package com.mobileiron.common;

import android.os.Build;
import android.util.Base64;
import com.google.protobuf.ByteString;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.GeneratedMessage;
import com.mobileiron.acom.core.android.AppsUtils;
import com.mobileiron.opensslwrapper.HttpHelper;
import com.mobileiron.opensslwrapper.SSLSocket;
import com.mobileiron.opensslwrapper.SSLSocketFactory;
import com.mobileiron.protocol.v1.Certificates;
import com.mobileiron.protocol.v1.ConstantsProto;
import com.mobileiron.protocol.v1.Registration;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;

/* loaded from: classes.dex */
public final class q {

    /* renamed from: a, reason: collision with root package name */
    private static q f2615a;
    private ExtensionRegistry b = ExtensionRegistry.newInstance();
    private boolean c;
    private boolean d;
    private boolean e;

    private q() {
        Registration.registerAllExtensions(this.b);
    }

    public static q a() {
        if (f2615a == null) {
            f2615a = new q();
        }
        return f2615a;
    }

    private static SSLSocket a(URI uri, Registration.RegistrationType registrationType) {
        SSLSocket createSocket;
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory();
        d b = d.b();
        int a2 = com.mobileiron.common.utils.o.a(uri);
        SSLSocket sSLSocket = null;
        try {
            if (registrationType.equals(Registration.RegistrationType.CERTIFICATE_RENEWAL)) {
                b.a();
                if (!g.a(sSLSocketFactory)) {
                    return null;
                }
            }
            createSocket = sSLSocketFactory.createSocket(uri.getHost(), a2);
        } catch (IOException e) {
            e = e;
        }
        try {
            createSocket.setSoTimeout(MiscConstants.f2527a);
            return createSocket;
        } catch (IOException e2) {
            sSLSocket = createSocket;
            e = e2;
            o.d("MutualAuthCertManager", "createSocket exception: " + e);
            return sSLSocket;
        }
    }

    private boolean a(Registration.RegistrationType registrationType) {
        if (com.mobileiron.a.i().e("csr_params") && com.mobileiron.a.i().e("registration_url")) {
            return true;
        }
        return c(registrationType);
    }

    public static boolean a(byte[] bArr) {
        try {
            String a2 = com.mobileiron.a.i().a("private_key");
            if (a2 == null) {
                throw new IOException("Empty private key");
            }
            PrivateKey generatePrivate = KeyFactory.getInstance(com.mobileiron.a.i().a("private_key_alg")).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(a2, 0)));
            ArrayList arrayList = new ArrayList();
            com.mobileiron.acom.core.utils.a.c.a(bArr, (String) null, (ArrayList<X509Certificate>) arrayList, (ArrayList<PrivateKey>) null);
            Date notAfter = ((X509Certificate) arrayList.get(0)).getNotAfter();
            o.f("MutualAuthCertManager", "New certificate expires at: " + notAfter);
            com.mobileiron.a.i().a("client_certificate_expiration", notAfter.getTime());
            String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
            com.mobileiron.a.i().b("client_keystore_password", bigInteger);
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(null, bigInteger.toCharArray());
            Certificate[] certificateArr = new Certificate[arrayList.size()];
            for (int i = 0; i < arrayList.size(); i++) {
                certificateArr[i] = (Certificate) arrayList.get(i);
            }
            keyStore.setKeyEntry("alias", generatePrivate, bigInteger.toCharArray(), certificateArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, bigInteger.toCharArray());
            String encodeToString = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 2);
            com.mobileiron.acom.core.utils.p.a((Closeable) byteArrayOutputStream, "MutualAuthCertManager");
            com.mobileiron.a.i().b("client_certificate_keystore", encodeToString);
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
            o.b("MutualAuthCertManager", e.getMessage());
            o.a("MutualAuthCertManager", e);
            return false;
        }
    }

    private boolean b(Registration.RegistrationType registrationType) {
        if (registrationType.equals(Registration.RegistrationType.MICLIENT_MIGRATION) && com.mobileiron.a.i().e("client_certificate_keystore")) {
            return true;
        }
        return d(registrationType);
    }

