package dh;

import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.VisibleForTesting;
import com.airwatch.bizlib.policysigning.PolicySigningCheckMessage;
import com.airwatch.bizlib.policysigning.PolicySigningResult;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.gateway.ConsoleVersion;
import com.airwatch.sdk.context.SDKContext;
import com.airwatch.sdk.context.SDKContextException;
import com.airwatch.sdk.context.awsdkcontext.SDKDataModel;
import com.airwatch.sdk.context.t;
import com.airwatch.sdk.m;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.IllegalBlockSizeException;
import org.apache.tika.metadata.Metadata;
import qm.i;
import ym.g0;
import ym.w;

/* loaded from: classes2.dex */
public class g {

    /* renamed from: a, reason: collision with root package name */
    private final List<b> f26700a = new ArrayList();

    /* renamed from: b, reason: collision with root package name */
    private final List<c> f26701b = new ArrayList();

    private PolicySigningResult g(byte[] bArr, String str, Map<String, List<String>> map, String str2, int i11) {
        PolicySigningResult w11 = w(bArr, str, map);
        if (w11 != PolicySigningResult.SUCCESS) {
            o(w11, str2, i11, str);
        }
        return w11;
    }

    private byte[] i() {
        SharedPreferences p11 = t.b().p();
        String string = p11.getString("policy_signing_certificate", "");
        if (!TextUtils.isEmpty(string) && "Base64".equalsIgnoreCase(p11.getString("policy_signing_cert_encoding", ""))) {
            return Base64.decode(string, 0);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void n(PolicySigningResult policySigningResult, String str, int i11, String str2) {
        synchronized (this.f26700a) {
            Iterator<b> it = this.f26700a.iterator();
            while (it.hasNext()) {
                it.next().a(policySigningResult);
            }
        }
        synchronized (this.f26701b) {
            Iterator<c> it2 = this.f26701b.iterator();
            while (it2.hasNext()) {
                it2.next().b(policySigningResult, str, i11, str2);
            }
        }
    }

    private void o(@NonNull final PolicySigningResult policySigningResult, final String str, final int i11, final String str2) {
        i.a(new Runnable() { // from class: dh.f
            @Override // java.lang.Runnable
            public final void run() {
                g.this.n(policySigningResult, str, i11, str2);
            }
        });
    }

    private void q(boolean z11) {
        t.b().p().edit().putBoolean("policy_signing_enabled", z11).apply();
    }

    private boolean s(String str, int i11, Object obj) {
        if (!l()) {
            return true;
        }
        if (obj instanceof PolicySigningCheckMessage) {
            g0.c("PolicySigningHelper", "Skipping validation for PolicySigningCheckMessage");
            return true;
        }
        String[] split = t.b().p().getString("host", "").split(Metadata.NAMESPACE_PREFIX_DELIMITER);
        if (str.equalsIgnoreCase(split[0])) {
            return split.length == 2 && !split[1].equalsIgnoreCase(String.valueOf(i11));
        }
        return true;
    }

    private byte[] u(byte[] bArr) {
        int length = bArr.length >> 1;
        byte[] v11 = v(bArr, 0, length);
        byte[] v12 = v(bArr, length, length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(48);
        int length2 = v11.length + 2 + 2 + v12.length;
        if (length2 > 127) {
            byteArrayOutputStream.write(129);
        }
        byteArrayOutputStream.write((byte) length2);
        x(byteArrayOutputStream, v11);
        x(byteArrayOutputStream, v12);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] v(byte[] bArr, int i11, int i12) {
        byte[] bArr2;
        int i13 = 0;
        if ((bArr[i11] & 128) != 0) {
            bArr2 = new byte[i12 + 1];
            bArr2[0] = 0;
            i13 = 1;
        } else {
            bArr2 = new byte[i12];
        }
        System.arraycopy(bArr, i11, bArr2, i13, i12);
        return bArr2;
    }

