package se.theinstitution.revival.plugin.deployment.certificate;

import android.app.enterprise.SecurityPolicy;
import android.content.Context;
import android.content.Intent;
import android.security.KeyChain;
import android.text.TextUtils;
import com.google.android.gms.drive.DriveFile;
import javax.security.cert.X509Certificate;
import se.theinstitution.revival.Compability;
import se.theinstitution.revival.ResourceLocator;
import se.theinstitution.revival.RevivalException;
import se.theinstitution.revival.UserInteract;
import se.theinstitution.revival.core.Engine;
import se.theinstitution.revival.core.dm.DeviceAdmin;
import se.theinstitution.revival.core.dm.DeviceAdminCreator;
import se.theinstitution.util.Certificate;
import se.theinstitution.util.Util;

/* loaded from: classes2.dex */
public class CertificateAccessor {
    int INVALID_SELECTION = -1;
    protected Context context;

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateAccessor(Context context) {
        this.context = null;
        this.context = context;
    }

    public static CertificateAccessor newInstance(Context context) throws RevivalException {
        if (Compability.isSamsungKnoxAvailable(context)) {
            return new CertificateAccessorAES(context);
        }
        if (Compability.isXperiaForBusinessAvailable()) {
            return new CertificateAccessorXPS(context);
        }
        if (Compability.isIceCreamSandwichOrLater()) {
            return new CertificateAccessor(context);
        }
        throw new RevivalException("Certificates must be installed manually on this device");
    }

    public void deleteCertificate(String str) throws RevivalException {
        throw new RevivalException("Removal of certificates not supported on this device");
    }

    public void installCertificate(byte[] bArr, String str, String str2, String str3, boolean z, int i) throws RevivalException {
        verifyCertificate(bArr, str);
        try {
            DeviceAdmin newInstance = DeviceAdminCreator.newInstance(this.context);
            if (!newInstance.isRevivalDeviceOwner() && !newInstance.isRevivalProfileOwner()) {
                Intent createInstallIntent = KeyChain.createInstallIntent();
                createInstallIntent.addFlags(DriveFile.MODE_READ_ONLY);
                if (str.equals("pfx") || str.equals("p12")) {
                    createInstallIntent.putExtra(SecurityPolicy.TYPE_PKCS12, bArr);
                } else {
                    createInstallIntent.putExtra(SecurityPolicy.TYPE_CERTIFICATE, X509Certificate.getInstance(bArr).getEncoded());
                }
                if (!TextUtils.isEmpty(str2)) {
                    createInstallIntent.putExtra("name", str2);
                }
                UserInteract.setNotification(this.context, 7, ResourceLocator.getString(this.context, "certificate_install_request"), (0 != 0 ? z ? TextUtils.isEmpty(str3) ? "" + ResourceLocator.getString(this.context, "blank_password") + ". " : "" + String.format(ResourceLocator.getString(this.context, "with_password"), str3) + ". " : "" + ResourceLocator.getString(this.context, "possibly_password") + ". " : "") + ResourceLocator.getString(this.context, "press_to_continue") + ".", 0, createInstallIntent);
                return;
            }
            if (!str.equals("pfx") && !str.equals("p12")) {
                newInstance.installCaCert(bArr);
                return;
            }
            Certificate.CertificateKeyPair fromPKCS12ByteArray = Certificate.fromPKCS12ByteArray(bArr, str3);
            java.security.cert.X509Certificate[] certificates = fromPKCS12ByteArray.getCertificates();
            boolean installKeyPair = Compability.isNougatOrLater() ? newInstance.installKeyPair(fromPKCS12ByteArray.getPrivateKey(), certificates, str2, true) : newInstance.installKeyPair(fromPKCS12ByteArray.getPrivateKey(), certificates[0], str2);
            if (!installKeyPair) {
                throw new RevivalException("Failed to install Certificate " + (Util.isKeyguardSecureWithPinOrPassword(this.context) ? "inform your admin" : "Secure device with PIN or password"));
            }
            Engine engine = Engine.getInstance();
            if (engine != null) {
                engine.writeToRevivalLog(5, "Certificate " + str2 + " installed " + installKeyPair, getClass().getSimpleName());
            }
        } catch (Exception e) {
            throw new RevivalException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyCertificate(byte[] bArr, String str) throws RevivalException {
        if (bArr == null || bArr.length == 0) {
            throw new RevivalException("No valid certificate data found");
        }
        if (str == null) {
            throw new RevivalException("Certificate type is not supplied");
        }
        String lowerCase = str.toLowerCase();
        if (!lowerCase.equals("cert") && !lowerCase.equals("pfx") && !lowerCase.equals("p12")) {
            throw new RevivalException("Certificate type is invalid");
        }
    }
}
