package com.avaya.android.flare.certs.model;

import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Pair;
import com.avaya.android.flare.csdk.CertificateManager;
import com.avaya.android.flare.injection.DefaultSharedPreferences;
import com.avaya.android.flare.settings.PreferenceKeys;
import com.avaya.android.flare.util.CryptoUtil;
import com.avaya.clientservices.provider.certificate.AppCertificateStoreException;
import com.avaya.clientservices.provider.certificate.AppCertificateStoreNotInUseException;
import com.avaya.clientservices.provider.certificate.CertificateEnrollmentException;
import com.avaya.clientservices.provider.certificate.CertificateEnrollmentResult;
import com.avaya.clientservices.uccl.ApplicationCredentialProvider;
import com.avaya.clientservices.uccl.autoconfig.AutoConfigException;
import com.avaya.clientservices.uccl.autoconfig.CertificateRetriever;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.net.MalformedURLException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import javax.inject.Inject;

/* loaded from: classes.dex */
public class CertificateHelperImpl implements CertificateHelper {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String CERTIFICATE_ENCODING_EXCEPTION = "Certificate exception while attempting to encode certificate: {}";
    private static final String CERTIFICATE_STORE_EXCEPTION = "Internal Certificate store error: {}";
    private static final String CERTIFICATE_STORE_NOT_IN_USE = "Internal Certificate store not in use: {}";

    @Inject
    protected CertificateManager certificateManager;
    private CertificateRetriever.CertificateRetrieverFactory certificateRetrieverFactory;
    private DownloadIdentityCertificateRequest downloadIdentityCert;
    private DownloadTrustCertsRequest downloadTrustCerts;

    @Inject
    protected IdentityCertificateFactory identityCertificateFactory;

    @Inject
    protected IdentityCertificateManager identityCertificateManager;

    @Inject
    protected ApplicationCredentialProvider passwordChangeDetector;

    @DefaultSharedPreferences
    @Inject
    protected SharedPreferences preferences;

    @Inject
    protected ScepEnroller scepEnroller;
    private ScepEnrollmentRequest scepEnrollmentRequest;
    private final Logger log = LoggerFactory.getLogger((Class<?>) CertificateHelperImpl.class);
    private TrustStoreChange trustStoreChange = TrustStoreChange.NO_CHANGE;
    private boolean removeIdentityCertificate = false;
    private boolean clearSavedCertificateData = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.avaya.android.flare.certs.model.CertificateHelperImpl$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$avaya$android$flare$certs$model$CertificateHelperImpl$TrustStoreChange;

        static {
            int[] iArr = new int[TrustStoreChange.values().length];
            $SwitchMap$com$avaya$android$flare$certs$model$CertificateHelperImpl$TrustStoreChange = iArr;
            try {
                iArr[TrustStoreChange.REMOVE_TRUST_STORE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$avaya$android$flare$certs$model$CertificateHelperImpl$TrustStoreChange[TrustStoreChange.REPLACE_CERTS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$avaya$android$flare$certs$model$CertificateHelperImpl$TrustStoreChange[TrustStoreChange.NO_CHANGE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class DownloadIdentityCertificateRequest {
        private byte[] certificateBytes;
        private char[] password;
        private final String url;

        public DownloadIdentityCertificateRequest(String str) {
            this.url = str;
        }

        public void download(CertificateRetriever certificateRetriever, SharedPreferences.Editor editor) throws CertificateException, AutoConfigException, MalformedURLException {
            byte[] downloadIdentityCertificateData = certificateRetriever.downloadIdentityCertificateData(this.url);
            if (CryptoUtil.base64Encode(downloadIdentityCertificateData).equals(CertificateHelperImpl.this.getLastCertificateData())) {
                CertificateHelperImpl.this.log.debug("PKCS12URL contents are unchanged from previous");
                CertificateHelperImpl.this.downloadIdentityCert = null;
            } else {
                this.certificateBytes = downloadIdentityCertificateData;
                CertificateHelperImpl.this.setLastCertificateData(downloadIdentityCertificateData, editor);
            }
            if (this.password == null) {
                IdentityCertificateStateUtil.setFlagForMissingCertificatePassword(editor);
            } else {
                IdentityCertificateStateUtil.clearFlagForMissingCertificatePassword(editor);
            }
        }

