package com.centrify.agent.samsung.knox.certificate;

import android.support.annotation.NonNull;
import android.util.Base64;
import com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager;
import com.centrify.agent.samsung.knox.KnoxNotificationUtils;
import com.centrify.agent.samsung.knox.KnoxProviderUtils;
import com.centrify.agent.samsung.knox.agent.Knox3Manager;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.centrifypreference.CentrifyPreferenceUtils;
import com.centrify.android.centrifypreference.KeyConstants;
import com.samsung.android.knox.keystore.CertificateInfo;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import java.util.List;

/* loaded from: classes.dex */
public class Knox3CertificatePolicyManager extends AbstractKnoxPolicyManager<Knox3Manager> {
    public Knox3CertificatePolicyManager(@NonNull Knox3Manager knox3Manager) {
        super(knox3Manager);
    }

    private boolean installCertificate(CertificateProvisioning certificateProvisioning, List<KnoxCert> list) {
        boolean z = false;
        for (KnoxCert knoxCert : list) {
            if (knoxCert == null || knoxCert.getStatus() != 3) {
                LogUtil.warning(this.TAG, "the container cert object is null or the status is not APPLY_FAILED. Skip cert install");
            } else {
                z = certificateProvisioning.installCertificateToKeystore(knoxCert.getType(), Base64.decode(knoxCert.getValue(), 0), knoxCert.getAlias(), knoxCert.getPassword(), knoxCert.getKeystore());
                knoxCert.setStatus(z ? 2 : 3);
                LogUtil.debug(this.TAG, "Install the cert result: " + z + " update db in row: " + KnoxProviderUtils.updateKnoxCerts(knoxCert));
            }
        }
        return z;
    }

    private boolean isCredentialStorageReady(CertificateProvisioning certificateProvisioning) {
        boolean z = false;
        try {
            int credentialStorageStatus = certificateProvisioning.getCredentialStorageStatus();
            LogUtil.debug(this.TAG, "getCredentialStorageStatus " + credentialStorageStatus);
            z = credentialStorageStatus == 1;
            CentrifyPreferenceUtils.putInt(KeyConstants.PREF_CONTAINER_CREDENTIAL_STORAGE_STATUS, credentialStorageStatus);
        } catch (SecurityException e) {
            LogUtil.error(this.TAG, "getCredentialStorageStatus: ", e);
        }
        LogUtil.info(this.TAG, "isCredentialStorageReady: " + z);
        return z;
    }

    private void removeCert(CertificateProvisioning certificateProvisioning, List<KnoxCert> list) {
        for (KnoxCert knoxCert : list) {
            if (knoxCert == null || knoxCert.getStatus() != 1) {
                LogUtil.warning(this.TAG, "the container cert object is null or the status is not PENDING_DELETE. Skip cert removal");
            } else {
                boolean z = false;
                try {
                    CertificateInfo ToCertInfo = knoxCert.ToCertInfo();
                    if (ToCertInfo != null) {
                        LogUtil.debug(this.TAG, "delete cert: " + knoxCert.getName());
                        z = certificateProvisioning.deleteCertificateFromKeystore(ToCertInfo, knoxCert.getKeystore());
                    }
                    LogUtil.debug(this.TAG, "delete cert success: " + z + " Updated row: " + KnoxProviderUtils.deleteKnoxCerts(knoxCert));
                } catch (SecurityException e) {
                    LogUtil.error(this.TAG, "Failed to uninstall " + knoxCert, e);
                }
            }
        }
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public synchronized void applyPolicy() {
        List<KnoxCert> certificates = ((KnoxCertificatePolicies) getPolicy()).getCertificates();
        CertificateProvisioning securityPolicy = getSecurityPolicy();
        boolean z = false;
        if (isCredentialStorageReady(securityPolicy)) {
            removeCert(securityPolicy, certificates);
            z = false & installCertificate(securityPolicy, certificates);
        } else {
            LogUtil.warning(this.TAG, "the credential storage is not ready");
        }
        getPolicy().setPolicyApplied(true);
        KnoxNotificationUtils.notify("knox_container_certificate", z);
    }

    public CertificateProvisioning getSecurityPolicy() {
        return getKnoxManger().getKnoxContainerManager().getCertificateProvisioning();
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public void loadPolicy() {
        KnoxCertificatePolicies knoxCertificatePolicies = new KnoxCertificatePolicies();
        knoxCertificatePolicies.setCertificates(KnoxProviderUtils.getKnoxCerts(1));
        setPolicy(knoxCertificatePolicies);
    }
}
