package com.airwatch.bizlib.policysigning;

import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.gateway.ConsoleVersion;
import com.airwatch.sdk.AppInfoReader;
import com.airwatch.sdk.context.SDKContext;
import com.airwatch.sdk.context.SDKContextException;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.storage.SDKSecurePreferencesKeys;
import com.airwatch.util.Logger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PolicySigningHelper {
    public static final int a = 1;
    public static final int b = 0;
    private static final String c = "x-aw-policy-signature";
    private static final String d = "x-aw-policy-request-path-signature";
    private static final String e = "x-aw-policy-signature-oid";
    private static final String f = "1.2.840.10045.4.3.4";
    private static final String g = "Base64";
    private static final int h = 0;
    private static final String i = "PolicySigningHelper";

    public static int a() {
        int i2;
        if (!c()) {
            return 1;
        }
        try {
            if (new ConsoleVersion(SDKContextManager.a().a().getString(SDKSecurePreferencesKeys.w, "")).compareTo(ConsoleVersion.h) >= 0) {
                int intValue = ((Integer) new PolicySigningStateChecker().call()).intValue();
                if (intValue == 1) {
                    a(true);
                    i2 = 1;
                } else if (intValue == 0) {
                    a(false);
                    i2 = 1;
                } else {
                    i2 = 0;
                }
            } else {
                a(false);
                i2 = 1;
            }
            return i2;
        } catch (SDKContextException e2) {
            Logger.d(i, e2);
            return 0;
        } catch (Exception e3) {
            Logger.d(i, e3);
            throw new RuntimeException(e3);
        }
    }

    private static int a(byte[] bArr, String str, Map<String, List<String>> map) {
        String str2;
        try {
            int i2 = map.get(e).get(0).equalsIgnoreCase(f) ? 0 : -1;
            byte[] f2 = f();
            if (f2 == null) {
                Logger.d(i, "Certificate is null");
                return 0;
            }
            if (map.containsKey(c)) {
                str2 = map.get(c).get(0);
                Logger.a(i, "Validating response");
            } else {
                if (!map.containsKey(d)) {
                    Logger.d(i, "Policy Signing Signature header missing.");
                    return 0;
                }
                str2 = map.get(d).get(0);
                bArr = str.toLowerCase().getBytes();
                Logger.a(i, "Validating path");
            }
            int a2 = OpenSSLCryptUtil.e().a(f2, bArr, a(Base64.decode(str2, 0)), i2);
            if (a2 == 1) {
                return 1;
            }
            if (a2 == 0) {
                Logger.d(i, "Signature validation failed");
                return 0;
            }
            if (a2 == -1) {
                Logger.d(i, "Signature validation returned error");
                return 0;
            }
            Logger.d(i, "awVerifyEcdsaSignature returned unknown value");
            return 0;
        } catch (NullPointerException e2) {
            Logger.d(i, "Policy Signing Signature OID header missing.", (Throwable) e2);
            return 0;
        }
    }

    private static void a(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write((byte) bArr.length);
        byteArrayOutputStream.write(bArr, 0, bArr.length);
    }

    public static void a(String str, String str2, String str3, String str4, String str5, String str6) {
        SharedPreferences.Editor edit = SDKContextManager.a().a().edit();
        edit.putString("hmacToken", str);
        edit.putString("userAgent", str2);
        edit.putString(SDKSecurePreferencesKeys.ao, str3);
        edit.putString(SDKSecurePreferencesKeys.ap, str4);
        edit.putString(SDKSecurePreferencesKeys.w, str5);
        edit.putString("host", str6);
        edit.commit();
    }

    private static void a(boolean z) {
        SharedPreferences.Editor edit = SDKContextManager.a().a().edit();
        edit.putBoolean(SDKSecurePreferencesKeys.ai, z);
        edit.commit();
    }

    public static void a(String[] strArr, String str, String str2) {
        SharedPreferences.Editor edit = SDKContextManager.a().a().edit();
        edit.putString(SDKSecurePreferencesKeys.aj, strArr[0]);
        int length = strArr.length;
        StringBuilder sb = new StringBuilder();
        for (String str3 : strArr) {
            sb.append(str3).append(",");
        }
        edit.putInt(SDKSecurePreferencesKeys.an, length);
        edit.putString(SDKSecurePreferencesKeys.am, sb.toString());
        edit.putString(SDKSecurePreferencesKeys.ak, str);
        edit.putString(SDKSecurePreferencesKeys.al, str2);
        edit.commit();
    }

