package i6;

import a6.h;
import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import com.airwatch.bizlib.policysigning.PolicySigningCheckMessage;
import com.airwatch.bizlib.policysigning.PolicySigningResult;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.gateway.ConsoleVersion;
import com.airwatch.sdk.context.SDKContext;
import com.airwatch.sdk.context.SDKContextException;
import com.airwatch.sdk.context.u;
import ff.b0;
import ff.q;
import io.netty.handler.codec.memcache.binary.DefaultBinaryMemcacheRequest;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.IllegalBlockSizeException;

/* loaded from: classes.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    private final List<b> f26252a = new ArrayList();

    /* renamed from: b, reason: collision with root package name */
    private final List<c> f26253b = new ArrayList();

    private PolicySigningResult f(byte[] bArr, String str, Map<String, List<String>> map, String str2, int i10) {
        PolicySigningResult t10 = t(bArr, str, map);
        if (t10 != PolicySigningResult.f11612r) {
            n(t10, str2, i10, str);
        }
        return t10;
    }

    private byte[] h() {
        SharedPreferences r10 = u.b().r();
        String string = r10.getString("policy_signing_certificate", "");
        if (!TextUtils.isEmpty(string) && "Base64".equalsIgnoreCase(r10.getString("policy_signing_cert_encoding", ""))) {
            return Base64.decode(string, 0);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void m(PolicySigningResult policySigningResult, String str, int i10, String str2) {
        synchronized (this.f26252a) {
            try {
                Iterator<b> it = this.f26252a.iterator();
                while (it.hasNext()) {
                    it.next().a(policySigningResult);
                }
            } finally {
            }
        }
        synchronized (this.f26253b) {
            try {
                Iterator<c> it2 = this.f26253b.iterator();
                while (it2.hasNext()) {
                    it2.next().a(policySigningResult, str, i10, str2);
                }
            } finally {
            }
        }
    }

    private void n(final PolicySigningResult policySigningResult, final String str, final int i10, final String str2) {
        we.f.a(new Runnable() { // from class: i6.e
            @Override // java.lang.Runnable
            public final void run() {
                f.this.m(policySigningResult, str, i10, str2);
            }
        });
    }

    private void o(boolean z10) {
        u.b().r().edit().putBoolean("policy_signing_enabled", z10).apply();
    }

    private boolean p(String str, int i10, Object obj) {
        if (!k()) {
            return true;
        }
        if (obj instanceof PolicySigningCheckMessage) {
            b0.b("PolicySigningHelper", "Skipping validation for PolicySigningCheckMessage");
            return true;
        }
        String[] split = u.b().r().getString("host", "").split(":");
        if (str.equalsIgnoreCase(split[0])) {
            return split.length == 2 && !split[1].equalsIgnoreCase(String.valueOf(i10));
        }
        return true;
    }

    private byte[] r(byte[] bArr) {
        int length = bArr.length >> 1;
        byte[] s10 = s(bArr, 0, length);
        byte[] s11 = s(bArr, length, length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(48);
        int length2 = s10.length + 4 + s11.length;
        if (length2 > 127) {
            byteArrayOutputStream.write(129);
        }
        byteArrayOutputStream.write((byte) length2);
        u(byteArrayOutputStream, s10);
        u(byteArrayOutputStream, s11);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] s(byte[] bArr, int i10, int i11) {
        byte[] bArr2;
        int i12 = 0;
        if ((bArr[i10] & DefaultBinaryMemcacheRequest.REQUEST_MAGIC_BYTE) != 0) {
            bArr2 = new byte[i11 + 1];
            bArr2[0] = 0;
            i12 = 1;
        } else {
            bArr2 = new byte[i11];
        }
        System.arraycopy(bArr, i10, bArr2, i12, i11);
        return bArr2;
    }

