package com.sophos.mobilecontrol.client.android.plugin.sony.profilehandler.manager;

import android.annotation.SuppressLint;
import android.app.PendingIntent;
import android.content.ActivityNotFoundException;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import com.sonymobile.enterprise.Configuration;
import com.sonymobile.enterprise.support.EnterpriseSupport;
import com.sophos.mobilecontrol.client.android.notification.NotificationDisplay;
import com.sophos.mobilecontrol.client.android.plugin.base.PluginBaseApplication;
import com.sophos.mobilecontrol.client.android.plugin.base.certificatefile.CertificateAttributes;
import com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager;
import com.sophos.mobilecontrol.client.android.plugin.sony.R;
import com.sophos.mobilecontrol.client.android.plugin.sony.service.InstallCertificateService;
import com.sophos.mobilecontrol.client.android.plugin.tools.Base64Coder;
import com.sophos.smsec.core.smsectrace.SMSecTrace;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import p1.d;
import q1.C1472a;

@SuppressLint({"ApplySharedPref"})
/* loaded from: classes3.dex */
public final class SonyCertificateManager implements CertificateManager {
    public static final String SHARED_PREFERENCE_ALIAS_POST = ".alias";
    private final ComponentName mAdmin;
    private final Context mContext;
    private Configuration mManager;
    private static final int[] CERT_TYPES = {0, 2, 1};
    private static final int[] CERT_USAGES = {2, 0, 1};
    private static final String TAG = SonyCertificateManager.class.getSimpleName();

    /* loaded from: classes3.dex */
    static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f16497a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f16498b;

        static {
            int[] iArr = new int[CertificateManager.CertificateType.values().length];
            f16498b = iArr;
            try {
                iArr[CertificateManager.CertificateType.TYPE_CERTIFICATE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f16498b[CertificateManager.CertificateType.TYPE_PKCS12.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[CertificateManager.CertificateUsage.values().length];
            f16497a = iArr2;
            try {
                iArr2[CertificateManager.CertificateUsage.USE_SYSTEM.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f16497a[CertificateManager.CertificateUsage.USE_VPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f16497a[CertificateManager.CertificateUsage.USE_EMAIL.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f16497a[CertificateManager.CertificateUsage.USE_WIFI.ordinal()] = 4;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    public SonyCertificateManager(Context context) {
        Context applicationContext = context.getApplicationContext();
        this.mContext = applicationContext;
        this.mAdmin = ((PluginBaseApplication) context.getApplicationContext()).getAdmin();
        if (EnterpriseSupport.isFeatureSupported(applicationContext, EnterpriseSupport.Feature.INSTALL_CERTIFICATES)) {
            this.mManager = new Configuration(applicationContext);
        }
    }

    public List<String> getAllAliases() {
        ArrayList arrayList = new ArrayList();
        if (EnterpriseSupport.isFeatureSupported(this.mContext, EnterpriseSupport.Feature.LIST_REMOVE_CERTIFICATES)) {
            for (int i3 = 0; i3 < CERT_TYPES.length; i3++) {
                int i4 = 0;
                while (true) {
                    int[] iArr = CERT_USAGES;
                    if (i4 < iArr.length) {
                        int i5 = CERT_TYPES[i3];
                        if ((i5 != 0 || iArr[i4] != 2) && (i5 != 1 || iArr[i4] != 2)) {
                            try {
                                List listCertificates = this.mManager.listCertificates(i5, iArr[i4]);
                                if (listCertificates != null) {
                                    arrayList.addAll(listCertificates);
                                }
                            } catch (SecurityException e3) {
                                SMSecTrace.e(TAG, "gIC() no enterprise permission or current user isn't owner: " + e3);
                            }
                        }
                        i4++;
                    }
                }
            }
        }