    private boolean c(Registration.RegistrationType registrationType) {
        ByteArrayOutputStream byteArrayOutputStream;
        Object e;
        InputStream inputStream;
        o.f("MutualAuthCertManager", "getCsrParams: " + registrationType.name());
        String str = null;
        try {
            try {
                i f = com.mobileiron.e.a.c().f();
                Registration.RegistrationRequest build = Registration.RegistrationRequest.newBuilder().setType(registrationType).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>>) Registration.DeviceRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>) i()).build();
                URI uri = new URI("https://" + f.b("serverIP") + "/api/v2/Enrollment/enroll-capabilities");
                SSLSocket a2 = a(uri, registrationType);
                if (a2 == null) {
                    com.mobileiron.acom.core.utils.p.a((Closeable) null, "getCsrParams baos");
                    com.mobileiron.acom.core.utils.p.a((Closeable) null, "getCsrParams is");
                    return false;
                }
                HttpPost httpPost = new HttpPost(uri);
                httpPost.addHeader("Content-Type", "application/x-protobuf");
                httpPost.addHeader("Accept", "application/x-protobuf");
                httpPost.setEntity(new ByteArrayEntity(build.toByteArray()));
                HttpResponse executeHttpRequest = HttpHelper.executeHttpRequest(a2, httpPost, null);
                HttpEntity entity = executeHttpRequest.getEntity();
                int statusCode = executeHttpRequest.getStatusLine().getStatusCode();
                if (entity == null || statusCode != 200) {
                    o.b("MutualAuthCertManager", "getCsrParams error: " + statusCode);
                    com.mobileiron.acom.core.utils.p.a((Closeable) null, "getCsrParams baos");
                    com.mobileiron.acom.core.utils.p.a((Closeable) null, "getCsrParams is");
                    return false;
                }
                inputStream = entity.getContent();
                try {
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        try {
                            com.mobileiron.common.utils.i.a(inputStream, byteArrayOutputStream);
                            Certificates.CertificateRequestProfile certificateRequestProfile = ((Registration.DeviceRegistrationResponse) Registration.RegistrationResponse.parseFrom(byteArrayOutputStream.toByteArray(), this.b).getExtension((GeneratedMessage.GeneratedExtension) Registration.DeviceRegistrationResponse.response)).getCertificateRequestProfile();
                            Iterator<ConstantsProto.Constants.KeyValuePair> it = certificateRequestProfile.getSubjectAttributesList().iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                ConstantsProto.Constants.KeyValuePair next = it.next();
                                if ("CN".equalsIgnoreCase(next.getKey())) {
                                    str = next.getVal();
                                    break;
                                }
                            }
                            com.mobileiron.acom.core.utils.k kVar = new com.mobileiron.acom.core.utils.k();
                            kVar.c("keySize", certificateRequestProfile.getKeyLength());
                            kVar.c("keyUsage", certificateRequestProfile.getKeyUsage());
                            kVar.b("keyType", com.mobileiron.acom.core.utils.c.b(certificateRequestProfile.getSignatureAlgorithm().toString()));
                            kVar.b("signatureAlg", com.mobileiron.acom.core.utils.c.a(certificateRequestProfile.getSignatureAlgorithm().toString()));
                            kVar.b("challenge", certificateRequestProfile.getChallenge());
                            com.mobileiron.a.i().b("csr_params", kVar.f("root"));
                            if (StringUtils.isNotBlank(str)) {
                                com.mobileiron.a.i().b("certificate_cn", str);
                            }
                            com.mobileiron.a.i().b("registration_url", certificateRequestProfile.getClientCertResponseUrl());
                            com.mobileiron.acom.core.utils.p.a((Closeable) byteArrayOutputStream, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.p.a(inputStream, "getCsrParams is");
                            return true;
                        } catch (IOException | URISyntaxException | HttpException e2) {
                            e = e2;
                            o.d("MutualAuthCertManager", "getCsrParams exception: " + e);
                            com.mobileiron.acom.core.utils.p.a((Closeable) byteArrayOutputStream, "getCsrParams baos");
                            com.mobileiron.acom.core.utils.p.a(inputStream, "getCsrParams is");
                            return false;
                        }
                    } catch (Throwable th) {
                        th = th;
                        com.mobileiron.acom.core.utils.p.a((Closeable) byteArrayOutputStream, "getCsrParams baos");
                        com.mobileiron.acom.core.utils.p.a(inputStream, "getCsrParams is");
                        throw th;
                    }
                } catch (IOException | URISyntaxException | HttpException e3) {
                    byteArrayOutputStream = null;
                    e = e3;
                } catch (Throwable th2) {
                    th = th2;
                    byteArrayOutputStream = null;
                    com.mobileiron.acom.core.utils.p.a((Closeable) byteArrayOutputStream, "getCsrParams baos");
                    com.mobileiron.acom.core.utils.p.a(inputStream, "getCsrParams is");
                    throw th;
                }
            } catch (Throwable th3) {
                th = th3;
                inputStream = null;
                byteArrayOutputStream = null;
            }
        } catch (IOException | URISyntaxException | HttpException e4) {
            byteArrayOutputStream = null;
            e = e4;
            inputStream = null;
        }
    }