    private PolicySigningResult w(byte[] bArr, String str, Map<String, List<String>> map) {
        String str2;
        try {
            int i11 = map.get("x-aw-policy-signature-oid").get(0).equalsIgnoreCase("1.2.840.10045.4.3.4") ? 0 : -1;
            byte[] i12 = i();
            if (i12 == null) {
                g0.k("PolicySigningHelper", "Certificate is null");
                return PolicySigningResult.POLICY_SIGNING_CERT_EMPTY;
            }
            if (map.containsKey("x-aw-policy-signature")) {
                str2 = map.get("x-aw-policy-signature").get(0);
                g0.c("PolicySigningHelper", "Validating response");
            } else {
                if (!map.containsKey("x-aw-policy-request-path-signature")) {
                    g0.k("PolicySigningHelper", "Policy Signing Signature header missing.");
                    return PolicySigningResult.POLICY_SIGNING_HEADER_MISSING;
                }
                String str3 = map.get("x-aw-policy-request-path-signature").get(0);
                byte[] bytes = str.toLowerCase().getBytes();
                g0.c("PolicySigningHelper", "Validating path");
                str2 = str3;
                bArr = bytes;
            }
            if (TextUtils.isEmpty(str2)) {
                g0.k("PolicySigningHelper", "Policy Signing Signature header is empty.");
                return PolicySigningResult.POLICY_SIGNING_HEADER_MISSING;
            }
            int verifyEcdsaSignature = ((OpenSSLCryptUtil) eg.e.b(OpenSSLCryptUtil.class)).verifyEcdsaSignature(i12, bArr, u(Base64.decode(str2, 0)), i11);
            if (verifyEcdsaSignature == 1) {
                return PolicySigningResult.SUCCESS;
            }
            if (verifyEcdsaSignature == 0) {
                g0.k("PolicySigningHelper", "Signature validation failed");
                return PolicySigningResult.POLICY_SIGNING_SIGNATURE_VALIDATION_FAILED;
            }
            g0.k("PolicySigningHelper", verifyEcdsaSignature == -1 ? "Signature validation returned error" : "awVerifyEcdsaSignature returned unknown value");
            return PolicySigningResult.FAILED;
        } catch (NullPointerException e11) {
            g0.n("PolicySigningHelper", "Policy Signing Signature OID header missing.", e11);
            return PolicySigningResult.POLICY_SIGNING_OID_HEADER_MISSING;
        }
    }

    private void x(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write((byte) bArr.length);
        byteArrayOutputStream.write(bArr, 0, bArr.length);
    }

    public int b() {
        return h() == PolicySigningResult.SUCCESS ? 1 : 0;
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x0084, code lost:
    
        if (r1 != r2) goto L23;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0086, code lost:
    
        f();
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x0099, code lost:
    
        return r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0096, code lost:
    
