package com.baramundi.dpc.controller.jobStepExecutionController;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.os.Build;
import android.util.Base64;
import com.androidnetworking.common.ANResponse;
import com.baramundi.dpc.DeviceAdminReceiver;
import com.baramundi.dpc.common.GsonUtil;
import com.baramundi.dpc.common.PreferencesUtil;
import com.baramundi.dpc.common.SharedPrefKeys;
import com.baramundi.dpc.common.model.results.ControllerExecutionResult;
import com.baramundi.dpc.controller.http.DataTransferController;
import com.baramundi.dpc.controller.logic.CertificateInstallLogicPrivate;
import com.baramundi.dpc.controller.logic.WiFiConfigurationLogic;
import com.baramundi.dpc.persistence.databases.CertificateWithPWDatabase;
import com.baramundi.dpc.persistence.entities.CertificateWithPW;
import com.baramundi.dpc.rest.DataTransferObjects.AndroidJobstepResult;
import com.baramundi.dpc.rest.DataTransferObjects.Enums.ErrorCode;
import com.baramundi.dpc.rest.DataTransferObjects.Enums.SCEPRequestStatus;
import com.baramundi.dpc.rest.DataTransferObjects.ExecutionResult;
import com.baramundi.dpc.rest.DataTransferObjects.GenericRequestResult;
import com.baramundi.dpc.rest.DataTransferObjects.GenericSCEPSettings;
import com.baramundi.dpc.rest.DataTransferObjects.JobStepInstanceAndroid;
import com.baramundi.dpc.rest.DataTransferObjects.JobstepSCEPConfiguration;
import com.baramundi.dpc.rest.DataTransferObjects.SCEPRequestResponse;
import com.baramundi.dpc.util.X509Utils;
import com.google.gson.Gson;
import java.security.KeyStore;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.Callable;
import org.tinylog.Logger;

/* loaded from: classes.dex */
public class ControllerSCEPCertificate extends AbstractProfileInstallController {
    public static final String SCEPResponse = "SCEPResponse";
    static final Class SUPPORTED_JOBSTEP_CLASS_INSTALL = JobstepSCEPConfiguration.class;
    private DataTransferController dtc;

    /* renamed from: com.baramundi.dpc.controller.jobStepExecutionController.ControllerSCEPCertificate$1, reason: invalid class name */
    /* loaded from: classes.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus;

        static {
            int[] iArr = new int[SCEPRequestStatus.values().length];
            $SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus = iArr;
            try {
                iArr[SCEPRequestStatus.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus[SCEPRequestStatus.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus[SCEPRequestStatus.PENDING.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus[SCEPRequestStatus.COMMON_ERROR.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public ControllerSCEPCertificate(Context context) {
        super(context);
    }

    protected ControllerSCEPCertificate(Context context, DataTransferController dataTransferController) {
        super(context);
        this.dtc = dataTransferController;
    }

