package com.sophos.mobilecontrol.client.android.plugin.afw.profilehandler.manager;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.app.admin.DevicePolicyManager;
import android.content.ActivityNotFoundException;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import com.sophos.communication.Dispatcher;
import com.sophos.mobilecontrol.client.android.internal.communication.CommandMessage;
import com.sophos.mobilecontrol.client.android.plugin.afw.service.AfwQueryService;
import com.sophos.mobilecontrol.client.android.plugin.base.PluginBaseApplication;
import com.sophos.mobilecontrol.client.android.plugin.base.certificatefile.CertificateAttributes;
import com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager;
import com.sophos.mobilecontrol.client.android.plugin.tools.Base64Coder;
import com.sophos.smsec.core.smsectrace.SMSecTrace;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes3.dex */
public class AfwCertificateManager implements CertificateManager {
    private static final String TAG = "AFWCer";
    private final ComponentName mAdmin;
    private final Context mContext;
    private final DevicePolicyManager mDpm;

    public AfwCertificateManager(Context context) {
        Context applicationContext = context.getApplicationContext();
        this.mContext = applicationContext;
        this.mDpm = (DevicePolicyManager) applicationContext.getSystemService("device_policy");
        this.mAdmin = ((PluginBaseApplication) applicationContext.getApplicationContext()).getAdmin();
    }

    @TargetApi(24)
    private void removeAllKeyPairs() {
        AfwUserRestrictionManager afwUserRestrictionManager = new AfwUserRestrictionManager(this.mContext);
        boolean a3 = afwUserRestrictionManager.a();
        if (a3) {
            afwUserRestrictionManager.disallowConfigCredentials(false);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            if (keyStore != null) {
                keyStore.load(null);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (nextElement.startsWith("user")) {
                        SMSecTrace.d(TAG, "Remove: " + nextElement + ", Success: " + this.mDpm.removeKeyPair(this.mAdmin, nextElement));
                    }
                }
            } else {
                SMSecTrace.e(TAG, "tried to read get keystore, returned null");
            }
        } catch (IOException e3) {
            SMSecTrace.e(TAG, "IOE: " + e3);
        } catch (KeyStoreException e4) {
            SMSecTrace.e(TAG, "KSE: " + e4);
        } catch (NoSuchAlgorithmException e5) {
            SMSecTrace.e(TAG, "NSAE: " + e5);
        } catch (CertificateException e6) {
            SMSecTrace.e(TAG, "CE: " + e6);
        }
        if (a3) {
            afwUserRestrictionManager.disallowConfigCredentials(true);
        }
    }

    private void triggerSync() {
        try {
            new Dispatcher(new CommandMessage(CommandMessage.CommandMessageTypes.SYNC, null)).send(this.mContext, null);
        } catch (IOException e3) {
            SMSecTrace.e("Failed to trigger sync", e3);
        }
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public int getCredentialStorageStatus() {
        return 1;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    @TargetApi(21)
    public List<CertificateAttributes> getInstalledCertificates() {
        SMSecTrace.d(TAG, "getInstalledCertificates()");
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = this.mDpm.getInstalledCaCerts(this.mAdmin).iterator();
        while (it.hasNext()) {
            char[] encode = Base64Coder.encode(it.next());
            CertificateAttributes certificateAttributes = new CertificateAttributes();
            certificateAttributes.setX509Data(new String(encode));
            arrayList.add(certificateAttributes);
        }
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x0216  */
    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    @android.annotation.SuppressLint({"ApplySharedPref"})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean installCertificate(com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager.CertificateType r18, com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager.CertificateUsage r19, byte[] r20, java.lang.String r21, java.lang.String r22) {
        /*
            Method dump skipped, instructions count: 547
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sophos.mobilecontrol.client.android.plugin.afw.profilehandler.manager.AfwCertificateManager.installCertificate(com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager$CertificateType, com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager$CertificateUsage, byte[], java.lang.String, java.lang.String):boolean");
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public boolean removeAll() {
        this.mDpm.uninstallAllUserCaCerts(this.mAdmin);
        removeAllKeyPairs();
        return true;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    @SuppressLint({"ApplySharedPref"})
    public boolean removeCertificate(String str, CertificateManager.CertificateType certificateType, String str2) {
        boolean z3;
        AfwUserRestrictionManager afwUserRestrictionManager = new AfwUserRestrictionManager(this.mContext);
        boolean a3 = afwUserRestrictionManager.a();
        if (a3) {
            afwUserRestrictionManager.disallowConfigCredentials(false);
        }
        if (certificateType == CertificateManager.CertificateType.TYPE_CERTIFICATE) {
            try {
                this.mDpm.uninstallCaCert(this.mAdmin, Base64Coder.decode(str2));
                z3 = true;
            } catch (Exception e3) {
                SMSecTrace.e(TAG, "ucac", e3);
            }
        } else {
            if (certificateType == CertificateManager.CertificateType.TYPE_PKCS12) {
                z3 = this.mDpm.removeKeyPair(this.mAdmin, str);
                SMSecTrace.i(TAG, "removed user certificate: " + z3);
                SMSecTrace.w(TAG, "tried to remove user credentials, not supported");
            }
            z3 = false;
        }
        SharedPreferences.Editor edit = this.mContext.getSharedPreferences("certificate", 0).edit();
        edit.remove(str);
        edit.remove(str + ".password");
        edit.commit();
        if (a3) {
            afwUserRestrictionManager.disallowConfigCredentials(true);
        }
        AfwQueryService.writeCertificateFile(this, this.mContext);
        triggerSync();
        SMSecTrace.i(TAG, "removeCertificate: " + z3);
        return z3;
    }

    @Override // com.sophos.mobilecontrol.client.android.plugin.base.profilehandler.certificates.CertificateManager
    public boolean unlockCredentialStorage(String str) {
        try {
            this.mContext.startActivity(new Intent("com.android.credentials.UNLOCK"));
            return true;
        } catch (ActivityNotFoundException e3) {
            SMSecTrace.e(TAG, "No UNLOCK activity: " + e3.getMessage(), e3);
            return true;
        }
    }
}
