package com.avaya.android.flare.certs.model;

import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.text.TextUtils;
import com.avaya.android.flare.credentials.cache.ScepCredentialsCache;
import com.avaya.android.flare.csdk.CertificateManager;
import com.avaya.android.flare.injection.ApplicationContext;
import com.avaya.android.flare.injection.DefaultSharedPreferences;
import com.avaya.android.flare.login.manager.LoginManager;
import com.avaya.android.flare.settings.PreferenceKeys;
import com.avaya.clientservices.common.ScepConfiguration;
import com.avaya.clientservices.provider.certificate.CertificateEnrollmentCompletionHandler;
import com.avaya.clientservices.provider.certificate.CertificateEnrollmentException;
import com.avaya.clientservices.provider.certificate.CertificateEnrollmentResult;
import com.avaya.clientservices.provider.certificate.CertificateStoreException;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes.dex */
public class IdentityCertificateManagerImpl implements IdentityCertificateManager {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String NO_SCEP_URL_MESSAGE = "Missing SCEP server URL for enrollment";

    @Inject
    protected CertificateManager certificateManager;

    @Inject
    @ApplicationContext
    protected Context context;

    @Inject
    protected ScepCredentialsCache credentialsCache;

    @Inject
    protected LoginManager loginManager;

    @DefaultSharedPreferences
    @Inject
    protected SharedPreferences preferences;

    @Inject
    protected ScepConfigurationFactory scepConfigurationFactory;
    private ScepEnrollmentCompletionHandler scepEnrollmentCompletionHandler;
    private static final ScepEnrollmentCompletionHandler NULL_SCEP_ENROLLMENT_COMPLETION_HANDLER = new ScepEnrollmentCompletionHandler() { // from class: com.avaya.android.flare.certs.model.IdentityCertificateManagerImpl.1
        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentFailure(CertificateEnrollmentResult certificateEnrollmentResult) {
        }

        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentPasswordFailure() {
        }

        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentSuccess() {
        }
    };
    private static final String[] IDENTITY_CERTIFICATE_KEY_TYPES = {"RSA"};
    private final Logger log = LoggerFactory.getLogger((Class<?>) IdentityCertificateManagerImpl.class);
    private final Set<IdentityCertificateChangeListener> listeners = new CopyOnWriteArraySet();
    final KeyChainAliasCallback keyChainAliasCallback = new KeyChainAliasCallback() { // from class: com.avaya.android.flare.certs.model.IdentityCertificateManagerImpl.2
        @Override // android.security.KeyChainAliasCallback
        public void alias(String str) {
            IdentityCertificateManagerImpl.this.onChoosePrivateKeyAliasResult(str);
        }
    };
    boolean skipThreading = false;

    /* loaded from: classes.dex */
    public static class DefaultScepConfigurationFactory implements ScepConfigurationFactory {
        @Inject
        public DefaultScepConfigurationFactory() {
        }

        @Override // com.avaya.android.flare.certs.model.IdentityCertificateManagerImpl.ScepConfigurationFactory
        public ScepConfiguration createScepConfiguration(SharedPreferences sharedPreferences, String str) {
            ScepConfiguration scepConfiguration = new ScepConfiguration();
            ScepConfigUtil.populateScepConfiguration(scepConfiguration, sharedPreferences, str);
            return scepConfiguration;
        }
    }

    /* loaded from: classes.dex */
    public interface ScepConfigurationFactory {
        ScepConfiguration createScepConfiguration(SharedPreferences sharedPreferences, String str);
    }

