package com.avaya.android.flare.certs.model;

import com.avaya.android.flare.certs.model.CertificateUtil;
import com.avaya.android.flare.login.wizard.DownloadServiceUtil;
import com.avaya.android.flare.util.CryptoUtil;
import com.avaya.clientservices.credentials.Challenge;
import com.avaya.clientservices.credentials.CredentialCompletionHandler;
import com.avaya.clientservices.credentials.CredentialProvider;
import com.avaya.clientservices.credentials.UserCredential;
import com.avaya.clientservices.downloadservice.DownloadCompletionHandler;
import com.avaya.clientservices.downloadservice.DownloadService;
import com.avaya.clientservices.downloadservice.DownloadServiceConfiguration;
import com.avaya.clientservices.downloadservice.DownloadServiceError;
import com.avaya.clientservices.uccl.ApplicationCredentialProvider;
import com.avaya.clientservices.uccl.autoconfig.AutoConfigException;
import com.avaya.clientservices.uccl.autoconfig.CertificateRetriever;
import com.avaya.clientservices.uccl.autoconfig.RetrieveCertificateException;
import com.avaya.clientservices.uccl.autoconfig.RetrieveConfigurationResultCode;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Semaphore;

/* loaded from: classes.dex */
public class CertificateRetrieverImpl implements CertificateRetriever, CredentialCompletionHandler {
    private static final DownloadServiceConfigurationFactory DEFAULT_DOWNLOAD_SERVICE_CONFIGURATION_FACTORY = new DownloadServiceConfigurationFactory() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.1
        @Override // com.avaya.android.flare.certs.model.CertificateRetrieverImpl.DownloadServiceConfigurationFactory
        public DownloadServiceConfiguration createDownloadServiceConfiguration() {
            return new DownloadServiceConfiguration();
        }
    };
    private final ApplicationCredentialProvider applicationCredentialProvider;
    private final CredentialProvider autoConfigCredentialProvider;
    private final URL configURL;
    private final DownloadService downloadService;
    private byte[] downloadedCert;
    private String password;
    private RetrieveConfigurationResultCode result;
    private String userID;
    private final Logger log = LoggerFactory.getLogger((Class<?>) CertificateRetrieverImpl.class);
    private final CertificateFactory certificateFactory = CryptoUtil.getX509CertificateFactory();
    private final List<CertificateError> certificateErrors = new ArrayList();
    private final List<X509Certificate> trustedCACertificates = new ArrayList();
    private final Semaphore semaphore = new Semaphore(0);
    private int failureCount = 0;
    private DownloadServiceConfigurationFactory downloadServiceConfigurationFactory = DEFAULT_DOWNLOAD_SERVICE_CONFIGURATION_FACTORY;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.avaya.android.flare.certs.model.CertificateRetrieverImpl$4, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode = new int[RetrieveConfigurationResultCode.values().length];

        static {
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.CERT_INVALID.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.BAD_IDENTITY_CERTIFICATE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.SECURE_CONNECTION_ERROR.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.CLIENT_CERTIFICATE_REVOKED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.CLIENT_CERTIFICATE_EXPIRED.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.PARSE_FAILED.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.URL_UNREACHABLE.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.CANCELLED.ordinal()] = 8;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[RetrieveConfigurationResultCode.SERVER_ERROR.ordinal()] = 9;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class CertificateError {
        private final URL certUrl;
        private final String errorText;

        CertificateError(URL url, String str) {
            this.certUrl = url;
            this.errorText = str;
        }

        public URL getCertUrl() {
            return this.certUrl;
        }

        public String getErrorText() {
            return this.errorText;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public interface DownloadServiceConfigurationFactory {
        DownloadServiceConfiguration createDownloadServiceConfiguration();
    }

    public CertificateRetrieverImpl(URL url, ApplicationCredentialProvider applicationCredentialProvider, DownloadService downloadService, CredentialProvider credentialProvider) {
        this.configURL = url;
        this.applicationCredentialProvider = applicationCredentialProvider;
        this.downloadService = downloadService;
        this.autoConfigCredentialProvider = credentialProvider;
    }

    private URL createDownloadURL(String str) throws MalformedURLException {
        return new URL(this.configURL, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509Certificate extractCertificate(byte[] bArr, URL url) {
        try {
            return CertificateUtil.decodeX509Certificate(this.certificateFactory, bArr);
        } catch (CertificateException e) {
            this.log.error("Could not create certificate from {}", url, e);
            this.certificateErrors.add(new CertificateError(url, "There was a problem processing the certificate."));
            return null;
        }
    }

    private void extractCertificatesFromData(byte[] bArr, final URL url) {
        CertificateUtil.extractCertificatesFromByteArray(bArr, new CertificateUtil.CertificateAccumulator() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.3
            @Override // com.avaya.android.flare.certs.model.CertificateUtil.CertificateAccumulator
            public void onCertificateBytes(byte[] bArr2) {
                X509Certificate extractCertificate = CertificateRetrieverImpl.this.extractCertificate(bArr2, url);
                if (extractCertificate != null) {
                    CertificateRetrieverImpl.this.trustedCACertificates.add(extractCertificate);
                }
            }
        });
        if (this.trustedCACertificates.isEmpty()) {
            this.log.warn("No certificates found in {}", url);
            this.certificateErrors.add(new CertificateError(url, "There were no certificates found."));
        }
    }

