package com.mobileiron.common;

import android.os.Build;
import android.support.v4.media.session.MediaSessionCompat;
import android.util.Base64;
import com.google.protobuf.ByteString;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.GeneratedMessage;
import com.mobileiron.acom.core.android.AppsUtils;
import com.mobileiron.acom.core.utils.cert.CertificateUtils;
import com.mobileiron.opensslwrapper.HttpHelper;
import com.mobileiron.opensslwrapper.SSLSocket;
import com.mobileiron.opensslwrapper.SSLSocketFactory;
import com.mobileiron.protocol.v1.Certificates;
import com.mobileiron.protocol.v1.ConstantsProto;
import com.mobileiron.protocol.v1.Registration;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;

/* loaded from: classes.dex */
public final class c0 {

    /* renamed from: e, reason: collision with root package name */
    private static volatile c0 f11929e;

    /* renamed from: a, reason: collision with root package name */
    private ExtensionRegistry f11930a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f11931b;

    /* renamed from: c, reason: collision with root package name */
    private boolean f11932c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f11933d;

    private c0() {
        ExtensionRegistry newInstance = ExtensionRegistry.newInstance();
        this.f11930a = newInstance;
        Registration.registerAllExtensions(newInstance);
    }

    private SSLSocket c(URI uri, Registration.RegistrationType registrationType) {
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory();
        o o = o.o();
        int r = com.mobileiron.common.utils.q.m().r(uri);
        SSLSocket sSLSocket = null;
        try {
            if (registrationType.equals(Registration.RegistrationType.CERTIFICATE_RENEWAL) && !o.m().v(sSLSocketFactory)) {
                return null;
            }
            sSLSocket = sSLSocketFactory.createSocket(uri.getHost(), r);
            sSLSocket.setSoTimeout(MiscConstants.f11866a);
            return sSLSocket;
        } catch (IOException e2) {
            a0.C("MutualAuthCertManager", "createSocket exception: " + e2);
            return sSLSocket;
        }
    }

    public static boolean e(byte[] bArr) {
        try {
            String r = com.mobileiron.m.f().r("private_key");
            if (r == null) {
                throw new IOException("Empty private key");
            }
            PrivateKey generatePrivate = KeyFactory.getInstance(com.mobileiron.m.f().r("private_key_alg")).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(r, 0)));
            ArrayList arrayList = new ArrayList();
            CertificateUtils.c(bArr, null, arrayList, null);
            Date notAfter = ((X509Certificate) arrayList.get(0)).getNotAfter();
            a0.n("MutualAuthCertManager", "New certificate expires at: " + notAfter);
            com.mobileiron.m.f().w("client_certificate_expiration", notAfter.getTime());
            String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
            com.mobileiron.m.f().z("client_keystore_password", bigInteger);
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(null, bigInteger.toCharArray());
            Certificate[] certificateArr = new Certificate[arrayList.size()];
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                certificateArr[i2] = (Certificate) arrayList.get(i2);
            }
            keyStore.setKeyEntry("alias", generatePrivate, bigInteger.toCharArray(), certificateArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, bigInteger.toCharArray());
            String encodeToString = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 2);
            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "MutualAuthCertManager");
            com.mobileiron.m.f().z("client_certificate_keystore", encodeToString);
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e2) {
            a0.e("MutualAuthCertManager", e2.getMessage());
            a0.w("MutualAuthCertManager", e2);
            return false;
        }
    }

    private boolean f() {
        if (!com.mobileiron.m.f().h("csr")) {
            String[] l = com.mobileiron.common.utils.m.l(com.mobileiron.m.f().r("csr_params"), com.mobileiron.m.f().r("certificate_cn"));
            if (l == null) {
                a0.e("MutualAuthCertManager", "generatePrivateKeyAndCsr failed!");
                return false;
            }
            com.mobileiron.m.f().z("private_key", l[0]);
            com.mobileiron.m.f().z("private_key_alg", l[1]);
            com.mobileiron.m.f().z("csr", l[2]);
        }
        return true;
    }