    @Inject
    public IdentityCertificateManagerImpl() {
    }

    private void clearCachedIdentityCertificateState() {
        this.preferences.edit().remove(PreferenceKeys.KEY_SCEP_PREVIOUS_CONFIG).remove(PreferenceKeys.KEY_LAST_PKCS12URL_DATA).remove(PreferenceKeys.KEY_SCEP_CERTIFICATE_INSTALLED).apply();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void importIdentityCertificateFromPlatform(String str) {
        this.log.debug("Importing identity certificate \"{}\" from platform", str);
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(this.context, str);
            if (certificateChain == null) {
                this.log.warn("Unable to get certificate chain for alias \"{}\" from platform", str);
                return;
            }
            PrivateKey privateKey = KeyChain.getPrivateKey(this.context, str);
            if (privateKey == null) {
                this.log.warn("Unable to get private key for alias \"{}\" from platform", str);
            } else {
                installIdentityCertificate(certificateChain, privateKey);
            }
        } catch (KeyChainException e) {
            e = e;
            this.log.warn("Failed to get data from platform for user-selected identity certificate: {}", e.getMessage());
        } catch (InterruptedException e2) {
            e = e2;
            this.log.warn("Failed to get data from platform for user-selected identity certificate: {}", e.getMessage());
        } catch (InvalidKeyException e3) {
            e = e3;
            this.log.warn("Failed to import identity certificate from platform: {}", e.getMessage());
        } catch (CertificateEncodingException e4) {
            e = e4;
            this.log.warn("Failed to import identity certificate from platform: {}", e.getMessage());
        }
    }

    private void notifyListenersIdentityCertificateInstalled() {
        Iterator<IdentityCertificateChangeListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onIdentityCertificateInstalled();
        }
    }

    private void notifyListenersIdentityCertificateUninstalled() {
        Iterator<IdentityCertificateChangeListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onIdentityCertificateUninstalled();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onChoosePrivateKeyAliasResult(String str) {
        if (TextUtils.isEmpty(str)) {
            this.log.debug("User failed to pick an identity certificate from platform");
        } else {
            installIdentityCertificateFromPlatform(str);
        }
    }

    private void recordScepCertificateInstalled() {
        this.preferences.edit().putBoolean(PreferenceKeys.KEY_SCEP_CERTIFICATE_INSTALLED, true).commit();
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void addIdentityCertificateChangeListener(IdentityCertificateChangeListener identityCertificateChangeListener) {
        this.listeners.add(identityCertificateChangeListener);
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void deleteCertificateStore() {
        this.log.info("Removing the certificate store");
        try {
            this.certificateManager.deleteCertificateStore();
        } catch (CertificateStoreException e) {
            this.log.error("Error removing the certificate store: ", (Throwable) e);
        }
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public X509Certificate getClientIdentityCertificate() {
        return this.certificateManager.getClientIdentityCertificate();
    }

    ScepEnrollmentCompletionHandler getScepEnrollmentCompletionHandler() {
        return this.scepEnrollmentCompletionHandler;
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void installIdentityCertificate(X509Certificate[] x509CertificateArr, PrivateKey privateKey) throws CertificateEncodingException, InvalidKeyException {
        this.certificateManager.setClientIdentityCertificateChain(x509CertificateArr, privateKey);
        IdentityCertificateStateUtil.clearFlagForMissingCertificatePassword(this.preferences);
        notifyListenersIdentityCertificateInstalled();
        this.loginManager.refreshAllLogins();
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void installIdentityCertificateFromPlatform(final String str) {
        if (this.skipThreading) {
            importIdentityCertificateFromPlatform(str);
        } else {
            new Thread(new Runnable() { // from class: com.avaya.android.flare.certs.model.IdentityCertificateManagerImpl.4
                @Override // java.lang.Runnable
                public void run() {
                    IdentityCertificateManagerImpl.this.importIdentityCertificateFromPlatform(str);
                }
            }, "Platform IC Import").start();
        }
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public boolean isScepCertificateInstalled() {
        return this.preferences.getBoolean(PreferenceKeys.KEY_SCEP_CERTIFICATE_INSTALLED, false);
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public boolean isScepConfigured() {
        return ScepConfigUtil.isScepConfigured(this.preferences);
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void launchPlatformIdentityCertificatePicker(Activity activity) {
        KeyChain.choosePrivateKeyAlias(activity, this.keyChainAliasCallback, IDENTITY_CERTIFICATE_KEY_TYPES, null, null, -1, null);
    }

    void onScepEnrollmentError(CertificateEnrollmentException certificateEnrollmentException) {
        CertificateEnrollmentResult enrollmentResult = certificateEnrollmentException.getEnrollmentResult();
        this.log.warn("SCEP enrollment failed: {} {}", enrollmentResult, certificateEnrollmentException.getMessage());
        if (enrollmentResult == CertificateEnrollmentResult.WRONG_PASSWORD) {
            IdentityCertificateStateUtil.setFlagForMissingScepCredentials(this.preferences);
            this.scepEnrollmentCompletionHandler.onScepEnrollmentPasswordFailure();
        } else {
            this.scepEnrollmentCompletionHandler.onScepEnrollmentFailure(enrollmentResult);
        }
        this.scepEnrollmentCompletionHandler = null;
    }

