWakefulService(this.mAppContext, GenericBackgroundService.class, JobIdConstants.jobIds.get(GenericBackgroundService.class.getSimpleName()).intValue(), new Intent(this.mAppContext, (Class<?>) GenericBackgroundService.class).setAction(str).putExtra(GenericBackgroundService.EXTRA_DC_DATA, str2));
        LogUtil.debug(TAG, "Start GenericBackgroundService");
        return true;
    }

    public boolean isCertAuthAvailable() {
        boolean z = false;
        List<DcCertAuthInfo> allDerivedCredCertAuthInfoLst = getAllDerivedCredCertAuthInfoLst();
        if (allDerivedCredCertAuthInfoLst != null && allDerivedCredCertAuthInfoLst.size() > 0) {
            z = true;
        }
        LogUtil.debug(TAG, "Certs requested for auth available:" + z);
        return z;
    }

    public boolean isDCFlowEnabled() {
        boolean z = !CentrifyPreferenceUtils.getBoolean("pref_disable_derived_credential", false);
        boolean z2 = mOSVersion >= 23;
        LogUtil.info(TAG, "Is Derived credential enabled/supported by client: " + z + ":" + z2);
        return z && z2;
    }

    public void syncDerivedCredential(Context context) {
        List<DcCertAuthInfo> derivedCredentialFromCloud = getDerivedCredentialFromCloud(context);
        if (derivedCredentialFromCloud == null) {
            LogUtil.warning(TAG, "Error in obtaining list of cert");
            return;
        }
        LogUtil.info(TAG, "Certs received from cloud:" + derivedCredentialFromCloud.size());
        List<DcCertAuthInfo> allCertAuthInfoLst = getAllCertAuthInfoLst();
        for (DcCertAuthInfo dcCertAuthInfo : derivedCredentialFromCloud) {
            Iterator<DcCertAuthInfo> it = allCertAuthInfoLst.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                DcCertAuthInfo next = it.next();
                if (StringUtils.equalsIgnoreCase(dcCertAuthInfo.getThumbprint(), next.getThumbprint())) {
                    r3 = next.mStatus == 1;
                    if (!StringUtils.equals(next.getDisplayName(), dcCertAuthInfo.getDisplayName())) {
                        storeInDB(next);
                    }
                    it.remove();
                }
            }
            if (!r3) {
                storeCert(dcCertAuthInfo);
            }
        }
        if (allCertAuthInfoLst.size() > 0) {
            LogUtil.info(TAG, "Some certs are revoked/removed, removing them from DB and keystore:" + allCertAuthInfoLst.size());
            for (DcCertAuthInfo dcCertAuthInfo2 : allCertAuthInfoLst) {
                this.mKeyStoreManager.removeCert(dcCertAuthInfo2.getAlias());
                deleteCertFromDB(dcCertAuthInfo2.getThumbprint());
            }
        }
    }
}