    private boolean g(Registration.RegistrationType registrationType) {
        Throwable th;
        InputStream inputStream;
        Object e2;
        Throwable th2;
        if (com.mobileiron.m.f().h("csr_params") && com.mobileiron.m.f().h("registration_url")) {
            return true;
        }
        StringBuilder l0 = d.a.a.a.a.l0("getCsrParams: ");
        l0.append(registrationType.name());
        a0.n("MutualAuthCertManager", l0.toString());
        ByteArrayOutputStream byteArrayOutputStream = null;
        String str = null;
        byteArrayOutputStream = null;
        byteArrayOutputStream = null;
        byteArrayOutputStream = null;
        try {
            u n = com.mobileiron.s.a.l().n();
            Registration.RegistrationRequest build = Registration.RegistrationRequest.newBuilder().setType(registrationType).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>>) Registration.DeviceRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>) h()).build();
            URI uri = new URI("https://" + n.l("serverIP") + "/api/v2/Enrollment/enroll-capabilities");
            SSLSocket c2 = c(uri, registrationType);
            if (c2 != null) {
                HttpPost httpPost = new HttpPost(uri);
                httpPost.addHeader("Content-Type", "application/x-protobuf");
                httpPost.addHeader("Accept", "application/x-protobuf");
                httpPost.setEntity(new ByteArrayEntity(build.toByteArray()));
                HttpResponse executeHttpRequest = HttpHelper.executeHttpRequest(c2, httpPost, null);
                HttpEntity entity = executeHttpRequest.getEntity();
                int statusCode = executeHttpRequest.getStatusLine().getStatusCode();
                if (entity != null && statusCode == 200) {
                    inputStream = entity.getContent();
                    try {
                        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                        try {
                            MediaSessionCompat.C(inputStream, byteArrayOutputStream2);
                            Certificates.CertificateRequestProfile certificateRequestProfile = ((Registration.DeviceRegistrationResponse) Registration.RegistrationResponse.parseFrom(byteArrayOutputStream2.toByteArray(), this.f11930a).getExtension((GeneratedMessage.GeneratedExtension) Registration.DeviceRegistrationResponse.response)).getCertificateRequestProfile();
                            Iterator<ConstantsProto.Constants.KeyValuePair> it = certificateRequestProfile.getSubjectAttributesList().iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                ConstantsProto.Constants.KeyValuePair next = it.next();
                                if ("CN".equalsIgnoreCase(next.getKey())) {
                                    str = next.getVal();
                                    break;
                                }
                            }
                            com.mobileiron.acom.core.utils.i iVar = new com.mobileiron.acom.core.utils.i();
                            iVar.R("keySize", certificateRequestProfile.getKeyLength());
                            iVar.R("keyUsage", certificateRequestProfile.getKeyUsage());
                            iVar.U("keyType", com.mobileiron.acom.core.utils.c.f(certificateRequestProfile.getSignatureAlgorithm().toString()));
                            iVar.U("signatureAlg", com.mobileiron.acom.core.utils.c.e(certificateRequestProfile.getSignatureAlgorithm().toString()));
                            iVar.U("challenge", certificateRequestProfile.getChallenge());
                            com.mobileiron.m.f().z("csr_params", iVar.a0("root"));
                            if (StringUtils.isNotBlank(str)) {
                                com.mobileiron.m.f().z("certificate_cn", str);
                            }
                            com.mobileiron.m.f().z("registration_url", certificateRequestProfile.getClientCertResponseUrl());
                            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream2, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                            return true;
                        } catch (IOException e3) {
                            e2 = e3;
                            byteArrayOutputStream = byteArrayOutputStream2;
                            try {
                                a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                                com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                                com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                                return false;
                            } catch (Throwable th3) {
                                th2 = th3;
                                th = th2;
                                com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                                com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                                throw th;
                            }
                        } catch (URISyntaxException e4) {
                            e2 = e4;
                            byteArrayOutputStream = byteArrayOutputStream2;
                            a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                            return false;
                        } catch (HttpException e5) {
                            e2 = e5;
                            byteArrayOutputStream = byteArrayOutputStream2;
                            a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                            return false;
                        } catch (Throwable th4) {
                            th2 = th4;
                            byteArrayOutputStream = byteArrayOutputStream2;
                            th = th2;
                            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                            throw th;
                        }
                    } catch (IOException e6) {
                        e = e6;
                        e2 = e;
                        a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                        com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                        com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                        return false;
                    } catch (URISyntaxException e7) {
                        e = e7;
                        e2 = e;
                        a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                        com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                        com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                        return false;
                    } catch (HttpException e8) {
                        e = e8;
                        e2 = e;
                        a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
                        com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                        com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                        return false;
                    } catch (Throwable th5) {
                        th = th5;
                        com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
                        com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
                        throw th;
                    }
                }
                a0.e("MutualAuthCertManager", "getCsrParams error: " + statusCode);
            }
            com.mobileiron.acom.core.utils.m.c(null, "getCsrParams baos");
            com.mobileiron.acom.core.utils.m.c(null, "getCsrParams is");
        } catch (IOException e9) {
            e = e9;
            e2 = e;
            inputStream = null;
            a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
            return false;
        } catch (URISyntaxException e10) {
            e = e10;
            e2 = e;
            inputStream = null;
            a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
            return false;
        } catch (HttpException e11) {
            e = e11;
            e2 = e;
            inputStream = null;
            a0.C("MutualAuthCertManager", "getCsrParams exception: " + e2);
            com.mobileiron.acom.core.utils.m.c(byteArrayOutputStream, "getCsrParams baos");
            com.mobileiron.acom.core.utils.m.c(inputStream, "getCsrParams is");
            return false;
        } catch (Throwable th6) {
            th = th6;
            inputStream = null;
        }
        return false;
    }