        public byte[] getCertificateBytes() {
            return this.certificateBytes;
        }

        public char[] getPassword() {
            return this.password;
        }

        public boolean isPasswordSet() {
            return this.password != null;
        }

        public void setPassword(String str) {
            if (TextUtils.isEmpty(str)) {
                return;
            }
            this.password = str.toCharArray();
        }

        public boolean wasSuccessfullyDownloaded() {
            return this.certificateBytes != null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class DownloadTrustCertsRequest {
        private final List<String> certificateURLs;
        private List<X509Certificate> certificates;

        public DownloadTrustCertsRequest(List<String> list) {
            this.certificateURLs = list;
        }

        public void download(CertificateRetriever certificateRetriever) throws CertificateException, AutoConfigException, MalformedURLException {
            certificateRetriever.retrieveTrustedCACertificates(this.certificateURLs);
            this.certificates = certificateRetriever.getTrustedCACertificates();
        }

        public List<X509Certificate> getCertificates() {
            return this.certificates;
        }

        public int getNumCertificateURLs() {
            return this.certificateURLs.size();
        }

        public boolean wasSuccessfullyDownloaded() {
            List<X509Certificate> list = this.certificates;
            return (list == null || list.isEmpty()) ? false : true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ScepEnrollmentRequest implements ScepEnrollmentCompletionHandler {
        private final CountDownLatch latch = new CountDownLatch(1);
        private final String password;
        private CertificateEnrollmentResult result;
        private final ScepEnroller scepEnroller;
        private final SharedPreferences scepPreferences;

        public ScepEnrollmentRequest(ScepEnroller scepEnroller, SharedPreferences sharedPreferences, String str) {
            this.scepEnroller = scepEnroller;
            this.scepPreferences = sharedPreferences;
            this.password = str;
        }

        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentFailure(CertificateEnrollmentResult certificateEnrollmentResult) {
            this.result = certificateEnrollmentResult;
            this.latch.countDown();
        }

        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentPasswordFailure() {
            this.result = CertificateEnrollmentResult.WRONG_PASSWORD;
            this.latch.countDown();
        }

        @Override // com.avaya.android.flare.certs.model.ScepEnrollmentCompletionHandler
        public void onScepEnrollmentSuccess() {
            this.result = CertificateEnrollmentResult.SUCCESS;
            this.latch.countDown();
        }

        public void run() throws CertificateEnrollmentException {
            this.scepEnroller.startScepEnrollment(this, this.scepPreferences, this.password);
            try {
                this.latch.await();
            } catch (InterruptedException e) {
                LoggerFactory.getLogger((Class<?>) ScepEnrollmentRequest.class).warn(e.getMessage());
            }
            if (this.result != CertificateEnrollmentResult.SUCCESS) {
                throw new CertificateEnrollmentException(this.result);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum TrustStoreChange {
        NO_CHANGE,
        REPLACE_CERTS,
        REMOVE_TRUST_STORE
    }

    @Inject
    public CertificateHelperImpl() {
    }

    private void clearLastCertificateData() {
        SharedPreferences.Editor edit = this.preferences.edit();
        clearLastCertificateData(edit);
        edit.apply();
    }

    private void clearLastCertificateData(SharedPreferences.Editor editor) {
        this.log.debug("Clearing saved contents of last PKCS#12 file");
        editor.remove(PreferenceKeys.KEY_LAST_PKCS12URL_DATA);
    }