        if (r1 == com.airwatch.bizlib.policysigning.PolicySigningResult.SUCCESS) goto L31;
     */
    @androidx.annotation.WorkerThread
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.airwatch.bizlib.policysigning.PolicySigningResult c() {
        /*
            r9 = this;
            java.lang.String r0 = "PolicySigningHelper"
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = com.airwatch.bizlib.policysigning.PolicySigningResult.SUCCESS
            com.airwatch.sdk.context.SDKContext r2 = com.airwatch.sdk.context.t.b()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            android.content.SharedPreferences r2 = r2.p()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.lang.String r3 = "policy_signing_cert_chain_length"
            r4 = 0
            int r3 = r2.getInt(r3, r4)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r5 = 1
            if (r3 >= r5) goto L1e
            java.lang.String r2 = "Certificate chain is empty"
            ym.g0.k(r0, r2)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            com.airwatch.bizlib.policysigning.PolicySigningResult r0 = com.airwatch.bizlib.policysigning.PolicySigningResult.CERT_CHAIN_EMPTY     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            return r0
        L1e:
            java.lang.String r3 = "policy_signing_cert_chain"
            java.lang.String r5 = ""
            java.lang.String r2 = r2.getString(r3, r5)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.lang.String r3 = ","
            java.lang.String[] r2 = r2.split(r3)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.lang.String r3 = "X.509"
            java.security.cert.CertificateFactory r3 = java.security.cert.CertificateFactory.getInstance(r3)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            int r5 = r2.length     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.security.cert.X509Certificate[] r5 = new java.security.cert.X509Certificate[r5]     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r6 = 0
        L36:
            int r7 = r2.length     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            if (r6 >= r7) goto L4f
            java.io.ByteArrayInputStream r7 = new java.io.ByteArrayInputStream     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r8 = r2[r6]     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            byte[] r8 = android.util.Base64.decode(r8, r4)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r7.<init>(r8)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.security.cert.Certificate r7 = r3.generateCertificate(r7)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r5[r6] = r7     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            int r6 = r6 + 1
            goto L36
        L4f:
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = r9.e(r5)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            com.airwatch.bizlib.policysigning.PolicySigningResult r2 = com.airwatch.bizlib.policysigning.PolicySigningResult.SUCCESS     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            if (r1 == r2) goto L5d
            if (r1 == r2) goto L5c
            r9.f()
        L5c:
            return r1
        L5d:
            com.airwatch.sdk.context.SDKContext r3 = com.airwatch.sdk.context.t.b()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            el.f r3 = r3.m()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r4 = 2
            com.airwatch.revocationcheck.RevocationCheckResponse r3 = r3.f(r4, r5)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            if (r3 == 0) goto L7f
            el.a r3 = r3.getUsagePolicy()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            boolean r3 = r3.getAllowUsage()     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            if (r3 != 0) goto L84
            java.lang.String r3 = "Policy signing certs are revoked and cannot be used"
            ym.g0.k(r0, r3)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            com.airwatch.bizlib.policysigning.PolicySigningResult r0 = com.airwatch.bizlib.policysigning.PolicySigningResult.CERT_CHAIN_FAILED_REVOCATION_CHECK     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
            r1 = r0
            goto L84
        L7f:
            java.lang.String r3 = "Certificate Revocation Check is not enabled in the config"
            ym.g0.k(r0, r3)     // Catch: java.lang.Throwable -> L8a java.security.cert.CertificateException -> L8c
        L84:
            if (r1 == r2) goto L99
        L86:
            r9.f()
            goto L99
        L8a:
            r0 = move-exception
            goto L9a
        L8c:
            r2 = move-exception
            java.lang.String r3 = "Policy signing certificate is not valid: "
            ym.g0.n(r0, r3, r2)     // Catch: java.lang.Throwable -> L8a
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = com.airwatch.bizlib.policysigning.PolicySigningResult.PARSING_ERROR     // Catch: java.lang.Throwable -> L8a
            com.airwatch.bizlib.policysigning.PolicySigningResult r0 = com.airwatch.bizlib.policysigning.PolicySigningResult.SUCCESS
            if (r1 == r0) goto L99
            goto L86
        L99:
            return r1
        L9a:
            com.airwatch.bizlib.policysigning.PolicySigningResult r2 = com.airwatch.bizlib.policysigning.PolicySigningResult.SUCCESS
            if (r1 == r2) goto La1
            r9.f()
        La1:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: dh.g.c():com.airwatch.bizlib.policysigning.PolicySigningResult");
    }

    public PolicySigningResult d(byte[] bArr, Map<String, List<String>> map, String str, int i11, String str2, Object obj) {
        if (s(str, i11, obj)) {
            g0.c("PolicySigningHelper", "checkNetworkResponse: skipping response validation.");
            return PolicySigningResult.SUCCESS;
        }
        PolicySigningResult c11 = c();
        PolicySigningResult policySigningResult = PolicySigningResult.SUCCESS;
        if (c11 != policySigningResult || g(bArr, str2, map, str, i11) != policySigningResult) {
            return j(bArr, str2, map, str, i11);
        }
        g0.c("PolicySigningHelper", "Validation success.");
        return policySigningResult;
    }