        for (Map.Entry<String, ?> entry : this.mContext.getSharedPreferences("certificate", 0).getAll().entrySet()) {
            SMSecTrace.d(TAG, "installed: " + entry.getKey() + " : : " + entry.getValue());
        }
        return arrayList;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public int getCredentialStorageStatus() {
        return d.a(this.mContext) ? 1 : 2;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public List<CertificateAttributes> getInstalledCertificates() {
        String str = TAG;
        SMSecTrace.d(str, "getInstalledCertificates()");
        ArrayList arrayList = new ArrayList();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            if (keyStore != null) {
                keyStore.load(null);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (nextElement.startsWith("user")) {
                        CertificateAttributes certificateAttributes = new CertificateAttributes();
                        certificateAttributes.setX509Data(new String(C1472a.d(keyStore.getCertificate(nextElement).getEncoded())));
                        arrayList.add(certificateAttributes);
                    }
                }
            } else {
                SMSecTrace.e(str, "tried to read get keystore, returned null");
            }
        } catch (IOException e3) {
            SMSecTrace.e(TAG, "IOE: " + e3);
        } catch (KeyStoreException e4) {
            SMSecTrace.e(TAG, "KSE: " + e4);
        } catch (NoSuchAlgorithmException e5) {
            SMSecTrace.e(TAG, "NSAE: " + e5);
        } catch (CertificateException e6) {
            SMSecTrace.e(TAG, "CE: " + e6);
        }
        SMSecTrace.d(TAG, "returned: " + arrayList.size());
        return arrayList;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    @SuppressLint({"CommitPrefEdits"})
    public boolean installCertificate(CertificateManager.CertificateType certificateType, CertificateManager.CertificateUsage certificateUsage, byte[] bArr, String str, String str2) {
        String str3;
        int installCertFromDer;
        if (EnterpriseSupport.isFeatureSupported(this.mContext, EnterpriseSupport.Feature.INSTALL_CERTIFICATES)) {
            int i3 = a.f16497a[certificateUsage.ordinal()];
            int i4 = (i3 == 1 || i3 == 2 || i3 == 3 || i3 != 4) ? 0 : 1;
            Intent intent = null;
            if (removeCertificate(str, certificateType, null)) {
                SMSecTrace.i(TAG, "cert was installed, gets re-installed.");
            }
            SharedPreferences.Editor edit = this.mContext.getSharedPreferences("certificate", 0).edit();
            String str4 = new String(Base64Coder.encode(bArr));
            edit.putString(str, str4);
            edit.putString(str + ".password", str2).commit();
            String str5 = TAG;
            SMSecTrace.d(str5, "put wifi cert in shared prefs");
            if (!EnterpriseSupport.isFeatureSupported(this.mContext, EnterpriseSupport.Feature.INSTALL_CERTIFICATES_SILENTLY)) {
                int i5 = a.f16498b[certificateType.ordinal()];
                if (i5 == 1) {
                    intent = InstallCertificateService.getStartActionInstallDIntent(this.mContext, str4, i4, str);
                } else if (i5 == 2) {
                    intent = InstallCertificateService.getStartActionInstallPIntent(this.mContext, str4, i4, str, str2);
                }
                NotificationDisplay.i(this.mContext).c(NotificationDisplay.NotificationId.NOT_ENTER_EAS, this.mContext.getString(R.string.notification_plugin_install_cert), PendingIntent.getService(this.mContext, (int) System.currentTimeMillis(), intent, 67108864));
                return true;
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIC2TCCAcGgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBpMScwJQYDVQQKEx5Tb255IE1vYmlsZSBDb21tdW5pY2F0aW9ucyBJbmMxCzAJBgNVBAYTAlNFMTEwLwYDVQQDFChTb255X01vYmlsZV9FX0FQSV9BdXRoZW50aWNhdGlvbl9TaWduaW5nMB4XDTE2MDEyMjA4MDcwOFoXDTI2MDExOTA4MDcwOFowIzELMAkGA1UEBhMCVUsxFDASBgNVBAoTC1NvcGhvcyBMdGQuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwC92LFUP5R5MJx5EnovcaRC7T4m/scXjwEze93aLrfBh0Ae/qRdY1tTpVmXmmCtBIXEAqe89jDCjy/eoGWSKMll8EN9w2+Fg3cUPY1zpDlYuLfL4ZeLFAPz2m4Mf6pYVFM063ey7FEsANzcWj6FS80MNuudnMGLM8gamHMK1icwIDAQABo1YwVDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQjcNUkwH7qrtVn7U0nsJgRIMbrETAoBgMqAwQBAf8EHgwcQXV0aGVudGljYXRpb246c2lsZW50SW5zdGFsbDANBgkqhkiG9w0BAQsFAAOCAQEAqMzTugzzupjjeep3aB96s3Ow9iWLZRvdekOvMMpiTQITyIFzK+LOjOI/9C2pVG5OYdbmnCfis/TMvNw81dL6H2ml4dBZK24RjdURhjC/zyISp7mnTklmOWWcUfEvRslnFGPRXF4T6XgqxwiTmUCaJqreNYRiH5ExGe7P8wDlLtZIHpppCfYix0VX9tt0WYZmd/89x/ovZ4qMuvfWg6bnvXa9Q451sCo2DazY/DsRmrxpIup6wvxyroGqrfCU5T1CFBbro/9Bh0Fuh941QL8IV0UaV6G+6xWyeWfsghK4JyjWin71Cybg3ZIc/4YnNrC+M/chI1bFfRIa08TJ17HLEQ==\n-----END CERTIFICATE-----".getBytes()));
