package com.manageengine.mdm.framework.communication.servercertificate;

import android.content.Context;
import android.util.Base64;
import com.manageengine.mdm.framework.communication.HTTPHandler;
import com.manageengine.mdm.framework.communication.HttpStatus;
import com.manageengine.mdm.framework.core.CommandConstants;
import com.manageengine.mdm.framework.core.MessageConstants;
import com.manageengine.mdm.framework.core.MessageUtil;
import com.manageengine.mdm.framework.logging.MDMEnrollmentLogger;
import com.manageengine.mdm.framework.logging.MDMLogger;
import com.manageengine.mdm.framework.scheduler.HandleHistoryData;
import com.manageengine.mdm.framework.utils.AgentUtil;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class ServerCertificateHandlerUtil {
    static ServerCertificateHandlerUtil serverCertificateHandler;

    /* loaded from: classes.dex */
    public static class CustomTrustManager implements X509TrustManager {
        private X509TrustManager defaultTrustManager;
        private X509TrustManager localTrustManager;

        public CustomTrustManager(KeyStore keyStore) {
            try {
                this.defaultTrustManager = createTrustManager(null);
                this.localTrustManager = createTrustManager(keyStore);
            } catch (KeyStoreException e) {
                MDMLogger.error("CustomTrustManager : Cannot create trust manager : Keystore exception" + e.toString());
            } catch (NoSuchAlgorithmException e2) {
                MDMLogger.error("CustomTrustManager : Cannot create trust manager : NoSuchAlgorithm found " + e2.toString());
            }
        }

        private X509TrustManager createTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            MDMLogger.protectedInfo("Checking certificate trust");
            try {
                this.localTrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException unused) {
                this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            MDMLogger.protectedInfo("Checking server trust");
            try {
                this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException unused) {
                MDMLogger.protectedInfo("Using default trust");
                this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509Certificate[] acceptedIssuers = this.defaultTrustManager.getAcceptedIssuers();
            X509Certificate[] acceptedIssuers2 = this.localTrustManager.getAcceptedIssuers();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(acceptedIssuers, acceptedIssuers.length + acceptedIssuers2.length);
            System.arraycopy(acceptedIssuers2, 0, x509CertificateArr, acceptedIssuers.length, acceptedIssuers2.length);
            return x509CertificateArr;
        }
    }

    private Certificate formCertificateFromString(String str) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(Base64.decode(str, 0)));
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
            bufferedInputStream.close();
            return generateCertificate;
        } catch (Exception e) {
            MDMLogger.error("Error parsing certificate " + e.toString());
            return null;
        }
    }

    public static ServerCertificateHandlerUtil getInstance() {
        if (serverCertificateHandler == null) {
            serverCertificateHandler = new ServerCertificateHandlerUtil();
        }
        return serverCertificateHandler;
    }

    private Certificate[] getIntermediateCertificate(Context context) {
        JSONArray jSONArray = AgentUtil.getMDMParamsTable(context).getJSONArray(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE);
        Certificate[] certificateArr = new Certificate[jSONArray.length()];
        for (int i = 0; i < jSONArray.length(); i++) {
            try {
                certificateArr[i] = formCertificateFromString(jSONArray.getString(i));
            } catch (JSONException e) {
                MDMLogger.error("ServerCertificateHandlerUtil : Cannot form certificate from Array " + e.toString());
            }
        }
        return certificateArr;
    }

    private Certificate getRootCertificate(Context context) {
        String stringValue = AgentUtil.getMDMParamsTable(context).getStringValue(ServerCertificateConstants.ROOT_CERTIFICATE, null);
        if (stringValue != null) {
            return formCertificateFromString(stringValue);
        }
        MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Root certificate not found");
        return null;
    }

    private Certificate getServerCertificate(Context context) {
        String stringValue = AgentUtil.getMDMParamsTable(context).getStringValue(ServerCertificateConstants.SERVER_CERTIFICATE, null);
        if (stringValue != null) {
            return formCertificateFromString(stringValue);
        }
        MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Server certificate not found");
        return null;
    }

    private boolean isIntermediateCertificatePresent(Context context) {
        return AgentUtil.getMDMParamsTable(context).getJSONArray(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE) != null;
    }