    @VisibleForTesting
    PolicySigningResult e(X509Certificate[] x509CertificateArr) {
        w wVar = new w();
        PolicySigningResult k11 = k(x509CertificateArr);
        if (k11 != PolicySigningResult.SUCCESS) {
            g0.k("PolicySigningHelper", "Policy signing certificate validation failed due to invalid chain");
            return k11;
        }
        for (int i11 = 1; i11 <= x509CertificateArr.length - 1; i11++) {
            if (!wVar.e(x509CertificateArr[i11])) {
                g0.k("PolicySigningHelper", "Policy signing certificate validation failed as one of the certificate in chain is not a valid CA certificate");
                return PolicySigningResult.CERT_CHAIN_CONTAINS_NON_CA_CERTIFICATE;
            }
            if (x509CertificateArr[i11].getBasicConstraints() < i11 - 1) {
                g0.k("PolicySigningHelper", "Policy signing certificate validation failed as one of the certificate in chain has invalid path length");
                return PolicySigningResult.CERT_CHAIN_CONTAINS_INVALID_PATH_LENGTH;
            }
        }
        boolean[] keyUsage = x509CertificateArr[0].getKeyUsage();
        if (keyUsage != null && keyUsage[0]) {
            return PolicySigningResult.SUCCESS;
        }
        g0.k("PolicySigningHelper", "Policy signing certificate validation failed as key usage is not valid");
        return PolicySigningResult.INVALID_KEY_USAGE_FOR_POLICY_SIGNING_CERT;
    }

    public void f() {
        SharedPreferences.Editor edit = t.b().p().edit();
        edit.putString("policy_signing_certificate", "");
        edit.putInt("policy_signing_cert_chain_length", 0);
        edit.putString("policy_signing_cert_chain", "");
        edit.putString("policy_signing_cert_type", "");
        edit.putString("policy_signing_cert_encoding", "");
        edit.apply();
    }

    public PolicySigningResult h() {
        if (!m()) {
            return PolicySigningResult.SUCCESS;
        }
        try {
            if (new ConsoleVersion(t.b().p().getString("console_version", "")).compareTo(ConsoleVersion.EIGHT_DOT_FIVE) < 0) {
                q(false);
                return PolicySigningResult.SUCCESS;
            }
            int intValue = ((Integer) ((e) aj0.a.a(e.class)).call()).intValue();
            if (intValue != 1) {
                if (intValue != 0) {
                    return PolicySigningResult.FAILED;
                }
                q(false);
                return PolicySigningResult.SUCCESS;
            }
            PolicySigningResult c11 = ((g) eg.e.b(g.class)).c();
            if (c11 == PolicySigningResult.SUCCESS) {
                g0.c("PolicySigningHelper", "Policy Signing certificate validation success.");
                q(true);
            } else {
                g0.c("PolicySigningHelper", "Policy signing certificate validation failed");
            }
            return c11;
        } catch (SDKContextException e11) {
            g0.o("PolicySigningHelper", e11);
            return PolicySigningResult.FAILED;
        } catch (Exception e12) {
            g0.o("PolicySigningHelper", e12);
            throw new RuntimeException(e12);
        }
    }

