package net.pulsesecure.modules.policy;

import android.util.Log;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.UUID;
import net.pulsesecure.modules.proto.CertificateResponseMsg;
import net.pulsesecure.modules.proto.CertificateScepResponseMsg;
import net.pulsesecure.modules.proto.IWorkspaceRestProtocol;
import net.pulsesecure.modules.proto.PolicyMsg;
import net.pulsesecure.modules.proto.PolicyProperties;
import net.pulsesecure.modules.system.IAndroidWrapper;
import org.htmlcleaner.CleanerProperties;

/* compiled from: ActiveSyncManager.kt */
/* loaded from: classes2.dex */
public final class h {

    /* renamed from: a, reason: collision with root package name */
    private final net.pulsesecure.g.b.d f16141a;

    /* renamed from: b, reason: collision with root package name */
    private final IAndroidWrapper f16142b;

    /* renamed from: c, reason: collision with root package name */
    private final String f16143c;

    /* renamed from: d, reason: collision with root package name */
    private final int f16144d;

    /* renamed from: e, reason: collision with root package name */
    private final String f16145e;

    /* renamed from: f, reason: collision with root package name */
    private final String f16146f;

    /* renamed from: g, reason: collision with root package name */
    private final String f16147g;

    /* renamed from: h, reason: collision with root package name */
    private final String f16148h;

    /* renamed from: i, reason: collision with root package name */
    private final String f16149i;

    /* renamed from: j, reason: collision with root package name */
    private final String f16150j;

    /* renamed from: k, reason: collision with root package name */
    private final String f16151k;

    /* renamed from: l, reason: collision with root package name */
    private final String f16152l;

    /* renamed from: m, reason: collision with root package name */
    private final String f16153m;
    private final String n;

    /* compiled from: ActiveSyncManager.kt */
    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(g.a0.d.g gVar) {
            this();
        }
    }

    static {
        new a(null);
    }

    public h(net.pulsesecure.g.b.d dVar, IAndroidWrapper iAndroidWrapper) {
        g.a0.d.j.c(dVar, "networkManager");
        g.a0.d.j.c(iAndroidWrapper, "androidWrapper");
        this.f16141a = dVar;
        this.f16142b = iAndroidWrapper;
        this.f16143c = "ActiveSyncManager";
        this.f16144d = 90;
        this.f16145e = "pulsesecure.activesync.cert";
        this.f16146f = "activeSyncAfwCertCertificate";
        this.f16147g = "activeSyncAfwCertInstalled";
        this.f16148h = "activeSyncScepConfig";
        this.f16149i = "activeSyncScepCert";
        this.f16150j = "activeSyncScepCertTransactionId";
        this.f16151k = "activeSyncScepCertInstalled";
        this.f16152l = "activeSyncScepCertPending";
        this.f16153m = "activeSyncScepCertAlias";
        this.n = "activeSyncScepCertPassword";
    }

    private final String a(String str, String str2) {
        return this.f16142b.T().getString(str, str2);
    }

    private final Date a(Date date, Date date2, int i2) {
        return new Date(date.getTime() + (((date2.getTime() - date.getTime()) / 100) * i2));
    }

    private final CertificateResponseMsg a(X509Certificate x509Certificate, KeyPair keyPair) {
        try {
            String uuid = UUID.randomUUID().toString();
            g.a0.d.j.b(uuid, "randomUUID().toString()");
            String a2 = net.pulsesecure.g.c.b.a(x509Certificate, keyPair.getPrivate(), this.f16145e, uuid);
            CertificateResponseMsg certificateResponseMsg = new CertificateResponseMsg();
            certificateResponseMsg.certificate = a2;
            certificateResponseMsg.cert_alias = this.f16145e;
            certificateResponseMsg.serialNumber = x509Certificate.getSerialNumber();
            certificateResponseMsg.password = uuid;
            certificateResponseMsg.validFrom = x509Certificate.getNotBefore().getTime();
            certificateResponseMsg.validTo = x509Certificate.getNotAfter().getTime();
            return certificateResponseMsg;
        } catch (IOException e2) {
            Log.d(this.f16143c, "Error while creating PKCS#12 base64 encoded string", e2);
            return null;
        } catch (KeyStoreException e3) {
            Log.d(this.f16143c, "Error while creating PKCS#12 base64 encoded string", e3);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            Log.d(this.f16143c, "Error while creating PKCS#12 base64 encoded string", e4);
            return null;
        } catch (CertificateException e5) {
            Log.d(this.f16143c, "Error while creating PKCS#12 base64 encoded string", e5);
            return null;
        }
    }