    public int fetchNewCertificate(Context context) {
        AgentUtil.getMDMParamsTable(context).addBooleanValue(ServerCertificateConstants.IS_CERTIFICATE_PRESENT, false);
        HTTPHandler.clearInstance();
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(MessageConstants.MessageContentField.REQUEST, MessageConstants.MessageType.NEW_CERTIFICATE_REQUEST);
        } catch (JSONException e) {
            MDMLogger.error("ServerCertificateHandlerUtil : Cannot form JSON " + e.toString());
        }
        AgentUtil.getMDMParamsTable(context).addBooleanValue(ServerCertificateConstants.IS_CERTIFICATE_PRESENT, false);
        MessageUtil.getInstance(context).messageType = CommandConstants.MSG_REQUEST_CERTIFICATE;
        MessageUtil.getInstance(context).setMessageContent(jSONObject);
        MessageUtil.getInstance(context).serviceType = 5;
        HttpStatus postMessageData = MessageUtil.getInstance(context).postMessageData();
        if (postMessageData.getStatus() != 0) {
            MDMLogger.info("ServerCertificateHandlerUtil : The request failed ");
            return 1;
        }
        try {
            JSONObject jSONObject2 = new JSONObject(postMessageData.getUrlDataBuffer());
            if (jSONObject2.optJSONObject(CommandConstants.MSG_RESPONSE).has(ServerCertificateConstants.SERVER_CERTIFICATE)) {
                MDMLogger.info("ServerCertificateHandlerUtil : Storing the certificate");
                getInstance().storeCertificate(context, jSONObject2.optJSONObject(CommandConstants.MSG_RESPONSE));
            } else {
                MDMLogger.info("ServerCertificateHandlerUtil : The server probably has 3rd party certificate");
            }
        } catch (JSONException e2) {
            MDMLogger.error("ServerCertificateHandlerUtil : Cannot form JSON " + e2.toString());
        }
        new HandleHistoryData().removeHistoryEntry(context, CommandConstants.MSG_REQUEST_CERTIFICATE);
        MDMLogger.info("ServerCertificateHandlerUtil : Removed the certificate request from history");
        return 2;
    }

    public JSONObject formCertificateRequestMessage() {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(MessageConstants.MessageContentField.REQUEST, MessageConstants.MessageType.NEW_CERTIFICATE_REQUEST);
        } catch (JSONException e) {
            MDMLogger.error("TermsAndConditionsActivity : Cannot form JSON " + e.toString());
        }
        return jSONObject;
    }

    public SSLContext getTrustedKeystore(Context context) {
        try {
            Certificate serverCertificate = getServerCertificate(context);
            Certificate rootCertificate = getRootCertificate(context);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry(ServerCertificateConstants.SERVER_CERTIFICATE, serverCertificate);
            keyStore.setCertificateEntry(ServerCertificateConstants.ROOT_CERTIFICATE, rootCertificate);
            if (isIntermediateCertificatePresent(context)) {
                Certificate[] intermediateCertificate = getIntermediateCertificate(context);
                for (int i = 0; i < intermediateCertificate.length; i++) {
                    keyStore.setCertificateEntry(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE + i, intermediateCertificate[i]);
                }
            }
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Alias Name " + aliases.nextElement());
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new CustomTrustManager(keyStore)}, null);
            MDMLogger.protectedInfo("Returning ssl context");
            return sSLContext;
        } catch (Exception e) {
            MDMLogger.error("ServerCertificateHandlerUtil : Cannot init keystore " + e.toString());
            return null;
        }
    }

    public void storeCertificate(Context context, JSONObject jSONObject) {
        MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Storing certificate ");
        MDMEnrollmentLogger.info("ServerCertificateHandlerUtil : Storing certificate ");
        if (jSONObject.length() == 0) {
            MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Empty JSON received the server has third party certificate ");
            AgentUtil.getMDMParamsTable(context).addBooleanValue(ServerCertificateConstants.IS_CERTIFICATE_PRESENT, true);
            HTTPHandler.clearInstance();
            return;
        }
        try {
            String optString = jSONObject.optString(ServerCertificateConstants.SERVER_CERTIFICATE);
            String optString2 = jSONObject.optString(ServerCertificateConstants.ROOT_CERTIFICATE);
            MDMLogger.protectedInfo("Server certificate ");
            if (optString.isEmpty() || optString2.isEmpty()) {
                MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Server cannot process certificate fetch command");
                return;
            }
            AgentUtil.getMDMParamsTable(context).addStringValue(ServerCertificateConstants.SERVER_CERTIFICATE, optString);
            AgentUtil.getMDMParamsTable(context).addStringValue(ServerCertificateConstants.ROOT_CERTIFICATE, optString2);
            if (jSONObject.has(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE)) {
                MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Intermediate certificate found");
                AgentUtil.getMDMParamsTable(context).addJSONArray(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE, jSONObject.optJSONArray(ServerCertificateConstants.INTERMEDIATE_CERTIFICATE));
            } else {
                MDMLogger.protectedInfo("ServerCertificateHandlerUtil : No Intermediate certificate found");
            }
            AgentUtil.getMDMParamsTable(context).addBooleanValue(ServerCertificateConstants.IS_CERTIFICATE_PRESENT, true);
            HTTPHandler.clearInstance();
        } catch (Exception e) {
            MDMLogger.protectedInfo("ServerCertificateHandlerUtil : Exception when storing certificate " + e.toString());
        }
    }
}