    private PolicySigningResult t(byte[] bArr, String str, Map<String, List<String>> map) {
        String str2;
        try {
            int i10 = map.get("x-aw-policy-signature-oid").get(0).equalsIgnoreCase("1.2.840.10045.4.3.4") ? 0 : -1;
            byte[] h10 = h();
            if (h10 == null) {
                b0.j("PolicySigningHelper", "Certificate is null");
                return PolicySigningResult.f11608n;
            }
            if (map.containsKey("x-aw-policy-signature")) {
                str2 = map.get("x-aw-policy-signature").get(0);
                b0.b("PolicySigningHelper", "Validating response");
            } else {
                if (!map.containsKey("x-aw-policy-request-path-signature")) {
                    b0.j("PolicySigningHelper", "Policy Signing Signature header missing.");
                    return PolicySigningResult.f11609o;
                }
                String str3 = map.get("x-aw-policy-request-path-signature").get(0);
                byte[] bytes = str.split("\\?", 2)[0].toLowerCase().getBytes();
                b0.b("PolicySigningHelper", "Validating path");
                str2 = str3;
                bArr = bytes;
            }
            if (TextUtils.isEmpty(str2)) {
                b0.j("PolicySigningHelper", "Policy Signing Signature header is empty.");
                return PolicySigningResult.f11609o;
            }
            int verifyEcdsaSignature = ((OpenSSLCryptUtil) h.b(OpenSSLCryptUtil.class)).verifyEcdsaSignature(h10, bArr, r(Base64.decode(str2, 0)), i10);
            if (verifyEcdsaSignature == 1) {
                return PolicySigningResult.f11612r;
            }
            if (verifyEcdsaSignature == 0) {
                b0.j("PolicySigningHelper", "Signature validation failed");
                return PolicySigningResult.f11611q;
            }
            b0.j("PolicySigningHelper", verifyEcdsaSignature == -1 ? "Signature validation returned error" : "awVerifyEcdsaSignature returned unknown value");
            return PolicySigningResult.f11605k;
        } catch (NullPointerException e10) {
            b0.l("PolicySigningHelper", "Policy Signing Signature OID header missing.", e10);
            return PolicySigningResult.f11610p;
        }
    }

    private void u(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write((byte) bArr.length);
        byteArrayOutputStream.write(bArr, 0, bArr.length);
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x0088, code lost:
    
        if (r1 != r2) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0099, code lost:
    
        return r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x0096, code lost:
    
        e();
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0094, code lost:
    
        if (r1 == com.airwatch.bizlib.policysigning.PolicySigningResult.f11612r) goto L32;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.airwatch.bizlib.policysigning.PolicySigningResult b() {
        /*
            r9 = this;
            java.lang.String r0 = "PolicySigningHelper"
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11612r
            com.airwatch.sdk.context.SDKContext r2 = com.airwatch.sdk.context.u.b()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            android.content.SharedPreferences r2 = r2.r()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.lang.String r3 = "policy_signing_cert_chain_length"
            r4 = 0
            int r3 = r2.getInt(r3, r4)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r5 = 1
            if (r3 >= r5) goto L23
            java.lang.String r2 = "Certificate chain is empty"
            ff.b0.j(r0, r2)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            com.airwatch.bizlib.policysigning.PolicySigningResult r0 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11601g     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            return r0
        L1e:
            r0 = move-exception
            goto L9a
        L21:
            r2 = move-exception
            goto L8b
        L23:
            java.lang.String r3 = "policy_signing_cert_chain"
            java.lang.String r5 = ""
            java.lang.String r2 = r2.getString(r3, r5)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.lang.String r3 = ","
            java.lang.String[] r2 = r2.split(r3)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.lang.String r3 = "X.509"
            java.security.cert.CertificateFactory r3 = java.security.cert.CertificateFactory.getInstance(r3)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            int r5 = r2.length     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.security.cert.X509Certificate[] r5 = new java.security.cert.X509Certificate[r5]     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r6 = r4
        L3b:
            int r7 = r2.length     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            if (r6 >= r7) goto L54
            java.io.ByteArrayInputStream r7 = new java.io.ByteArrayInputStream     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r8 = r2[r6]     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            byte[] r8 = android.util.Base64.decode(r8, r4)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r7.<init>(r8)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.security.cert.Certificate r7 = r3.generateCertificate(r7)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r5[r6] = r7     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            int r6 = r6 + 1
            goto L3b
        L54:
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = r9.d(r5)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            com.airwatch.bizlib.policysigning.PolicySigningResult r2 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11612r     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            if (r1 == r2) goto L62
            if (r1 == r2) goto L61
            r9.e()
        L61:
            return r1
        L62:
            com.airwatch.sdk.context.SDKContext r3 = com.airwatch.sdk.context.u.b()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            com.airwatch.revocationcheck.c r3 = r3.o()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            r4 = 2
            com.airwatch.revocationcheck.RevocationCheckResponse r3 = r3.e(r4, r5)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            if (r3 == 0) goto L83
            com.airwatch.revocationcheck.a r3 = r3.getUsagePolicy()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            boolean r3 = r3.getAllowUsage()     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            if (r3 != 0) goto L88
            java.lang.String r3 = "Policy signing certs are revoked and cannot be used"
            ff.b0.j(r0, r3)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11602h     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
            goto L88
        L83:
            java.lang.String r3 = "Certificate Revocation Check is not enabled in the config"
            ff.b0.j(r0, r3)     // Catch: java.lang.Throwable -> L1e java.security.cert.CertificateException -> L21
        L88:
            if (r1 == r2) goto L99
            goto L96
        L8b:
            java.lang.String r3 = "Policy signing certificate is not valid: "
            ff.b0.l(r0, r3, r2)     // Catch: java.lang.Throwable -> L1e
            com.airwatch.bizlib.policysigning.PolicySigningResult r1 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11607m     // Catch: java.lang.Throwable -> L1e
            com.airwatch.bizlib.policysigning.PolicySigningResult r0 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11612r
            if (r1 == r0) goto L99
        L96:
            r9.e()
        L99:
            return r1
        L9a:
            com.airwatch.bizlib.policysigning.PolicySigningResult r2 = com.airwatch.bizlib.policysigning.PolicySigningResult.f11612r
            if (r1 == r2) goto La1
            r9.e()
        La1:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: i6.f.b():com.airwatch.bizlib.policysigning.PolicySigningResult");
    }