    private byte[] getCertificateData(final URL url) throws AutoConfigException, CertificateException {
        DownloadServiceConfiguration createDownloadServiceConfiguration = this.downloadServiceConfigurationFactory.createDownloadServiceConfiguration();
        createDownloadServiceConfiguration.setCredentialProvider(this.autoConfigCredentialProvider);
        this.downloadedCert = null;
        this.downloadService.retrieveDataFromUrl(createDownloadServiceConfiguration, url, new DownloadCompletionHandler<byte[]>() { // from class: com.avaya.android.flare.certs.model.CertificateRetrieverImpl.2
            @Override // com.avaya.clientservices.downloadservice.DownloadCompletionHandler
            public void onError(DownloadServiceError downloadServiceError) {
                CertificateRetrieverImpl.this.log.warn("Failed to download CA certificate from <{}> due to error {}", url, downloadServiceError);
                CertificateRetrieverImpl.this.result = DownloadServiceUtil.getResultForError(downloadServiceError);
                CertificateRetrieverImpl.this.semaphore.release();
            }

            @Override // com.avaya.clientservices.downloadservice.DownloadCompletionHandler
            public void onSuccess(byte[] bArr) {
                CertificateRetrieverImpl.this.log.debug("Downloaded CA certificate from <{}>", url);
                CertificateRetrieverImpl.this.downloadedCert = bArr;
                CertificateRetrieverImpl.this.semaphore.release();
            }
        });
        try {
            this.semaphore.acquire();
        } catch (InterruptedException unused) {
            this.log.warn("Waiting for downloading cert with url {} interrupted", url);
        }
        if (this.downloadedCert == null) {
            if (this.result == RetrieveConfigurationResultCode.AUTH_FAILED) {
                this.downloadedCert = handleAuthenticationFailure(url);
            } else {
                this.log.warn("Downloaded certificate data is null, throwing an exception");
                this.trustedCACertificates.clear();
                raiseExceptionForDownloadError(this.result, url);
            }
        }
        this.log.warn("Returning downloaded certs");
        return this.downloadedCert;
    }

    private byte[] handleAuthenticationFailure(URL url) throws AutoConfigException, CertificateException {
        this.applicationCredentialProvider.onAuthenticationChallenge(ApplicationCredentialProvider.ChallengerType.CHALLENGER_AUTO_CONFIG, new Challenge("", "", "", true, false, false, false, this.failureCount, -1, Collections.emptyMap()), this);
        try {
            this.semaphore.acquire();
        } catch (InterruptedException unused) {
            this.log.warn("Waiting for authentication credentials interrupted");
        }
        if (hasCredentials()) {
            return getCertificateData(url);
        }
        throw new AutoConfigException("Certificate " + url + " required authentication");
    }

    private boolean hasCredentials() {
        return (this.userID == null || this.password == null) ? false : true;
    }

    private static void raiseExceptionForDownloadError(RetrieveConfigurationResultCode retrieveConfigurationResultCode, URL url) throws CertificateException, RetrieveCertificateException {
        int i = AnonymousClass4.$SwitchMap$com$avaya$clientservices$uccl$autoconfig$RetrieveConfigurationResultCode[retrieveConfigurationResultCode.ordinal()];
        if (i != 1 && i != 2 && i != 3 && i != 4 && i != 5) {
            throw new RetrieveCertificateException(RetrieveConfigurationResultCode.TRUSTED_CERTIFICATE_LOAD_FAILURE, url);
        }
        throw new CertificateException();
    }

    private void retrieveCertificate(URL url) throws CertificateException, AutoConfigException {
        extractCertificatesFromData(getCertificateData(url), url);
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    public byte[] downloadIdentityCertificateData(String str) throws MalformedURLException, CertificateException, AutoConfigException {
        URL createDownloadURL = createDownloadURL(str);
        this.log.debug("Downloading client identity cert from <{}>", createDownloadURL);
        return getCertificateData(createDownloadURL);
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    public List<X509Certificate> getTrustedCACertificates() {
        return Collections.unmodifiableList(this.trustedCACertificates);
    }

    @Override // com.avaya.clientservices.credentials.CredentialCompletionHandler
    public void onCredentialProvided(UserCredential userCredential) {
        this.userID = userCredential.getUsername();
        this.password = userCredential.getPassword();
        this.semaphore.release();
    }

    @Override // com.avaya.clientservices.credentials.CredentialCompletionHandler
    public void onCredentialRequestRefused() {
        this.failureCount++;
        this.semaphore.release();
    }

    @Override // com.avaya.clientservices.uccl.autoconfig.CertificateRetriever
    public void retrieveTrustedCACertificates(Collection<String> collection) throws AutoConfigException, CertificateException, MalformedURLException {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            retrieveCertificate(createDownloadURL(it.next()));
        }
        if (!this.certificateErrors.isEmpty()) {
            throw new AutoConfigException("Errors creating trust store");
        }
    }

    void setDownloadServiceConfigurationFactory(DownloadServiceConfigurationFactory downloadServiceConfigurationFactory) {
        this.downloadServiceConfigurationFactory = downloadServiceConfigurationFactory;
    }
}
