package com.microsoft.omadm.platforms.android.certmgr;

import android.content.Context;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.ICertificateEnrollmentManager;
import com.microsoft.omadm.platforms.ICertificateStoreManager;
import com.microsoft.omadm.platforms.android.certmgr.data.CertRequestData;
import com.microsoft.omadm.platforms.android.certmgr.data.CertStateData;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificate;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes3.dex */
public class CertificateEnrollmentManager implements ICertificateEnrollmentManager {
    private final ICertificateStoreManager certMgr;
    private final CertRequestData certRequestData;
    private final CertificateRequestHandler certRequestHandler;
    private final CertStateData certStateData;
    private final Context context;
    private final Logger logger = Logger.getLogger(CertificateEnrollmentManager.class.getName());
    private final CertStorePasswords passwords;

    @Inject
    public CertificateEnrollmentManager(CertRequestData certRequestData, CertStateData certStateData, Context context, CertificateRequestHandler certificateRequestHandler, ICertificateStoreManager iCertificateStoreManager, CertStorePasswords certStorePasswords) {
        this.certRequestData = certRequestData;
        this.certStateData = certStateData;
        this.context = context;
        this.certRequestHandler = certificateRequestHandler;
        this.certMgr = iCertificateStoreManager;
        this.passwords = certStorePasswords;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0084  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean shouldProcessCertificateRequest(com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest r7) throws com.microsoft.omadm.exception.OMADMException {
        /*
            r6 = this;
            android.content.Context r0 = r6.context
            java.lang.String r1 = "connectivity"
            java.lang.Object r0 = r0.getSystemService(r1)
            android.net.ConnectivityManager r0 = (android.net.ConnectivityManager) r0
            android.net.NetworkInfo r0 = r0.getActiveNetworkInfo()
            r1 = 1
            r2 = 0
            if (r0 == 0) goto L1b
            boolean r0 = r0.isConnected()
            if (r0 != 0) goto L19
            goto L1b
        L19:
            r0 = r1
            goto L23
        L1b:
            java.util.logging.Logger r0 = r6.logger
            java.lang.String r3 = "Skipping certificate enrollment due to lack of network connectivity"
            r0.fine(r3)
            r0 = r2
        L23:
            boolean r3 = r7.isRenewRequest()
            if (r3 != 0) goto L2f
            boolean r3 = r7.isReplaceRequest()
            if (r3 == 0) goto L66
        L2f:
            com.microsoft.omadm.platforms.android.certmgr.data.CertStateData r3 = r6.certStateData
            java.lang.String r4 = r7.requestId
            java.lang.Long r5 = r7.userId
            com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState r3 = r3.getUserCertificateByRequestId(r4, r5)
            if (r3 == 0) goto L68
            com.microsoft.omadm.platforms.android.certmgr.CertStatus r4 = com.microsoft.omadm.platforms.android.certmgr.CertStatus.CERT_ACCESS_GRANTED
            com.microsoft.omadm.platforms.android.certmgr.CertStatus r5 = r3.status
            if (r4 == r5) goto L42
            goto L68
        L42:
            if (r3 == 0) goto L66
            java.lang.String r4 = r3.alias
            boolean r4 = org.apache.commons.lang3.StringUtils.isEmpty(r4)
            if (r4 != 0) goto L66
            java.util.logging.Logger r4 = r6.logger
            java.lang.Object[] r1 = new java.lang.Object[r1]
            java.lang.String r5 = r3.alias
            r1[r2] = r5
            java.lang.String r2 = "Renewing certificate. Setting alias to existing certificate alias: {0}"
            java.lang.String r1 = java.text.MessageFormat.format(r2, r1)
            r4.fine(r1)
            java.lang.String r1 = r3.alias
            r7.alias = r1
            com.microsoft.omadm.platforms.android.certmgr.data.CertRequestData r1 = r6.certRequestData
            r1.updateRequest(r7)
        L66:
            r2 = r0
            goto L82
        L68:
            java.util.logging.Logger r0 = r6.logger
            r3 = 2
            java.lang.Object[] r3 = new java.lang.Object[r3]
            java.lang.String r4 = r7.requestId
            r3[r2] = r4
            java.lang.Long r4 = r7.userId
            r3[r1] = r4
            java.lang.String r1 = "Cannot renew an existing certificate (RequestId={0}, UserId={1}) until user gives us access;"
            java.lang.String r1 = java.text.MessageFormat.format(r1, r3)
            r0.fine(r1)
            com.microsoft.omadm.platforms.android.certmgr.CertStatus r0 = com.microsoft.omadm.platforms.android.certmgr.CertStatus.CERT_RENEW_PENDING_EXISTING_CERT
            r7.status = r0
        L82:
            if (r2 != 0) goto L90
            java.util.Date r0 = new java.util.Date
            r0.<init>()
            r7.timeLastRequested = r0
            com.microsoft.omadm.platforms.android.certmgr.data.CertRequestData r0 = r6.certRequestData
            r0.updateRequest(r7)
        L90:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.omadm.platforms.android.certmgr.CertificateEnrollmentManager.shouldProcessCertificateRequest(com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest):boolean");
    }