    public PolicySigningResult c(byte[] bArr, Map<String, List<String>> map, String str, int i10, String str2, Object obj) {
        if (p(str, i10, obj)) {
            b0.b("PolicySigningHelper", "checkNetworkResponse: skipping response validation.");
            return PolicySigningResult.f11612r;
        }
        PolicySigningResult b10 = b();
        PolicySigningResult policySigningResult = PolicySigningResult.f11612r;
        if (b10 != policySigningResult || f(bArr, str2, map, str, i10) != policySigningResult) {
            return i(bArr, str2, map, str, i10);
        }
        b0.b("PolicySigningHelper", "Validation success.");
        return policySigningResult;
    }

    PolicySigningResult d(X509Certificate[] x509CertificateArr) {
        q qVar = new q();
        PolicySigningResult j10 = j(x509CertificateArr);
        if (j10 != PolicySigningResult.f11612r) {
            b0.j("PolicySigningHelper", "Policy signing certificate validation failed due to invalid chain");
            return j10;
        }
        for (int i10 = 1; i10 <= x509CertificateArr.length - 1; i10++) {
            if (!qVar.e(x509CertificateArr[i10])) {
                b0.j("PolicySigningHelper", "Policy signing certificate validation failed as one of the certificate in chain is not a valid CA certificate");
                return PolicySigningResult.f11600f;
            }
            if (x509CertificateArr[i10].getBasicConstraints() < i10 - 1) {
                b0.j("PolicySigningHelper", "Policy signing certificate validation failed as one of the certificate in chain has invalid path length");
                return PolicySigningResult.f11599e;
            }
        }
        boolean[] keyUsage = x509CertificateArr[0].getKeyUsage();
        if (keyUsage != null && keyUsage[0]) {
            return PolicySigningResult.f11612r;
        }
        b0.j("PolicySigningHelper", "Policy signing certificate validation failed as key usage is not valid");
        return PolicySigningResult.f11606l;
    }

    public void e() {
        SharedPreferences.Editor edit = u.b().r().edit();
        edit.putString("policy_signing_certificate", "");
        edit.putInt("policy_signing_cert_chain_length", 0);
        edit.putString("policy_signing_cert_chain", "");
        edit.putString("policy_signing_cert_type", "");
        edit.putString("policy_signing_cert_encoding", "");
        edit.apply();
    }

