package com.microsoft.omadm.platforms.afw.certmgr;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import com.microsoft.omadm.client.PolicyManagerReceiver;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.afw.policy.AfwPolicyManager;
import com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import com.microsoft.omadm.platforms.android.certmgr.CertStorePasswords;
import com.microsoft.omadm.platforms.android.certmgr.data.CertStateData;
import com.microsoft.omadm.platforms.android.certmgr.data.CertificateCleanupFilter;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificate;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.state.RootCertInstallStateMachine;
import com.microsoft.omadm.platforms.android.certmgr.state.ScepCertInstallStateMachine;
import com.microsoft.omadm.utils.CertUtils;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes3.dex */
public class AfwCertificateStoreManager extends AbstractCertificateStoreManager {
    private static final Logger LOGGER = Logger.getLogger(AfwCertificateStoreManager.class.getName());
    private ComponentName componentName;
    private DevicePolicyManager devicePolicyManager;

    @Inject
    CertStorePasswords passwords;

    @Inject
    AfwPolicyManager policyManager;

    public AfwCertificateStoreManager(CertStateData certStateData, RootCertInstallStateMachine rootCertInstallStateMachine, ScepCertInstallStateMachine scepCertInstallStateMachine, Context context, CertStorePasswords certStorePasswords, AfwPolicyManager afwPolicyManager) throws OMADMException {
        super(certStateData, rootCertInstallStateMachine, scepCertInstallStateMachine, context);
        this.passwords = certStorePasswords;
        this.policyManager = afwPolicyManager;
        this.devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        if (this.devicePolicyManager == null) {
            throw new OMADMException("Cannot get system service DevicePolicyManager. Unable to create AfwCertificateStoreManager.");
        }
        this.componentName = new ComponentName(context, (Class<?>) PolicyManagerReceiver.class);
        try {
            this.androidCAStore = KeyStore.getInstance("AndroidCAStore");
            this.androidCAStore.load(null, null);
        } catch (Exception e) {
            throw new OMADMException("Cannot read the android CA store, " + e.getMessage());
        }
    }

    private void tryRemoveUserCertificates(List<ScepCertificateState> list) {
        Iterator<ScepCertificateState> it = list.iterator();
        while (it.hasNext()) {
            tryRemoveUserCertificate(new ScepCertificate(it.next()));
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateStoreManager
    public void deleteMatchingCertificates(CertificateCleanupFilter certificateCleanupFilter, Long l) throws OMADMException {
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager
    protected String getExistingCertificateAlias(RootCertificateState rootCertificateState) throws OMADMException {
        return CertUtils.tryGetCAAliasFromCertificate(rootCertificateState);
    }

    public boolean installRootCert(RootCertificateState rootCertificateState) {
        try {
            if (!this.devicePolicyManager.installCaCert(this.componentName, rootCertificateState.certBlob)) {
                LOGGER.warning(MessageFormat.format("Install CA certificate (Thumbprint: {0}) returned unsuccessfully for certificate", rootCertificateState.thumbPrint));
                return false;
            }
            String existingCertificateAlias = getExistingCertificateAlias(rootCertificateState);
            if (StringUtils.isEmpty(existingCertificateAlias)) {
                LOGGER.warning(MessageFormat.format("Could not retrieve CA certificate alias for AFW-installed CA cert (Thumbprint: {0})", rootCertificateState.thumbPrint));
                return false;
            }
            rootCertificateState.alias = existingCertificateAlias;
            return true;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to install certificate with alias " + rootCertificateState.alias, (Throwable) e);
            return false;
        }
    }

