package com.sophos.mobilecontrol.client.android.module.deviceadmin.profilesectionhandling;

import R1.t;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import com.sophos.communication.Response;
import com.sophos.communication.ResponseReceiver;
import com.sophos.jsceplib.ScepException;
import com.sophos.mobilecontrol.android.profile.Parameter;
import com.sophos.mobilecontrol.android.profile.ProfileSection;
import com.sophos.mobilecontrol.android.profile.SMCProfile;
import com.sophos.mobilecontrol.android.profile.keys.ScepParameterKeys;
import com.sophos.mobilecontrol.client.android.command.handler.SmcCommandHandler;
import com.sophos.mobilecontrol.client.android.module.deviceadmin.profilesectionhandling.k;
import com.sophos.mobilecontrol.client.android.plugin.afw.profilehandler.AfwChallengeProfileSectionHandler;
import com.sophos.smsec.core.smsectrace.SMSecTrace;
import h1.C1097a;
import i1.C1105a;
import j1.C1118b;
import j1.C1119c;
import java.io.File;
import java.io.IOException;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import t1.C1518a;

/* loaded from: classes3.dex */
public class g extends SmcCommandHandler implements k.a {

    /* renamed from: a, reason: collision with root package name */
    private final Semaphore f16350a;

    /* renamed from: b, reason: collision with root package name */
    private int f16351b;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class a extends ResponseReceiver {

        /* renamed from: a, reason: collision with root package name */
        private final Context f16352a;

        /* renamed from: b, reason: collision with root package name */
        private final b f16353b;

        public a(Context context, b bVar) {
            this.f16352a = context;
            this.f16353b = bVar;
        }

        @Override // com.sophos.communication.ResponseReceiver
        protected void handleException(Context context, Exception exc) {
            C1097a.l(this.f16352a, this.f16353b);
            g.this.f16350a.release();
            g.this.f16351b = 5;
        }

        @Override // com.sophos.communication.ResponseReceiver
        protected void handleResponse(Context context, Response response) {
            if (response.actionSuccessful()) {
                return;
            }
            g.this.f16350a.release();
            g.this.f16351b = 8;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class b extends BroadcastReceiver {

        /* renamed from: a, reason: collision with root package name */
        private final Context f16355a;

        b(Context context) {
            this.f16355a = context;
        }

        public void a(Intent intent) {
            SMSecTrace.d(SmcCommandHandler.TAG, "Received profileSection result");
            C1097a.l(this.f16355a, this);
            if (intent == null || intent.getSerializableExtra("section") == null) {
                return;
            }
            ProfileSection profileSection = (ProfileSection) intent.getSerializableExtra("section");
            if (profileSection != null && profileSection.getResult() != null) {
                g.this.f16351b = profileSection.getResult().getCode().intValue();
            }
            SMSecTrace.d(SmcCommandHandler.TAG, "section extracted");
        }

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            SMSecTrace.d(SmcCommandHandler.TAG, "PluginResultReceiver.onReceive()");
            try {
                a(intent);
            } catch (Exception e3) {
                SMSecTrace.e(SmcCommandHandler.TAG, "Unexpected Exception while handling Pluginresult ", e3);
            }
            g.this.f16350a.release();
        }
    }

    /* loaded from: classes3.dex */
    public static class c implements com.sophos.cloud.core.command.c {
        @Override // com.sophos.cloud.core.command.c
        public com.sophos.cloud.core.command.b a(Context context) {
            return new g(context);
        }
    }

    private g(Context context) {
        super(context);
        this.f16350a = new Semaphore(0);
        this.f16351b = 8;
    }

    private boolean f(Context context, ProfileSection profileSection, String str, String str2) {
        try {
            X509Certificate d3 = new C1119c(this.mContext, str, profileSection.getUuid()).d(str2);
            long time = d3.getNotAfter().getTime();
            return System.currentTimeMillis() + ((time - d3.getNotBefore().getTime()) / 2) > time;
        } catch (ScepException e3) {
            SMSecTrace.e(SmcCommandHandler.TAG, "Cannot read certifcate", e3);
            return false;
        }
    }

