package com.sophos.cloud.core.rest;

import android.content.Context;
import android.text.TextUtils;
import com.google.firebase.sessions.settings.RemoteSettings;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.sophos.jsceplib.ScepException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.json.JSONException;

/* loaded from: classes2.dex */
public abstract class b extends com.sophos.cloud.core.command.a {
    public static final String ACT_ERROR_ALREADY_MANAGED = "device_already_managed";
    public static final String ACT_ERROR_NO_LICENSE = "not_licensed";
    public static final String ACT_ERROR_VERSION_TOO_LOW = "os_version_too_low";
    public static final String ACT_HOME_LIMIT_REACHED = " home_device_limit_reached";
    public static final String ACT_HOME_MULTIPLE_ENROLLMENT = "home_multiple_enrollment";
    public static final String CHECKING_URL_PART = "/checkin";
    public static final String CLIENT_API_PART = "/client-api";
    public static final String ENROLL_URL_PART = "/enroll";
    public static final String TAG = "REST";
    private O2.a mActivationResData;
    private boolean mCloudClient;
    private String mEmail;
    private boolean mIsFirstEnrolledApp;
    private boolean mMtdClient;
    private int mResIdErrorString;
    private O2.d mRestConfig;
    private String mServerUrl;
    private boolean mSetBearer;
    private boolean mSetXConfigurationToken;
    private String mToken;
    private boolean mUseUnSecuredSSL;
    private static final Set<O2.h> sScepPreProcessors = new HashSet();
    private static final Set<O2.g> sActivationPostProcessors = new HashSet();
    private static final Set<O2.h> sActivationPreProcessors = new HashSet();

    public b(Context context) {
        super(context);
        this.mActivationResData = null;
        this.mResIdErrorString = L2.a.f1465d;
        this.mCloudClient = true;
        this.mMtdClient = false;
        this.mUseUnSecuredSSL = false;
        this.mSetXConfigurationToken = false;
    }

    public static void addActivationPostProcessor(O2.g gVar) {
        Set<O2.g> set = sActivationPostProcessors;
        synchronized (set) {
            set.add(gVar);
        }
    }

    public static void addActivationPreProcessor(O2.h hVar) {
        Set<O2.h> set = sActivationPreProcessors;
        synchronized (set) {
            set.add(hVar);
        }
    }

    public static void addScepPreProcessor(O2.h hVar) {
        Set<O2.h> set = sScepPreProcessors;
        synchronized (set) {
            set.add(hVar);
        }
    }

    private void callPostProcessor(int i6) {
        Set<O2.g> set = sActivationPostProcessors;
        synchronized (set) {
            Iterator<O2.g> it = set.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a(i6);
                } catch (Exception e6) {
                    a4.c.Y("REST", "Calling Post Processor failed.", e6);
                }
            }
        }
    }

    private void callPreProcessor() {
        Set<O2.h> set = sActivationPreProcessors;
        synchronized (set) {
            Iterator<O2.h> it = set.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e6) {
                    a4.c.Y("REST", "Calling Pre Processor failed", e6);
                }
            }
        }
    }

    private void callScepPreProcessor() {
        Set<O2.h> set = sScepPreProcessors;
        synchronized (set) {
            Iterator<O2.h> it = set.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e6) {
                    a4.c.Y("REST", "Calling SCEP Pre Processor failed.", e6);
                }
            }
        }
    }

    public static void removeActivationPostProcessor(O2.g gVar) {
        Set<O2.g> set = sActivationPostProcessors;
        synchronized (set) {
            set.remove(gVar);
        }
    }

    public static void removeActivationPreProcessor(O2.h hVar) {
        Set<O2.h> set = sActivationPreProcessors;
        synchronized (set) {
            set.remove(hVar);
        }
    }

    public static void removeScepPreProcessor(O2.h hVar) {
        Set<O2.h> set = sScepPreProcessors;
        synchronized (set) {
            set.remove(hVar);
        }
    }

    public org.json.b buildActivationErrorJson(int i6) throws JSONException {
        org.json.b bVar = new org.json.b();
        bVar.put("email", getEmail());
        bVar.put("status", -3);
        bVar.put("error_code", i6);
        return bVar;
    }

    public abstract org.json.b buildActivationJson() throws JSONException, SecurityException;

    public int checkActivationResponse() {
        if (TextUtils.isEmpty(this.mActivationResData.getPlatform()) || "android".equals(this.mActivationResData.getPlatform())) {
            return 0;
        }
        this.mResIdErrorString = L2.a.f1469h;
        return -5;
    }

    public boolean detectFirstEnrolledApp() {
        try {
            if (this.mRestConfig.getCertificateSubjectCn() == null || this.mRestConfig.getCertificateSubjectCn().length() <= 0 || this.mRestConfig.getCertificateSubjectO() == null) {
                return true;
            }
            return this.mRestConfig.getCertificateSubjectO().length() <= 0;
        } catch (NullPointerException unused) {
            a4.c.j("REST", "NPE while reading REST config. assuming empty values.");
            return true;
        }
    }