    public PolicySigningResult g() {
        if (!l()) {
            return PolicySigningResult.f11612r;
        }
        try {
            if (new ConsoleVersion(u.b().r().getString("console_version", "")).compareTo(ConsoleVersion.EIGHT_DOT_FIVE) < 0) {
                o(false);
                return PolicySigningResult.f11612r;
            }
            int intValue = ((Integer) ((d) oq.a.a(d.class)).call()).intValue();
            if (intValue != 1) {
                if (intValue != 0) {
                    return PolicySigningResult.f11605k;
                }
                o(false);
                return PolicySigningResult.f11612r;
            }
            PolicySigningResult b10 = ((f) h.b(f.class)).b();
            if (b10 == PolicySigningResult.f11612r) {
                b0.b("PolicySigningHelper", "Policy Signing certificate validation success.");
                o(true);
            } else {
                b0.b("PolicySigningHelper", "Policy signing certificate validation failed");
            }
            return b10;
        } catch (SDKContextException e10) {
            b0.n("PolicySigningHelper", e10);
            return PolicySigningResult.f11605k;
        } catch (Exception e11) {
            b0.n("PolicySigningHelper", e11);
            throw new RuntimeException(e11);
        }
    }

    PolicySigningResult i(byte[] bArr, String str, Map<String, List<String>> map, String str2, int i10) {
        b0.M("PolicySigningHelper", "Validation failed, re-fetching certificate.");
        PolicySigningResult g10 = g();
        PolicySigningResult policySigningResult = PolicySigningResult.f11612r;
        if (g10 != policySigningResult) {
            n(g10, str2, i10, str);
            return g10;
        }
        if (!k()) {
            return policySigningResult;
        }
        b0.u("PolicySigningHelper", "Retrying validation");
        return f(bArr, str, map, str2, i10);
    }

    public PolicySigningResult j(X509Certificate[] x509CertificateArr) {
        int i10 = 0;
        String name = x509CertificateArr[0].getSubjectDN().getName();
        b0.b("PolicySigningHelper", "isChainValid called for " + name + " with chain length: " + x509CertificateArr.length);
        while (i10 < x509CertificateArr.length - 1) {
            try {
                x509CertificateArr[i10].checkValidity();
                X509Certificate x509Certificate = x509CertificateArr[i10];
                i10++;
                x509Certificate.verify(x509CertificateArr[i10].getPublicKey());
            } catch (InvalidKeyException e10) {
                e = e10;
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.f11603i;
            } catch (NoSuchAlgorithmException e11) {
                e = e11;
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.f11603i;
            } catch (NoSuchProviderException e12) {
                e = e12;
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.f11603i;
            } catch (SignatureException e13) {
                e = e13;
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e.getMessage());
                return PolicySigningResult.f11603i;
            } catch (CertificateExpiredException e14) {
                e = e14;
                b0.j("PolicySigningHelper", "Cert chain for " + name + " has a expired certificate. " + e.getMessage());
                return PolicySigningResult.f11604j;
            } catch (CertificateNotYetValidException e15) {
                e = e15;
                b0.j("PolicySigningHelper", "Cert chain for " + name + " has a expired certificate. " + e.getMessage());
                return PolicySigningResult.f11604j;
            } catch (CertificateException e16) {
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e16.getMessage());
                return PolicySigningResult.f11598d;
            } catch (Exception e17) {
                if (!(e17 instanceof IllegalBlockSizeException)) {
                    throw e17;
                }
                b0.j("PolicySigningHelper", "Exception while validating cert chain for " + name + e17.getMessage());
                return PolicySigningResult.f11598d;
            }
        }
        x509CertificateArr[x509CertificateArr.length - 1].checkValidity();
        b0.b("PolicySigningHelper", "Chain for " + name + " is valid");
        return PolicySigningResult.f11612r;
    }

    public boolean k() {
        return l() && u.b().r().getBoolean("policy_signing_enabled", false);
    }

    public boolean l() {
        SDKContext b10 = u.b();
        if (b10.k() != SDKContext.State.IDLE) {
            return ((com.airwatch.sdk.f) h.b(com.airwatch.sdk.f.class)).a(b10.i()).getBoolean("policySigning", false);
        }
        return false;
    }

    public void q(String[] strArr, String str, String str2) {
        SharedPreferences.Editor edit = u.b().r().edit();
        edit.putString("policy_signing_certificate", strArr[0]);
        int length = strArr.length;
        StringBuilder sb2 = new StringBuilder();
        for (String str3 : strArr) {
            sb2.append(str3);
            sb2.append(",");
        }
        edit.putInt("policy_signing_cert_chain_length", length);
        edit.putString("policy_signing_cert_chain", sb2.toString());
        edit.putString("policy_signing_cert_type", str);
        edit.putString("policy_signing_cert_encoding", str2);
        edit.apply();
    }
}