    private final void a() {
        b(this.f16147g, "false");
        b(this.f16146f, null);
    }

    private final void a(String str) {
        b(this.f16147g, CleanerProperties.BOOL_ATT_TRUE);
        b(this.f16146f, str);
        if (g()) {
            c();
        }
    }

    private final void a(String str, CertificateResponseMsg certificateResponseMsg) {
        b(this.f16152l, CleanerProperties.BOOL_ATT_TRUE);
        b(this.f16150j, str);
        String str2 = this.f16149i;
        g.a0.d.j.a(certificateResponseMsg);
        b(str2, certificateResponseMsg.certificate);
        b(this.f16153m, certificateResponseMsg.cert_alias);
        b(this.n, certificateResponseMsg.password);
    }

    private final void a(PolicyMsg policyMsg, KeyPair keyPair, net.pulsesecure.g.c.g gVar) {
        try {
            Certificate next = gVar.f15865a.a().getCertificates(null).iterator().next();
            if (next == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) next;
            CertificateResponseMsg a2 = a(x509Certificate, keyPair);
            if (a2 != null) {
                b(a2);
                b();
                this.f16142b.b(5, a(new Date(), new Date(a2.validTo), this.f16144d).getTime());
                policyMsg.active_sync_cert_msg = a2;
                Log.d(this.f16143c, "Cert enrollment completed SN: " + ((Object) x509Certificate.getSerialNumber().toString(16)) + ", Issuer: " + x509Certificate.getIssuerDN());
            }
        } catch (CertStoreException e2) {
            Log.e(this.f16143c, "Error while accessing the certificate", e2);
        }
    }

    private final void a(PolicyMsg policyMsg, boolean z) {
        String a2 = a(this.f16149i, (String) null);
        String a3 = a(this.f16148h, (String) null);
        net.pulsesecure.g.c.e a4 = net.pulsesecure.g.c.b.a(a2, a(this.f16153m, (String) null), a(this.n, (String) null));
        if (a4 == null || a3 == null) {
            String str = this.f16143c;
            StringBuilder sb = new StringBuilder();
            sb.append("Unable to ");
            sb.append(z ? "poll" : "renew");
            sb.append(" as existing certificate details not found");
            Log.d(str, sb.toString());
            return;
        }
        com.cellsec.api.a b2 = com.cellsec.api.b.b(a3, CertificateScepResponseMsg.class);
        g.a0.d.j.b(b2, "fromJson(scepConfig, Cer…pResponseMsg::class.java)");
        CertificateScepResponseMsg certificateScepResponseMsg = (CertificateScepResponseMsg) b2;
        X509Certificate a5 = a4.a();
        KeyPair keyPair = new KeyPair(a5.getPublicKey(), a4.b());
        net.pulsesecure.g.c.d dVar = (net.pulsesecure.g.c.d) net.pulsesecure.infra.n.a(this, net.pulsesecure.g.c.d.class, (net.pulsesecure.infra.i) null);
        if (z) {
            Log.d(this.f16143c, "Performing certificate polling as pending certificate exists");
            String a6 = a(this.f16150j, (String) null);
            if (a6 == null) {
                Log.d(this.f16143c, "Certificate polling not done as transaction id is not found");
                return;
            }
            byte[] bytes = a6.getBytes(g.g0.d.f14453b);
            g.a0.d.j.b(bytes, "this as java.lang.String).getBytes(charset)");
            b(policyMsg, keyPair, dVar.a(a5, keyPair, new j.d.d.j(bytes), certificateScepResponseMsg, new net.pulsesecure.g.c.a()));
            return;
        }
        Date date = new Date();
        if (date.getTime() > a5.getNotAfter().getTime()) {
            Log.w(this.f16143c, "Active sync certificate expired");
            c();
            b(policyMsg);
            return;
        }
        boolean parseBoolean = Boolean.parseBoolean(a("activeSyncScepRenewCert", "false"));
        Date notBefore = a5.getNotBefore();
        g.a0.d.j.b(notBefore, "identity.notBefore");
        Date notAfter = a5.getNotAfter();
        g.a0.d.j.b(notAfter, "identity.notAfter");
        Date a7 = a(notBefore, notAfter, this.f16144d);
        if (parseBoolean || date.getTime() >= a7.getTime()) {
            Log.d(this.f16143c, "Initiating renew certificate");
            b(policyMsg, keyPair, dVar.a(a5, keyPair, certificateScepResponseMsg, new net.pulsesecure.g.c.a()));
        }
    }

