package com.microsoft.omadm.platforms.android.certmgr;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.Parcel;
import android.os.Parcelable;
import android.security.KeyChain;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.client.InternalServiceTask;
import com.microsoft.omadm.client.OMADMClientService;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.state.RootCertInstallStateMachine;
import com.microsoft.omadm.platforms.android.certmgr.state.ScepCertInstallStateMachine;
import com.microsoft.omadm.utils.CertUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class CertInstallActivity extends Activity {
    private static final int CERT_INSTALL_REQUEST_CODE = 0;
    private static final String EXTRA_PRIVATE_KEY = "PKEY";
    private static final String EXTRA_PUBLIC_KEY = "KEY";
    private static final int KEY_INSTALL_REQUEST_CODE = 2;
    public static final String ROOT_CERT_TYPE = "root";
    public static final String SCEP_CERT_TYPE = "scep";
    private String certAlias;
    private String certKey;
    private String certType;
    private byte[] encodedCert;
    private TableRepository tr;
    private Long userId;
    private final Logger logger = Logger.getLogger(CertInstallActivity.class.getName());
    private boolean useFallbackInstall = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CertInstallResultProcessor implements InternalServiceTask {
        public static final Parcelable.Creator<CertInstallResultProcessor> CREATOR = new Parcelable.Creator<CertInstallResultProcessor>() { // from class: com.microsoft.omadm.platforms.android.certmgr.CertInstallActivity.CertInstallResultProcessor.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // android.os.Parcelable.Creator
            public CertInstallResultProcessor createFromParcel(Parcel parcel) {
                return new CertInstallResultProcessor(parcel);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // android.os.Parcelable.Creator
            public CertInstallResultProcessor[] newArray(int i) {
                return new CertInstallResultProcessor[i];
            }
        };
        private final String certKey;
        private final String certType;
        private final Context context;
        private final boolean fallbackInstallUsed;
        private final Logger logger;
        private final Long userId;

        private CertInstallResultProcessor(Parcel parcel) {
            this.logger = Logger.getLogger(CertInstallResultProcessor.class.getName());
            this.context = (Context) Services.getInstance(Context.class);
            this.certType = parcel.readString();
            this.certKey = parcel.readString();
            this.userId = Long.valueOf(parcel.readLong());
            this.fallbackInstallUsed = parcel.readInt() != 0;
        }

        CertInstallResultProcessor(String str, String str2, Long l, boolean z) {
            this.logger = Logger.getLogger(CertInstallResultProcessor.class.getName());
            this.context = (Context) Services.getInstance(Context.class);
            this.certType = str;
            this.certKey = str2;
            this.userId = l;
            this.fallbackInstallUsed = z;
        }

        @Override // android.os.Parcelable
        public int describeContents() {
            return 0;
        }

        @Override // java.lang.Runnable
        public void run() {
            TableRepository tableRepository = TableRepository.getInstance(this.context);
            try {
                if (!this.certType.equals("root")) {
                    ScepCertificateState scepCertificateState = (ScepCertificateState) tableRepository.get(new ScepCertificateState.Key(this.certKey, this.userId));
                    if (scepCertificateState == null) {
                        this.logger.severe("Unable to get scep cert '" + this.certKey + "' from table repository while running CertInstallResultProcessor task.");
                        return;
                    }
                    if (CertStatus.CERT_INSTALLING != scepCertificateState.status) {
                        ((ScepCertInstallStateMachine) Services.getInstance(ScepCertInstallStateMachine.class)).transition(scepCertificateState, CertStatus.CERT_INSTALL_ERROR);
                        return;
                    }
                    ((ScepCertInstallStateMachine) Services.getInstance(ScepCertInstallStateMachine.class)).transition(scepCertificateState, CertStatus.CERT_ACCESS_REQUESTED);
                    if (this.fallbackInstallUsed) {
                        return;
                    }
                    this.context.startActivity(CertAccessActivity.buildScepCertAccessIntent(this.context, scepCertificateState));
                    return;
                }
                RootCertificateState rootCertificateState = (RootCertificateState) tableRepository.get(new RootCertificateState.Key(this.certKey));
                if (rootCertificateState == null) {
                    this.logger.severe("Unable to get root cert \"" + this.certKey + "\" from table repository while running CertInstallResultProcessor task.");
                    return;
                }
                if (CertStatus.CERT_INSTALLING != rootCertificateState.status) {
                    ((RootCertInstallStateMachine) Services.getInstance(RootCertInstallStateMachine.class)).transition(rootCertificateState, CertStatus.CERT_INSTALL_ERROR);
                    return;
                }
                try {
                    rootCertificateState.alias = CertUtils.getCAAliasFromCertificate(rootCertificateState);
                    rootCertificateState.certBlob = null;
                } catch (OMADMException e) {
                    if (!this.fallbackInstallUsed) {
                        throw e;
                    }
                    ((RootCertInstallStateMachine) Services.getInstance(RootCertInstallStateMachine.class)).transition(rootCertificateState, CertStatus.CERT_INSTALL_ERROR);
                }
                ((RootCertInstallStateMachine) Services.getInstance(RootCertInstallStateMachine.class)).transition(rootCertificateState, CertStatus.CERT_INSTALL_SUCCESS);
            } catch (OMADMException e2) {
                this.logger.log(Level.SEVERE, "Exception caught while running CertInstallResultProcessor task for CertInstallActivity", (Throwable) e2);
            }
        }