                ArrayList arrayList = new ArrayList();
                arrayList.add(generateCertificate);
                CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                int i6 = a.f16498b[certificateType.ordinal()];
                if (i6 != 1) {
                    installCertFromDer = i6 != 2 ? -2054 : this.mManager.installCertFromPkcs12(this.mAdmin, bArr, str, str2, i4, true, generateCertPath);
                    str3 = str5;
                } else {
                    str3 = str5;
                    installCertFromDer = this.mManager.installCertFromDer(this.mAdmin, bArr, i4, true, generateCertPath);
                }
                if (installCertFromDer == -4) {
                    SMSecTrace.e(str3, "iC CPI");
                } else if (installCertFromDer == -3) {
                    SMSecTrace.e(str3, "iC UC");
                } else if (installCertFromDer == -2) {
                    SMSecTrace.e(str3, "iC LO");
                } else {
                    if (installCertFromDer == -1) {
                        SMSecTrace.e(str3, "iC ER");
                        return false;
                    }
                    if (installCertFromDer == 0) {
                        SMSecTrace.i(str3, "iC installed");
                        return true;
                    }
                    SMSecTrace.e(str3, "iC unknown");
                }
            } catch (CertificateException e3) {
                SMSecTrace.e(TAG, "Silent certificate installation failed!", e3);
            }
        }
        SMSecTrace.e(TAG, "installCertificate() not supported");
        return false;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public boolean removeAll() {
        String str = TAG;
        SMSecTrace.d(str, "resetCredentials()");
        try {
            if (EnterpriseSupport.isFeatureSupported(this.mContext, EnterpriseSupport.Feature.LIST_REMOVE_CERTIFICATES)) {
                SMSecTrace.i(str, "remove using list");
                for (int i3 = 0; i3 < CERT_TYPES.length; i3++) {
                    int i4 = 0;
                    while (true) {
                        int[] iArr = CERT_USAGES;
                        if (i4 < iArr.length) {
                            int i5 = CERT_TYPES[i3];
                            if ((i5 != 0 || iArr[i4] != 2) && (i5 != 1 || iArr[i4] != 2)) {
                                try {
                                    List listCertificates = this.mManager.listCertificates(i5, iArr[i4]);
                                    if (listCertificates != null) {
                                        Iterator it = listCertificates.iterator();
                                        while (it.hasNext()) {
                                            try {
                                                if (this.mManager.removeCertificate(this.mAdmin, CERT_TYPES[i3], CERT_USAGES[i4], (String) it.next())) {
                                                    SMSecTrace.i(TAG, "cert successfully removed");
                                                } else {
                                                    SMSecTrace.e(TAG, "Cert could not be removed!");
                                                }
                                            } catch (SecurityException e3) {
                                                SMSecTrace.e(TAG, "rA() not device admin, no enterprise permission or current user isn't owner: " + e3);
                                            }
                                        }
                                    }
                                } catch (SecurityException e4) {
                                    SMSecTrace.e(TAG, "rA() no enterprise permission or current user isn't owner: " + e4);
                                }
                            }
                            i4++;
                        }
                    }
