package com.cisco.android.nchs.support;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.EnterpriseDeviceManager;
import android.app.enterprise.SecurityPolicy;
import android.content.Context;
import android.content.Intent;
import android.text.TextUtils;
import com.cisco.android.nchs.NetworkComponentHostService;
import com.cisco.android.nchs.aidl.CertOpCode;
import com.cisco.android.nchs.support.CertificateManager;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Iterator;

/* loaded from: classes.dex */
public class SafeSystemCertificateManager extends SystemCertificateManager {
    private static final String ENTITY_NAME = "SafeSystemCertificateManager";
    private EnterpriseDeviceManager mEdm;

    public SafeSystemCertificateManager(Context context, NetworkComponentHostService networkComponentHostService) {
        super(context, networkComponentHostService);
        this.mEdm = (EnterpriseDeviceManager) this.mContext.getSystemService(EnterpriseDeviceManager.ENTERPRISE_POLICY_SERVICE);
        if (this.mEdm == null) {
            throw new IllegalStateException("Enterprise device manager is null");
        }
    }

    private static String certTypeToSamsungType(CertificateManager.CertificateBlobType certificateBlobType) {
        switch (certificateBlobType) {
            case TYPE_CERTIFICATE:
                return SecurityPolicy.TYPE_CERTIFICATE;
            case TYPE_PKCS12:
                return SecurityPolicy.TYPE_PKCS12;
            default:
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Unknown certificate type: " + certificateBlobType);
                return null;
        }
    }

    public static CertOpCode getKeyStoreStatus(SecurityPolicy securityPolicy) {
        int credentialStorageStatus = securityPolicy.getCredentialStorageStatus();
        String str = "Unknown";
        CertOpCode certOpCode = CertOpCode.RESULT_CERTIFICATE_IMPORT_ERROR_KEYSTORE_ERROR;
        switch (credentialStorageStatus) {
            case 1:
                str = "Success";
                certOpCode = CertOpCode.RESULT_CERTIFICATE_OPERATION_SUCCESS;
                break;
            case 2:
                str = "KEYSTORE_LOCKED";
                break;
            case 3:
                str = "KEYSTORE_UNINITIALIZED : password not yet set";
                certOpCode = CertOpCode.RESULT_CERTIFICATE_IMPORT_ERROR_KEYSTORE_UNINITIALIZED;
                break;
            case 4:
                str = "KEYSTORE_SYSTEM_ERROR";
                break;
            case 6:
                str = "KEYSTORE_PERMISSION_DENIED";
                break;
            case 7:
                str = "KEYSTORE_KEY_NOT_FOUND";
                break;
            case 8:
                str = "KEYSTORE_VALUE_CORRUPTED";
                break;
            case 9:
                str = "KEYSTORE_UNDEFINED_ACTION";
                break;
            case 10:
                str = "KEYSTORE_WRONG_PASSWORD";
                break;
        }
        if (1 != credentialStorageStatus) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "KeyStore error " + credentialStorageStatus + " " + str);
        }
        return certOpCode;
    }

    @Override // com.cisco.android.nchs.support.SystemCertificateManager
    public CertOpCode deleteCertificate(String str) {
        SecurityPolicy securityPolicy;
        CertOpCode keyStoreStatus;
        try {
            securityPolicy = this.mEdm.getSecurityPolicy();
            keyStoreStatus = getKeyStoreStatus(securityPolicy);
        } catch (SecurityException e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "SecurityException: ", e);
        }
        if (CertOpCode.RESULT_CERTIFICATE_OPERATION_SUCCESS != keyStoreStatus) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "KeyStore error deleting certificate " + str + " " + keyStoreStatus);
            return keyStoreStatus;
        }
        boolean z = true;
        if (securityPolicy.removeCertificate(str, SecurityPolicy.CA_CERTIFICATE)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate removed (ca): " + str);
            z = true;
        }
        if (securityPolicy.removeCertificate(str, SecurityPolicy.USER_CERTIFICATE)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate removed (user): " + str);
            z = true;
        }
        if (z) {
            return CertOpCode.RESULT_CERTIFICATE_OPERATION_SUCCESS;
        }
        AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Failed to remove the certificate: " + str);
        return CertOpCode.RESULT_CERTIFICATE_OPERATION_FAILED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cisco.android.nchs.support.SystemCertificateManager
    public CertOpCode importCertificate(CertificateManager.CertificateBlobType certificateBlobType, byte[] bArr, String str, String str2, String str3, Intent intent) {
        AppLog.logDebugBuildDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Importing certificate to system store via SAFE: " + str3);
        SecurityPolicy securityPolicy = this.mEdm.getSecurityPolicy();
        CertOpCode certOpCode = CertOpCode.RESULT_CERTIFICATE_OPERATION_FAILED;
        byte[] bArr2 = bArr;
        String str4 = str;
        if (CertificateManager.CertificateBlobType.TYPE_PKCS12 == certificateBlobType && TextUtils.isEmpty(str)) {
            try {
                KeyStore keyStore = KeyStore.getInstance(SecurityPolicy.TYPE_PKCS12);
                try {
                    try {
                        keyStore.load(new ByteArrayInputStream(bArr), new KeyStore.PasswordProtection(str.toCharArray()).getPassword());
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        str4 = "temp";
                        keyStore.store(byteArrayOutputStream, "temp".toCharArray());
                        bArr2 = byteArrayOutputStream.toByteArray();
                    } catch (NoSuchAlgorithmException e) {
                        AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "NoSuchAlgorithmException", e);
                    }
                } catch (IOException e2) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "IOException", e2);
                } catch (CertificateException e3) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "CertificateException", e3);
                }
            } catch (KeyStoreException e4) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "KeyStoreException", e4);
            }
        }
        String certTypeToSamsungType = certTypeToSamsungType(certificateBlobType);
        try {
            CertOpCode keyStoreStatus = getKeyStoreStatus(securityPolicy);
            if (CertOpCode.RESULT_CERTIFICATE_OPERATION_SUCCESS != keyStoreStatus) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "KeyStore error importing certificate " + str3 + " " + keyStoreStatus);
                certOpCode = keyStoreStatus;
            } else if (securityPolicy.installCertificate(certTypeToSamsungType, bArr2, str3, str4)) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate installed: " + str3);
                certOpCode = CertOpCode.RESULT_CERTIFICATE_OPERATION_SUCCESS;
            } else {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Failed to install certificate: " + str3 + " " + certTypeToSamsungType);
            }
        } catch (SecurityException e5) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "SecurityException", e5);
        }
        return certOpCode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cisco.android.nchs.support.SystemCertificateManager
    public boolean isCertificateInstalled(String str) {
        AppLog.logDebugBuildDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Verifying certificate via SAFE: " + str);
        SecurityPolicy securityPolicy = this.mEdm.getSecurityPolicy();
        CertificateInfo installedCertificate = securityPolicy.getInstalledCertificate(str);
        if (installedCertificate != null) {
            if (installedCertificate.getCertificate() == null) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate is not installed (null): " + str);
                return false;
            }
            AppLog.logDebugBuildDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate is installed: " + installedCertificate.getCertificate().toString());
            return true;
        }
        Iterator<String> it = securityPolicy.getInstalledCertificateNames(SecurityPolicy.CA_CERTIFICATE).iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        Iterator<String> it2 = securityPolicy.getInstalledCertificateNames(SecurityPolicy.USER_CERTIFICATE).iterator();
        while (it2.hasNext()) {
            if (it2.next().equals(str)) {
                return true;
            }
        }
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Certificate is not installed: " + str);
        return false;
    }
}
