package com.avaya.android.flare.certs.model;

import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import com.avaya.android.flare.certs.model.CertificateUtil;
import com.avaya.android.flare.credentials.provider.AutoConfigCredentialProvider;
import com.avaya.android.flare.login.wizard.DownloadServiceUtil;
import com.avaya.clientservices.credentials.Challenge;
import com.avaya.clientservices.credentials.CredentialCompletionHandler;
import com.avaya.clientservices.credentials.UserCredential;
import com.avaya.clientservices.downloadservice.DownloadCompletionHandler;
import com.avaya.clientservices.downloadservice.DownloadService;
import com.avaya.clientservices.downloadservice.DownloadServiceConfiguration;
import com.avaya.clientservices.downloadservice.DownloadServiceError;
import com.avaya.clientservices.uccl.ApplicationCredentialProvider;
import com.avaya.clientservices.uccl.autoconfig.AutoConfigException;
import com.avaya.clientservices.uccl.autoconfig.CertificateRetriever;
import com.avaya.clientservices.uccl.autoconfig.RetrieveConfigurationResult;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Semaphore;

/* loaded from: classes2.dex */
public class CertificateRetrieverImpl implements CertificateRetriever, CredentialCompletionHandler {
    private static final DownloadServiceConfigurationFactory DEFAULT_DOWNLOAD_SERVICE_CONFIGURATION_FACTORY = new DownloadServiceConfigurationFactory() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.1
        @Override // com.avaya.android.flare.certs.model.CertificateRetrieverImpl.DownloadServiceConfigurationFactory
        @NonNull
        public DownloadServiceConfiguration createDownloadServiceConfiguration() {
            return new DownloadServiceConfiguration();
        }
    };
    private final ApplicationCredentialProvider applicationCredentialProvider;
    private final AutoConfigCredentialProvider autoConfigCredentialProvider;
    private final CertificateFactory certificateFactory;

    @Nullable
    private final URL configURL;
    private final DownloadService downloadService;
    private byte[] downloadedCert;
    private String password;
    private RetrieveConfigurationResult result;
    private String userID;
    private final Logger log = LoggerFactory.getLogger((Class<?>) CertificateRetrieverImpl.class);
    private final List<CertificateError> certificateErrors = new ArrayList();
    private final List<X509Certificate> trustedCACertificates = new ArrayList();
    private final Semaphore semaphore = new Semaphore(0);
    private int failureCount = 0;

    @NonNull
    private DownloadServiceConfigurationFactory downloadServiceConfigurationFactory = DEFAULT_DOWNLOAD_SERVICE_CONFIGURATION_FACTORY;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class CertificateError {
        private final URL certUrl;
        private final String errorText;

        CertificateError(@NonNull URL url, @NonNull String str) {
            this.certUrl = url;
            this.errorText = str;
        }

        @NonNull
        public URL getCertUrl() {
            return this.certUrl;
        }

        @NonNull
        public String getErrorText() {
            return this.errorText;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: classes2.dex */
    public interface DownloadServiceConfigurationFactory {
        @NonNull
        DownloadServiceConfiguration createDownloadServiceConfiguration();
    }

    public CertificateRetrieverImpl(@Nullable URL url, @NonNull ApplicationCredentialProvider applicationCredentialProvider, @NonNull DownloadService downloadService, @NonNull AutoConfigCredentialProvider autoConfigCredentialProvider) {
        this.configURL = url;
        this.applicationCredentialProvider = applicationCredentialProvider;
        this.downloadService = downloadService;
        this.autoConfigCredentialProvider = autoConfigCredentialProvider;
        try {
            this.certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            this.log.error("Failed to instantiate X.509 certificate factory", (Throwable) e);
            throw new AssertionError(e);
        }
    }

    @NonNull
    private URL createDownloadURL(@NonNull String str) throws MalformedURLException {
        return new URL(this.configURL, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public X509Certificate extractCertificate(@NonNull byte[] bArr, @NonNull URL url) {
        try {
            return CertificateUtil.decodeX509Certificate(this.certificateFactory, bArr);
        } catch (CertificateException e) {
            this.log.error("Could not create certificate from {}", url, e);
            this.certificateErrors.add(new CertificateError(url, "There was a problem processing the certificate."));
            return null;
        }
    }

    private void extractCertificatesFromData(@NonNull byte[] bArr, @NonNull final URL url) {
        CertificateUtil.extractCertificatesFromByteArray(bArr, new CertificateUtil.CertificateAccumulator() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.3
            @Override // com.avaya.android.flare.certs.model.CertificateUtil.CertificateAccumulator
            public void onCertificateBytes(@NonNull byte[] bArr2) {
                X509Certificate extractCertificate = CertificateRetrieverImpl.this.extractCertificate(bArr2, url);
                if (extractCertificate != null) {
                    CertificateRetrieverImpl.this.trustedCACertificates.add(extractCertificate);
                }
            }
        });
        if (this.trustedCACertificates.isEmpty()) {
            this.log.warn("No certificates found in {}", url);
            this.certificateErrors.add(new CertificateError(url, "There were no certificates found."));
        }
    }

