package com.centrify.directcontrol.afw.certs;

import android.annotation.TargetApi;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.utils.IOUtils;
import com.centrify.android.utils.KeyStoreUtils;
import com.centrify.directcontrol.ADevice;
import com.centrify.directcontrol.CentrifyApplication;
import com.centrify.directcontrol.Crypto;
import com.centrify.directcontrol.DAReceiver;
import com.centrify.directcontrol.afw.AfwManager;
import com.centrify.directcontrol.db.DBAdapter;
import com.centrify.directcontrol.db.DBConstants;
import com.centrify.directcontrol.policy.AbstractPolicyController;
import com.centrify.directcontrol.utilities.AppUtils;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public abstract class AfwCertPolicyController extends AbstractPolicyController {
    private static final String TAG = "AfwCertPolicyController";
    protected static boolean mDoesPolicyExist;
    protected static int mNonCompliantPolicyNumber;
    protected DevicePolicyManager mDPM = (DevicePolicyManager) CentrifyApplication.getAppInstance().getSystemService("device_policy");
    protected ComponentName mDeviceAdmin = DAReceiver.getComponentName(CentrifyApplication.getAppInstance());
    protected ADevice mDevice = ADevice.getInstance(CentrifyApplication.getAppInstance());

    protected long addNewDBCert(AfwCert afwCert) {
        long insert = DBAdapter.getDBInstance().insert(DBConstants.TABLE_AFW_CERT_PROFILE, afwCert.toContentValues());
        LogUtil.debug(TAG, "Cert: " + afwCert.certName + " added rowID: " + insert);
        return insert;
    }

    @Override // com.centrify.directcontrol.policy.AbstractPolicyController
    public void checkPolicyCompliance() {
        mDoesPolicyExist = false;
        mNonCompliantPolicyNumber = 0;
        List<AfwCert> afwCert = DBAdapter.getDBInstance().getAfwCert(null, null);
        if (afwCert == null || afwCert.size() <= 0) {
            return;
        }
        mDoesPolicyExist = true;
        Iterator<AfwCert> it = afwCert.iterator();
        while (it.hasNext()) {
            if (it.next().policyStatus != AfwManager.PolicyState.APPLIED) {
                mNonCompliantPolicyNumber++;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int deleteDBCert(AfwCert afwCert) {
        int delete = DBAdapter.getDBInstance().delete(DBConstants.TABLE_AFW_CERT_PROFILE, "certname=?", new String[]{afwCert.certName});
        LogUtil.debug(TAG, "Cert: " + afwCert.certName + " deleted: " + delete);
        return delete;
    }

    @Override // com.centrify.directcontrol.policy.AbstractPolicyController
    public boolean doesPolicyExist() {
        return mDoesPolicyExist;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<AfwCert> getDBCert(String str) {
        return DBAdapter.getDBInstance().getAfwCert(str == null ? null : "certname=?", str != null ? new String[]{str} : null);
    }

    @Override // com.centrify.directcontrol.policy.AbstractPolicyController
    public int getNonCompliantPolicyNumber() {
        return mNonCompliantPolicyNumber;
    }

    public AfwCert getZsoCert() {
        List<AfwCert> afwCert = DBAdapter.getDBInstance().getAfwCert("iszsocert=?", new String[]{"1"});
        if (afwCert == null || afwCert.size() < 1) {
            return null;
        }
        return afwCert.get(0);
    }

    @TargetApi(21)
    protected AfwCert installCert(AfwCert afwCert) {
        boolean installCaCert;
        if (afwCert.isCaCert) {
            byte[] decode = Base64.decode(afwCert.certContent);
            if (this.mDPM.hasCaCertInstalled(this.mDeviceAdmin, decode)) {
                installCaCert = true;
                LogUtil.info(TAG, "CA certName " + afwCert.certName + " already installed");
            } else {
                installCaCert = this.mDPM.installCaCert(this.mDeviceAdmin, decode);
                LogUtil.info(TAG, "CA certName: " + afwCert.certName + " result: " + installCaCert);
            }
            afwCert.policyStatus = installCaCert ? AfwManager.PolicyState.APPLIED : AfwManager.PolicyState.ERROR;
        } else if (AppUtils.isDeviceScreenLockSet()) {
            boolean installPrivateKey = installPrivateKey(afwCert);
            LogUtil.info(TAG, "Private key cert " + afwCert.certName + " installation result:" + installPrivateKey);
            afwCert.policyStatus = installPrivateKey ? AfwManager.PolicyState.APPLIED : AfwManager.PolicyState.ERROR;
        } else {
            afwCert.policyStatus = AfwManager.PolicyState.PENDING;
        }
        return afwCert;
    }

