package com.microsoft.intune.mam.http;

import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import cz.msebera.android.httpclient.protocol.HTTP;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.StringsKt;

@Singleton
@Metadata(d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0006\b\u0007\u0018\u0000 (2\u00020\u0001:\u0001(B/\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ#\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00160\u00152\u0006\u0010\u0017\u001a\u00020\u0018H\u0002¢\u0006\u0002\u0010\u0019J\u001d\u0010\u001a\u001a\n\u0012\u0004\u0012\u00020\u001b\u0018\u00010\u00152\u0006\u0010\u0017\u001a\u00020\u0018H\u0002¢\u0006\u0002\u0010\u001cJ\n\u0010\u001d\u001a\u0004\u0018\u00010\u0018H\u0002J\u001b\u0010\u001e\u001a\b\u0012\u0004\u0012\u00020\u001b0\u00152\u0006\u0010\u001f\u001a\u00020 H\u0016¢\u0006\u0002\u0010!J#\u0010\"\u001a\u00020#2\u0006\u0010\u001f\u001a\u00020 2\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00160\u0015H\u0016¢\u0006\u0002\u0010$J\u001b\u0010%\u001a\u00020#2\f\u0010&\u001a\b\u0012\u0004\u0012\u00020\u001b0\u0015H\u0002¢\u0006\u0002\u0010'R\u0014\u0010\r\u001a\b\u0012\u0004\u0012\u00020\u000f0\u000eX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\u00110\u000eX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006)"}, d2 = {"Lcom/microsoft/intune/mam/http/TrustedRootCertsImpl;", "Lcom/microsoft/intune/mam/http/TrustedRootCerts;", "trustManagerFactoryWrapper", "Lcom/microsoft/intune/mam/http/TrustManagerFactoryWrapper;", "trustedRootCertsConfigManager", "Lcom/microsoft/intune/mam/http/TrustedRootCertsConfigManager;", "nscEnforcer", "Lcom/microsoft/intune/mam/http/NetworkSecurityConfigurationEnforcer;", "mamLogPIIFactory", "Lcom/microsoft/intune/mam/log/MAMLogPIIFactory;", "telemetryLogger", "Lcom/microsoft/intune/mam/client/telemetry/TelemetryLogger;", "(Lcom/microsoft/intune/mam/http/TrustManagerFactoryWrapper;Lcom/microsoft/intune/mam/http/TrustedRootCertsConfigManager;Lcom/microsoft/intune/mam/http/NetworkSecurityConfigurationEnforcer;Lcom/microsoft/intune/mam/log/MAMLogPIIFactory;Lcom/microsoft/intune/mam/client/telemetry/TelemetryLogger;)V", "extendedTrustManagers", "", "Lcom/microsoft/intune/mam/http/X509ExtendedTrustManagerAdapter;", "nonExtendedTrustManagers", "Lcom/microsoft/intune/mam/http/X509TrustManagerAdapter;", "addCertificatesToKeyStore", "", "certificates", "", "Ljava/security/cert/Certificate;", "keyStore", "Ljava/security/KeyStore;", "([Ljava/security/cert/Certificate;Ljava/security/KeyStore;)Z", "getCustomTrustManagers", "Ljavax/net/ssl/TrustManager;", "(Ljava/security/KeyStore;)[Ljavax/net/ssl/TrustManager;", "getEmptyKeyStore", "getIntuneCertsTrustManagers", HTTP.IDENTITY_CODING, "Lcom/microsoft/intune/mam/client/identity/MAMIdentity;", "(Lcom/microsoft/intune/mam/client/identity/MAMIdentity;)[Ljavax/net/ssl/TrustManager;", "onCertificatesReceived", "", "(Lcom/microsoft/intune/mam/client/identity/MAMIdentity;[Ljava/security/cert/Certificate;)V", "reloadIntuneCertsTrustManagers", "trustManagers", "([Ljavax/net/ssl/TrustManager;)V", "Companion", "AppClient.Internal_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class TrustedRootCertsImpl implements TrustedRootCerts {
    private static final String ANDROID_KEYSTORE_TYPE = "AndroidKeyStore";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(TrustedRootCertsImpl.class);
    private final List<X509ExtendedTrustManagerAdapter> extendedTrustManagers;
    private final MAMLogPIIFactory mamLogPIIFactory;
    private final List<X509TrustManagerAdapter> nonExtendedTrustManagers;
    private final NetworkSecurityConfigurationEnforcer nscEnforcer;
    private final TelemetryLogger telemetryLogger;
    private final TrustManagerFactoryWrapper trustManagerFactoryWrapper;
    private final TrustedRootCertsConfigManager trustedRootCertsConfigManager;

