package com.microsoft.omadm.platforms.android.certmgr;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.security.KeyChain;
import com.google.android.gms.common.util.CrashUtils;
import com.microsoft.intune.common.taskscheduling.AndroidTask;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.client.tasks.TaskType;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.certmgr.data.RootCertificateState;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateState;
import com.microsoft.omadm.utils.CertUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class CertInstallActivity extends Activity {
    private static final int CERT_INSTALL_REQUEST_CODE = 0;
    private static final String EXTRA_PRIVATE_KEY = "PKEY";
    private static final String EXTRA_PUBLIC_KEY = "KEY";
    private static final int KEY_INSTALL_REQUEST_CODE = 2;
    private static final Logger LOGGER = Logger.getLogger(CertInstallActivity.class.getName());
    public static final String ROOT_CERT_TYPE = "root";
    public static final String SCEP_CERT_TYPE = "scep";
    private String certAlias;
    private String certKey;
    private String certType;
    private byte[] encodedCert;
    private TableRepository tr;
    private boolean useFallbackInstall = false;
    private Long userId;

    public static Intent buildRootCertInstallIntent(Context context, RootCertificateState rootCertificateState, boolean z) {
        Intent intent = new Intent(context, (Class<?>) CertInstallActivity.class);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY, rootCertificateState.thumbPrint);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE, "root");
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, z);
        intent.addFlags(CrashUtils.ErrorDialogData.BINDER_CRASH);
        return intent;
    }

    public static Intent buildScepCertInstallIntent(Context context, ScepCertificateState scepCertificateState, boolean z) {
        Intent intent = new Intent(context, (Class<?>) CertInstallActivity.class);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY, scepCertificateState.requestId);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE, "scep");
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_USER_ID, scepCertificateState.user);
        intent.putExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, z);
        intent.addFlags(CrashUtils.ErrorDialogData.BINDER_CRASH);
        return intent;
    }

    private byte[] getCertBlobWithEmptyPassword(ScepCertificateState scepCertificateState, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (ArrayUtils.isEmpty(cArr)) {
            return scepCertificateState.certStoreBlob;
        }
        KeyStore loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        loadKeyStore.store(byteArrayOutputStream, NativeCertStorePasswords.EMPTY_PASSWORD);
        return byteArrayOutputStream.toByteArray();
    }

    private char[] getCurrentPassword() throws OMADMException {
        CertStorePasswords certStorePasswords = Services.get().getCertStorePasswords();
        if (certStorePasswords == null || certStorePasswords.getStorePassword() == null) {
            throw new OMADMException("Unable to get the CertStorePasswords instance to extract the Store Password.");
        }
        return certStorePasswords.getStorePassword();
    }

    private Intent getInstallIntent(RootCertificateState rootCertificateState) {
        Intent createInstallIntent = KeyChain.createInstallIntent();
        if (rootCertificateState.certBlob != null) {
            createInstallIntent.putExtra("CERT", rootCertificateState.certBlob);
            createInstallIntent.putExtra("name", rootCertificateState.defaultDisplayName);
            return createInstallIntent;
        }
        LOGGER.severe("Root cert does not have content. ThumbPrint: " + rootCertificateState.thumbPrint);
        return null;
    }

    private Intent getInstallIntent(ScepCertificateState scepCertificateState) {
        if (this.userId.longValue() == -1) {
            LOGGER.warning("Unable to install SCEP certificate due to missing user ID.");
            return null;
        }
        if (scepCertificateState == null || scepCertificateState.certStoreBlob == null) {
            Logger logger = LOGGER;
            StringBuilder sb = new StringBuilder();
            sb.append("Scep cert does not have content. RequestId: ");
            sb.append(scepCertificateState == null ? "invalid" : scepCertificateState.requestId);
            logger.severe(sb.toString());
            return null;
        }
        this.certAlias = scepCertificateState.alias;
        try {
            char[] currentPassword = getCurrentPassword();
            Intent createInstallIntent = KeyChain.createInstallIntent();
            if (this.useFallbackInstall) {
                createInstallIntent.putExtra("PKCS12", getCertBlobWithEmptyPassword(scepCertificateState, currentPassword));
                createInstallIntent.putExtra("name", scepCertificateState.alias);
            } else {
                KeyStore loadKeyStore = CertUtils.loadKeyStore(scepCertificateState, currentPassword);
                if (loadKeyStore.containsAlias(scepCertificateState.alias)) {
                    Certificate certificate = loadKeyStore.getCertificate(scepCertificateState.alias);
                    this.encodedCert = certificate.getEncoded();
                    PublicKey publicKey = certificate.getPublicKey();
                    PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(scepCertificateState.alias, currentPassword);
                    LOGGER.info("Installing private key for user certificate. RequestId: " + scepCertificateState.requestId);
                    createInstallIntent.putExtra("KEY", publicKey.getEncoded());
                    createInstallIntent.putExtra("PKEY", privateKey.getEncoded());
                }
            }
            return createInstallIntent;
        } catch (OMADMException e) {
            LOGGER.severe("Unable to proceed with cert install: " + e.getMessage());
            return null;
        } catch (IOException unused) {
            LOGGER.log(Level.SEVERE, "Exception caught while trying to read from the certStoreBlob byte array.");
            return null;
        } catch (KeyStoreException unused2) {
            LOGGER.log(Level.SEVERE, "Exception caught while trying to get an instance of PKCS12 KeyStore.");
            return null;
        } catch (NoSuchAlgorithmException unused3) {
            LOGGER.log(Level.SEVERE, "Exception caught while trying to open the PKCS12 KeyStore.");
            return null;
        } catch (UnrecoverableKeyException unused4) {
            LOGGER.log(Level.SEVERE, "Exception caught while trying to read the PrivateKey from the PKCS12");
            return null;
        } catch (CertificateEncodingException unused5) {
            LOGGER.log(Level.SEVERE, "Exception caught while encoding the certs from the PKCS12 KeyStore.");
            return null;
        } catch (CertificateException unused6) {
            LOGGER.log(Level.SEVERE, "Exception caught while loading the certs from the PKCS12 KeyStore.");
            return null;
        }
    }

