package com.baramundi.dpc.controller.logic;

import android.annotation.SuppressLint;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import androidx.preference.PreferenceManager;
import com.baramundi.dpc.DeviceAdminReceiver;
import com.baramundi.dpc.common.FileUtil;
import com.baramundi.dpc.common.PreferencesUtil;
import com.baramundi.dpc.common.ProvisioningStateUtil;
import com.baramundi.dpc.common.SharedPrefKeys;
import com.baramundi.dpc.common.model.EnrollmentMode;
import com.baramundi.dpc.util.X509Utils;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.tinylog.Logger;

/* loaded from: classes.dex */
public class CertificateInstallLogicPrivate {
    private static final String DEFAULT_PASS = "baramundi";
    public static final String ENROLLMENT_CERTS_ZIP_NAME = "certs.zip";
    public static final String KEYSTORE_NAME = "bara_client_cert";
    private final Context context;
    private final DevicePolicyManager mDpm;
    private final SharedPreferences prefs;
    private boolean isServerCertAvailable = false;
    private boolean isClientCertAvailable = false;
    private boolean isServerAddressAvailable = false;
    private boolean isGoogleAuthTokenAvailable = false;
    private boolean isEnrollmentTokenAvailable = false;

    public CertificateInstallLogicPrivate(Context context) {
        this.mDpm = (DevicePolicyManager) context.getSystemService("device_policy");
        this.context = context;
        this.prefs = PreferenceManager.getDefaultSharedPreferences(context);
    }

    private void ValidateAllMandatoryComponentsExist() throws Exception {
        if (this.isServerCertAvailable && this.isClientCertAvailable && this.isServerAddressAvailable && (this.isGoogleAuthTokenAvailable || this.isEnrollmentTokenAvailable)) {
            return;
        }
        throw new Exception("Fatal error: Enrollment package is missing at least one mandatory component: " + System.lineSeparator() + "Server certificate - " + this.isServerCertAvailable + System.lineSeparator() + "Client certificate - " + this.isClientCertAvailable + System.lineSeparator() + "ServerAddress  - " + this.isServerAddressAvailable + System.lineSeparator() + "Google auth Token  - " + this.isGoogleAuthTokenAvailable + System.lineSeparator() + "Enrollment token  - " + this.isEnrollmentTokenAvailable + System.lineSeparator());
    }

    private boolean installClientCertificateToPrivateKeyStore(byte[] bArr) {
        boolean z = true;
        if (this.context.deleteFile(KEYSTORE_NAME)) {
            Logger.info("KeyStore '{}' already existed and was deleted", KEYSTORE_NAME);
        }
        Logger.info("App is trying to create the Keystore (container for client-certificates).");
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(new ByteArrayInputStream(bArr), DEFAULT_PASS.toCharArray());
                FileOutputStream openFileOutput = this.context.openFileOutput(KEYSTORE_NAME, 0);
                try {
                    keyStore.store(openFileOutput, DEFAULT_PASS.toCharArray());
                    try {
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            Logger.debug("Alias: '{}'", nextElement);
                            try {
                                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                                Logger.debug("X509Cert : " + x509Certificate.toString());
                                new PreferencesUtil(this.context).save(SharedPrefKeys.CLIENT_CERT_THUMBPRINT, X509Utils.getCertificateSHA1Fingerprint(x509Certificate));
                                break;
                            } catch (Exception unused) {
                                Logger.warn("Could not save client certificate thumbprint to shared prefs.");
                            }
                        }
                        if (openFileOutput != null) {
                            openFileOutput.close();
                        }
                        Logger.info("Keystore was successfully created and filled with client-certificates.");
                    } catch (Throwable th) {
                        th = th;
                        if (openFileOutput != null) {
                            try {
                                openFileOutput.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    z = false;
                }
            } catch (Exception e) {
                e = e;
                z = false;
                Logger.error(e, "Error while accessing keystore");
                return z;
            }
        } catch (Exception e2) {
            e = e2;
            Logger.error(e, "Error while accessing keystore");
            return z;
        }
        return z;
    }

    @SuppressLint({"ApplySharedPref"})
    private void processAdditionalInfoTxt(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            Map map = (Map) new Gson().fromJson(byteArrayOutputStream.toString("UTF-8"), new TypeToken<HashMap<String, String>>() { // from class: com.baramundi.dpc.controller.logic.CertificateInstallLogicPrivate.1
            }.getType());
            if (map.containsKey("SwitchToDedicatedDeviceEnrollment")) {
                EnrollmentMode enrollmentMode = ProvisioningStateUtil.getEnrollmentMode(this.context);
                EnrollmentMode enrollmentMode2 = EnrollmentMode.DedicatedDevice;
                if (enrollmentMode != enrollmentMode2) {
                    Logger.warn("Switching to dedicated device enrollment because the server told us to during enrollment.");
                    this.prefs.edit().putString(SharedPrefKeys.ENROLLMENT_MODE, enrollmentMode2.toString()).apply();
                }
            }
            if (map.containsKey("RegisteredUserEmail")) {
                this.prefs.edit().putString(SharedPrefKeys.USER_VALIDATION_ENROLLMENT_EMAIL, (String) map.get("RegisteredUserEmail")).apply();
            }
            this.prefs.edit().commit();
        } catch (UnsupportedEncodingException e) {
            Logger.error(e, "Fatal encoding error during enrollment.");
        }
    }