        @Override // android.os.Parcelable
        public void writeToParcel(Parcel parcel, int i) {
            parcel.writeString(this.certType);
            parcel.writeString(this.certKey);
            parcel.writeLong(this.userId.longValue());
            parcel.writeInt(this.fallbackInstallUsed ? 1 : 0);
        }
    }

    public static Intent buildRootCertInstallIntent(Context context, RootCertificateState rootCertificateState, boolean z) {
        Intent intent = new Intent(context, (Class<?>) CertInstallActivity.class);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY, rootCertificateState.thumbPrint);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE, "root");
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, z);
        intent.addFlags(268435456);
        return intent;
    }

    public static Intent buildScepCertInstallIntent(Context context, ScepCertificateState scepCertificateState, boolean z) {
        Intent intent = new Intent(context, (Class<?>) CertInstallActivity.class);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY, scepCertificateState.requestId);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE, "scep");
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_USER_ID, scepCertificateState.user);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, z);
        intent.addFlags(268435456);
        return intent;
    }

    private byte[] getCertBlobWithEmptyPassword(ScepCertificateState scepCertificateState, char[] cArr) throws OMADMException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (ArrayUtils.isEmpty(cArr)) {
            return scepCertificateState.certStoreBlob;
        }
        KeyStore loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        loadKeyStore.store(byteArrayOutputStream, NativeCertStorePasswords.EMPTY_PASSWORD);
        return byteArrayOutputStream.toByteArray();
    }

    private char[] getCurrentPassword() throws OMADMException {
        CertStorePasswords certStorePasswords = (CertStorePasswords) Services.getInstance(CertStorePasswords.class);
        if (certStorePasswords == null || certStorePasswords.getStorePassword() == null) {
            throw new OMADMException("Unable to get the CertStorePasswords instance to extract the Store Password.");
        }
        return certStorePasswords.getStorePassword();
    }

    private Intent getInstallIntent(RootCertificateState rootCertificateState) {
        Intent createInstallIntent = KeyChain.createInstallIntent();
        if (rootCertificateState.certBlob == null) {
            this.logger.severe("Root cert does not have content. ThumbPrint: " + rootCertificateState.thumbPrint);
            return null;
        }
        createInstallIntent.putExtra("CERT", rootCertificateState.certBlob);
        createInstallIntent.putExtra("name", rootCertificateState.defaultDisplayName);
        return createInstallIntent;
    }

    private Intent getInstallIntent(ScepCertificateState scepCertificateState) {
        if (this.userId.longValue() == -1) {
            this.logger.warning("Unable to install SCEP certificate due to missing user ID.");
        } else if (scepCertificateState == null || scepCertificateState.certStoreBlob == null) {
            this.logger.severe("Scep cert does not have content. RequestId: " + (scepCertificateState == null ? "invalid" : scepCertificateState.requestId));
        } else {
            this.certAlias = scepCertificateState.alias;
            try {
                char[] currentPassword = getCurrentPassword();
                Intent createInstallIntent = KeyChain.createInstallIntent();
                if (this.useFallbackInstall) {
                    createInstallIntent.putExtra("PKCS12", getCertBlobWithEmptyPassword(scepCertificateState, currentPassword));
                    createInstallIntent.putExtra("name", scepCertificateState.alias);
                } else {
                    KeyStore loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, currentPassword);
                    if (loadKeyStore.containsAlias(scepCertificateState.alias)) {
                        Certificate certificate = loadKeyStore.getCertificate(scepCertificateState.alias);
                        this.encodedCert = certificate.getEncoded();
                        PublicKey publicKey = certificate.getPublicKey();
                        PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(scepCertificateState.alias, currentPassword);
                        this.logger.info("Installing private key for user certificate. RequestId: " + scepCertificateState.requestId);
                        createInstallIntent.putExtra("KEY", publicKey.getEncoded());
                        createInstallIntent.putExtra("PKEY", privateKey.getEncoded());
                    }
                }
                return createInstallIntent;
            } catch (OMADMException e) {
                this.logger.severe("Unable to proceed with cert install: " + e.getMessage());
            } catch (IOException e2) {
                this.logger.log(Level.SEVERE, "Exception caught while trying to read from the certStoreBlob byte array.");
            } catch (KeyStoreException e3) {
                this.logger.log(Level.SEVERE, "Exception caught while trying to get an instance of PKCS12 KeyStore.");
            } catch (NoSuchAlgorithmException e4) {
                this.logger.log(Level.SEVERE, "Exception caught while trying to open the PKCS12 KeyStore.");
            } catch (UnrecoverableKeyException e5) {
                this.logger.log(Level.SEVERE, "Exception caught while trying to read the PrivateKey from the PKCS12");
            } catch (CertificateEncodingException e6) {
                this.logger.log(Level.SEVERE, "Exception caught while encoding the certs from the PKCS12 KeyStore.");
            } catch (CertificateException e7) {
                this.logger.log(Level.SEVERE, "Exception caught while loading the certs from the PKCS12 KeyStore.");
            }
        }
        return null;
    }