    @Inject
    public TrustedRootCertsImpl(TrustManagerFactoryWrapper trustManagerFactoryWrapper, TrustedRootCertsConfigManager trustedRootCertsConfigManager, NetworkSecurityConfigurationEnforcer networkSecurityConfigurationEnforcer, MAMLogPIIFactory mAMLogPIIFactory, TelemetryLogger telemetryLogger) {
        Intrinsics.checkNotNullParameter(trustManagerFactoryWrapper, "");
        Intrinsics.checkNotNullParameter(trustedRootCertsConfigManager, "");
        Intrinsics.checkNotNullParameter(networkSecurityConfigurationEnforcer, "");
        Intrinsics.checkNotNullParameter(mAMLogPIIFactory, "");
        Intrinsics.checkNotNullParameter(telemetryLogger, "");
        this.trustManagerFactoryWrapper = trustManagerFactoryWrapper;
        this.trustedRootCertsConfigManager = trustedRootCertsConfigManager;
        this.nscEnforcer = networkSecurityConfigurationEnforcer;
        this.mamLogPIIFactory = mAMLogPIIFactory;
        this.telemetryLogger = telemetryLogger;
        this.extendedTrustManagers = new ArrayList();
        this.nonExtendedTrustManagers = new ArrayList();
    }

    private final boolean addCertificatesToKeyStore(Certificate[] certificates, KeyStore keyStore) {
        int length = certificates.length;
        LOGGER.info("Adding " + length + " certificates to KeyStore " + keyStore + '.', new Object[0]);
        for (int i = 0; i < length; i++) {
            Certificate certificate = certificates[i];
            try {
                StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                String format = String.format(Locale.getDefault(), "rootCertificate%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1));
                Intrinsics.checkNotNullExpressionValue(format, "");
                keyStore.setCertificateEntry(format, certificate);
                LOGGER.info("Added a certificate to KeyStore " + keyStore + '.', new Object[0]);
            } catch (KeyStoreException e) {
                LOGGER.severe("Failed to add a certificate to KeyStore " + keyStore + '.', e);
                return false;
            }
        }
        return true;
    }

    private final TrustManager[] getCustomTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory defaultAlgorithmInstance = this.trustManagerFactoryWrapper.getDefaultAlgorithmInstance();
            defaultAlgorithmInstance.init(keyStore);
            LOGGER.info("Initialized TrustManagerFactory with KeyStore " + keyStore + '.', new Object[0]);
            return defaultAlgorithmInstance.getTrustManagers();
        } catch (KeyStoreException e) {
            LOGGER.severe("Failed to initialize TrustManagerFactory with KeyStore " + keyStore + '.', e);
            return (TrustManager[]) null;
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.severe("Failed to initialize TrustManagerFactory with KeyStore " + keyStore + '.', e2);
            return (TrustManager[]) null;
        }
    }

    private final KeyStore getEmptyKeyStore() {
        String defaultType = KeyStore.getDefaultType();
        if (StringsKt.equals("AndroidKeyStore", defaultType, true)) {
            LOGGER.severe("Obtained unsupported KeyStore type " + defaultType + " from Android.", new Object[0]);
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(defaultType);
            Intrinsics.checkNotNullExpressionValue(keyStore, "");
            LOGGER.info("Obtained the KeyStore instance " + keyStore + " for keystore type " + defaultType + " from Android.", new Object[0]);
            try {
                keyStore.load(null);
                LOGGER.info("Loaded KeyStore " + keyStore + " for keystore type " + defaultType + " with no params.", new Object[0]);
                return keyStore;
            } catch (IOException e) {
                LOGGER.severe("Failed to load KeyStore " + keyStore + '.', e);
                return (KeyStore) null;
            } catch (GeneralSecurityException e2) {
                LOGGER.severe("Failed to load KeyStore " + keyStore + '.', e2);
                return (KeyStore) null;
            }
        } catch (KeyStoreException e3) {
            LOGGER.severe("Failed to obtain KeyStore from Android for keystore type " + defaultType + '.', e3);
            return null;
        }
    }