    private void createAndSetIdentityCertificate(byte[] bArr, char[] cArr) throws IdentityCertificateCreationException {
        IdentityCertificateStateUtil.clearFlagForMissingCertificatePassword(this.preferences);
        try {
            Pair<X509Certificate[], PrivateKey> createIdentityCertificate = createIdentityCertificate(bArr, cArr);
            this.identityCertificateManager.installIdentityCertificate((X509Certificate[]) createIdentityCertificate.first, (PrivateKey) createIdentityCertificate.second);
        } catch (InvalidKeyException e) {
            this.log.warn("InvalidKeyException trying to install client identity certificate: {}", e.getMessage());
            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.INVALID_KEY, e.getMessage(), e);
        } catch (CertificateEncodingException e2) {
            this.log.warn("CertificateEncodingException trying to install client identity certificate: {}", e2.getMessage());
            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.BAD_KEY_ENCODING, e2.getMessage(), e2);
        }
    }

    private Pair<X509Certificate[], PrivateKey> createIdentityCertificate(byte[] bArr, char[] cArr) throws IdentityCertificateCreationException {
        try {
            this.identityCertificateFactory.extractIdentityCertificateFromPKCS12(bArr, cArr);
            X509Certificate[] identityCertificateChain = this.identityCertificateFactory.getIdentityCertificateChain();
            PrivateKey identityPrivateKey = this.identityCertificateFactory.getIdentityPrivateKey();
            IdentityCertificateStateUtil.clearFlagForMissingCertificatePassword(this.preferences);
            return new Pair<>(identityCertificateChain, identityPrivateKey);
        } catch (IdentityCertificateCreationException e) {
            if (e.getReason() == IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD) {
                IdentityCertificateStateUtil.setFlagForMissingCertificatePassword(this.preferences);
            }
            throw e;
        }
    }

    private boolean detectIdentityCertificateChange() {
        DownloadIdentityCertificateRequest downloadIdentityCertificateRequest;
        return this.removeIdentityCertificate || ((downloadIdentityCertificateRequest = this.downloadIdentityCert) != null && downloadIdentityCertificateRequest.wasSuccessfullyDownloaded());
    }

    private boolean detectTrustStoreChange() {
        int i = AnonymousClass1.$SwitchMap$com$avaya$android$flare$certs$model$CertificateHelperImpl$TrustStoreChange[this.trustStoreChange.ordinal()];
        if (i == 1) {
            return this.certificateManager.isCertificateStoreInUse();
        }
        if (i == 2) {
            DownloadTrustCertsRequest downloadTrustCertsRequest = this.downloadTrustCerts;
            return downloadTrustCertsRequest != null && downloadTrustCertsRequest.wasSuccessfullyDownloaded() && isPrivateTrustStoreDifferent();
        }
        if (i == 3) {
            return false;
        }
        throw new AssertionError("Unreachable because all enum values covered in the switch");
    }

    private byte[] getLastCertificateBytes() {
        String lastCertificateData = getLastCertificateData();
        if (TextUtils.isEmpty(lastCertificateData)) {
            return null;
        }
        return CryptoUtil.base64Decode(lastCertificateData);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getLastCertificateData() {
        return this.preferences.getString(PreferenceKeys.KEY_LAST_PKCS12URL_DATA, "");
    }

    private boolean isIdentityCertificateInUse() {
        return this.identityCertificateManager.getClientIdentityCertificate() != null;
    }

    private boolean isIdentityCertificatePasswordNeeded() {
        DownloadIdentityCertificateRequest downloadIdentityCertificateRequest = this.downloadIdentityCert;
        return (downloadIdentityCertificateRequest == null || downloadIdentityCertificateRequest.isPasswordSet()) ? false : true;
    }

    private boolean isIdentityCertificateToChange() {
        boolean detectIdentityCertificateChange = detectIdentityCertificateChange();
        if (detectIdentityCertificateChange) {
            this.log.info("Change to client identity certificate");
        }
        return detectIdentityCertificateChange;
    }

    private boolean isPrivateTrustStoreDifferent() {
        if (!this.certificateManager.isCertificateStoreInUse()) {
            return true;
        }
        X509Certificate[] certificates = this.certificateManager.getCertificates();
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : certificates) {
            hashSet.add(CertificateUtil.pemEncodeCertificate(x509Certificate));
        }
        HashSet hashSet2 = new HashSet();
        Iterator<X509Certificate> it = this.downloadTrustCerts.getCertificates().iterator();
        while (it.hasNext()) {
            hashSet2.add(CertificateUtil.pemEncodeCertificate(it.next()));
        }
        return !hashSet.equals(hashSet2);
    }

