package com.att.halox.common.X509CertUtils;

import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Message;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.util.Base64;
import com.att.halox.common.X509CertUtils.WebServiceTask;
import com.att.halox.common.rsa.HaloXSecurityAgent;
import com.att.halox.common.utils.LogUtils;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.regex.PatternSyntaxException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509KeyManager;

/* loaded from: classes.dex */
public class X509Impl implements X509KeyManager {
    public static final String CSO_MOBILE_KEY_PREF = "CSO_MOBILE_KEY_PREF";
    public static final String CSO_MOBILE_KEY_USER_PREF = "CSO_MOBILE_KEY_USER_PREF";
    private static final String ERRORCODES_SP_FILE_NAME = "HaloXRemoteConfigErrors";
    public static final String SAVED_USER_ID = "saved_user_id";
    private static final String SELECTED_CERT_ALIAS = "selected_cert_alias";
    private static final String SELECTED_CERT_EXPIRY = "selected_cert_expiry";
    private static final String SELECTED_CERT_PREF = "selected_cert_pref";
    public static final String SERVER = "server";
    private static final String SSL_CONTEXT_ALGO = "ssl_protocol";
    private static final String TAG = "X509Impl";
    public static final String USER_ID = "userId";
    private static byte[] byteArray;
    private final String alias;
    private final X509Certificate[] certChain;
    private final PrivateKey privateKey;

    public X509Impl(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        this.alias = str;
        this.certChain = x509CertificateArr;
        this.privateKey = privateKey;
    }

    public static void SaveStringPreferences(Context context, String str, String str2) {
        SharedPreferences.Editor edit = context.getSharedPreferences(CSO_MOBILE_KEY_PREF, 0).edit();
        byte[] bytes = HaloXSecurityAgent.getHaloXRSAInstance(context).encrypt(str2, context).getBytes(StandardCharsets.UTF_8);
        byteArray = bytes;
        edit.putString(str, Base64.encodeToString(bytes, 0));
        edit.apply();
    }

    public static void SaveStringUserPreferences(Context context, String str, String str2) {
        new Thread(new c(context, str2, str, 0)).start();
    }

    public static X509Impl fromAlias(Activity activity, String str) {
        try {
            LogUtils.i(TAG, "Accessing Cert Chain in X509Impl");
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(activity, str);
            LogUtils.i(TAG, "Cert Chain : " + certificateChain);
            PrivateKey privateKey = KeyChain.getPrivateKey(activity, str);
            LogUtils.i(TAG, "Cert Chain : " + privateKey);
            if (certificateChain == null || privateKey == null) {
                return null;
            }
            return new X509Impl(str, certificateChain, privateKey);
        } catch (KeyChainException | InterruptedException e) {
            throw new CertificateException(e);
        }
    }

    private static String getAlgorithmFromSP(Context context) {
        String string = context.getSharedPreferences(ERRORCODES_SP_FILE_NAME, 0).getString(SSL_CONTEXT_ALGO, "");
        return (string == null || string.isEmpty()) ? "TLSv1.2" : string;
    }

    private static String getUserId(String str) {
        StringBuilder sb;
        String str2;
        String str3;
        if (str != null) {
            try {
                String[] split = str.split(",");
                if (split.length > 0) {
                    int length = split.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            str3 = null;
                            break;
                        }
                        if (split[i].contains("CN")) {
                            str3 = split[0];
                            break;
                        }
                        i++;
                    }
                    if (str3 == null || !str3.contains("=")) {
                        return str3;
                    }
                    String[] split2 = str3.split("=");
                    return split2.length > 0 ? split2[1] : str3;
                }
            } catch (PatternSyntaxException e) {
                e = e;
                sb = new StringBuilder();
                str2 = "getUserId : PatternSyntaxException : ";
                sb.append(str2);
                sb.append(e.toString());
                LogUtils.i(TAG, sb.toString());
                return str;
            } catch (Exception e2) {
                e = e2;
                sb = new StringBuilder();
                str2 = "getUserId : Exception : ";
                sb.append(str2);
                sb.append(e.toString());
                LogUtils.i(TAG, sb.toString());
                return str;
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$SaveStringUserPreferences$1(Context context, String str, String str2) {
        SharedPreferences.Editor edit = context.getSharedPreferences(CSO_MOBILE_KEY_USER_PREF, 0).edit();
        String encrypt = HaloXSecurityAgent.getHaloXRSAInstance(context).encrypt(str, context);
        if (encrypt == null) {
            encrypt = "";
        }
        edit.putString(str2, encrypt);
        edit.apply();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$promptUserForCert$0(WebServiceTask.ExceptionHandler exceptionHandler, Activity activity, String str) {
        StringBuilder sb;
        String str2;
        LogUtils.i(TAG, "===>Key alias is: " + str);
        if (str == null) {
            LogUtils.i(TAG, "New Alias is null");
            exceptionHandler.onFailure(new CertificateException("User denied certificate selection"));
            return;
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(activity, str);
            KeyChain.getPrivateKey(activity, str);
            if (certificateChain != null && certificateChain.length > 0) {
                X509Certificate x509Certificate = certificateChain[0];
                String name = x509Certificate.getSubjectX500Principal().getName();
                if (name == null || !name.contains("ATTSSO")) {
                    LogUtils.e(TAG, "Wrong cert was selected");
                } else {
                    LogUtils.i(TAG, "User has selected the right certificate.");
                    Date notAfter = x509Certificate.getNotAfter();
                    long time = notAfter.getTime();
                    LogUtils.i(TAG, "User has selected the right certificate : expiryDate : " + notAfter + ", timestamp : " + time);
                    long currentTimeMillis = System.currentTimeMillis();
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("Key Chain is accessible : currentTime : ");
                    sb2.append(currentTimeMillis);
                    LogUtils.i(TAG, sb2.toString());
                    if (time < currentTimeMillis) {
                        saveCertAlias(activity, "", 0L);
                        Message message = new Message();
                        message.obj = "Your certificate is expired, please launch MobileIron and reinstall the certificate to access mobile key.";
                        message.arg1 = 101;
                    } else {
                        saveCertAlias(activity, str, time);
                        readCertInfo(certificateChain, activity);
                    }
                }
            }
        } catch (KeyChainException e) {
            e = e;
            sb = new StringBuilder();
            str2 = "Caught KeyChainException while getting CertAlias   : ";
            sb.append(str2);
            sb.append(e.toString());
            LogUtils.e(TAG, sb.toString());
        } catch (InterruptedException e2) {
            e = e2;
            sb = new StringBuilder();
            str2 = "Caught InterruptedException while getting CertAlias  : ";
            sb.append(str2);
            sb.append(e.toString());
            LogUtils.e(TAG, sb.toString());
        } catch (Exception e3) {
            e = e3;
            sb = new StringBuilder();
            str2 = "Caught Exception while getting CertAlias  : ";
            sb.append(str2);
            sb.append(e.toString());
            LogUtils.e(TAG, sb.toString());
        }
    }

