package com.samsung.android.service.health.security;

import android.content.Context;
import android.security.KeyChainException;
import android.util.Base64;
import com.samsung.android.knox.ccm.SemClientCertificateManager;
import com.samsung.android.sdk.healthdata.privileged.util.LogUtil;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public final class KnoxCcmManager {
    private static final String TAG = LogUtil.makeTag("KnoxCcmManager");
    private static boolean sIsSetup = false;
    private final Context mContext;
    private final KnoxTimaKeystoreManager mManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KnoxCcmManager(Context context) {
        this.mContext = context;
        this.mManager = new KnoxTimaKeystoreManager(context);
    }

    private X509Certificate getDefaultCertificate() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, NoSuchProviderException, KeyChainException, InterruptedException {
        int i = 1;
        KeyStore keyStore = KeyStore.getInstance("PKCS11", "SECPkcs11");
        if (keyStore != null) {
            keyStore.load(null, null);
            Certificate[] certificateChain = keyStore.getCertificateChain("Samsung default");
            if (certificateChain != null && certificateChain.length != 0) {
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                for (int i2 = 0; i2 < certificateChain.length; i2++) {
                    x509CertificateArr[i2] = (X509Certificate) certificateChain[i2];
                }
                return x509CertificateArr[0];
            }
            i = 2;
        }
        ServiceLogger.doKnoxLogging(this.mContext, "KX_CCM_GET_CERT_FAIL", Integer.toString(i), null);
        return null;
    }

    private int setupCcmProfile() {
        int i = 0;
        if (!sIsSetup) {
            try {
                Class.forName("com.samsung.android.knox.ccm.SemClientCertificateManager");
                if (!this.mManager.enableTimaKeystore()) {
                    i = 2;
                } else if (new SemClientCertificateManager().setDefaultClientCertificateManagerProfile()) {
                    LogUtil.LOGD(TAG, "after setupCcmProfile success");
                    sIsSetup = true;
                } else {
                    i = 3;
                }
            } catch (ClassNotFoundException e) {
                i = 1;
            }
            ServiceLogger.doKnoxLogging(this.mContext, "KX_CCM_SETUP_FAIL", Integer.toString(i), null);
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getDefaultCertificateId() {
        LogUtil.LOGD(TAG, "getDefaultCertificateId");
        if (setupCcmProfile() != 0) {
            return null;
        }
        try {
            X509Certificate defaultCertificate = getDefaultCertificate();
            if (defaultCertificate != null) {
                return defaultCertificate.getSubjectDN().getName();
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getEncodedDefaultCertificate() {
        LogUtil.LOGD(TAG, "getEncodedDefaultCertificate");
        if (setupCcmProfile() != 0) {
            return null;
        }
        try {
            X509Certificate defaultCertificate = getDefaultCertificate();
            if (defaultCertificate != null) {
                return Base64.encodeToString(defaultCertificate.getEncoded(), 0);
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }
}