    private boolean d(Registration.RegistrationType registrationType) {
        URI uri;
        o.f("MutualAuthCertManager", "getSignedCertificate: " + registrationType.name());
        try {
            i f = com.mobileiron.e.a.c().f();
            Registration.RegistrationRequest build = Registration.RegistrationRequest.newBuilder().setType(Registration.RegistrationType.CERTIFICATE_SIGNING).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.CertificateSigningRegistrationRequest>>) Registration.CertificateSigningRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.CertificateSigningRegistrationRequest>) Registration.CertificateSigningRegistrationRequest.newBuilder().setClientDeviceIdentifier(Long.toString(com.mobileiron.e.a.c().h())).setCsr(ByteString.copyFrom(Base64.decode(com.mobileiron.a.i().a("csr"), 0))).build()).setExtension2((GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>>) Registration.DeviceRegistrationRequest.request, (GeneratedMessage.GeneratedExtension<Registration.RegistrationRequest, Registration.DeviceRegistrationRequest>) i()).build();
            if (registrationType.equals(Registration.RegistrationType.CERTIFICATE_RENEWAL)) {
                uri = new URI(com.mobileiron.a.i().a("registration_url") + f.I());
            } else {
                uri = new URI(com.mobileiron.a.i().a("registration_url"));
            }
            HttpPost httpPost = new HttpPost(uri);
            SSLSocket a2 = a(uri, registrationType);
            if (a2 == null) {
                return false;
            }
            httpPost.addHeader("X-MobileIron-Client-Cookie", com.mobileiron.e.a.c().j());
            httpPost.addHeader("X-MobileIron-Client-Id", Long.toString(com.mobileiron.e.a.c().h()));
            httpPost.addHeader("aad_device_id", f.I());
            httpPost.addHeader("Content-Type", "application/x-protobuf");
            httpPost.addHeader("Accept", "application/x-protobuf");
            httpPost.setEntity(new ByteArrayEntity(build.toByteArray()));
            HttpResponse executeHttpRequest = HttpHelper.executeHttpRequest(a2, httpPost, null);
            HttpEntity entity = executeHttpRequest.getEntity();
            int statusCode = executeHttpRequest.getStatusLine().getStatusCode();
            if (entity == null || statusCode != 200) {
                o.b("MutualAuthCertManager", "getSignedCertificate error: " + statusCode);
                return false;
            }
            InputStream content = entity.getContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            com.mobileiron.common.utils.i.a(content, byteArrayOutputStream);
            Registration.RegistrationResponse parseFrom = Registration.RegistrationResponse.parseFrom(byteArrayOutputStream.toByteArray(), this.b);
            if (parseFrom.getStatus() == ConstantsProto.Constants.Status.ERROR) {
                o.b("MutualAuthCertManager", "getSignedCertificate error from server: " + parseFrom.getMessage());
                return false;
            }
            Registration.CertificateSigningRegistrationResponse certificateSigningRegistrationResponse = (Registration.CertificateSigningRegistrationResponse) parseFrom.getExtension((GeneratedMessage.GeneratedExtension) Registration.CertificateSigningRegistrationResponse.response);
            if (!a(certificateSigningRegistrationResponse.getX509CertificateResponse().getX509Certificate().toByteArray())) {
                o.b("MutualAuthCertManager", "getSignedCertificate failed to generate keystore!");
                return false;
            }
            if (!registrationType.equals(Registration.RegistrationType.MICLIENT_MIGRATION)) {
                return true;
            }
            d.b().b.a(certificateSigningRegistrationResponse.getCheckinUrl());
            com.mobileiron.a.i().b("checkin_url", certificateSigningRegistrationResponse.getCheckinUrl());
            com.mobileiron.a.i().b("push_url", certificateSigningRegistrationResponse.getNotificationUrl());
            return true;
        } catch (IOException | URISyntaxException | HttpException e) {
            o.d("MutualAuthCertManager", "getSignedCertificate exception: " + e);
            return false;
        }
    }

