package com.airwatch.net.securechannel;

import a6.h;
import android.content.Context;
import android.text.TextUtils;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.sdk.context.u;
import com.airwatch.storage.PreferenceErrorListener;
import cz.msebera.android.httpclient.cookie.ClientCookie;
import dd.e;
import dd.g;
import ff.b0;
import ff.i;
import ff.m;
import ff.v0;
import java.io.File;
import java.io.IOException;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.function.BiConsumer;

/* loaded from: classes2.dex */
public class b {

    /* renamed from: b, reason: collision with root package name */
    g f14273b;

    /* renamed from: a, reason: collision with root package name */
    private final String f14272a = b.class.getSimpleName();

    /* renamed from: c, reason: collision with root package name */
    private volatile boolean f14274c = false;

    public b(g gVar) {
        this.f14273b = gVar == null ? new g() : gVar;
    }

    private byte[] a(byte[] bArr) {
        return (new File(this.f14273b.c().f24405a).exists() && new File(this.f14273b.c().f24406b).exists()) ? OpenSSLCryptUtil.getInstance().createSignedCms(bArr, this.f14273b.c().f24405a, this.f14273b.c().f24406b) : new byte[0];
    }

    private void e(final gd.a aVar) {
        Map<String, String> e10 = this.f14273b.e();
        if (e10 != null) {
            Objects.requireNonNull(aVar);
            e10.forEach(new BiConsumer() { // from class: dd.f
                @Override // java.util.function.BiConsumer
                public final void accept(Object obj, Object obj2) {
                    gd.a.this.e((String) obj, (String) obj2);
                }
            });
        }
    }

    public byte[] b(byte[] bArr, ISecureChannel$Version iSecureChannel$Version) {
        if (!this.f14273b.l()) {
            return new byte[0];
        }
        b0.b(this.f14272a, "Secure Channel Response Version " + iSecureChannel$Version);
        return iSecureChannel$Version == ISecureChannel$Version.f14247g ? c(i(bArr)) : i(c(bArr));
    }

    public byte[] c(byte[] bArr) {
        File file = new File(this.f14273b.c().f24406b);
        if (i.e(bArr) || !file.exists()) {
            b0.j(this.f14272a, "Can't decrypt. Either the payload is empty or the key to decrypt is not found");
        } else {
            bArr = OpenSSLCryptUtil.getInstance().decryptEnvelopedCms(bArr, this.f14273b.c().f24406b);
            if (m.a(bArr)) {
                b0.j(this.f14272a, "Decryption failed");
                File file2 = new File(this.f14273b.c().f24405a);
                v0.b(u.b().i(), PreferenceErrorListener.PreferenceErrorCode.DECRYPTION_FAIL, String.format("%s Decryption failed. Certificate timestamp: %s, thumbprint: %s", this.f14272a, new Date(file2.lastModified()), i.i(OpenSSLCryptUtil.sha256Hash(file2))));
            } else {
                b0.b(this.f14272a, "Message decrypted.");
            }
        }
        return bArr;
    }

    public byte[] d(String str, byte[] bArr) {
        if (TextUtils.isEmpty(str)) {
            return new byte[0];
        }
        if (!this.f14273b.l()) {
            return new byte[0];
        }
        gd.a aVar = new gd.a();
        aVar.e("bundleId", this.f14273b.f());
        aVar.e("uid", this.f14273b.d());
        aVar.e("deviceType", String.valueOf(5));
        if (!TextUtils.isEmpty(this.f14273b.b())) {
            aVar.e(ClientCookie.VERSION_ATTR, this.f14273b.b());
        }
        if (!e.a(this.f14273b.a())) {
            b0.b(this.f14272a, "configType " + this.f14273b.a());
            aVar.e("configtypeid", this.f14273b.a());
        }
        e(aVar);
        if (i.e(bArr)) {
            this.f14274c = true;
        } else {
            byte[] a10 = a(bArr);
            this.f14274c = !i.e(a10);
            File file = new File(this.f14273b.i());
            if (this.f14274c && file.exists()) {
                byte[] createEnvelopedCms = OpenSSLCryptUtil.getInstance().createEnvelopedCms(a10, this.f14273b.i());
                if (createEnvelopedCms != null) {
                    aVar.e(str, new com.airwatch.core.e(createEnvelopedCms));
                    return ("<plist>" + aVar.g() + "</plist>").getBytes();
                }
                v0.a((Context) h.b(Context.class), PreferenceErrorListener.PreferenceErrorCode.SECURE_CHANNEL_FAILURE, "Failed to envelope the message");
            } else {
                v0.a((Context) h.b(Context.class), PreferenceErrorListener.PreferenceErrorCode.SECURE_CHANNEL_FAILURE, "Failed to sign the message");
            }
        }
        aVar.e(str, "");
        return ("<plist>" + aVar.g() + "</plist>").getBytes();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean f() {
        return this.f14274c;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean g() {
        return OpenSSLCryptUtil.getInstance().isRSAPreconditionCheckPassed(SecureChannelUtility.decryptContent(this.f14273b.c().f24406b));
    }

    public boolean h() {
        return this.f14273b.l();
    }

    public byte[] i(byte[] bArr) {
        byte[] bArr2 = null;
        try {
            File airWatchRootCertificate = OpenSSLCryptUtil.getAirWatchRootCertificate();
            File file = new File(this.f14273b.i());
            if (!i.e(bArr) && airWatchRootCertificate.exists() && file.exists()) {
                bArr2 = OpenSSLCryptUtil.getInstance().verifySignatureAndGetMessagePKCS7(bArr, this.f14273b.i(), airWatchRootCertificate.getAbsolutePath());
                b0.b(this.f14272a, "Signature verification done");
            } else {
                b0.j(this.f14272a, "Signature verification failed.");
            }
        } catch (IOException e10) {
            b0.l(this.f14272a, "Error fetching airwatch root certificate", e10);
        }
        return bArr2;
    }
}