    private boolean isScepToChange() {
        boolean z = this.scepEnrollmentRequest != null;
        if (z) {
            this.log.info("SCEP enrollment is requested");
        }
        return z;
    }

    private boolean isTrustStoreToChange() {
        boolean detectTrustStoreChange = detectTrustStoreChange();
        if (detectTrustStoreChange) {
            this.log.info("Change to private trust store");
        }
        return detectTrustStoreChange;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setLastCertificateData(byte[] bArr, SharedPreferences.Editor editor) {
        this.log.debug("Saving contents of last PKCS#12 file");
        editor.putString(PreferenceKeys.KEY_LAST_PKCS12URL_DATA, CryptoUtil.base64Encode(bArr));
    }

    private void updateIdentityCertificate() throws IdentityCertificateCreationException {
        createAndSetIdentityCertificate(this.downloadIdentityCert.getCertificateBytes(), this.downloadIdentityCert.getPassword());
    }

    private void updatePrivateTrustStore() throws AutoConfigException {
        try {
            if (this.certificateManager.isCertificateStoreInUse()) {
                this.certificateManager.deleteCertificateStore();
            }
            if (this.trustStoreChange == TrustStoreChange.REPLACE_CERTS) {
                try {
                    List<X509Certificate> certificates = this.downloadTrustCerts.getCertificates();
                    if (certificates.isEmpty()) {
                        return;
                    }
                    this.log.debug("Adding {} certificates to the CSDK's private trust store", Integer.valueOf(certificates.size()));
                    this.certificateManager.setCertificates((X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]));
                } catch (AppCertificateStoreException e) {
                    this.log.warn(CERTIFICATE_STORE_EXCEPTION, e.getMessage());
                    throw new AutoConfigException(e);
                } catch (AppCertificateStoreNotInUseException e2) {
                    this.log.warn(CERTIFICATE_STORE_NOT_IN_USE, e2.getMessage());
                    throw new AutoConfigException(e2);
                } catch (CertificateEncodingException e3) {
                    this.log.warn(CERTIFICATE_ENCODING_EXCEPTION, e3.getMessage());
                    throw new AutoConfigException(e3);
                }
            }
        } catch (AppCertificateStoreNotInUseException e4) {
            this.log.warn(CERTIFICATE_STORE_NOT_IN_USE, e4.getMessage());
            throw new AutoConfigException(e4);
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void createCertificateWithProvidedPassword(String str) throws IdentityCertificateCreationException {
        byte[] lastCertificateBytes = getLastCertificateBytes();
        if (lastCertificateBytes != null) {
            createAndSetIdentityCertificate(lastCertificateBytes, str.toCharArray());
        } else {
            this.log.error("No saved certificate data to use.");
            throw new AssertionError();
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void downloadCertificateData(SharedPreferences.Editor editor) throws AutoConfigException, CertificateException, MalformedURLException {
        if (this.clearSavedCertificateData) {
            clearLastCertificateData(editor);
            this.clearSavedCertificateData = false;
        }
        boolean z = this.downloadTrustCerts != null;
        boolean z2 = this.downloadIdentityCert != null;
        if (z || z2) {
            CertificateRetriever createCertificateRetriever = this.certificateRetrieverFactory.createCertificateRetriever();
            if (z) {
                this.log.debug("TRUSTCERTS is not empty, so downloading {} certificate files", Integer.valueOf(this.downloadTrustCerts.getNumCertificateURLs()));
                this.downloadTrustCerts.download(createCertificateRetriever);
            }
            if (z2) {
                this.downloadIdentityCert.download(createCertificateRetriever, editor);
            }
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public boolean isCertificateChangeToProcess() {
        return isTrustStoreToChange() || isIdentityCertificateToChange() || isScepToChange();