    private Registration.DeviceRegistrationRequest h() {
        return Registration.DeviceRegistrationRequest.newBuilder().setDeviceRegistrationDetail(Registration.DeviceRegistrationRequest.DeviceRegistrationDetail.newBuilder().setPlatformType(ConstantsProto.Constants.PlatformType.ANDROID).setPlatformVersion(Build.VERSION.RELEASE.trim()).setDeviceModelName(Build.MODEL).setClientVersion(AppsUtils.j()).setLocale(com.mobileiron.common.utils.q.m().n()).setClientAppBundleId(com.mobileiron.acom.core.android.b.a().getPackageName()).build()).setCredentials(Registration.RegistrationRequest.Credentials.newBuilder().setClientId(Long.toString(com.mobileiron.s.a.l().p())).setUsername(com.mobileiron.s.a.l().n().w()).build()).setClientDeviceIdentifier(Long.toString(com.mobileiron.s.a.l().p())).setTermsAccepted(true).build();
    }

    public static c0 i() {
        if (f11929e == null) {
            synchronized (c0.class) {
                if (f11929e == null) {
                    f11929e = new c0();
                }
            }
        }
        return f11929e;
    }

    private boolean j(Registration.RegistrationType registrationType) {
        URI uri;
        if (registrationType.equals(Registration.RegistrationType.MICLIENT_MIGRATION) && com.mobileiron.m.f().h("client_certificate_keystore")) {
            return true;
        }
        StringBuilder l0 = d.a.a.a.a.l0("getSignedCertificate: ");
        l0.append(registrationType.name());
        a0.n("MutualAuthCertManager", l0.toString());
        try {
            u n = com.mobileiron.s.a.l().n();
            Registration.RegistrationRequest build = Registration.RegistrationRequest.newBuilder().setType(Registration.RegistrationType.CERTIFICATE_SIGNING).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.CertificateSigningRegistrationRequest>>) Registration.CertificateSigningRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.CertificateSigningRegistrationRequest>) Registration.CertificateSigningRegistrationRequest.newBuilder().setClientDeviceIdentifier(Long.toString(com.mobileiron.s.a.l().p())).setCsr(ByteString.copyFrom(Base64.decode(com.mobileiron.m.f().r("csr"), 0))).build()).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>>) Registration.DeviceRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>) h()).build();
            if (registrationType.equals(Registration.RegistrationType.CERTIFICATE_RENEWAL)) {
                uri = new URI(com.mobileiron.m.f().r("registration_url") + n.e());
            } else {
                uri = new URI(com.mobileiron.m.f().r("registration_url"));
            }
            HttpPost httpPost = new HttpPost(uri);
            SSLSocket c2 = c(uri, registrationType);
            if (c2 != null) {
                httpPost.addHeader("X-MobileIron-Client-Cookie", com.mobileiron.s.a.l().j());
                httpPost.addHeader("X-MobileIron-Client-Id", Long.toString(com.mobileiron.s.a.l().p()));
                httpPost.addHeader("aad_device_id", n.e());
                httpPost.addHeader("Content-Type", "application/x-protobuf");
                httpPost.addHeader("Accept", "application/x-protobuf");
                httpPost.setEntity(new ByteArrayEntity(build.toByteArray()));
                HttpResponse executeHttpRequest = HttpHelper.executeHttpRequest(c2, httpPost, null);
                HttpEntity entity = executeHttpRequest.getEntity();
                int statusCode = executeHttpRequest.getStatusLine().getStatusCode();
                if (entity == null || statusCode != 200) {
                    a0.e("MutualAuthCertManager", "getSignedCertificate error: " + statusCode);
                } else {
                    InputStream content = entity.getContent();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    MediaSessionCompat.C(content, byteArrayOutputStream);
                    Registration.RegistrationResponse parseFrom = Registration.RegistrationResponse.parseFrom(byteArrayOutputStream.toByteArray(), this.f11930a);
                    if (parseFrom.getStatus() == ConstantsProto.Constants.Status.ERROR) {
                        a0.e("MutualAuthCertManager", "getSignedCertificate error from server: " + parseFrom.getMessage());
                    } else {
                        Registration.CertificateSigningRegistrationResponse certificateSigningRegistrationResponse = (Registration.CertificateSigningRegistrationResponse) parseFrom.getExtension((GeneratedMessage.GeneratedExtension) Registration.CertificateSigningRegistrationResponse.response);
                        if (e(certificateSigningRegistrationResponse.getX509CertificateResponse().getX509Certificate().toByteArray())) {
                            if (!registrationType.equals(Registration.RegistrationType.MICLIENT_MIGRATION)) {
                                return true;
                            }
                            o.o().f12040b.I(certificateSigningRegistrationResponse.getCheckinUrl());
                            com.mobileiron.m.f().z("checkin_url", certificateSigningRegistrationResponse.getCheckinUrl());
                            com.mobileiron.m.f().z("push_url", certificateSigningRegistrationResponse.getNotificationUrl());
                            return true;
                        }
                        a0.e("MutualAuthCertManager", "getSignedCertificate failed to generate keystore!");
                    }
                }
            }
        } catch (IOException | URISyntaxException | HttpException e2) {
            d.a.a.a.a.N0("getSignedCertificate exception: ", e2, "MutualAuthCertManager");
        }
        return false;
    }