    @TargetApi(21)
    protected boolean installPrivateKey(AfwCert afwCert) {
        boolean z = false;
        try {
            KeyStore generateKeyStore = KeyStoreUtils.generateKeyStore(afwCert.certContent, afwCert.userCertPassword.toCharArray());
            X509Certificate certificateFromPkcs12 = Crypto.certificateFromPkcs12(generateKeyStore);
            z = this.mDPM.installKeyPair(this.mDeviceAdmin, (PrivateKey) Crypto.privateKeyFromPkcs12(generateKeyStore), certificateFromPkcs12, afwCert.certAlias);
        } catch (NoSuchProviderException e) {
            LogUtil.error(TAG, "Unable to load private key NoSuchProviderException:", e);
        } catch (CertificateException e2) {
            LogUtil.error(TAG, "Unable to load private key CertificateException:", e2);
        } catch (NoSuchAlgorithmException e3) {
            LogUtil.error(TAG, "Unable to load private key NoSuchAlgorithmException:", e3);
        } catch (UnrecoverableKeyException e4) {
            LogUtil.error(TAG, "Unable to load private key UnrecoverableKeyException:", e4);
        } catch (IOException e5) {
            LogUtil.error(TAG, "Unable to load private key IOException:", e5);
        } catch (KeyStoreException e6) {
            LogUtil.error(TAG, "Unable to load private key KeyStoreException:", e6);
        } finally {
            IOUtils.closeSilently(null);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void reApplyPendingCertPolicy() {
        LogUtil.debug(TAG, "reApplyPendingCertPolicy-begin");
        List<AfwCert> dBCert = getDBCert(null);
        if (dBCert == null || dBCert.size() <= 0) {
            return;
        }
        for (AfwCert afwCert : dBCert) {
            if (afwCert.policyStatus != AfwManager.PolicyState.APPLIED) {
                updateDBCert(installCert(afwCert));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x003b, code lost:
    