    @Override // com.sophos.cloud.core.command.a
    public int doExecute() {
        callPreProcessor();
        O2.d loadRestConfig = loadRestConfig();
        this.mRestConfig = loadRestConfig;
        this.mEmail = loadRestConfig.getActivationEmail();
        this.mToken = this.mRestConfig.getActivationSecCode();
        this.mServerUrl = this.mRestConfig.getActivationServer();
        if (runCloudActivation()) {
            a4.c.y("REST", "Cloud activation finished successfully.");
            onActivationSuccess();
            callPostProcessor(0);
            finish(0);
            return 0;
        }
        a4.c.j("REST", "Cloud activation failed");
        onActivationFailure();
        callPostProcessor(-2);
        finish(-2);
        return -2;
    }

    public abstract String getActivationProtocol();

    public abstract O2.a getActivationResponseParser();

    public String getCloudActivationUrl() {
        if (this.mIsFirstEnrolledApp) {
            return AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + ENROLL_URL_PART + RemoteSettings.FORWARD_SLASH_STRING + this.mToken + CHECKING_URL_PART;
        }
        return AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + ENROLL_URL_PART + CHECKING_URL_PART + RemoteSettings.FORWARD_SLASH_STRING + this.mRestConfig.getDeviceId();
    }

    public String getCloudMtdActivationUrl() {
        return this.mServerUrl;
    }

    public String getEmail() {
        return this.mEmail;
    }

    public int getErrorString() {
        return this.mResIdErrorString;
    }

    public String getPremiseSmcActivationUrl() {
        String str;
        if (this.mIsFirstEnrolledApp) {
            str = AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + RemoteSettings.FORWARD_SLASH_STRING + this.mToken + CHECKING_URL_PART;
        } else {
            str = AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + CHECKING_URL_PART + RemoteSettings.FORWARD_SLASH_STRING + this.mRestConfig.getDeviceId();
        }
        a4.c.j("REST", "URL: " + str + " first: " + this.mIsFirstEnrolledApp);
        return str;
    }

    public O2.d getRestConfig() {
        return this.mRestConfig;
    }

    public String getServerUrl() {
        return this.mServerUrl;
    }

    public String getSmcActivationUrl() {
        return !this.mCloudClient ? getPremiseSmcActivationUrl() : isMtdClient() ? getCloudMtdActivationUrl() : getCloudActivationUrl();
    }

    public String getToken() {
        return this.mToken;
    }

    public boolean isCloudClient() {
        return a.g(this.mRestConfig.getActivationSecCode());
    }

    public boolean isFirstEnrolledApp() {
        return this.mIsFirstEnrolledApp;
    }

    public boolean isMtdClient() {
        return this.mMtdClient;
    }

    public abstract O2.d loadRestConfig();

    public abstract void onActivationFailure();

    public abstract void onActivationSuccess();

    public void onPreScep() {
    }

    public int postRequestToServer(j jVar, org.json.b bVar, String str) {
        int i6 = jVar.i(getSmcActivationUrl(), str, bVar);
        if (this.mCloudClient || i6 == 200 || !jVar.f()) {
            return i6;
        }
        a4.c.y("REST", "Let's try unsecured SSL!");
        jVar.r(true);
        int i7 = jVar.i(getSmcActivationUrl(), str, bVar);
        this.mUseUnSecuredSSL = true;
        return i7;
    }