    private final void reloadIntuneCertsTrustManagers(TrustManager[] trustManagers) {
        LOGGER.info("Loading {0} Intune trusted root certificates trust manager(s).", Integer.valueOf(trustManagers.length));
        if ((trustManagers.length == 0) || trustManagers.length < this.extendedTrustManagers.size() + this.nonExtendedTrustManagers.size()) {
            LOGGER.severe("The platform returned unexpected size of {0} for custom trust managers.", Integer.valueOf(trustManagers.length));
        }
        int i = 0;
        int i2 = 0;
        for (TrustManager trustManager : trustManagers) {
            if (X509ExtendedTrustManager.class.isAssignableFrom(trustManager.getClass())) {
                if (i < this.extendedTrustManagers.size()) {
                    this.extendedTrustManagers.get(i).setTrustManager((X509ExtendedTrustManager) trustManager);
                } else {
                    this.extendedTrustManagers.add(new X509ExtendedTrustManagerAdapter((X509ExtendedTrustManager) trustManager, this.nscEnforcer));
                }
                i++;
            } else if (X509TrustManager.class.isAssignableFrom(trustManager.getClass())) {
                if (i2 < this.nonExtendedTrustManagers.size()) {
                    this.nonExtendedTrustManagers.get(i2).setTrustManager((X509TrustManager) trustManager);
                } else {
                    this.nonExtendedTrustManagers.add(new X509TrustManagerAdapter((X509TrustManager) trustManager, this.nscEnforcer));
                }
                i2++;
            } else {
                LOGGER.severe("The platform returned an unexpected type {0} for custom trust manager.", Reflection.getOrCreateKotlinClass(trustManager.getClass()).getQualifiedName());
            }
        }
        LOGGER.info("Loaded {0} Intune trusted root certificates trust manager(s).", Integer.valueOf(i + i2));
    }

    @Override // com.microsoft.intune.mam.http.TrustedRootCerts
    public TrustManager[] getIntuneCertsTrustManagers(MAMIdentity identity) {
        TrustManager[] trustManagerArr;
        synchronized (this) {
            Intrinsics.checkNotNullParameter(identity, "");
            this.extendedTrustManagers.clear();
            this.nonExtendedTrustManagers.clear();
            onCertificatesReceived(identity, this.trustedRootCertsConfigManager.getCertificates(identity));
            this.trustedRootCertsConfigManager.registerCertificatesReceiver(identity, this);
            Object[] array = CollectionsKt.plus((Collection) this.extendedTrustManagers, (Iterable) this.nonExtendedTrustManagers).toArray(new TrustManager[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            trustManagerArr = (TrustManager[]) array;
        }
        return trustManagerArr;
    }

    @Override // com.microsoft.intune.mam.http.TrustedRootCertsReceiver
    public void onCertificatesReceived(MAMIdentity identity, Certificate[] certificates) {
        synchronized (this) {
            Intrinsics.checkNotNullParameter(identity, "");
            Intrinsics.checkNotNullParameter(certificates, "");
            LOGGER.info("Received '{0}' trusted root certificates for identity '{1}'.", Integer.valueOf(certificates.length), this.mamLogPIIFactory.getPIIUPN(identity));
            this.telemetryLogger.logTrackedOccurrenceForCurrentApp(TrackedOccurrence.RECEIVED_TRUSTED_ROOTS_CERTIFICATES, String.valueOf(certificates.length));
            KeyStore emptyKeyStore = getEmptyKeyStore();
            if (emptyKeyStore == null) {
                return;
            }
            if (addCertificatesToKeyStore(certificates, emptyKeyStore)) {
                TrustManager[] customTrustManagers = getCustomTrustManagers(emptyKeyStore);
                if (customTrustManagers == null) {
                    return;
                }
                reloadIntuneCertsTrustManagers(customTrustManagers);
            }
        }
    }
}