    public boolean a() {
        return this.f11932c;
    }

    public void b() {
        a0.d("MutualAuthCertManager", "Data cleaned");
        com.mobileiron.m.f().A("csr");
        com.mobileiron.m.f().A("csr_params");
        com.mobileiron.m.f().A("registration_url");
    }

    public boolean d() {
        return this.f11933d;
    }

    public boolean k() {
        return this.f11931b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean l() {
        a0.n("MutualAuthCertManager", "startCertificateRenewal");
        if (com.mobileiron.acom.core.android.u.a()) {
            a0.n("MutualAuthCertManager", "startCertificateRenewal cannot be done on main thread");
            return false;
        }
        this.f11932c = true;
        boolean g2 = g(Registration.RegistrationType.CERTIFICATE_RENEWAL);
        this.f11932c = g2;
        if (!g2) {
            return false;
        }
        boolean f2 = f();
        this.f11932c = f2;
        if (!f2) {
            return false;
        }
        boolean j = j(Registration.RegistrationType.CERTIFICATE_RENEWAL);
        this.f11932c = j;
        if (!j) {
            return false;
        }
        b();
        this.f11932c = false;
        a0.n("MutualAuthCertManager", "CertificateRenewal completed");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void m() {
        a0.n("MutualAuthCertManager", "startExpiredCertificateRenewal");
        if (com.mobileiron.acom.core.android.u.a()) {
            a0.n("MutualAuthCertManager", "startExpiredCertificateRenewal cannot be done on main thread");
            return;
        }
        this.f11933d = true;
        boolean g2 = g(Registration.RegistrationType.EXPIRED_CERTIFICATE_RENEWAL);
        this.f11933d = g2;
        if (g2) {
            boolean f2 = f();
            this.f11933d = f2;
            if (f2) {
                boolean j = j(Registration.RegistrationType.EXPIRED_CERTIFICATE_RENEWAL);
                this.f11933d = j;
                if (j) {
                    b();
                    this.f11933d = false;
                    a0.n("MutualAuthCertManager", "ExpiredCertificateRenewal completed");
                }
            }
        }
    }

    public synchronized void n() {
        a0.n("MutualAuthCertManager", "startMigrationToMutualAuth");
        this.f11931b = true;
        boolean g2 = g(Registration.RegistrationType.MICLIENT_MIGRATION);
        this.f11931b = g2;
        if (g2) {
            boolean f2 = f();
            this.f11931b = f2;
            if (f2) {
                boolean j = j(Registration.RegistrationType.MICLIENT_MIGRATION);
                this.f11931b = j;
                if (j) {
                    if (!o.o().w()) {
                        o.o().f12040b.i();
                        o.o().J(true);
                    }
                    b();
                    this.f11931b = false;
                    a0.n("MutualAuthCertManager", "MigrationToMutualAuth completed");
                }
            }
        }
    }
}