    private final boolean a(CertificateResponseMsg certificateResponseMsg) {
        return certificateResponseMsg != null;
    }

    private final void b() {
        b(this.f16152l, "false");
        b(this.f16150j, null);
        b("activeSyncScepRenewCert", "false");
    }

    private final void b(String str, String str2) {
        this.f16142b.T().putString(str, str2);
    }

    private final void b(CertificateResponseMsg certificateResponseMsg) {
        b(this.f16151k, CleanerProperties.BOOL_ATT_TRUE);
        b(this.f16149i, certificateResponseMsg.certificate);
        b(this.f16153m, certificateResponseMsg.cert_alias);
        b(this.n, certificateResponseMsg.password);
        if (f()) {
            a();
        }
    }

    private final void b(PolicyMsg policyMsg) {
        try {
            CertificateScepResponseMsg e2 = e();
            if (e2 == null) {
                Log.d(this.f16143c, "SCEP enrolment process cancelled as SCEP configuration not found");
                return;
            }
            String str = e2.challenge;
            e2.challenge = "";
            b(this.f16148h, e2.toString());
            e2.challenge = str;
            String a2 = a(this.f16153m, (String) null);
            if (g()) {
                Log.d(this.f16143c, g.a0.d.j.a("Removing existing active sync cert from keychain - ", (Object) Boolean.valueOf(this.f16142b.e(a2))));
            }
            net.pulsesecure.g.c.d dVar = (net.pulsesecure.g.c.d) net.pulsesecure.infra.n.a(this, net.pulsesecure.g.c.d.class, (net.pulsesecure.infra.i) null);
            KeyPair a3 = dVar.a(e2.key_size, e2.key_type);
            net.pulsesecure.g.c.g a4 = dVar.a(a3, e2, new net.pulsesecure.g.c.a());
            g.a0.d.j.b(a3, "keyPair");
            b(policyMsg, a3, a4);
        } catch (IOException e3) {
            Log.e(this.f16143c, "Failed to retrieve scep config for active sync cert enrollment", e3);
        } catch (InvalidParameterException e4) {
            Log.e(this.f16143c, "Error while generating key pair", e4);
        } catch (NoSuchAlgorithmException e5) {
            Log.e(this.f16143c, "Error while generating key pair", e5);
        }
    }

