package com.airwatch.net.securechannel;

import android.content.Context;
import android.content.res.AssetManager;
import com.airwatch.core.AirWatchDevice;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.util.CertificateAndPrivateKey;
import com.airwatch.util.IOUtils;
import com.airwatch.util.Logger;
import com.infraware.filemanager.FileDefine;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class SecureChannelUtility {
    public static final String a = "serverCert.cer";
    public static final String b = "signedCert.cer";
    public static final String c = "certPkey.enc";
    private static final String d = "SecureChannelUtility";
    private static SecureChannelConfiguration e;

    /* loaded from: classes.dex */
    private enum SetupFailureReason {
        CERTIFICATE_REQUEST_FAILED,
        SERVER_CERTIFICATE_INVALID,
        DEVICE_IDENTITY_CREATION_FAILED,
        CHECK_IN_FAILED
    }

    private SecureChannelUtility() {
    }

    private static CertificateResponse a(String str) {
        Logger.b("Perform certificate request");
        CertificateRequestMessage certificateRequestMessage = new CertificateRequestMessage(e.b(), e.e(), str);
        try {
            certificateRequestMessage.p_();
        } catch (MalformedURLException e2) {
            Logger.d("The server certificate request endpoint was invalid.", e2);
        }
        if (certificateRequestMessage.o() == 200 && certificateRequestMessage.g().c()) {
            return certificateRequestMessage.g();
        }
        Logger.f("Response was invalid.");
        return null;
    }

    private static CheckInResponse a(CheckInMessage checkInMessage) {
        Logger.b("Register device ID");
        try {
            checkInMessage.p_();
        } catch (MalformedURLException e2) {
            Logger.d("The check-in URL is malformed.", e2);
        }
        CheckInResponse g = checkInMessage.g();
        if (checkInMessage.o() == 200 && g.a(checkInMessage.l())) {
            return g;
        }
        Logger.f("Secure Channel checkin has failed! Reverting to insecure communication.");
        e.a(SecurityLevel.NONE);
        return null;
    }

    private static SecureChannelConfiguration a(SetupFailureReason setupFailureReason) {
        Logger.f("Secure channel setup failed, check the server logs.");
        switch (setupFailureReason) {
            case CERTIFICATE_REQUEST_FAILED:
                Logger.f("Certificate request message was unsuccessful.");
                break;
            case CHECK_IN_FAILED:
                Logger.f("Check-in message failed.");
                break;
            case DEVICE_IDENTITY_CREATION_FAILED:
                Logger.f("Could not create device identity.");
                break;
            case SERVER_CERTIFICATE_INVALID:
                Logger.f("The server certificate is untrusted.");
                break;
        }
        e.a(SecurityLevel.NONE);
        return new SecureChannelConfiguration();
    }

    public static SecureChannelConfiguration a(String str, String str2, String str3, String str4, AssetManager assetManager, Context context) {
        Logger.d("Setup secure channel");
        e = new SecureChannelConfiguration();
        if (str == null || str.length() == 0) {
            return e;
        }
        if (str3 == null || str3.length() == 0) {
            return e;
        }
        if (str4 == null || str4.length() == 0) {
            return e;
        }
        if (str2 == null || str2.length() == 0) {
            return e;
        }
        if (assetManager == null) {
            return e;
        }
        e.a(str);
        e.d(str3);
        e.b(str2);
        CertificateResponse a2 = a(str4);
        if (a2 == null) {
            return a(SetupFailureReason.CERTIFICATE_REQUEST_FAILED);
        }
        if (!a(context, a2.a())) {
            return a(SetupFailureReason.SERVER_CERTIFICATE_INVALID);
        }
        if (!a(context)) {
            return a(SetupFailureReason.DEVICE_IDENTITY_CREATION_FAILED);
        }
        CheckInResponse a3 = a(new CheckInMessage(e, a2.b()));
        if (a3 == null) {
            Logger.a(d, "SITH: Login: secure channel check-in fails");
            return a(SetupFailureReason.CHECK_IN_FAILED);
        }
        Logger.a(d, "SITH: Login: secure channel check-in is successful");
        e.a(a3.b());
        e.e(a3.a());
        Logger.d("Secure channel setup completed successfully");
        return e;
    }

    private static boolean a(Context context) {
        Logger.b("Create device identity");
        File file = new File(context.getFilesDir().getAbsolutePath() + FileDefine.WEB_ROOT_PATH + b);
        File file2 = new File(context.getFilesDir().getAbsolutePath() + FileDefine.WEB_ROOT_PATH + c);
        if (!a(file.getAbsolutePath(), file2.getAbsolutePath())) {
            Logger.f("Failed generating device identity");
            return false;
        }
        e.a(new CertificateAndPrivateKey(file.getAbsolutePath(), file2.getAbsolutePath()));
        return true;
    }

    private static boolean a(Context context, byte[] bArr) {
        Logger.b("Store certificate");
        try {
            FileOutputStream openFileOutput = context.openFileOutput(a, 0);
            openFileOutput.write(bArr, 0, bArr.length);
            openFileOutput.flush();
            openFileOutput.close();
            File file = new File(context.getFilesDir().getAbsolutePath() + FileDefine.WEB_ROOT_PATH + a);
            if (bArr == null || !a(file)) {
                return false;
            }
            e.f(file.getAbsolutePath());
            return true;
        } catch (Exception e2) {
            Logger.d("Failed writing file", e2);
            return false;
        }
    }

    public static boolean a(SecureChannelConfiguration secureChannelConfiguration) {
        FileInputStream fileInputStream;
        Throwable th;
        try {
            File file = new File(secureChannelConfiguration.h().a);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            fileInputStream = new FileInputStream(file);
            try {
                ((X509Certificate) certificateFactory.generateCertificate(fileInputStream)).checkValidity();
                IOUtils.a((Closeable) fileInputStream);
                return a(new File(secureChannelConfiguration.i()));
            } catch (Exception e2) {
                IOUtils.a((Closeable) fileInputStream);
                return false;
            } catch (Throwable th2) {
                th = th2;
                IOUtils.a((Closeable) fileInputStream);
                throw th;
            }
        } catch (Exception e3) {
            fileInputStream = null;
        } catch (Throwable th3) {
            fileInputStream = null;
            th = th3;
        }
    }

    private static boolean a(File file) {
        File file2 = null;
        try {
            file2 = OpenSSLCryptUtil.f();
        } catch (IOException e2) {
            Logger.d("The certificate that was bundled with the agent is corrupt.", e2);
        }
        if (file2 != null && file2.exists() && file.exists()) {
            return OpenSSLCryptUtil.e().f(file.getAbsolutePath(), file2.getAbsolutePath());
        }
        return false;
    }

    private static boolean a(String str, String str2) {
        return OpenSSLCryptUtil.e().a(str, e.e(), str2, AirWatchDevice.getSeedValue("VEVNUF9LRVkx"));
    }
}