    @VisibleForTesting
    PolicySigningResult j(byte[] bArr, String str, Map<String, List<String>> map, String str2, int i11) {
        g0.R("PolicySigningHelper", "Validation failed, re-fetching certificate.");
        PolicySigningResult h11 = h();
        PolicySigningResult policySigningResult = PolicySigningResult.SUCCESS;
        if (h11 != policySigningResult) {
            o(h11, str2, i11, str);
            return h11;
        }
        if (!l()) {
            return policySigningResult;
        }
        g0.u("PolicySigningHelper", "Retrying validation");
        return g(bArr, str, map, str2, i11);
    }

    public PolicySigningResult k(X509Certificate[] x509CertificateArr) {
        int i11 = 0;
        String name = x509CertificateArr[0].getSubjectDN().getName();
        g0.c("PolicySigningHelper", "isChainValid called for " + name + " with chain length: " + x509CertificateArr.length);
        while (i11 < x509CertificateArr.length - 1) {
            try {
                x509CertificateArr[i11].checkValidity();
                X509Certificate x509Certificate = x509CertificateArr[i11];
                i11++;
                x509Certificate.verify(x509CertificateArr[i11].getPublicKey());
            } catch (InvalidKeyException e11) {
                e = e11;
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.CERT_CHAIN_INVALID;
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.CERT_CHAIN_INVALID;
            } catch (NoSuchProviderException e13) {
                e = e13;
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.CERT_CHAIN_INVALID;
            } catch (SignatureException e14) {
                e = e14;
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.CERT_CHAIN_INVALID;
            } catch (CertificateExpiredException e15) {
                e = e15;
                g0.k("PolicySigningHelper", "Cert chain for " + name + " has a expired certificate. " + e.getMessage());
                return PolicySigningResult.EXPIRED_CERTIFICATE;
            } catch (CertificateNotYetValidException e16) {
                e = e16;
                g0.k("PolicySigningHelper", "Cert chain for " + name + " has a expired certificate. " + e.getMessage());
                return PolicySigningResult.EXPIRED_CERTIFICATE;
            } catch (CertificateException e17) {
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e17.getMessage());
                return PolicySigningResult.BAD_SIGNATURE;
            } catch (Exception e18) {
                if (!(e18 instanceof IllegalBlockSizeException)) {
                    throw e18;
                }
                g0.k("PolicySigningHelper", "Exception while validating cert chain for " + name + e18.getMessage());
                return PolicySigningResult.BAD_SIGNATURE;
            }
        }
        x509CertificateArr[x509CertificateArr.length - 1].checkValidity();
        g0.c("PolicySigningHelper", "Chain for " + name + " is valid");
        return PolicySigningResult.SUCCESS;
    }

    public boolean l() {
        return m() && t.b().p().getBoolean("policy_signing_enabled", false);
    }

    public boolean m() {
        SDKContext b11 = t.b();
        if (b11.i() != SDKContext.State.IDLE) {
            return ((m) eg.e.b(m.class)).a(b11.g()).getBoolean("policySigning", false);
        }
        return false;
    }

    public void p(@NonNull c cVar) {
        synchronized (this.f26701b) {
            this.f26701b.add(cVar);
        }
    }

    public void r(String str, String str2, String str3, String str4, String str5, String str6) {
        SharedPreferences p11 = t.b().p();
        ((SDKDataModel) aj0.a.a(SDKDataModel.class)).U(str.getBytes());
        SharedPreferences.Editor edit = p11.edit();
        edit.putString("userAgent", str2);
        edit.putString("device_uid", str3);
        edit.putString("package_name", str4);
        edit.putString("console_version", str5);
        edit.putString("host", str6);
        edit.apply();
    }

    public void t(String[] strArr, String str, String str2) {
        SharedPreferences.Editor edit = t.b().p().edit();
        edit.putString("policy_signing_certificate", strArr[0]);
        int length = strArr.length;
        StringBuilder sb2 = new StringBuilder();
        for (String str3 : strArr) {
            sb2.append(str3);
            sb2.append(",");
        }
        edit.putInt("policy_signing_cert_chain_length", length);
        edit.putString("policy_signing_cert_chain", sb2.toString());
        edit.putString("policy_signing_cert_type", str);
        edit.putString("policy_signing_cert_encoding", str2);
        edit.apply();
    }
}