    @Override // com.microsoft.omadm.platforms.ICertificateEnrollmentManager
    public void enrollPendingCertificates(Long l) throws OMADMException {
        this.logger.fine(MessageFormat.format("Trying to enroll pending SCEP certificates for user: {0}", l));
        List<ScepCertificateRequest> allRequests = this.certRequestData.getAllRequests(l);
        this.logger.fine(MessageFormat.format("There are {0} requests", Integer.valueOf(allRequests.size())));
        for (ScepCertificateRequest scepCertificateRequest : allRequests) {
            this.logger.fine(MessageFormat.format("Trying to enroll certificate request: {0}", scepCertificateRequest.requestId));
            tryEnrollCertificate(scepCertificateRequest);
        }
    }

    @Override // com.microsoft.omadm.platforms.ICertificateEnrollmentManager
    public void tryEnrollCertificate(ScepCertificateRequest scepCertificateRequest) throws OMADMException {
        try {
            if (!shouldProcessCertificateRequest(scepCertificateRequest)) {
                this.logger.fine(MessageFormat.format("Skipping certificate enrollment because it is not ready yet. Request ID: {0}, User ID: {1}", scepCertificateRequest.requestId, scepCertificateRequest.userId));
                return;
            }
            ScepCertificateState scepCertificateState = null;
            if (scepCertificateRequest.requestRetryCount.longValue() <= scepCertificateRequest.retryCount.longValue()) {
                scepCertificateState = this.certRequestHandler.processRequest(scepCertificateRequest);
                scepCertificateRequest.timeLastRequested = new Date();
                this.certRequestData.updateRequest(scepCertificateRequest);
            }
            if (scepCertificateState == null && scepCertificateRequest.status != CertStatus.CERT_ENROLL_PENDING) {
                scepCertificateRequest.status = CertStatus.CERT_ENROLL_ERROR;
                Long l = scepCertificateRequest.requestRetryCount;
                scepCertificateRequest.requestRetryCount = Long.valueOf(scepCertificateRequest.requestRetryCount.longValue() + 1);
                this.certRequestData.updateRequest(scepCertificateRequest);
                if (scepCertificateRequest.requestRetryCount.longValue() > scepCertificateRequest.retryCount.longValue() || CertificateRequestHandler.isUnrecoverableError(scepCertificateRequest.lastError.intValue())) {
                    this.certRequestData.deleteRequest(scepCertificateRequest.requestId, scepCertificateRequest.userId);
                    return;
                }
                return;
            }
            if (scepCertificateState != null) {
                ScepCertificate scepCertificate = new ScepCertificate(scepCertificateState);
                try {
                    KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(scepCertificateState.certStoreBlob);
                    try {
                        try {
                            keyStore.load(byteArrayInputStream, this.passwords.getStorePassword());
                            try {
                                byteArrayInputStream.close();
                            } catch (IOException unused) {
                            }
                            try {
                                Enumeration<String> aliases = keyStore.aliases();
                                if (aliases.hasMoreElements()) {
                                    scepCertificate.certBlob = keyStore.getCertificate(aliases.nextElement()).getEncoded();
                                }
                                scepCertificateState.configParameters = scepCertificateRequest.configParameters;
                                if (this.certRequestData.getRequestById(scepCertificateRequest.requestId, scepCertificateRequest.userId) != null) {
                                    this.certMgr.addUserCert(scepCertificateState);
                                    this.certRequestData.deleteRequest(scepCertificateRequest.requestId, scepCertificateRequest.userId);
                                }
                            } catch (KeyStoreException unused2) {
                                throw new OMADMException("Couldn't enumerate aliases of the SCEP PKCS12 KeyStore");
                            } catch (CertificateEncodingException unused3) {
                                throw new OMADMException("Couldn't get the encoded certificate");
                            }
                        } catch (Throwable th) {
                            try {
                                byteArrayInputStream.close();
                            } catch (IOException unused4) {
                            }
                            throw th;
                        }
                    } catch (Exception unused5) {
                        throw new OMADMException("Couldn't load the SCEP PKCS12 KeyStore");
                    }
                } catch (KeyStoreException unused6) {
                    throw new OMADMException("Couldn't open a PKCS12 KeyStore instance");
                }
            }
        } catch (OMADMException e) {
            this.logger.log(Level.SEVERE, "Unable to try to enroll pending certificate with requestId " + scepCertificateRequest.requestId, (Throwable) e);
            scepCertificateRequest.status = CertStatus.CERT_ENROLL_ERROR;
            Long l2 = scepCertificateRequest.requestRetryCount;
            scepCertificateRequest.requestRetryCount = Long.valueOf(scepCertificateRequest.requestRetryCount.longValue() + 1);
            this.certRequestData.updateRequest(scepCertificateRequest);
        }
    }
}