    @SuppressLint({"ApplySharedPref"})
    private boolean saveEnrollmentTokenToSharedPrefs(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
            this.prefs.edit().putString(SharedPrefKeys.ENROLLMENT_TOKEN, byteArrayOutputStream2).commit();
            Logger.info("### Successfully read enrollment token: " + byteArrayOutputStream2);
            return true;
        } catch (UnsupportedEncodingException e) {
            Logger.error(e, "Fatal encoding error during enrollment.");
            return false;
        }
    }

    @SuppressLint({"ApplySharedPref"})
    private boolean saveManagedGooglePlayAccountTokenToSharedPrefs(ByteArrayOutputStream byteArrayOutputStream) {
        String str = null;
        try {
            str = byteArrayOutputStream.toString("UTF-8");
            this.prefs.edit().putString(SharedPrefKeys.MANAGED_GOOGLE_PLAY_AUTHENTICATION_TOKEN, str).commit();
            Logger.info("### Successfully read Managed Google Play Authentication Token");
        } catch (UnsupportedEncodingException e) {
            Logger.error(e, "Fatal encoding error during enrollment.");
        }
        return str != null;
    }

    private void saveResetPasswordToken(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
            if (Build.VERSION.SDK_INT >= 26) {
                boolean resetPasswordToken = this.mDpm.setResetPasswordToken(DeviceAdminReceiver.getComponentName(this.context), Base64.getDecoder().decode(byteArrayOutputStream2));
                StringBuilder sb = new StringBuilder();
                sb.append("Setting the reset password token was ");
                sb.append(resetPasswordToken ? "successful" : "not successful");
                Logger.info(sb.toString());
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Reset password token is ");
                sb2.append(this.mDpm.isResetPasswordTokenActive(DeviceAdminReceiver.getComponentName(this.context)) ? "active" : "inactive");
                Logger.info(sb2.toString());
            } else {
                Logger.info("Didn't set the reset password token, because the device's firmware is below Oreo");
            }
        } catch (UnsupportedEncodingException e) {
            Logger.error(e, "Fatal encoding error during enrollment.");
        } catch (SecurityException e2) {
            Logger.warn("SecurityException: " + e2.getMessage());
            if (ProvisioningStateUtil.isManagedByBaramundiDPC(this.context)) {
                Logger.warn("setResetPasswordToken() does not work if admin was set via 'dpm set-device-owner'.");
            } else {
                Logger.error("Device or work profile is not managed.");
            }
        } catch (Exception e3) {
            Logger.warn(e3, "Could not set reset password token: " + e3.getMessage());
        }
    }

    @SuppressLint({"ApplySharedPref"})
    private boolean saveServerAddressToSharePrefs(ByteArrayOutputStream byteArrayOutputStream) throws UnsupportedEncodingException {
        String trim = byteArrayOutputStream.toString("UTF-8").trim();
        if (!trim.contains(":")) {
            trim = trim + ":443";
        }
        this.prefs.edit().putString(SharedPrefKeys.SERVER_ADDRESS, trim).commit();
        Logger.info("Updated Server Address to '{}'", trim);
        return true;
    }

    private boolean saveServerCertFileFromZip(ByteArrayOutputStream byteArrayOutputStream) {
        new FileUtil(this.context).saveToFile("serverCert.cer", byteArrayOutputStream.toByteArray());
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:50:0x00e8, code lost:
    
        throw new java.lang.Exception("Enrollment package entry too big!");
     */
    @android.annotation.SuppressLint({"ApplySharedPref"})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void installEnrollmentCerts(java.lang.String r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 314
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.baramundi.dpc.controller.logic.CertificateInstallLogicPrivate.installEnrollmentCerts(java.lang.String):void");
    }

    public KeyStore.Entry loadClientCertEntryFromPrivateKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(this.context.openFileInput(KEYSTORE_NAME), DEFAULT_PASS.toCharArray());
            return keyStore.getEntry(keyStore.aliases().nextElement(), null);
        } catch (Exception unused) {
            Logger.error("Error while loading '{}'", KEYSTORE_NAME);
            return null;
        }
    }
}