        r2.certAlias = r0;
        com.centrify.agent.samsung.utils.LogUtil.info(com.centrify.directcontrol.afw.certs.AfwCertPolicyController.TAG, "Alias is empty, we use the alias from cert content: " + r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.centrify.directcontrol.afw.certs.AfwCert saveCert(com.dd.plist.NSDictionary r11, java.lang.Boolean r12) {
        /*
            r10 = this;
            com.centrify.directcontrol.afw.certs.AfwCert r2 = new com.centrify.directcontrol.afw.certs.AfwCert
            r2.<init>(r11)
            if (r12 == 0) goto Ld
            boolean r7 = r12.booleanValue()
            r2.isCaCert = r7
        Ld:
            boolean r7 = r2.isCaCert
            if (r7 != 0) goto L57
            java.lang.String r7 = r2.certAlias
            boolean r7 = android.text.TextUtils.isEmpty(r7)
            if (r7 == 0) goto L57
            java.lang.String r7 = r2.certContent     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.String r8 = r2.userCertPassword     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            char[] r8 = r8.toCharArray()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.security.KeyStore r4 = com.centrify.android.utils.KeyStoreUtils.generateKeyStore(r7, r8)     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.util.Enumeration r1 = r4.aliases()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
        L29:
            boolean r7 = r1.hasMoreElements()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            if (r7 == 0) goto L57
            java.lang.Object r0 = r1.nextElement()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            boolean r7 = r4.isKeyEntry(r0)     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            if (r7 == 0) goto L29
            r2.certAlias = r0     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.String r7 = "AfwCertPolicyController"
            java.lang.StringBuilder r8 = new java.lang.StringBuilder     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            r8.<init>()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.String r9 = "Alias is empty, we use the alias from cert content: "
            java.lang.StringBuilder r8 = r8.append(r9)     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.StringBuilder r8 = r8.append(r0)     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            java.lang.String r8 = r8.toString()     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
            com.centrify.agent.samsung.utils.LogUtil.info(r7, r8)     // Catch: java.security.KeyStoreException -> L6d java.security.NoSuchProviderException -> L75 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L85 java.io.IOException -> L8d
        L57:
            java.lang.String r7 = r2.certName
            java.util.List r6 = r10.getDBCert(r7)
            if (r6 == 0) goto L65
            int r7 = r6.size()
            if (r7 != 0) goto L95
        L65:
            com.centrify.directcontrol.afw.certs.AfwCert r7 = r10.installCert(r2)
            r10.addNewDBCert(r7)
        L6c:
            return r2
        L6d:
            r3 = move-exception
            java.lang.String r7 = "AfwCertPolicyController"
            com.centrify.agent.samsung.utils.LogUtil.error(r7, r3)
            goto L57
        L75:
            r3 = move-exception
            java.lang.String r7 = "AfwCertPolicyController"
            com.centrify.agent.samsung.utils.LogUtil.error(r7, r3)
            goto L57
        L7d:
            r3 = move-exception
            java.lang.String r7 = "AfwCertPolicyController"
            com.centrify.agent.samsung.utils.LogUtil.error(r7, r3)
            goto L57
        L85:
            r3 = move-exception
            java.lang.String r7 = "AfwCertPolicyController"
            com.centrify.agent.samsung.utils.LogUtil.error(r7, r3)
            goto L57
        L8d:
            r3 = move-exception
            java.lang.String r7 = "AfwCertPolicyController"
            com.centrify.agent.samsung.utils.LogUtil.error(r7, r3)
            goto L57
        L95:
            r7 = 0
            java.lang.Object r5 = r6.get(r7)
            com.centrify.directcontrol.afw.certs.AfwCert r5 = (com.centrify.directcontrol.afw.certs.AfwCert) r5
            boolean r7 = r5.equals(r2)
            if (r7 != 0) goto Lb1
            com.centrify.directcontrol.afw.certs.AfwCert r7 = r10.uninstallCert(r5)
            r10.deleteDBCert(r7)
            com.centrify.directcontrol.afw.certs.AfwCert r7 = r10.installCert(r2)
            r10.addNewDBCert(r7)
            goto L6c
        Lb1:
            boolean r7 = r2.isCaCert
            if (r7 == 0) goto L6c
            com.centrify.directcontrol.afw.certs.AfwCert r7 = r10.installCert(r2)
            r10.updateDBCert(r7)
            goto L6c
        */
        throw new UnsupportedOperationException("Method not decompiled: com.centrify.directcontrol.afw.certs.AfwCertPolicyController.saveCert(com.dd.plist.NSDictionary, java.lang.Boolean):com.centrify.directcontrol.afw.certs.AfwCert");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @TargetApi(21)
    public AfwCert uninstallCert(AfwCert afwCert) {
        if (afwCert.isCaCert) {
            byte[] decode = Base64.decode(afwCert.certContent);
            LogUtil.info(TAG, "CA cert uninstall performed:" + afwCert.certName);
            this.mDPM.uninstallCaCert(this.mDeviceAdmin, decode);
        } else {
            LogUtil.info(TAG, "No api to remove key pair from key chain" + afwCert.certName);
        }
        return afwCert;
    }

    protected long updateDBCert(AfwCert afwCert) {
        long update = DBAdapter.getDBInstance().update(DBConstants.TABLE_AFW_CERT_PROFILE, afwCert.toContentValues(), "certname=?", new String[]{afwCert.certName});
        LogUtil.debug(TAG, "Cert: " + afwCert.certName + " updated: " + update);
        return update;
    }
}
