package com.airwatch.sdk.certificate;

import android.annotation.SuppressLint;
import android.app.Activity;
import android.content.Context;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.text.TextUtils;
import android.webkit.ClientCertRequest;
import android.webkit.ClientCertRequestHandler;
import com.airwatch.sdk.configuration.SDKConfiguration;
import com.airwatch.sdk.configuration.SDKConfigurationKeys;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.sdk.context.awsdkcontext.SDKContextHelper;
import com.airwatch.storage.SDKSecurePreferencesKeys;
import com.airwatch.util.Logger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

/* loaded from: classes.dex */
public class CertificateFetchUtility {
    private static final String DERIVED_CREDENTIALS = "DerivedCredentials";
    private static final String TAG = "CertAuth";
    static CountDownLatch mLatch;

    public static void authHandlerWithCertFromKeyChain(Context context, Object obj) {
        KeyChain.choosePrivateKeyAlias((Activity) context, new e(context, obj), new String[0], null, "localhost", -1, "tomcat");
    }

    @SuppressLint({"NewApi"})
    public static void authHandlerWithCertFromKeyStore(KeyStore keyStore, Object obj) {
        PrivateKey privateKey;
        X509Certificate[] x509CertificateArr = null;
        if (keyStore == null || obj == null) {
            return;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    privateKey = null;
                    break;
                }
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, null);
                    PrivateKey privateKey2 = privateKeyEntry.getPrivateKey();
                    x509CertificateArr = (X509Certificate[]) privateKeyEntry.getCertificateChain();
                    privateKey = privateKey2;
                    break;
                }
            }
            if (privateKey == null || x509CertificateArr == null) {
                if (obj instanceof ClientCertRequest) {
                    Logger.d(TAG, "proceeding with ignore");
                    ((ClientCertRequest) obj).ignore();
                    return;
                }
                return;
            }
            Logger.d(TAG, "proceeding with Cet" + x509CertificateArr[0].getSubjectDN());
            if (obj instanceof ClientCertRequestHandler) {
                ((ClientCertRequestHandler) obj).proceed(privateKey, x509CertificateArr);
            } else {
                ((ClientCertRequest) obj).proceed(privateKey, x509CertificateArr);
            }
        } catch (Exception e) {
            Logger.e(TAG, "exception while handling authintication", (Throwable) e);
        }
    }

    private static void fetchCertificateFromConsole(Context context, SDKContextHelper sDKContextHelper, String str, String str2) {
        mLatch = new CountDownLatch(1);
        try {
            sDKContextHelper.fetchCertificate(0, context, SDKSecurePreferencesKeys.IA_CERT_ALIAS, str, str2, new b());
            mLatch.await(10000L, TimeUnit.MILLISECONDS);
        } catch (InterruptedException e) {
            Logger.e(TAG, e);
        }
        mLatch = null;
    }

    private static void fetchCertificateFromDerivedCredentials(Context context, SDKContextHelper sDKContextHelper) {
        mLatch = new CountDownLatch(1);
        try {
            sDKContextHelper.fetchCertificateFromDerivedCredentials(0, context, new a());
            mLatch.await(10000L, TimeUnit.MILLISECONDS);
            mLatch = null;
        } catch (InterruptedException e) {
            Logger.e(TAG, e);
        }
        mLatch = null;
    }

    public static synchronized KeyStore fetchKey(Context context, boolean z) {
        KeyStore key;
        synchronized (CertificateFetchUtility.class) {
            if (!isCertAuthEnabled()) {
                key = null;
            } else if (z || (key = getKey()) == null) {
                SDKContextHelper sDKContextHelper = new SDKContextHelper();
                SDKConfiguration sDKConfiguration = SDKContextManager.getSDKContext().getSDKConfiguration();
                String value = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_ISSUER);
                String value2 = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.ISSUER_TOKEN);
                String value3 = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_SOURCE);
                if (TextUtils.isEmpty(value3)) {
                    fetchCertificateFromConsole(context, sDKContextHelper, value, value2);
                } else if (DERIVED_CREDENTIALS.equals(value3)) {
                    fetchCertificateFromDerivedCredentials(context, sDKContextHelper);
                } else {
                    Logger.e(TAG, "Unknown certificate provider");
                }
                key = getKey();
            }
        }
        return key;
    }

    public static void fetchKey(Context context, SDKContextHelper.AWContextCallBack aWContextCallBack, SDKConfiguration sDKConfiguration) {
        SDKContextHelper sDKContextHelper = new SDKContextHelper();
        String value = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_ISSUER);
        String value2 = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.ISSUER_TOKEN);
        if (!TextUtils.isEmpty(sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_SOURCE))) {
            sDKContextHelper.fetchCertificateFromDerivedCredentials(0, context, new c(aWContextCallBack));
        } else {
            if (TextUtils.isEmpty(value) || TextUtils.isEmpty(value2)) {
                return;
            }
            sDKContextHelper.fetchCertificate(0, context, SDKSecurePreferencesKeys.IA_CERT_ALIAS, value, value2, new d(aWContextCallBack));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressLint({"NewApi"})
    public static void getCertChainAndAuth(String str, Context context, Object obj) {
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
            if (certificateChain == null) {
                Logger.d(TAG, "X509 chain is null");
                if (obj instanceof ClientCertRequest) {
                    ((ClientCertRequest) obj).ignore();
                }
            } else {
                PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
                if (obj instanceof ClientCertRequestHandler) {
                    ((ClientCertRequestHandler) obj).proceed(privateKey, certificateChain);
                } else {
                    ((ClientCertRequest) obj).proceed(privateKey, certificateChain);
                }
            }
        } catch (KeyChainException | InterruptedException e) {
            Logger.e(TAG, "Unable to do cert auth from keychain ", e);
        }
    }

    public static KeyStore getKey() {
        com.airwatch.storage.d keyStore = SDKContextManager.getSDKContext().getKeyStore();
        if (keyStore.a(SDKSecurePreferencesKeys.IA_CERT_ALIAS)) {
            try {
                KeyStore c = keyStore.c(SDKSecurePreferencesKeys.IA_CERT_ALIAS);
                if (c != null) {
                    Logger.d(TAG, "Returning Key Store");
                    return c;
                }
            } catch (KeyStoreException | CertificateException e) {
                Logger.e(TAG, e);
            }
        }
        return null;
    }

    public static boolean isCertAuthEnabled() {
        try {
            SDKConfiguration sDKConfiguration = SDKContextManager.getSDKContext().getSDKConfiguration();
            String value = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_ISSUER);
            String value2 = sDKConfiguration.getValue(SDKConfigurationKeys.GROUP_CERTV2, SDKConfigurationKeys.CERTIFICATE_SOURCE);
            if (!TextUtils.isEmpty(value) || !TextUtils.isEmpty(value2)) {
                Logger.d(TAG, "Cert Auth Status true");
                return true;
            }
        } catch (Exception e) {
            Logger.e(TAG, "Error in Cert Enabled Check", (Throwable) e);
        }
        Logger.d(TAG, "Cert Auth Status false");
        return false;
    }
}