    public boolean installUserCert(ScepCertificateState scepCertificateState, boolean z) {
        KeyStore loadKeyStore;
        try {
            loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, this.passwords.getStorePassword());
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to install certificate with request id " + scepCertificateState.requestId, (Throwable) e);
        }
        if (!loadKeyStore.containsAlias(scepCertificateState.alias)) {
            LOGGER.severe(MessageFormat.format("Unable to install certificate, as the certificate store does not contain certificate with alias {0} (RequestId: {1})", scepCertificateState.alias, scepCertificateState.requestId));
            return false;
        }
        Certificate certificate = loadKeyStore.getCertificate(scepCertificateState.alias);
        if (certificate == null) {
            LOGGER.severe(MessageFormat.format("Unable to install requested certificate, unable to load certificate from the certificate store (RequestId: {1})", scepCertificateState.requestId));
            return false;
        }
        PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(scepCertificateState.alias, this.passwords.getStorePassword());
        if (z ? this.devicePolicyManager.installKeyPair(this.componentName, privateKey, new Certificate[]{certificate}, scepCertificateState.alias, true) : this.devicePolicyManager.installKeyPair(this.componentName, privateKey, certificate, scepCertificateState.alias)) {
            return true;
        }
        Logger logger = LOGGER;
        Object[] objArr = new Object[2];
        objArr[0] = z ? " and request access" : "";
        objArr[1] = scepCertificateState.requestId;
        logger.warning(MessageFormat.format("installKeyPair{0} returned unsuccessfully (RequestId: {1})", objArr));
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public boolean loadRootCertificate(RootCertificateState rootCertificateState) {
        String str;
        if (rootCertificateState != null && !StringUtils.isEmpty(rootCertificateState.thumbPrint) && CertStatus.CERT_INSTALL_SUCCESS == rootCertificateState.status) {
            for (byte[] bArr : this.devicePolicyManager.getInstalledCaCerts(this.componentName)) {
                try {
                } catch (OMADMException unused) {
                    LOGGER.warning("Could not generate an X509Certificate from a blob returned by getInstalledCaCerts, skipping.");
                }
                if (rootCertificateState.thumbPrint.equals(CertUtils.getThumbPrint(CertUtils.generateX509Certificate(bArr)))) {
                    rootCertificateState.certBlob = bArr;
                    return true;
                }
                continue;
            }
            try {
                LOGGER.info(MessageFormat.format("Checking system store for certificate with thumbprint {0}.", rootCertificateState.thumbPrint));
                str = getExistingCertificateAlias(rootCertificateState);
            } catch (OMADMException e) {
                LOGGER.log(Level.WARNING, MessageFormat.format("Failed to check the system store for a certificate with thumbprint {0}.", rootCertificateState.thumbPrint), (Throwable) e);
                str = null;
            }
            if (StringUtils.isNotEmpty(str)) {
                LOGGER.info(MessageFormat.format("Found an existing cert in the system store for certificate with thumbprint {0}.", rootCertificateState.thumbPrint));
                return true;
            }
            LOGGER.info(MessageFormat.format("Unable to find certificate with thumbprint {0} on the device; removing reference from database.", rootCertificateState.thumbPrint));
            deleteCaCertFromDatabase(rootCertificateState);
        }
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveCACertificate(RootCertificateState rootCertificateState) {
        try {
            LOGGER.fine(MessageFormat.format("Removing CA certificate with alias ''{0}''", rootCertificateState.alias));
            if (loadRootCertificate(rootCertificateState)) {
                this.policyManager.uninstallCaCert(rootCertificateState.certBlob);
            }
        } catch (OMADMException e) {
            LOGGER.info(MessageFormat.format("Unable to remove CA certificate with alias ''{0}'': {1}", rootCertificateState.alias, e.getMessage()));
        } catch (Exception e2) {
            LOGGER.log(Level.WARNING, MessageFormat.format("Failed to remove CA certificate with alias ''{0}''", rootCertificateState.alias), (Throwable) e2);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveCACertificates() {
        try {
            Iterator<RootCertificateState> it = this.certStateData.getAllRootCertificates().iterator();
            while (it.hasNext()) {
                tryRemoveCACertificate(it.next());
            }
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Failed to remove ca certificates from device", (Throwable) e);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificate(ScepCertificate scepCertificate) {
        try {
            LOGGER.fine(MessageFormat.format("Removing user certificate with alias ''{0}''.", scepCertificate.alias));
            if (this.policyManager.removeUserCertificate(scepCertificate.alias)) {
                return;
            }
            LOGGER.warning(MessageFormat.format("Failed to remove user certificate with alias ''{0}''", scepCertificate.alias));
        } catch (OMADMException e) {
            LOGGER.info(MessageFormat.format("Unable to remove user certificate with alias ''{0}'': {1}", scepCertificate.alias, e.getMessage()));
        } catch (Exception e2) {
            LOGGER.log(Level.WARNING, MessageFormat.format("Failed to remove user certificate with alias cert ''{0}''", scepCertificate.alias), (Throwable) e2);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificates() {
        try {
            tryRemoveUserCertificates(this.certStateData.getAllUserCertificates());
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Failed to remove user certificates from device.", (Throwable) e);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.AbstractCertificateStoreManager, com.microsoft.omadm.platforms.ICertificateStoreManager
    public void tryRemoveUserCertificates(Long l) {
        try {
            tryRemoveUserCertificates(this.certStateData.getAllUserCertificates(l));
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, MessageFormat.format("Failed to remove user certificates from device, User: {0}", l), (Throwable) e);
        }
    }
}