    @Override // com.baramundi.dpc.controller.jobStepExecutionController.AbstractController
    protected ControllerExecutionResult installJobStep(JobStepInstanceAndroid jobStepInstanceAndroid) {
        GenericRequestResult genericRequestResult;
        boolean z;
        Logger.info("installJobStep() called with: jobStep = {}", jobStepInstanceAndroid);
        JobstepSCEPConfiguration jobstepSCEPConfiguration = (JobstepSCEPConfiguration) jobStepInstanceAndroid;
        GenericSCEPSettings genericSCEPSettings = jobstepSCEPConfiguration.genericSCEPConfiguration.scepSettings;
        if (this.dtc == null) {
            KeyStore.Entry loadClientCertEntryFromPrivateKeyStore = new CertificateInstallLogicPrivate(this.context).loadClientCertEntryFromPrivateKeyStore();
            if (loadClientCertEntryFromPrivateKeyStore == null) {
                Logger.error("client certificate is missing");
                return ControllerExecutionResult.failed("client certificate is missing");
            }
            final PreferencesUtil preferencesUtil = new PreferencesUtil(this.context);
            this.dtc = new DataTransferController(new Callable() { // from class: com.baramundi.dpc.controller.jobStepExecutionController.ControllerSCEPCertificate$$ExternalSyntheticLambda0
                @Override // java.util.concurrent.Callable
                public final Object call() {
                    String str;
                    str = PreferencesUtil.this.get(SharedPrefKeys.SERVER_ADDRESS);
                    return str;
                }
            }, loadClientCertEntryFromPrivateKeyStore);
        }
        int i = genericSCEPSettings.retryCount;
        int i2 = genericSCEPSettings.retryDelay;
        AndroidJobstepResult androidJobstepResult = null;
        int i3 = 0;
        AndroidJobstepResult androidJobstepResult2 = null;
        while (true) {
            if (i3 > 0) {
                try {
                    Logger.info("Retrying to get SCEP certificate. Thread sleeps now for '{}' seconds", Integer.valueOf(i2));
                    Thread.sleep(i2 * 1000);
                } catch (InterruptedException e) {
                    Logger.debug(e, "The thread sleep was interrupted while waiting for another retry...");
                }
            }
            ANResponse executeForString = this.dtc.getSCEPCertificate(jobstepSCEPConfiguration.genericSCEPConfiguration).executeForString();
            if (executeForString.isSuccess()) {
                genericRequestResult = (GenericRequestResult) GsonUtil.fromJson((String) executeForString.getResult(), GenericRequestResult.class);
            } else {
                Object[] objArr = new Object[1];
                objArr[0] = executeForString.getError() != null ? Integer.valueOf(executeForString.getError().getErrorCode()) : "N/A";
                Logger.warn("HTTP request failed. Error code '{}'", objArr);
                genericRequestResult = null;
            }
            if (genericRequestResult != null && genericRequestResult.Data.get(SCEPResponse) != null) {
                Logger.debug("OK: The server returned a SCEP response");
                SCEPRequestResponse sCEPRequestResponse = (SCEPRequestResponse) GsonUtil.fromJson(new Gson().toJson(genericRequestResult.Data.get(SCEPResponse)), SCEPRequestResponse.class);
                SCEPRequestStatus sCEPRequestStatus = sCEPRequestResponse.status;
                Logger.info("Incoming SCEP request state for SCEP entry '{}': {}", jobstepSCEPConfiguration.genericSCEPConfiguration.scepEntryTitle, sCEPRequestStatus);
                int i4 = AnonymousClass1.$SwitchMap$com$baramundi$dpc$rest$DataTransferObjects$Enums$SCEPRequestStatus[sCEPRequestStatus.ordinal()];
                if (i4 == 1) {
                    Logger.info("Successful SCEP response");
                    CertificateWithPWDatabase certificateWithPWDatabase = CertificateWithPWDatabase.getInstance(this.context);
                    String upperCase = jobstepSCEPConfiguration.genericSCEPConfiguration.scepSettings.scepEntryIdAsString.toUpperCase(Locale.US);
                    Logger.debug("Number of certificates in database with profileEntryID '{}': {}", upperCase, Integer.valueOf(certificateWithPWDatabase.certificateWithPWDao().getCount(jobstepSCEPConfiguration.profileIdentifier, upperCase).intValue()));
                    CertificateWithPW certificateWithPW = new CertificateWithPW(jobstepSCEPConfiguration.profileIdentifier, upperCase, Base64.decode(sCEPRequestResponse.certificateBase64, 0), sCEPRequestResponse.certificatePasswd, false, CertificateWithPW.CERT_TYPE_SCEP);