    private void g(Context context, ProfileSection profileSection) {
        Parameter parameter = profileSection.getParameter("url");
        Parameter parameter2 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_ALIAS);
        Parameter parameter3 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_SUBJECT);
        Parameter parameter4 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_KEY_USAGE);
        Parameter parameter5 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_KEY_LENGTH);
        Parameter parameter6 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_NTPRINCIPALNAME);
        Parameter parameter7 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_DNSNAME);
        Parameter parameter8 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_RFC822NAME);
        Parameter parameter9 = profileSection.getParameter(ScepParameterKeys.PARAM_CERTIFICATE_UNIFORMRESOURCEIDENTIFIER);
        Parameter parameter10 = profileSection.getParameter("name");
        Parameter parameter11 = profileSection.getParameter(ScepParameterKeys.PARAM_SCEP_CA_FINGERPRINT);
        Parameter parameter12 = profileSection.getParameter("encryptedPin");
        if (parameter == null || parameter2 == null || parameter3 == null || parameter12 == null) {
            SMSecTrace.e(SmcCommandHandler.TAG, "SCEP failed. Required parameter are missing");
            return;
        }
        try {
            String c3 = R1.l.c(context, parameter12.getValue());
            if (f(context, profileSection, parameter2.getValue(), c3)) {
                SMSecTrace.i(SmcCommandHandler.TAG, "Start SCEP renewal for cert: " + parameter2.getValue());
                C1118b c1118b = new C1118b(context, parameter.getValue());
                if (parameter4 != null) {
                    try {
                        c1118b.q(Integer.parseInt(parameter4.getValue()));
                    } catch (Exception e3) {
                        e = e3;
                        SMSecTrace.e(SmcCommandHandler.TAG, "SCEP renewal failed. Cannot renew certificate.", e);
                    }
                }
                if (parameter5 != null) {
                    c1118b.p(Integer.parseInt(parameter5.getValue()));
                }
                if (parameter6 != null) {
                    c1118b.r(parameter6.getValue());
                }
                if (parameter9 != null) {
                    c1118b.t(parameter9.getValue());
                }
                if (parameter7 != null) {
                    c1118b.o(parameter7.getValue());
                }
                if (parameter8 != null) {
                    c1118b.s(parameter8.getValue());
                }
                if (parameter8 != null) {
                    c1118b.s(parameter8.getValue());
                }
                if (parameter10 != null) {
                    c1118b.m(parameter10.getValue());
                }
                C1118b.n(new d1.n(t.m(context)));
                c1118b.d();
                if (!c1118b.i()) {
                    SMSecTrace.w(SmcCommandHandler.TAG, "SCEP renewal failed. CA does not support renewal.");
                }
                if (parameter11 != null && !c1118b.c(parameter11.getValue())) {
                    SMSecTrace.e(SmcCommandHandler.TAG, "SCEP failed. CA certificate hash mismatch!");
                    return;
                }
                try {
                    if (c1118b.k(parameter2.getValue(), c3, profileSection.getUuid())) {
                        h(context, profileSection, parameter2.getValue(), c3);
                        SMSecTrace.i(SmcCommandHandler.TAG, "Successful renewal for cert: " + parameter2.getValue());
                    } else {
                        SMSecTrace.e(SmcCommandHandler.TAG, "SCEP renewal failed. Cannot renew certificate.");
                    }
                } catch (Exception e4) {
                    e = e4;
                    SMSecTrace.e(SmcCommandHandler.TAG, "SCEP renewal failed. Cannot renew certificate.", e);
                }
            }
        } catch (ScepException e5) {
            SMSecTrace.e(SmcCommandHandler.TAG, "SCEP renewal failed.", e5);
        } catch (SignatureException e6) {
            SMSecTrace.e(SmcCommandHandler.TAG, "SCEP renewal failed. Signature exception: ", e6);
        }
    }

    private boolean h(Context context, ProfileSection profileSection, String str, String str2) throws IOException {
        b bVar = new b(context);
        return new k(this, bVar, new a(context, bVar)).e(context, profileSection, str, str2);
    }

    private void i(Context context) {
        File file = new File(this.mContext.getFilesDir(), AfwChallengeProfileSectionHandler.PROFILE_DIR);
        file.mkdirs();
        File[] listFiles = file.listFiles(d1.o.b());
        C1105a c1105a = new C1105a();
        if (listFiles == null || listFiles.length <= 0) {
            return;
        }
        for (File file2 : listFiles) {
            try {
                ArrayList<ProfileSection> profileSections = ((SMCProfile) c1105a.read(SMCProfile.class, file2)).getProfileSections();
                if (profileSections != null && !profileSections.isEmpty()) {
                    for (ProfileSection profileSection : profileSections) {
                        if (profileSection.getType().equals(ScepParameterKeys.SECTION_TYPE_SCEP)) {
                            g(context, profileSection);
                        }
                    }
                }
            } catch (Exception unused) {
                SMSecTrace.w("SAMSUNG", "cannot read file: " + file2.getAbsolutePath());
            }
        }
    }

    @Override // com.sophos.mobilecontrol.client.android.module.deviceadmin.profilesectionhandling.k.a
    public void b() {
        try {
            this.f16350a.tryAcquire(1, 10L, TimeUnit.SECONDS);
        } catch (InterruptedException e3) {
            SMSecTrace.e("Got an interrupt exception", e3);
        }
    }

    @Override // com.sophos.cloud.core.command.b
    public int doExecute() {
        i(this.mContext);
        C1518a u3 = C1518a.u(this.mContext);
        u3.l2();
        u3.Q2();
        U0.a.c("smc_command", this.mCommand.getType());
        finish(0);
        return 0;
    }
}