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void processCertificateChanges() throws AutoConfigException, IdentityCertificateCreationException, CertificateEnrollmentException {
        if (this.trustStoreChange != TrustStoreChange.NO_CHANGE) {
            updatePrivateTrustStore();
        }
        if (this.removeIdentityCertificate) {
            this.identityCertificateManager.uninstallIdentityCertificate();
            clearLastCertificateData();
        }
        if (this.downloadIdentityCert != null) {
            if (isIdentityCertificatePasswordNeeded()) {
                this.log.warn("Skipping client identity certificate creation because of missing password.");
                return;
            } else {
                updateIdentityCertificate();
                return;
            }
        }
        ScepEnrollmentRequest scepEnrollmentRequest = this.scepEnrollmentRequest;
        if (scepEnrollmentRequest != null) {
            scepEnrollmentRequest.run();
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void setCertificateRetrieverFactory(CertificateRetriever.CertificateRetrieverFactory certificateRetrieverFactory) {
        this.certificateRetrieverFactory = certificateRetrieverFactory;
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void setDataForScep(SharedPreferences sharedPreferences, String str) {
        if (ScepConfigUtil.isScepConfigured(sharedPreferences)) {
            if (this.downloadIdentityCert != null || !getLastCertificateData().isEmpty()) {
                this.log.debug("Ignoring SCEP parameters because PKCS12URL was used");
                return;
            }
            if (ScepConfigUtil.hashScepConfiguration(sharedPreferences).equals(ScepConfigUtil.getPreviousScepConfigurationHash(this.preferences))) {
                this.log.debug("Skipping SCEP enrollment because configuration hasn't changed");
                return;
            }
            this.preferences.edit().putString(PreferenceKeys.KEY_SCEP_CERT_URL, String.valueOf(ScepConfigUtil.getScepServerURL(sharedPreferences))).putString(PreferenceKeys.KEY_SCEP_CERT_DN, ScepConfigUtil.getScepDistinguishedName(sharedPreferences)).apply();
            if (TextUtils.isEmpty(str) || TextUtils.isEmpty(sharedPreferences.getString(PreferenceKeys.KEY_SCEP_CERT_CN, ""))) {
                IdentityCertificateStateUtil.setFlagForMissingScepCredentials(sharedPreferences);
            } else {
                this.scepEnrollmentRequest = new ScepEnrollmentRequest(this.scepEnroller, sharedPreferences, str);
            }
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void setIdentityCertificatePassword(String str) {
        DownloadIdentityCertificateRequest downloadIdentityCertificateRequest = this.downloadIdentityCert;
        if (downloadIdentityCertificateRequest == null) {
            this.log.warn("Received PKCS12PASSWORD to save when no PKCS12URL set.");
        } else {
            downloadIdentityCertificateRequest.setPassword(str);
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void setIdentityCertificateURL(String str) {
        if (!TextUtils.isEmpty(str)) {
            this.downloadIdentityCert = new DownloadIdentityCertificateRequest(str);
        } else if (isIdentityCertificateInUse()) {
            this.log.debug("Will remove installed identity certificate because of empty PKCS12URL");
            this.removeIdentityCertificate = true;
        } else {
            this.log.debug("Ignoring empty PKCS12URL because no identity certificate in use");
            this.clearSavedCertificateData = true;
        }
    }

    @Override // com.avaya.android.flare.certs.model.CertificateHelper
    public void setTrustCertsValue(List<String> list, SharedPreferences.Editor editor) {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            this.log.debug("TRUSTCERTS is empty, so will remove private trust store if present");
            this.trustStoreChange = TrustStoreChange.REMOVE_TRUST_STORE;
        } else {
            this.downloadTrustCerts = new DownloadTrustCertsRequest(list);
            this.trustStoreChange = TrustStoreChange.REPLACE_CERTS;
        }
        editor.putBoolean(PreferenceKeys.KEY_USING_PRIVATE_TRUSTSTORE, this.trustStoreChange == TrustStoreChange.REPLACE_CERTS);
        editor.putStringSet(PreferenceKeys.KEY_TRUST_CERTS, new HashSet(list));
    }
}
