package com.citrix.mvpn.c;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.security.KeyChain;
import com.citrix.MAM.Android.ManagedAppHelper.Interface.MAMAppInfo;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;

/* loaded from: classes3.dex */
public class b {
    private static c j = c.a();

    /* renamed from: a, reason: collision with root package name */
    private X509Certificate[] f2858a;
    private PrivateKey b;
    private byte[] c;
    private String d;
    private String e;
    private char[] f;
    private String g;
    private String h;
    private boolean i;

    public b(Bundle bundle, Context context) throws Exception {
        this.e = bundle.getString(MAMAppInfo.KEY_CERT_TYPE);
        this.f = bundle.getCharArray(MAMAppInfo.KEY_CERT_PASSWORD);
        this.d = bundle.getString(MAMAppInfo.KEY_CERT_ID);
        char[] cArr = this.f;
        if (cArr != null) {
            this.g = new String(cArr);
        }
        if (MAMAppInfo.VALUE_CERT_TYPE_BLOB.equalsIgnoreCase(this.e)) {
            a(bundle);
        } else if ("KeyChain".equalsIgnoreCase(this.e)) {
            a(bundle, context);
        }
        this.i = false;
    }

    private static ArrayList<String> a(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            return null;
        }
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList<String> arrayList = new ArrayList<>();
        while (aliases.hasMoreElements()) {
            arrayList.add(aliases.nextElement());
        }
        return arrayList;
    }

    private void a(Bundle bundle) throws Exception {
        this.c = bundle.getByteArray(MAMAppInfo.KEY_CERT_BLOB);
        Provider g = g();
        if (g != null) {
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.f);
            KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", g, passwordProtection).getKeyStore();
            keyStore.load(new ByteArrayInputStream(this.c), this.f);
            ArrayList<String> a2 = a(keyStore);
            if (a2 != null) {
                Iterator<String> it = a2.iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    if (keyStore.entryInstanceOf(next, KeyStore.PrivateKeyEntry.class)) {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(next, passwordProtection);
                        this.b = privateKeyEntry.getPrivateKey();
                        this.f2858a = (X509Certificate[]) privateKeyEntry.getCertificateChain();
                        this.h = next;
                        return;
                    }
                    j.a("MVPN-MITM-Certificate", "Keystore with non private key entry found: " + next);
                }
            }
        }
    }

    private void a(Bundle bundle, Context context) throws Exception {
        ArrayList<String> stringArrayList = bundle.getStringArrayList(MAMAppInfo.KEY_CERT_ALIAS);
        if (Build.VERSION.SDK_INT < 14 || stringArrayList == null || stringArrayList.size() <= 0) {
            return;
        }
        this.b = KeyChain.getPrivateKey(context, stringArrayList.get(0));
        this.f2858a = KeyChain.getCertificateChain(context, stringArrayList.get(0));
        this.c = a();
        this.h = stringArrayList.get(0);
    }

    private byte[] a() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", null, new KeyStore.PasswordProtection(this.f)).getKeyStore();
        keyStore.setKeyEntry(c(), this.b, this.f, this.f2858a);
        keyStore.store(byteArrayOutputStream, this.f);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.c = byteArray;
        return byteArray;
    }

    private static Provider g() {
        Provider[] providers = Security.getProviders("KeyStore.PKCS12");
        if (providers.length >= 2) {
            return providers[1];
        }
        if (providers.length == 1) {
            return providers[0];
        }
        return null;
    }

    private boolean k() {
        X509Certificate[] x509CertificateArr = this.f2858a;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return false;
        }
        boolean z = true;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            z = z && x509Certificate.getKeyUsage()[5];
        }
        return z;
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x000b, code lost:
    
        if (r1 != null) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String b() {
        /*
            r6 = this;
            java.lang.StringBuffer r0 = new java.lang.StringBuffer
            r0.<init>()
            boolean r1 = r6.i
            if (r1 == 0) goto Le
            java.lang.String r1 = r6.d
            if (r1 == 0) goto L15
            goto L17
        Le:
            java.lang.String r1 = r6.d
            if (r1 == 0) goto L15
            java.lang.String r1 = "<AppCertID>"
            goto L17
        L15:
            java.lang.String r1 = "<NullCert>"
        L17:
            java.lang.String r2 = "CertID : "
            java.lang.StringBuffer r2 = r0.append(r2)
            java.lang.StringBuffer r1 = r2.append(r1)
            java.lang.String r2 = "\n"
            r1.append(r2)
            java.lang.String r1 = "Alias : "
            java.lang.StringBuffer r1 = r0.append(r1)
            java.lang.String r3 = r6.h
            java.lang.String r4 = " null "
            if (r3 == 0) goto L33
            goto L34
        L33:
            r3 = r4
        L34:
            java.lang.StringBuffer r1 = r1.append(r3)
            r1.append(r2)
            java.lang.String r1 = "CertType : "
            java.lang.StringBuffer r1 = r0.append(r1)
            java.lang.String r3 = r6.e
            if (r3 == 0) goto L46
            r4 = r3
        L46:
            java.lang.StringBuffer r1 = r1.append(r4)
            r1.append(r2)
            java.lang.String r1 = "isSelfSigned  : "
            java.lang.StringBuffer r1 = r0.append(r1)
            boolean r3 = r6.k()
            java.lang.String r4 = " Yes "
            java.lang.String r5 = " No "
            if (r3 == 0) goto L5f
            r3 = r4
            goto L60
        L5f:
            r3 = r5
        L60:
            java.lang.StringBuffer r1 = r1.append(r3)
            r1.append(r2)
            java.lang.String r1 = "isItValid  : "
            java.lang.StringBuffer r1 = r0.append(r1)
            boolean r2 = r6.l()
            if (r2 == 0) goto L74
            goto L75
        L74:
            r4 = r5
        L75:
            r1.append(r4)
            java.lang.String r0 = r0.toString()
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.mvpn.c.b.b():java.lang.String");
    }

    public String c() {
        return this.h;
    }

    public byte[] d() throws Exception {
        if (this.c == null) {
            this.c = a();
        }
        return this.c;
    }

    public X509Certificate[] e() {
        return this.f2858a;
    }

    public String f() {
        return this.d;
    }

    public PrivateKey h() {
        return this.b;
    }

    public String i() {
        return this.g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean j() {
        return this.i;
    }

    public boolean l() {
        X509Certificate[] x509CertificateArr = this.f2858a;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return true;
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
            }
            return true;
        } catch (CertificateExpiredException e) {
            j.b("MVPN-MITM-Certificate", String.format("AG user certificate is expired, cert id %s", this.d), e);
            return false;
        } catch (CertificateNotYetValidException unused) {
            j.b("MVPN-MITM-Certificate", String.format("AG user certificate is not yet valid, cert id %s", this.d));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void m() {
        this.i = true;
    }
}