    public static void g() {
        o.g("MutualAuthCertManager", "Data cleaned");
        com.mobileiron.a.i().c("csr");
        com.mobileiron.a.i().c("csr_params");
        com.mobileiron.a.i().c("registration_url");
    }

    private static Registration.DeviceRegistrationRequest i() {
        return Registration.DeviceRegistrationRequest.newBuilder().setDeviceRegistrationDetail(Registration.DeviceRegistrationRequest.DeviceRegistrationDetail.newBuilder().setPlatformType(ConstantsProto.Constants.PlatformType.ANDROID).setPlatformVersion(Build.VERSION.RELEASE.trim()).setDeviceModelName(Build.MODEL).setClientVersion(AppsUtils.e()).setLocale(com.mobileiron.common.utils.o.g()).setClientAppBundleId(com.mobileiron.acom.core.android.f.a().getPackageName()).build()).setCredentials(Registration.RegistrationRequest.Credentials.newBuilder().setClientId(Long.toString(com.mobileiron.e.a.c().h())).setUsername(com.mobileiron.e.a.c().f().H()).build()).setClientDeviceIdentifier(Long.toString(com.mobileiron.e.a.c().h())).setTermsAccepted(true).build();
    }

    private static boolean j() {
        if (!com.mobileiron.a.i().e("csr")) {
            String[] a2 = com.mobileiron.common.utils.g.a(com.mobileiron.a.i().a("csr_params"), com.mobileiron.a.i().a("certificate_cn"));
            if (a2 == null) {
                o.b("MutualAuthCertManager", "generatePrivateKeyAndCsr failed!");
                return false;
            }
            com.mobileiron.a.i().b("private_key", a2[0]);
            com.mobileiron.a.i().b("private_key_alg", a2[1]);
            com.mobileiron.a.i().b("csr", a2[2]);
        }
        return true;
    }

    public final boolean b() {
        return this.c;
    }

    public final boolean c() {
        return this.d;
    }

    public final boolean d() {
        return this.e;
    }

    public final synchronized boolean e() {
        o.f("MutualAuthCertManager", "startCertificateRenewal");
        this.d = true;
        this.d = a(Registration.RegistrationType.CERTIFICATE_RENEWAL);
        if (!this.d) {
            return false;
        }
        this.d = j();
        if (!this.d) {
            return false;
        }
        this.d = b(Registration.RegistrationType.CERTIFICATE_RENEWAL);
        if (!this.d) {
            return false;
        }
        g();
        this.d = false;
        o.f("MutualAuthCertManager", "CertificateRenewal completed");
        return true;
    }

    public final synchronized void f() {
        o.f("MutualAuthCertManager", "startExpiredCertificateRenewal");
        this.e = true;
        this.e = a(Registration.RegistrationType.EXPIRED_CERTIFICATE_RENEWAL);
        if (this.e) {
            this.e = j();
            if (this.e) {
                this.e = b(Registration.RegistrationType.EXPIRED_CERTIFICATE_RENEWAL);
                if (this.e) {
                    g();
                    this.e = false;
                    o.f("MutualAuthCertManager", "ExpiredCertificateRenewal completed");
                }
            }
        }
    }

    public final synchronized void h() {
        o.f("MutualAuthCertManager", "startMigrationToMutualAuth");
        this.c = true;
        this.c = a(Registration.RegistrationType.MICLIENT_MIGRATION);
        if (this.c) {
            this.c = j();
            if (this.c) {
                this.c = b(Registration.RegistrationType.MICLIENT_MIGRATION);
                if (this.c) {
                    if (!d.b().d()) {
                        d.b().b.n();
                        d.b().c(true);
                    }
                    g();
                    this.c = false;
                    o.f("MutualAuthCertManager", "MigrationToMutualAuth completed");
                }
            }
        }
    }
}
