package com.sec.enterprise.knox.cloudmdm.smdms.server;

import android.content.Context;
import android.os.UserHandle;
import com.sec.enterprise.knox.cloudmdm.smdms.security.CloudMDMSecurity;
import com.sec.enterprise.knox.cloudmdm.smdms.security.Pinning;
import com.sec.enterprise.knox.cloudmdm.smdms.security.SecurityUtils;
import com.sec.enterprise.knox.cloudmdm.smdms.utilities.Log;
import com.sec.enterprise.knox.express.ExpressApp;
import com.squareup.okhttp.Callback;
import com.squareup.okhttp.HttpUrl;
import com.squareup.okhttp.Interceptor;
import com.squareup.okhttp.MediaType;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.RequestBody;
import com.squareup.okhttp.Response;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: classes.dex */
public class AsyncNetworkClient {
    private static final String NAME_TAG = "[" + UserHandle.myUserId() + "]MyKNOX:AsyncNetworkClient";
    public static final int PINNING_ERROR_CODE = 8801;
    private String BASE_URL;
    private int MAX_RETRIES;
    private int MAX_TIMEOUT;
    private OkHttpClient mClient;
    private Request.Builder mRequestBuilder;

    /* loaded from: classes.dex */
    public static class AsyncResponseCallbackDecorator implements Callback {
        private AsyncResponseCallback mAsyncResponseCallback;

        public AsyncResponseCallbackDecorator(AsyncResponseCallback asyncResponseCallback) {
            this.mAsyncResponseCallback = asyncResponseCallback;
        }

        @Override // com.squareup.okhttp.Callback
        public void onFailure(Request request, IOException iOException) {
            CloudMDMSecurity.onFinish();
            this.mAsyncResponseCallback.onFailure(request, iOException);
        }

        @Override // com.squareup.okhttp.Callback
        public void onResponse(Response response) throws IOException {
            CloudMDMSecurity.onFinish();
            this.mAsyncResponseCallback.onResponse(response);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class NonTimaKeyManager implements X509KeyManager {
        private String mAlias;
        private CloudMDMSecurity mSecurity;

        public NonTimaKeyManager(Context context, String str) {
            this.mAlias = "hash";
            this.mAlias = str;
            this.mSecurity = CloudMDMSecurity.getInstance(context);
        }

        private X509Certificate[] convertCertificates(Certificate[] certificateArr) throws CertificateException {
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i = 0; i < certificateArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            Log.d(AsyncNetworkClient.NAME_TAG, "chooseClientAlias : " + this.mAlias);
            return this.mAlias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            Log.d(AsyncNetworkClient.NAME_TAG, "chooseServerAlias");
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            Log.d(AsyncNetworkClient.NAME_TAG, "getCertificateChain : " + str);
            try {
                return convertCertificates(this.mSecurity.getClientStore().getCertificateChain(str));
            } catch (KeyStoreException e) {
                e.printStackTrace();
                return null;
            } catch (CertificateException e2) {
                e2.printStackTrace();
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            Log.d(AsyncNetworkClient.NAME_TAG, "getClientAliases");
            return new String[]{this.mAlias};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            Log.d(AsyncNetworkClient.NAME_TAG, "getPrivateKey : " + str);
            try {
                return (PrivateKey) this.mSecurity.getClientStore().getKey(str, this.mSecurity.getKeyStoreKey().toCharArray());
            } catch (KeyStoreException e) {
                e.printStackTrace();
                return null;
            } catch (NoSuchAlgorithmException e2) {
                e2.printStackTrace();
                return null;
            } catch (UnrecoverableKeyException e3) {
                e3.printStackTrace();
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            Log.d(AsyncNetworkClient.NAME_TAG, "getServerAliases");
            return null;
        }
    }

    /* loaded from: classes.dex */
    public class UserAgentInterceptor implements Interceptor {
        private final String userAgent;

        public UserAgentInterceptor(String str) {
            this.userAgent = str;
        }

        @Override // com.squareup.okhttp.Interceptor
        public Response intercept(Interceptor.Chain chain) throws IOException {
            return chain.proceed(chain.request().newBuilder().removeHeader("User-Agent").addHeader("User-Agent", this.userAgent).build());
        }
    }

    public AsyncNetworkClient(String str, Context context) {
        this.mClient = new OkHttpClient();
        this.MAX_RETRIES = 3;
        this.MAX_TIMEOUT = 60000;
        Log.d(NAME_TAG, "Base Constructor : No Mutual Auth");
        if (str != null && str.startsWith("https://")) {
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, Pinning.getInstance(ExpressApp.getInstance().getApplicationContext()).getTrustManagers(str), null);
                this.mClient.setSslSocketFactory(sSLContext.getSocketFactory());
            } catch (Throwable th) {
                Log.d(NAME_TAG, "GOT EXCEPTION AT asyncnetworkclient base constructor! : " + th.getMessage());
                th.printStackTrace();
                this.mClient.setSslSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
            }
        }
        this.mClient.setHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier());
        this.mClient.setConnectTimeout(this.MAX_TIMEOUT, TimeUnit.MILLISECONDS);
        this.mRequestBuilder = new Request.Builder();
        this.mRequestBuilder.addHeader("Accept", "application/json");
        this.mRequestBuilder.addHeader("User-Agent", ServerUtils.userAgent);
        this.BASE_URL = str;
    }