    private void updateCertStatus(CertStatus certStatus) throws OMADMException {
        if (this.certType.equals("root")) {
            Services.get().getRootCertInstallStateMachine().transition((RootCertificateState) this.tr.get(new RootCertificateState.Key(this.certKey)), certStatus);
        } else {
            Services.get().getScepCertInstallStateMachine().transition((ScepCertificateState) this.tr.get(new ScepCertificateState.Key(this.certKey, this.userId)), certStatus);
        }
    }

    @Override // android.app.Activity
    protected void onActivityResult(int i, int i2, Intent intent) {
        try {
            Logger logger = LOGGER;
            Object[] objArr = new Object[3];
            objArr[0] = Integer.valueOf(i);
            objArr[1] = this.useFallbackInstall ? ", while using fallback, " : "";
            objArr[2] = Integer.valueOf(i2);
            logger.finer(MessageFormat.format("Install requestCode ''{0}''{1} returned with result code: {2}", objArr));
            if (i == 0) {
                if (i2 != -1 && !this.useFallbackInstall) {
                    updateCertStatus(i2 == 0 ? CertStatus.CERT_INSTALL_CANCELLED : CertStatus.CERT_INSTALL_ERROR);
                    finish();
                    return;
                }
                updateCertStatus(CertStatus.CERT_INSTALLING);
                if (!Services.get().getTaskScheduler().schedule(AndroidTask.newBuilder().taskId(TaskType.CertInstallResultProcess.getValue()).taskReason("Process certificate install result.").runInForeground(true).bundle(CertInstallResultProcessor.createTaskBundle(this.certType, this.certKey, this.userId, this.useFallbackInstall)).build())) {
                    LOGGER.severe(MessageFormat.format("Unable to queue task for processing certificate install. certType={0}; certKey={1}", this.certType, this.certKey));
                    updateCertStatus(CertStatus.CERT_INSTALL_ERROR);
                }
                finish();
                return;
            }
            if (i != 2) {
                LOGGER.warning("CertInstallActivity received unknown request code on callback: " + i);
                return;
            }
            Intent createInstallIntent = KeyChain.createInstallIntent();
            createInstallIntent.putExtra("CERT", this.encodedCert);
            createInstallIntent.putExtra("name", this.certAlias);
            LOGGER.info("Installing user certificate. Key: " + this.certKey);
            startActivityForResult(createInstallIntent, 0);
        } catch (OMADMException e) {
            LOGGER.log(Level.SEVERE, "Failed to update cert status.", (Throwable) e);
            finish();
        }
    }

    @Override // android.app.Activity
    protected void onCreate(Bundle bundle) {
        Intent installIntent;
        super.onCreate(bundle);
        Intent intent = getIntent();
        Context baseContext = getBaseContext();
        if (intent == null || baseContext == null) {
            LOGGER.warning("Unable to start cert install. Missing intent and/or context.");
            finish();
            return;
        }
        this.certType = intent.getStringExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_TYPE);
        this.certKey = intent.getStringExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_KEY);
        this.userId = Long.valueOf(intent.getLongExtra(AbstractCertificateStoreManager.INTENT_EXTRA_CERT_USER_ID, -1L));
        int i = 0;
        this.useFallbackInstall = intent.getBooleanExtra(AbstractCertificateStoreManager.INTENT_EXTRA_FALLBACK_CERT_INSTALL, false);
        this.tr = TableRepository.getInstance(baseContext);
        if (StringUtils.isEmpty(this.certType) || StringUtils.isEmpty(this.certKey) || this.tr == null) {
            LOGGER.warning("Unable to start cert install. Missing certType and/or certKey and/or tableRepository.");
            finish();
            return;
        }
        if (this.certType.equals("root")) {
            installIntent = getInstallIntent((RootCertificateState) this.tr.get(new RootCertificateState.Key(this.certKey)));
        } else {
            installIntent = getInstallIntent((ScepCertificateState) this.tr.get(new ScepCertificateState.Key(this.certKey, this.userId)));
            if (!this.useFallbackInstall) {
                i = 2;
            }
        }
        if (installIntent != null) {
            startActivityForResult(installIntent, i);
        } else {
            finish();
        }
    }
}