                }
            }
            this.mContext.getSharedPreferences("certificate", 0).edit().clear().commit();
            return true;
        } catch (Exception e5) {
            SMSecTrace.e(TAG, "removeAll() threw exception: " + e5);
            return false;
        }
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public boolean removeCertificate(String str, CertificateManager.CertificateType certificateType, String str2) {
        String str3 = TAG;
        SMSecTrace.v(str3, "remove certificate: " + str + " cert: " + str2);
        int i3 = 0;
        if (!EnterpriseSupport.isFeatureSupported(this.mContext, EnterpriseSupport.Feature.LIST_REMOVE_CERTIFICATES)) {
            SMSecTrace.e(str3, "removeCertificate() not supported");
            return false;
        }
        SharedPreferences sharedPreferences = this.mContext.getSharedPreferences("certificate", 0);
        String string = sharedPreferences.getString(str + SHARED_PREFERENCE_ALIAS_POST, null);
        boolean z3 = false;
        int i4 = 0;
        while (i4 < CERT_TYPES.length) {
            try {
                boolean z4 = z3;
                int i5 = i3;
                while (true) {
                    int[] iArr = CERT_USAGES;
                    if (i5 < iArr.length) {
                        int i6 = CERT_TYPES[i4];
                        if ((i6 != 0 || iArr[i5] != 2) && (i6 != 1 || iArr[i5] != 2)) {
                            try {
                                List<String> listCertificates = this.mManager.listCertificates(i6, iArr[i5]);
                                if (listCertificates != null) {
                                    for (String str4 : listCertificates) {
                                        String str5 = TAG;
                                        SMSecTrace.d(str5, "Alias: " + str4);
                                        if (str4.equals(str) || str4.equals(string) || str.contains(str4)) {
                                            try {
                                                boolean removeCertificate = this.mManager.removeCertificate(this.mAdmin, CERT_TYPES[i4], CERT_USAGES[i5], str4);
                                                if (removeCertificate) {
                                                    SMSecTrace.i(str5, "cert successfully removed");
                                                } else {
                                                    SMSecTrace.e(str5, "Cert could not be removed!");
                                                }
                                                z4 = removeCertificate;
                                            } catch (SecurityException e3) {
                                                SMSecTrace.e(TAG, "rC() not device admin, no enterprise permission or current user isn't owner: " + e3);
                                            }
                                        }
                                    }
                                }
                            } catch (SecurityException e4) {
                                SMSecTrace.e(TAG, "rC() no enterprise permission or current user isn't owner: " + e4);
                            }
                        }
                        i5++;
                    }
                }
                i4++;
                z3 = z4;
                i3 = 0;
            } catch (Exception e5) {
                SMSecTrace.e(TAG, "removeCert() threw exception: " + e5);
                return false;
            }
        }
        String str6 = TAG;
        SMSecTrace.i(str6, "removeCertificate id: " + str + " success: " + z3);
        if (!z3) {
            SMSecTrace.e(str6, "removeCertificate() failed");
            return false;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.remove(str);
        edit.remove(str + ".password");
        edit.remove(str + SHARED_PREFERENCE_ALIAS_POST);
        edit.commit();
        return true;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public boolean unlockCredentialStorage(String str) {
        try {
            this.mContext.startActivity(new Intent("com.android.credentials.UNLOCK"));
            return true;
        } catch (ActivityNotFoundException e3) {
            SMSecTrace.e(TAG, "No UNLOCK activity: " + e3.getMessage(), e3);
            return true;
        }
    }
}