    private byte[] getCertificateData(@NonNull final URL url) throws AutoConfigException, CertificateException {
        DownloadServiceConfiguration createDownloadServiceConfiguration = this.downloadServiceConfigurationFactory.createDownloadServiceConfiguration();
        createDownloadServiceConfiguration.setCredentialProvider(this.autoConfigCredentialProvider);
        this.downloadService.retrieveDataFromUrl(createDownloadServiceConfiguration, url, new DownloadCompletionHandler<byte[]>() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.2
            @Override // com.avaya.clientservices.downloadservice.DownloadCompletionHandler
            public void onError(DownloadServiceError downloadServiceError) {
                CertificateRetrieverImpl.this.log.warn("Cert with url {} download failed with error : {}", url, downloadServiceError);
                CertificateRetrieverImpl.this.result = DownloadServiceUtil.getResultForError(downloadServiceError);
                CertificateRetrieverImpl.this.semaphore.release();
            }

            @Override // com.avaya.clientservices.downloadservice.DownloadCompletionHandler
            public void onSuccess(byte[] bArr) {
                CertificateRetrieverImpl.this.log.debug("Cert with url {} downloaded successfully", url);
                CertificateRetrieverImpl.this.downloadedCert = bArr;
                CertificateRetrieverImpl.this.semaphore.release();
            }
        });
        try {
            this.semaphore.acquire();
        } catch (InterruptedException e) {
            this.log.warn("Waiting for downloading cert with url {} interrupted", url);
        }
        if (this.downloadedCert == null) {
            if (this.result == RetrieveConfigurationResult.AUTH_FAILED) {
                this.downloadedCert = handleAuthenticationFailure(url);
            } else {
                this.log.warn("Downloaded certificate data is null, throwing an exception");
                handleDownloadError(this.result);
            }
        }
        this.log.warn("Returning downloaded certs");
        return this.downloadedCert;
    }

    private byte[] handleAuthenticationFailure(@NonNull URL url) throws AutoConfigException, CertificateException {
        this.applicationCredentialProvider.onAuthenticationChallenge(ApplicationCredentialProvider.ChallengerType.CHALLENGER_AUTO_CONFIG, new Challenge("", "", false, false, this.failureCount, -1), this);
        try {
            this.semaphore.acquire();
        } catch (InterruptedException e) {
            this.log.warn("Waiting for authentication credentials interrupted");
        }
        if (hasCredentials()) {
            return getCertificateData(url);
        }
        throw new AutoConfigException("Certificate " + url + " required authentication");
    }

    private void handleDownloadError(RetrieveConfigurationResult retrieveConfigurationResult) throws AutoConfigException, CertificateException {
        switch (retrieveConfigurationResult) {
            case CERT_INVALID:
            case BAD_IDENTITY_CERTIFICATE:
            case SECURE_CONNECTION_ERROR:
            case CLIENT_CERTIFICATE_REVOKED:
            case CLIENT_CERTIFICATE_EXPIRED:
                throw new CertificateException();
            default:
                throw new AutoConfigException("Received status code " + this.result + " while downloading certificate");
        }
    }

    private boolean hasCredentials() {
        return (this.userID == null || this.password == null) ? false : true;
    }

    private void retrieveCertificate(@NonNull URL url) throws CertificateException, AutoConfigException {
        extractCertificatesFromData(getCertificateData(url), url);
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    @NonNull
    public byte[] downloadIdentityCertificateData(@NonNull String str) throws MalformedURLException, CertificateException, AutoConfigException {
        URL createDownloadURL = createDownloadURL(str);
        this.log.debug("Downloading client identity cert from <{}>", createDownloadURL);
        return getCertificateData(createDownloadURL);
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    @NonNull
    public List<X509Certificate> getTrustedCACertificates() {
        return Collections.unmodifiableList(this.trustedCACertificates);
    }

    @Override // com.avaya.clientservices.credentials.CredentialCompletionHandler
    public void onCredentialProvided(@NonNull UserCredential userCredential) {
        this.userID = userCredential.getUsername();
        this.password = userCredential.getPassword();
        this.semaphore.release();
    }

    @Override // com.avaya.clientservices.credentials.CredentialCompletionHandler
    public void onCredentialRequestRefused() {
        this.failureCount++;
        this.semaphore.release();
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    public void retrieveTrustedCACertificates(@NonNull Collection<String> collection) throws AutoConfigException, CertificateException, MalformedURLException {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            retrieveCertificate(createDownloadURL(it.next()));
        }
        if (!this.certificateErrors.isEmpty()) {
            throw new AutoConfigException("Errors creating trust store");
        }
    }

    @VisibleForTesting
    void setDownloadServiceConfigurationFactory(@NonNull DownloadServiceConfigurationFactory downloadServiceConfigurationFactory) {
        this.downloadServiceConfigurationFactory = downloadServiceConfigurationFactory;
    }
}