    private void updateCertStatus(CertStatus certStatus) throws OMADMException {
        if (this.certType.equals("root")) {
            ((RootCertInstallStateMachine) Services.getInstance(RootCertInstallStateMachine.class)).transition((RootCertificateState) this.tr.get(new RootCertificateState.Key(this.certKey)), certStatus);
        } else {
            ((ScepCertInstallStateMachine) Services.getInstance(ScepCertInstallStateMachine.class)).transition((ScepCertificateState) this.tr.get(new ScepCertificateState.Key(this.certKey, this.userId)), certStatus);
        }
    }

    @Override // android.app.Activity
    protected void onActivityResult(int i, int i2, Intent intent) {
        Context baseContext = getBaseContext();
        try {
            Logger logger = this.logger;
            Object[] objArr = new Object[3];
            objArr[0] = Integer.valueOf(i);
            objArr[1] = this.useFallbackInstall ? ", while using fallback, " : "";
            objArr[2] = Integer.valueOf(i2);
            logger.finer(MessageFormat.format("Install requestCode ''{0}''{1} returned with result code: {2}", objArr));
            switch (i) {
                case 0:
                    if (i2 == -1 || this.useFallbackInstall) {
                        updateCertStatus(CertStatus.CERT_INSTALLING);
                        if (!OMADMClientService.queueTask(baseContext, new CertInstallResultProcessor(this.certType, this.certKey, this.userId, this.useFallbackInstall), "Process certificate install result")) {
                            this.logger.severe(MessageFormat.format("Unable to queue task for processing certificate install. certType={0}; certKey={1}", this.certType, this.certKey));
                            updateCertStatus(CertStatus.CERT_INSTALL_ERROR);
                        }
                    } else {
                        updateCertStatus(i2 == 0 ? CertStatus.CERT_INSTALL_CANCELLED : CertStatus.CERT_INSTALL_ERROR);
                    }
                    finish();
                    return;
                case 1:
                default:
                    this.logger.warning("CertInstallActivity received unknown request code on callback: " + i);
                    return;
                case 2:
                    Intent createInstallIntent = KeyChain.createInstallIntent();
                    createInstallIntent.putExtra("CERT", this.encodedCert);
                    createInstallIntent.putExtra("name", this.certAlias);
                    this.logger.info("Installing user certificate. Key: " + this.certKey);
                    startActivityForResult(createInstallIntent, 0);
                    return;
            }
        } catch (OMADMException e) {
            this.logger.log(Level.SEVERE, "Failed to update cert status.", (Throwable) e);
            finish();
        }
    }

    @Override // android.app.Activity
    protected void onCreate(Bundle bundle) {
        Intent installIntent;
        int i;
        super.onCreate(bundle);
        Intent intent = getIntent();
        Context baseContext = getBaseContext();
        if (intent == null || baseContext == null) {
            this.logger.warning("Unable to start cert install. Missing intent and/or context.");
            finish();
            return;
        }
        this.certType = intent.getStringExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE);
        this.certKey = intent.getStringExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY);
        this.userId = Long.valueOf(intent.getLongExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_USER_ID, -1L));
        this.useFallbackInstall = intent.getBooleanExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, false);
        this.tr = TableRepository.getInstance(baseContext);
        if (StringUtils.isEmpty(this.certType) || StringUtils.isEmpty(this.certKey) || this.tr == null) {
            this.logger.warning("Unable to start cert install. Missing certType and/or certKey and/or tableRepository.");
            finish();
            return;
        }
        if (this.certType.equals("root")) {
            installIntent = getInstallIntent((RootCertificateState) this.tr.get(new RootCertificateState.Key(this.certKey)));
            i = 0;
        } else {
            installIntent = getInstallIntent((ScepCertificateState) this.tr.get(new ScepCertificateState.Key(this.certKey, this.userId)));
            i = this.useFallbackInstall ? 0 : 2;
        }
        if (installIntent != null) {
            startActivityForResult(installIntent, i);
        } else {
            finish();
        }
    }
}