                    certificateWithPWDatabase.certificateWithPWDao().insert(certificateWithPW);
                    Logger.info("Added certificate to database: {}", certificateWithPW);
                    z = true;
                    break;
                }
                if (i4 == 2 || i4 == 3) {
                    Logger.warn("SCEP response with error '{}' received", sCEPRequestStatus);
                    androidJobstepResult2 = new AndroidJobstepResult();
                    androidJobstepResult2.ErrorCodeForStep = ErrorCode.SCEPCertificateServiceError;
                    androidJobstepResult2.DetailedError = sCEPRequestResponse.errorMessage;
                } else {
                    Logger.warn("SCEP response with error '{}' received", sCEPRequestStatus);
                    androidJobstepResult2 = new AndroidJobstepResult();
                    androidJobstepResult2.ErrorCodeForStep = ErrorCode.SCEPCertificateCommonError;
                    androidJobstepResult2.DetailedError = sCEPRequestResponse.errorMessage;
                }
            } else {
                AndroidJobstepResult androidJobstepResult3 = new AndroidJobstepResult();
                androidJobstepResult3.ErrorCodeForStep = ErrorCode.SCEPCertificateCommonError;
                androidJobstepResult3.DetailedError = "The server returned an invalid SCEP response";
                Logger.warn("The server returned an invalid SCEP response");
                androidJobstepResult2 = androidJobstepResult3;
            }
            i3++;
            if (i3 >= i) {
                z = false;
                break;
            }
        }
        if (!z) {
            Logger.error("Stopped requesting SCEP certificate. The limit of '{}' retries has been reached.", Integer.valueOf(i));
            androidJobstepResult = androidJobstepResult2;
        }
        return convertAndSaveResult(androidJobstepResult, false, true, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.baramundi.dpc.controller.jobStepExecutionController.AbstractController
    public ControllerExecutionResult uninstallJobStep(JobStepInstanceAndroid jobStepInstanceAndroid) {
        boolean z;
        JobstepSCEPConfiguration jobstepSCEPConfiguration = (JobstepSCEPConfiguration) jobStepInstanceAndroid;
        String upperCase = jobstepSCEPConfiguration.genericSCEPConfiguration.scepSettings.scepEntryIdAsString.toUpperCase(Locale.US);
        String str = jobstepSCEPConfiguration.profileIdentifier;
        DevicePolicyManager devicePolicyManager = (DevicePolicyManager) this.context.getSystemService("device_policy");
        ComponentName componentName = DeviceAdminReceiver.getComponentName(this.context);
        CertificateWithPWDatabase certificateWithPWDatabase = CertificateWithPWDatabase.getInstance(this.context);
        List<CertificateWithPW> byProfileIdentifierAndEntryIDAndUsage = certificateWithPWDatabase.certificateWithPWDao().getByProfileIdentifierAndEntryIDAndUsage(str, upperCase, CertificateWithPW.CERT_USE_STANDALONE);
        if (Build.VERSION.SDK_INT >= 24) {
            Logger.info("{} SCEP certificate(s) will be removed from the system", Integer.valueOf(byProfileIdentifierAndEntryIDAndUsage.size()));
            Iterator<CertificateWithPW> it = byProfileIdentifierAndEntryIDAndUsage.iterator();
            loop0: while (true) {
                z = true;
                while (it.hasNext()) {
                    if (!devicePolicyManager.removeKeyPair(componentName, X509Utils.getCertificateSHA1Fingerprint(WiFiConfigurationLogic.parseCertificateData(it.next()).getClientCertificate(), "").toLowerCase(Locale.ROOT)) || !z) {
                        z = false;
                    }
                }
            }
            if (!z) {
                ControllerExecutionResult failed = ControllerExecutionResult.failed("Error during removal of SCEP certificate.");
                failed.setErrorCode(ErrorCode.SCEPCertificateCommonError);
                return failed;
            }
        } else if (byProfileIdentifierAndEntryIDAndUsage.size() > 0) {
            ControllerExecutionResult failed2 = ControllerExecutionResult.failed("SCEP certificates can only be removed with Android 7.0 and newer.");
            failed2.setErrorCode(ErrorCode.SCEPCertificateCommonError);
            return failed2;
        }
        Logger.debug("{} SCEP certificate(s) will be removed from the DB", Integer.valueOf(certificateWithPWDatabase.certificateWithPWDao().getCount(str, upperCase).intValue()));
        certificateWithPWDatabase.certificateWithPWDao().deleteAllWith(str, upperCase);
        return convertAndSaveResult((ExecutionResult) null, false);
    }
}
