package com.centrify.directcontrol.knox.mcm;

import android.app.Service;
import android.content.Intent;
import android.os.IBinder;
import android.os.RemoteException;
import android.util.Log;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.CentrifyHttpException;
import com.centrify.android.CentrifySDKImpl;
import com.centrify.android.centrifypreference.CentrifyPreferenceUtils;
import com.centrify.android.keystore.KeyStoreManager;
import com.centrify.android.rest.RestServiceFactory;
import com.centrify.android.utils.DeviceUtils;
import com.centrify.android.utils.KeyStoreUtils;
import com.centrify.directcontrol.ADevice;
import com.centrify.directcontrol.CentrifyApplication;
import com.centrify.directcontrol.base.dagger2.BaseComponentHolder;
import com.centrify.directcontrol.utilities.IOUtils;
import com.centrify.mcm.aidl.IMCMAuthService;
import java.io.File;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.util.Arrays;

/* loaded from: classes.dex */
public class MCMAuthService extends Service {
    private static final String LOCAL_CERT_FILENAME = "userCertificate.key";
    private static final String TAG = "MCMAuthService";
    private final IMCMAuthService.Stub binder = new IMCMAuthService.Stub() { // from class: com.centrify.directcontrol.knox.mcm.MCMAuthService.1
        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public String getDeviceId() throws RemoteException {
            return DeviceUtils.getDeviceUDID(MCMAuthService.this);
        }

        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public String getDomainUrl() throws RemoteException {
            return ADevice.getInstance(MCMAuthService.this.getApplicationContext()).url;
        }

        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public long getSessionId() throws RemoteException {
            return CentrifyPreferenceUtils.getLong("MCM_ENROLLMENT_SESSION_ID", -1L);
        }

        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public byte[] getUserCert() throws RemoteException {
            LogUtil.info(MCMAuthService.TAG, "getUserCert called");
            CentrifyApplication appInstance = CentrifyApplication.getAppInstance();
            boolean isLocalStorageUsed = KeyStoreUtils.isLocalStorageUsed(appInstance);
            char[] secretInUse = KeyStoreUtils.getSecretInUse(appInstance);
            if (isLocalStorageUsed) {
                LogUtil.info(MCMAuthService.TAG, "Local keystore used, provide request cert");
                if (!Arrays.areEqual(secretInUse, KeyStoreManager.LOCAL_CERT_PASSWORD)) {
                    LogUtil.debug(MCMAuthService.TAG, "Generate cert with new password");
                    return KeyStoreUtils.generateCertWithNewPassword(appInstance, "userCertificate.key", secretInUse, KeyStoreManager.LOCAL_CERT_PASSWORD);
                }
                LogUtil.debug(MCMAuthService.TAG, "Use original certificate file");
                File fileStreamPath = MCMAuthService.this.getFileStreamPath("userCertificate.key");
                if (fileStreamPath.exists()) {
                    return IOUtils.readBytes(fileStreamPath);
                }
                return null;
            }
            LogUtil.info(MCMAuthService.TAG, "System keystore in use, request cloud for user cert");
            try {
                JSONObject clientUserCert = RestServiceFactory.createRestService(appInstance).getClientUserCert(BaseComponentHolder.getBaseComponent().getDeviceProfile().getDeviceUDID());
                boolean optBoolean = clientUserCert.optBoolean("Status", false);
                String optString = clientUserCert.optString("Data", "");
                if (!optBoolean || !StringUtils.isNotEmpty(optString)) {
                    return null;
                }
                LogUtil.debug(MCMAuthService.TAG, "Cert received from cloud.");
                return KeyStoreUtils.generateCertWithNewPassword(KeyStoreUtils.generateKeyStore(optString, CentrifySDKImpl.REST_API_CERT_PASSWORD), KeyStoreManager.LOCAL_CERT_PASSWORD);
            } catch (CentrifyHttpException e) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e);
                return null;
            } catch (IOException e2) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e2);
                return null;
            } catch (KeyStoreException e3) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e3);
                return null;
            } catch (NoSuchAlgorithmException e4) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e4);
                return null;
            } catch (NoSuchProviderException e5) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e5);
                return null;
            } catch (CertificateException e6) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e6);
                return null;
            } catch (JSONException e7) {
                LogUtil.error(MCMAuthService.TAG, "Unable to fetch User certs", e7);
                return null;
            }
        }

        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public String getUserName() throws RemoteException {
            return CentrifyPreferenceUtils.getString("LI_USERNAME", "");
        }

        @Override // com.centrify.mcm.aidl.IMCMAuthService
        public boolean isTrustAllCerts() throws RemoteException {
            return CentrifyPreferenceUtils.getBoolean("TRUSTALLCERTS", false);
        }
    };

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        Log.d(TAG, "onBind, action=" + intent.getAction());
        return this.binder;
    }
}