    public AsyncNetworkClient(String str, Context context, String str2, String str3) {
        this(str, context);
        if (str == null || !str.startsWith("https://")) {
            return;
        }
        Log.d(NAME_TAG, "Its https:" + str);
        try {
            doMutualAuth(context, str2, str3, str);
        } catch (Exception e) {
            Log.d(NAME_TAG, "SSL exception:" + e.getMessage());
            Log.e(NAME_TAG, "SSL connection failed: " + Log.getStackTraceString(e));
        }
    }

    public AsyncNetworkClient(String str, Context context, boolean z) {
        this.mClient = new OkHttpClient();
        this.MAX_RETRIES = 3;
        this.MAX_TIMEOUT = 60000;
        this.mClient.setHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier());
        this.mClient.setConnectTimeout(this.MAX_TIMEOUT, TimeUnit.MILLISECONDS);
        this.mRequestBuilder = new Request.Builder();
        this.mRequestBuilder.addHeader("Accept", "application/json");
        this.mRequestBuilder.addHeader("User-Agent", ServerUtils.userAgent);
        this.BASE_URL = str;
    }

    private void doMutualAuth(Context context, String str, String str2, String str3) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
        Log.d(NAME_TAG, "Start mutual auth");
        if (!ServerUtils.isProd) {
            System.setProperty("javax.net.debug", "ssl");
            System.setProperty("javax.net.ssl.debug", "all");
        }
        SSLSocketFactory sSLSocketFactory = null;
        String aliasIfExists = ServerUtils.getAliasIfExists(context, str, str2);
        Log.d(NAME_TAG, "Alias : " + aliasIfExists);
        Pinning pinning = Pinning.getInstance(ExpressApp.getInstance().getApplicationContext());
        if (aliasIfExists != null) {
            Log.d(NAME_TAG, "CSR");
            SSLContext sSLContext = getSSLContext(context, aliasIfExists, pinning.getTrustManagers(str3));
            if (sSLContext != null) {
                sSLSocketFactory = sSLContext.getSocketFactory();
            }
        } else if (SecurityUtils.isTIMAAvailable()) {
            Log.d(NAME_TAG, "TIMA-CCM");
            if (CloudMDMSecurity.onBindInitiate()) {
                sSLSocketFactory = CloudMDMSecurity.getSSLSocketFactory(str3);
            } else {
                Log.d(NAME_TAG, "fallback to Non-TIMA");
                SSLContext sSLContext2 = getSSLContext(context, aliasIfExists, pinning.getTrustManagers(str3));
                if (sSLContext2 != null) {
                    sSLSocketFactory = sSLContext2.getSocketFactory();
                }
            }
        } else {
            Log.d(NAME_TAG, "Non-TIMA-CCM");
            SSLContext sSLContext3 = getSSLContext(context, aliasIfExists, pinning.getTrustManagers(str3));
            if (sSLContext3 != null) {
                sSLSocketFactory = sSLContext3.getSocketFactory();
            }
        }
        this.mClient.setConnectTimeout(this.MAX_TIMEOUT, TimeUnit.MILLISECONDS);
        if (sSLSocketFactory != null) {
            this.mClient.setHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier());
            this.mClient.setSslSocketFactory(sSLSocketFactory);
        }
    }

    private String getAbsoluteUrl(String str) {
        return String.valueOf(this.BASE_URL) + str;
    }

    static SSLContext getSSLContext(Context context, String str) {
        KeyManager[] keyManagerArr = {new NonTimaKeyManager(context, str)};
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, null, null);
            Log.d(NAME_TAG, "SSL Context initialization done!");
            return sSLContext;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return sSLContext;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return sSLContext;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLContext getSSLContext(Context context, String str, TrustManager[] trustManagerArr) {
        KeyManager[] keyManagerArr = {new NonTimaKeyManager(context, str)};
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            Log.d(NAME_TAG, "SSL Context initialization done!");
            return sSLContext;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return sSLContext;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return sSLContext;
        }
    }

    public void addHeader(String str, String str2) {
        this.mRequestBuilder.addHeader(str, str2);
    }

    public void delete(String str, AsyncResponseCallback asyncResponseCallback) {
        this.mClient.newCall(this.mRequestBuilder.url(getAbsoluteUrl(str)).delete().build()).enqueue(new AsyncResponseCallbackDecorator(asyncResponseCallback));
    }

    public void get(String str, Map<String, String> map, AsyncResponseCallback asyncResponseCallback) {
        Log.d(NAME_TAG, "URL: " + getAbsoluteUrl(str));
        HttpUrl.Builder newBuilder = HttpUrl.parse(getAbsoluteUrl(str)).newBuilder();
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                newBuilder.addQueryParameter(entry.getKey(), entry.getValue());
            }
        }
        this.mClient.newCall(this.mRequestBuilder.url(newBuilder.build()).build()).enqueue(new AsyncResponseCallbackDecorator(asyncResponseCallback));
        Log.d(NAME_TAG, "Get request sent: " + getAbsoluteUrl(str));
    }

    public void post(String str, String str2, AsyncResponseCallback asyncResponseCallback) {
        this.mClient.newCall(this.mRequestBuilder.url(getAbsoluteUrl(str)).post(RequestBody.create(MediaType.parse("application/json"), str2)).build()).enqueue(new AsyncResponseCallbackDecorator(asyncResponseCallback));
        Log.d(NAME_TAG, "Post request sent: " + getAbsoluteUrl(str));
    }

    public void put(String str, String str2, AsyncResponseCallback asyncResponseCallback) {
        this.mClient.newCall(this.mRequestBuilder.url(getAbsoluteUrl(str)).put(RequestBody.create(MediaType.parse("application/json"), str2)).build()).enqueue(new AsyncResponseCallbackDecorator(asyncResponseCallback));
    }
}
