package com.microsoft.omadm.platforms.android.provider;

import android.util.Base64;
import com.microsoft.omadm.OMADMItem;
import com.microsoft.omadm.OMADMStatusCode;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.exception.OMADMStatusException;
import com.microsoft.omadm.platforms.ICertificateStoreManager;
import com.microsoft.omadm.platforms.IShiftWorkerManager;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import com.microsoft.omadm.platforms.android.certmgr.data.CertStateData;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.provider.OMADMAggregateProvider;
import com.microsoft.omadm.provider.OMADMLeafNode;
import com.microsoft.omadm.utils.CertUtils;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.logging.Logger;

/* loaded from: classes.dex */
public class CertificateStoreRootProvider extends OMADMAggregateProvider {
    private static final Logger LOGGER = Logger.getLogger(CertificateStoreRootProvider.class.getName());
    private final CertStateData certStateData;
    private final ICertificateStoreManager certStoreMgr;

    /* loaded from: classes.dex */
    private class RootCertificateProvider extends OMADMAggregateProvider {
        private static final String ENCODED_CERT_NODE_NAME = "EncodedCertificate";
        private static final String IS_INSTALLED_NODE_NAME = "IsInstalled";

        RootCertificateProvider(final ICertificateStoreManager iCertificateStoreManager, final RootCertificateState rootCertificateState) {
            putChild(ENCODED_CERT_NODE_NAME, new OMADMLeafNode() { // from class: com.microsoft.omadm.platforms.android.provider.CertificateStoreRootProvider.RootCertificateProvider.1
                @Override // com.microsoft.omadm.provider.OMADMLeafNode
                public OMADMItem get() throws OMADMException {
                    if (rootCertificateState.certBlob == null) {
                        throw new OMADMStatusException(OMADMStatusCode.STATUS_E_FAILED);
                    }
                    return new OMADMItem(Base64.encodeToString(rootCertificateState.certBlob, 0));
                }

                @Override // com.microsoft.omadm.provider.OMADMLeafNode
                public void set(OMADMItem oMADMItem) throws OMADMException {
                    if (oMADMItem == null) {
                        throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED);
                    }
                    byte[] decode = Base64.decode(oMADMItem.value, 0);
                    X509Certificate generateX509Certificate = CertUtils.generateX509Certificate(decode);
                    if (!CertUtils.isCaCertificate(generateX509Certificate)) {
                        CertificateStoreRootProvider.LOGGER.warning(MessageFormat.format("Certificate with thumbprint {0} is not a CA cert", CertUtils.getThumbPrint(generateX509Certificate)));
                        throw new OMADMStatusException(OMADMStatusCode.STATUS_E_FAILED);
                    }
                    rootCertificateState.certBlob = decode;
                    rootCertificateState.issuers = generateX509Certificate.getSubjectX500Principal().getName();
                    iCertificateStoreManager.addRootCert(rootCertificateState);
                }
            });
            putChild(IS_INSTALLED_NODE_NAME, new OMADMLeafNode() { // from class: com.microsoft.omadm.platforms.android.provider.CertificateStoreRootProvider.RootCertificateProvider.2
                @Override // com.microsoft.omadm.provider.OMADMLeafNode
                public OMADMItem get() throws OMADMException {
                    if (rootCertificateState.status == CertStatus.CERT_INSTALL_SUCCESS) {
                        return new OMADMItem(true);
                    }
                    throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_FOUND);
                }
            });
        }
    }

    public CertificateStoreRootProvider(CertStateData certStateData, ICertificateStoreManager iCertificateStoreManager) {
        this.certStateData = certStateData;
        this.certStoreMgr = iCertificateStoreManager;
        try {
            for (RootCertificateState rootCertificateState : this.certStateData.getAllRootCertificates()) {
                if (rootCertificateState.certBlob != null || this.certStoreMgr.loadRootCertificate(rootCertificateState)) {
                    putChild(rootCertificateState.thumbPrint, new RootCertificateProvider(this.certStoreMgr, rootCertificateState));
                } else {
                    LOGGER.warning(MessageFormat.format("Could not load certificate ''{0}'' from device. Not adding to node hierarchy.", rootCertificateState.alias));
                }
            }
        } catch (OMADMException e) {
            LOGGER.warning("Failed to get root certificate policies. Unable to build node hierarchy for root certificates.");
        }
    }

    @Override // com.microsoft.omadm.provider.OMADMAggregateProvider, com.microsoft.omadm.provider.OMADMProvider
    public void addNode(String str, OMADMItem oMADMItem) throws OMADMException {
        if (str == null || str.length() == 0) {
            super.addNode(str, oMADMItem);
            return;
        }
        String[] divideUri = divideUri(str);
        if (divideUri == null || divideUri.length < 1) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_SUPPORTED);
        }
        if (this.certStateData.getRootCertificateByThumbPrint(divideUri[0]) == null || !containsChild(divideUri[0])) {
            putChild(divideUri[0], new RootCertificateProvider(this.certStoreMgr, new RootCertificateState(divideUri[0])));
        }
        super.addNode(str, oMADMItem);
    }

    @Override // com.microsoft.omadm.provider.OMADMAggregateProvider, com.microsoft.omadm.provider.OMADMProvider
    public void deleteNode(String str) throws OMADMException {
        if (str == null || str.length() == 0) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_FAILED);
        }
        IShiftWorkerManager iShiftWorkerManager = (IShiftWorkerManager) Services.getInstance(IShiftWorkerManager.class);
        if (iShiftWorkerManager != null && iShiftWorkerManager.isShiftWorkerModeEnabled()) {
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_FORBIDDEN, "Root certificate deletion is disabled while in shift worker mode.");
        }
        String[] divideUri = divideUri(str);
        if (1 != divideUri.length) {
            super.deleteNode(str);
            return;
        }
        RootCertificateState rootCertificateByThumbPrint = this.certStateData.getRootCertificateByThumbPrint(divideUri[0]);
        if (rootCertificateByThumbPrint == null) {
            LOGGER.severe(MessageFormat.format("Root cert with thumbprint  ({0}) is not found for deletion.", divideUri[0]));
            throw new OMADMStatusException(OMADMStatusCode.STATUS_E_NOT_FOUND);
        }
        this.certStoreMgr.tryRemoveCACertificate(rootCertificateByThumbPrint);
        rootCertificateByThumbPrint.pendingDelete = true;
        rootCertificateByThumbPrint.status = CertStatus.CERT_DELETED;
        this.certStateData.update(rootCertificateByThumbPrint);
    }
}
