package com.baramundi.android.mdm.security;

import android.content.Context;
import android.content.Intent;
import com.baramundi.android.mdm.R;
import com.baramundi.android.mdm.controller.PreferenceEdit;
import com.baramundi.android.mdm.receiver.RemoveWaitDialogReceiver;
import com.baramundi.android.mdm.results.CertificateInformation;
import com.baramundi.android.sharedlib.SharedCertificateHelper;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class EasyX509TrustManager implements X509TrustManager {
    private final Context context;
    private Logger logger = LoggerFactory.getLogger(EasyX509TrustManager.class);
    private X509TrustManager standardTrustManager;

    public EasyX509TrustManager(KeyStore keyStore, Context context) throws NoSuchAlgorithmException, KeyStoreException {
        this.standardTrustManager = null;
        this.context = context;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        this.standardTrustManager = (X509TrustManager) trustManagers[0];
    }

    private CertificateInformation BuildCertificateInfo(X509Certificate x509Certificate) {
        CertificateInformation certificateInformation = new CertificateInformation();
        certificateInformation.setIssuer(x509Certificate.getIssuerDN().getName().substring(3));
        certificateInformation.setSubject(x509Certificate.getSubjectDN().getName().substring(3));
        certificateInformation.setSerialnumber(x509Certificate.getSerialNumber().toString());
        certificateInformation.setValidity(x509Certificate.getNotAfter().toString());
        try {
            certificateInformation.setThumbprint(SharedCertificateHelper.getThumbPrint(x509Certificate));
        } catch (Exception unused) {
        }
        return certificateInformation;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.standardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length <= 0) {
            throw new CertificateException(this.context.getString(R.string.CertificateChainEmpty));
        }
        try {
            String thumbPrint = SharedCertificateHelper.getThumbPrint(x509CertificateArr[0]);
            if (!PreferenceEdit.getInstance(this.context).getSupportThumbprintValidation()) {
                CertificateInformation BuildCertificateInfo = BuildCertificateInfo(x509CertificateArr[0]);
                String userAcceptedServerThumbprint = PreferenceEdit.getInstance(this.context).getUserAcceptedServerThumbprint();
                if (thumbPrint != null) {
                    if (userAcceptedServerThumbprint == null || !thumbPrint.equalsIgnoreCase(userAcceptedServerThumbprint)) {
                        try {
                            this.standardTrustManager.checkServerTrusted(x509CertificateArr, str);
                            return;
                        } catch (Exception unused) {
                            Intent intent = new Intent();
                            intent.setAction(RemoveWaitDialogReceiver.removeAction);
                            intent.putExtra(RemoveWaitDialogReceiver.activityAskUser, true);
                            intent.putExtra(RemoveWaitDialogReceiver.certificateInformation, BuildCertificateInfo);
                            this.context.getApplicationContext().sendBroadcast(intent);
                            this.logger.info(String.format("User will be asked for server acceptance of server %s", BuildCertificateInfo.toString()));
                            throw new CertificateException("NO_TOAST");
                        }
                    }
                    return;
                }
                return;
            }
            try {
                if (thumbPrint == null) {
                    this.logger.error("Cannot validate servers certificate thumbprint");
                    this.logger.error("Abort enrollment for security reasons");
                    throw new CertificateException(this.context.getString(R.string.CertError_Thumbprint_empty));
                }
                if (thumbPrint.equalsIgnoreCase(PreferenceEdit.getInstance(this.context).getSSLThumbprint())) {
                    this.logger.info(String.format("Validation of server certificate (thumbprint: %s) successfully finished", thumbPrint));
                    return;
                }
                this.logger.error(String.format("Responding servers certificate (thumbprint: %s) does not match the expected certificate (thumbprint: %s)", thumbPrint, PreferenceEdit.getInstance(this.context).getSSLThumbprint()));
                this.logger.error("Abort enrollment for security reasons");
                this.logger.info("Received the following certificate chain from the server");
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    this.logger.info("BEGIN CERT >>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
                    this.logger.info(x509Certificate.toString());
                    this.logger.info("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< END CERT\n");
                }
                throw new CertificateException(String.format(this.context.getString(R.string.CertError_Thumbprint_mismatch), thumbPrint, PreferenceEdit.getInstance(this.context).getSSLThumbprint()));
            } catch (CertificateException e) {
                throw e;
            } catch (Exception e2) {
                this.logger.error("An error occured during thumbprint evaluation. Abort enrollment for security reasons!");
                this.logger.error(String.format("Detailed error description: %s", e2.getMessage()));
                throw new CertificateException(e2.getMessage());
            }
        } catch (Exception e3) {
            this.logger.error("An error occurred during thumbprint evaluation. Abort enrollment for security reasons!");
            this.logger.error(String.format("Detailed error description: %s", e3.getMessage()));
            throw new CertificateException(e3.getMessage());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }
}