    public boolean runCloudActivation() {
        String str;
        this.mIsFirstEnrolledApp = detectFirstEnrolledApp();
        this.mCloudClient = isCloudClient();
        try {
            org.json.b buildActivationJson = buildActivationJson();
            if (this.mIsFirstEnrolledApp) {
                this.mUseUnSecuredSSL = false;
                str = null;
            } else {
                str = h.a(getContext(), this.mRestConfig, buildActivationJson);
                if (str == null) {
                    a4.c.j("REST", "Cloud sync failed. Cannot create signature sync failed");
                    return false;
                }
                this.mUseUnSecuredSSL = this.mRestConfig.useUnsecuredSSL();
            }
            j jVar = new j(getContext(), this.mRestConfig, this.mUseUnSecuredSSL, getActivationProtocol());
            if (this.mSetXConfigurationToken) {
                jVar.t(this.mToken);
            }
            if (this.mSetBearer) {
                jVar.p(this.mRestConfig.getActivationSecCode());
            }
            int postRequestToServer = postRequestToServer(jVar, buildActivationJson, str);
            if (postRequestToServer != 200 || jVar.c() == null) {
                a4.c.j("REST", "Cloud activation. failed. Cannot post activation package. Status: " + postRequestToServer);
                if (postRequestToServer == 403) {
                    setErrorString(jVar.c());
                } else if (postRequestToServer == 410) {
                    this.mResIdErrorString = L2.a.f1467f;
                } else if (jVar.d()) {
                    this.mResIdErrorString = L2.a.f1470i;
                } else {
                    this.mResIdErrorString = L2.a.f1465d;
                }
                return false;
            }
            try {
                O2.a activationResponseParser = getActivationResponseParser();
                this.mActivationResData = activationResponseParser;
                activationResponseParser.parseBody(jVar.c());
                int checkActivationResponse = checkActivationResponse();
                if (checkActivationResponse == 0) {
                    onPreScep();
                    callScepPreProcessor();
                    if (!this.mIsFirstEnrolledApp || !this.mActivationResData.areScepDataPresent()) {
                        return true;
                    }
                    o oVar = new o(this.mRestConfig, this.mUseUnSecuredSSL);
                    U2.b bVar = new U2.b(getContext(), this.mActivationResData.getScepUrl(), this.mActivationResData.getCommonName(), this.mActivationResData.getOrganisation(), this.mRestConfig.getUniqueAppId());
                    try {
                        U2.b.h(oVar);
                        bVar.i(this.mActivationResData.getKeyUsage());
                        bVar.c();
                        return bVar.d(this.mActivationResData.getChallenge());
                    } catch (ScepException e6) {
                        a4.c.k("REST", "Cloud activation. failed. Cannot enroll communication certificate.", e6);
                        return false;
                    }
                }
                a4.c.j("REST", "runCloudActivation failed, checkActivationResponse returned " + checkActivationResponse);
                try {
                    org.json.b buildActivationErrorJson = buildActivationErrorJson(checkActivationResponse);
                    if (!this.mIsFirstEnrolledApp) {
                        str = h.a(getContext(), this.mRestConfig, buildActivationErrorJson);
                    }
                    a4.c.y("REST", "Sending failure code to smc got responseCode " + new j(getContext(), this.mRestConfig, this.mUseUnSecuredSSL, AuthenticationConstants.Broker.BROKER_PROTOCOL_VERSION).k(getSmcActivationUrl(), str, buildActivationErrorJson));
                } catch (JSONException e7) {
                    a4.c.k("REST", "Cannot build error response JSON.", e7);
                }
                return false;
            } catch (JSONException e8) {
                a4.c.k("REST", "Cloud activation. failed. Cannot decode activation response", e8);
                return false;
            }
        } catch (SecurityException e9) {
            a4.c.k("REST", "Cloud activation failed. Cannot get activation data.", e9);
            return false;
        } catch (JSONException e10) {
            a4.c.k("REST", "Cloud activation failed. Cannot build activation JSON.", e10);
            return false;
        }
    }

    public void setAuthorizationBearer(boolean z6) {
        this.mSetBearer = z6;
    }

    public void setEmail(String str) {
        this.mEmail = str;
    }

    protected void setErrorString(org.json.b bVar) {
        this.mResIdErrorString = L2.a.f1465d;
        if (bVar != null) {
            boolean optBoolean = bVar.optBoolean(ACT_ERROR_ALREADY_MANAGED);
            boolean optBoolean2 = bVar.optBoolean(ACT_ERROR_NO_LICENSE);
            boolean optBoolean3 = bVar.optBoolean(ACT_ERROR_VERSION_TOO_LOW);
            boolean optBoolean4 = bVar.optBoolean(ACT_HOME_LIMIT_REACHED);
            boolean optBoolean5 = bVar.optBoolean(ACT_HOME_MULTIPLE_ENROLLMENT);
            if (optBoolean) {
                this.mResIdErrorString = L2.a.f1462a;
                return;
            }
            if (optBoolean2) {
                this.mResIdErrorString = L2.a.f1466e;
                return;
            }
            if (optBoolean3) {
                this.mResIdErrorString = L2.a.f1468g;
            } else if (optBoolean4) {
                this.mResIdErrorString = L2.a.f1463b;
            } else if (optBoolean5) {
                this.mResIdErrorString = L2.a.f1464c;
            }
        }
    }

    public void setMtdClient(boolean z6) {
        this.mMtdClient = z6;
    }

    public void setResIdErrorString(int i6) {
        this.mResIdErrorString = i6;
    }

    public void setRestConfig(O2.d dVar) {
        this.mRestConfig = dVar;
    }

    public void setServerUrl(String str) {
        this.mServerUrl = str;
    }

    public void setToken(String str) {
        this.mToken = str;
    }

    public void setXConfigurationToken(boolean z6) {
        this.mSetXConfigurationToken = z6;
    }

    public boolean useUnsecuredSSL() {
        return this.mUseUnSecuredSSL;
    }
}