    void onScepEnrollmentSuccess() {
        this.log.debug("SCEP enrollment has succeeded");
        recordScepCertificateInstalled();
        this.scepEnrollmentCompletionHandler.onScepEnrollmentSuccess();
        notifyListenersIdentityCertificateInstalled();
        this.loginManager.refreshAllLogins();
        this.scepEnrollmentCompletionHandler = null;
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void removeIdentityCertificateChangeListener(IdentityCertificateChangeListener identityCertificateChangeListener) {
        this.listeners.remove(identityCertificateChangeListener);
    }

    void setScepEnrollmentCompletionHandler(ScepEnrollmentCompletionHandler scepEnrollmentCompletionHandler) {
        this.scepEnrollmentCompletionHandler = scepEnrollmentCompletionHandler;
    }

    @Override // com.avaya.android.flare.certs.model.ScepEnroller
    public void startScepEnrollment(ScepEnrollmentCompletionHandler scepEnrollmentCompletionHandler) {
        startScepEnrollment(scepEnrollmentCompletionHandler, this.preferences, this.credentialsCache.getPassword());
    }

    @Override // com.avaya.android.flare.certs.model.ScepEnroller
    public void startScepEnrollment(ScepEnrollmentCompletionHandler scepEnrollmentCompletionHandler, SharedPreferences sharedPreferences, String str) {
        ScepEnrollmentCompletionHandler scepEnrollmentCompletionHandler2 = this.scepEnrollmentCompletionHandler;
        if (scepEnrollmentCompletionHandler2 != null) {
            this.log.error("SCEP enrollment is already in progress: previous completion handler is {}", scepEnrollmentCompletionHandler2);
            throw new IllegalStateException("SCEP enrollment is already in progress");
        }
        this.scepEnrollmentCompletionHandler = scepEnrollmentCompletionHandler;
        if (!ScepConfigUtil.isScepServerUrlSet(sharedPreferences)) {
            this.log.error(NO_SCEP_URL_MESSAGE);
            onScepEnrollmentError(new CertificateEnrollmentException(CertificateEnrollmentResult.CONNECTION_FAILED, NO_SCEP_URL_MESSAGE));
        } else {
            IdentityCertificateStateUtil.clearFlagForMissingScepCredentials(sharedPreferences);
            ScepConfiguration createScepConfiguration = this.scepConfigurationFactory.createScepConfiguration(sharedPreferences, str);
            ScepConfigUtil.savePreviousScepConfigurationHash(sharedPreferences);
            this.certificateManager.enroll(createScepConfiguration, null, new CertificateEnrollmentCompletionHandler() { // from class: com.avaya.android.flare.certs.model.IdentityCertificateManagerImpl.3
                @Override // com.avaya.clientservices.provider.certificate.CertificateEnrollmentCompletionHandler
                public void onError(CertificateEnrollmentException certificateEnrollmentException) {
                    IdentityCertificateManagerImpl.this.onScepEnrollmentError(certificateEnrollmentException);
                }

                @Override // com.avaya.clientservices.provider.certificate.CertificateEnrollmentCompletionHandler
                public void onSuccess(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
                    IdentityCertificateManagerImpl.this.onScepEnrollmentSuccess();
                }
            });
        }
    }

    @Override // com.avaya.android.flare.certs.model.ScepEnroller
    public void startScepEnrollmentIfPasswordSet() {
        String password = this.credentialsCache.getPassword();
        if (TextUtils.isEmpty(password)) {
            return;
        }
        startScepEnrollment(NULL_SCEP_ENROLLMENT_COMPLETION_HANDLER, this.preferences, password);
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateManager
    public void uninstallIdentityCertificate() {
        this.certificateManager.deleteClientIdentityCertificateChain();
        clearCachedIdentityCertificateState();
        notifyListenersIdentityCertificateUninstalled();
        this.loginManager.refreshAllLogins();
    }
}