    public static boolean a(byte[] bArr, Map<String, List<String>> map, String str, String str2, Object obj) {
        if (!d()) {
            return true;
        }
        if (a(bArr, str2, map) != 1) {
            return b(bArr, map, str, str2, obj);
        }
        Logger.a(i, "Validation success.");
        return true;
    }

    private static byte[] a(byte[] bArr) {
        int length = bArr.length >> 1;
        byte[] a2 = a(bArr, 0, length);
        byte[] a3 = a(bArr, length, length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(48);
        int length2 = a2.length + 2 + 2 + a3.length;
        if (length2 > 127) {
            byteArrayOutputStream.write(129);
            byteArrayOutputStream.write((byte) length2);
        } else {
            byteArrayOutputStream.write((byte) length2);
        }
        a(byteArrayOutputStream, a2);
        a(byteArrayOutputStream, a3);
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] a(byte[] bArr, int i2, int i3) {
        byte[] bArr2;
        int i4 = 0;
        if ((bArr[i2] & 128) != 0) {
            bArr2 = new byte[i3 + 1];
            bArr2[0] = 0;
            i4 = 1;
        } else {
            bArr2 = new byte[i3];
        }
        System.arraycopy(bArr, i2, bArr2, i4, i3);
        return bArr2;
    }

    public static boolean b() {
        SharedPreferences a2;
        try {
            a2 = SDKContextManager.a().a();
        } catch (KeyStoreException e2) {
            Logger.d(i, "Exception in validating policy signing certificate: ", (Throwable) e2);
        } catch (NoSuchAlgorithmException e3) {
            Logger.d(i, "Exception in validating policy signing certificate: ", (Throwable) e3);
        } catch (CertificateException e4) {
            Logger.d(i, "Policy signing certificate is not valid: ", (Throwable) e4);
        }
        if (a2.getInt(SDKSecurePreferencesKeys.an, 0) < 1) {
            Logger.d(i, "Certificate chain is empty");
            return false;
        }
        String[] split = a2.getString(SDKSecurePreferencesKeys.am, "").split(",");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[split.length];
        for (int i2 = 0; i2 < split.length; i2++) {
            x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(split[i2], 0)));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "blah");
                Logger.a(i, "Policy singing certificate validation success");
                return true;
            }
        }
        Logger.d(i, "Policy signing certificate validation failed");
        e();
        return false;
    }

    private static boolean b(byte[] bArr, Map<String, List<String>> map, String str, String str2, Object obj) {
        if (!str.equalsIgnoreCase(SDKContextManager.a().a().getString("host", ""))) {
            return true;
        }
        if (obj instanceof PolicySigningCheckMessage) {
            Logger.a(i, "Skipping validation for PolicySigningCheckMessage");
            return true;
        }
        Logger.a(i, "Validation failed, retrying.");
        a();
        if (!d() || a(bArr, str2, map) == 1) {
            return true;
        }
        Logger.a(i, "Validation retry failed.");
        return false;
    }

    public static boolean c() {
        SDKContext a2 = SDKContextManager.a();
        if (a2.g() != SDKContext.State.IDLE) {
            return AppInfoReader.a(a2.j()).getBoolean(AppInfoReader.b, false);
        }
        return false;
    }

    public static boolean d() {
        return c() && SDKContextManager.a().a().getBoolean(SDKSecurePreferencesKeys.ai, false);
    }

    public static void e() {
        SharedPreferences.Editor edit = SDKContextManager.a().a().edit();
        edit.putString(SDKSecurePreferencesKeys.aj, "");
        edit.putInt(SDKSecurePreferencesKeys.an, 0);
        edit.putString(SDKSecurePreferencesKeys.am, "");
        edit.putString(SDKSecurePreferencesKeys.ak, "");
        edit.putString(SDKSecurePreferencesKeys.al, "");
        edit.commit();
    }

    private static byte[] f() {
        SharedPreferences a2 = SDKContextManager.a().a();
        String string = a2.getString(SDKSecurePreferencesKeys.aj, "");
        if (!TextUtils.isEmpty(string) && a2.getString(SDKSecurePreferencesKeys.al, "").equalsIgnoreCase(g)) {
            return Base64.decode(string, 0);
        }
        return null;
    }
}