    private static void promptUserForCert(final Activity activity, final WebServiceTask.ExceptionHandler exceptionHandler) {
        KeyChain.choosePrivateKeyAlias(activity, new KeyChainAliasCallback() { // from class: com.att.halox.common.X509CertUtils.b
            @Override // android.security.KeyChainAliasCallback
            public final void alias(String str) {
                X509Impl.lambda$promptUserForCert$0(WebServiceTask.ExceptionHandler.this, activity, str);
            }
        }, new String[0], null, null, -1, null);
    }

    public static void readCertInfo(X509Certificate[] x509CertificateArr, Context context) {
        StringBuilder sb;
        String str;
        if (x509CertificateArr != null) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            try {
                LogUtils.i(TAG, "getNotAfter: " + x509Certificate.getNotAfter());
                LogUtils.i(TAG, "getNotBefore: " + x509Certificate.getNotBefore());
                String name = x509Certificate.getSubjectX500Principal().getName();
                LogUtils.i(TAG, "tempUserID: " + name);
                String userId = getUserId(name);
                String str2 = null;
                int i = 0;
                String str3 = null;
                String str4 = null;
                for (List<?> list : x509Certificate.getSubjectAlternativeNames()) {
                    LogUtils.i(TAG, "iterarer value: " + list);
                    for (int i2 = 0; i2 < list.size(); i2++) {
                        LogUtils.i(TAG, "value= " + list.get(1));
                        String str5 = (String) list.get(1);
                        if (i == 1) {
                            str4 = str5;
                        } else if (i == 2) {
                            str2 = str5;
                        } else if (i == 3) {
                            str3 = str5;
                        }
                    }
                    i++;
                }
                LogUtils.i(TAG, "Firstname: " + str2 + ", Lastname: " + str3 + ", userid : " + userId + ", server name: " + str4);
                if (str2 != null && str3 != null && userId != null) {
                    SaveStringUserPreferences(context, USER_ID, userId);
                }
                if (str4 != null) {
                    SaveStringPreferences(context, SERVER, str4);
                }
            } catch (CertificateParsingException e) {
                e = e;
                sb = new StringBuilder();
                str = "Caught CertificateParsingException with message : ";
                sb.append(str);
                sb.append(e.getMessage());
                LogUtils.i(TAG, sb.toString());
            } catch (Exception e2) {
                e = e2;
                sb = new StringBuilder();
                str = "Caught Exception with message : ";
                sb.append(str);
                sb.append(e.getMessage());
                LogUtils.i(TAG, sb.toString());
            }
        }
    }

    public static void saveCertAlias(Context context, String str, long j) {
        SharedPreferences.Editor edit = context.getSharedPreferences(SELECTED_CERT_PREF, 0).edit();
        edit.putString(SELECTED_CERT_ALIAS, str);
        edit.putLong(SELECTED_CERT_EXPIRY, j);
        edit.apply();
    }

    public static SSLContext setForConnection(HttpsURLConnection httpsURLConnection, Activity activity, String str, WebServiceTask.ExceptionHandler exceptionHandler) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(getAlgorithmFromSP(activity));
            if (fromAlias(activity, str) == null) {
                saveCertAlias(activity, "", 0L);
                promptUserForCert(activity, exceptionHandler);
            } else {
                sSLContext.init(new KeyManager[]{fromAlias(activity, str)}, null, null);
            }
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Should not happen...", e);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return this.alias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.alias.equals(str)) {
            return this.certChain;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.alias.equals(str)) {
            return this.privateKey;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }
}