    private final void b(PolicyMsg policyMsg, KeyPair keyPair, net.pulsesecure.g.c.g gVar) {
        if ((gVar == null ? null : gVar.f15865a) == null) {
            return;
        }
        if (gVar.f15865a.e()) {
            a(policyMsg, keyPair, gVar);
            return;
        }
        if (gVar.f15865a.d()) {
            b();
            Log.e(this.f16143c, g.a0.d.j.a("Error while enrolling/renewing the certificate: ", (Object) gVar.f15865a.b()));
            return;
        }
        Log.d(this.f16143c, "Received pending response from the server, require certificate poll.");
        X509Certificate x509Certificate = gVar.f15866b;
        g.a0.d.j.b(x509Certificate, "scepResponse.identity");
        CertificateResponseMsg a2 = a(x509Certificate, keyPair);
        String jVar = gVar.f15865a.c().toString();
        g.a0.d.j.b(jVar, "scepResponse.enrollmentR….transactionId.toString()");
        a(jVar, a2);
    }

    private final void c() {
        b(this.f16151k, "false");
        b(this.f16153m, null);
        b(this.n, null);
        b(this.f16149i, null);
        b();
    }

    private final void c(PolicyMsg policyMsg) {
        a(policyMsg, true);
    }

    private final String d() {
        CertificateResponseMsg certificateResponseMsg = (CertificateResponseMsg) com.cellsec.api.b.b(a(this.f16146f, (String) null), CertificateResponseMsg.class);
        if (certificateResponseMsg == null) {
            return null;
        }
        return certificateResponseMsg.version;
    }

    private final void d(PolicyMsg policyMsg) {
        a(policyMsg, false);
    }

    private final CertificateScepResponseMsg e() {
        com.cellsec.api.a b2 = com.cellsec.api.b.b(this.f16141a.b("/afw/spaces/%s/scep-configuration", "GET", null).f15853a, CertificateScepResponseMsg.class);
        g.a0.d.j.b(b2, "fromJson(scepConfig, Cer…pResponseMsg::class.java)");
        return (CertificateScepResponseMsg) b2;
    }

    private final void e(PolicyMsg policyMsg) {
        try {
            String str = this.f16141a.b("/afw/spaces/%s/activesync-certificate", "POST", com.cellsec.api.b.a((com.cellsec.api.a) new IWorkspaceRestProtocol.CertificateRequestMsg(d()))).f15853a;
            CertificateResponseMsg certificateResponseMsg = (CertificateResponseMsg) com.cellsec.api.b.b(str, CertificateResponseMsg.class);
            if (a(certificateResponseMsg)) {
                Log.d(this.f16143c, "AFW API certificate downloaded from server");
                policyMsg.active_sync_cert_msg = certificateResponseMsg;
                g.a0.d.j.b(str, "response");
                a(str);
            } else {
                Log.d(this.f16143c, "New certificate not found, client already have latest AFW API certificiate");
                policyMsg.active_sync_cert_msg = (CertificateResponseMsg) com.cellsec.api.b.b(a(this.f16146f, (String) null), CertificateResponseMsg.class);
            }
        } catch (IOException e2) {
            Log.w(this.f16143c, "Failed to retrieve active sync certificate certificate", e2);
        }
    }

    private final void f(PolicyMsg policyMsg) {
        if (policyMsg.properties.activesync_force_update_scep_certificate) {
            b(policyMsg);
            return;
        }
        if (h()) {
            c(policyMsg);
        } else if (g()) {
            d(policyMsg);
        } else {
            b(policyMsg);
        }
    }

    private final boolean f() {
        return Boolean.parseBoolean(a(this.f16147g, "false"));
    }

    private final boolean g() {
        return Boolean.parseBoolean(a(this.f16151k, "false"));
    }

    private final boolean h() {
        return Boolean.parseBoolean(a(this.f16152l, "false"));
    }

    public final void a(PolicyMsg policyMsg) {
        if (policyMsg == null) {
            return;
        }
        PolicyProperties policyProperties = policyMsg.properties;
        g.a0.d.j.b(policyProperties, "policyMsg.properties");
        if (policyProperties.activesync_allow_authentication_via_certificate) {
            if (policyProperties.activesync_use_scep_certificate) {
                f(policyMsg);
                return;
            } else {
                e(policyMsg);
                return;
            }
        }
        if (f()) {
            a();
        }
        if (g()) {
            c();
        }
    }
}
