package com.sec.enterprise.knox.cloudmdm.smdms.security;

import android.content.Context;
import android.os.Build;
import android.os.Process;
import com.android.org.conscrypt.NativeCrypto;
import com.samsung.android.knox.libknoxwrapper.ClientCertificateManagerWrapper;
import com.samsung.android.knox.libknoxwrapper.EnterpriseKnoxManagerWrapper;
import com.samsung.android.knox.myknoxexpress.reflectionlibrary.ReflectionContainer;
import com.sec.enterprise.knox.EnterpriseKnoxManager;
import com.sec.enterprise.knox.cloudmdm.smdms.policyinterface.UMCAdmin;
import com.sec.enterprise.knox.cloudmdm.smdms.utilities.Log;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes.dex */
public class CloudMDMSecurity {
    public static final int CERT_EXPIRED = -2;
    public static final int CERT_NOT_YET_VALID = -1;
    public static final int CERT_STORAGE_FAILED = -3;
    public static final int CERT_STORED = 0;
    private static final int KEY_SIZE_BYTES = 32;
    private static final String RAND_NUM = "RND_TZ_CCM_VAL";
    private static final String SSL_ENGINE_NAME = "secpkcs11";
    private static final String TAG = "MyKNOX:CloudMDMSecurity";
    private static Context mContext;
    private static CloudMDMSecurity mInstance;
    private static SecurityUtils mSecurityUtils;
    private PKCS10CertificationRequest csr;
    private static SSLContext mSSLContext = null;
    private static String mPassword = null;

    private CloudMDMSecurity(Context context) {
        mContext = context;
        mPassword = getClass().getSimpleName();
        Log.d(TAG, "MPAS = " + mPassword);
    }

    public static synchronized CloudMDMSecurity getInstance(Context context) {
        CloudMDMSecurity cloudMDMSecurity;
        synchronized (CloudMDMSecurity.class) {
            if (mInstance == null) {
                mSecurityUtils = new SecurityUtils(context);
                mInstance = new CloudMDMSecurity(context);
            }
            cloudMDMSecurity = mInstance;
        }
        return cloudMDMSecurity;
    }

    public static PrivateKey getPrivateKey() {
        PrivateKey privateKey;
        try {
            String defaultCertificateAlias = ClientCertificateManagerWrapper.getDefaultCertificateAlias(EnterpriseKnoxManager.getInstance().getClientCertificateManagerPolicy(mContext));
            if (defaultCertificateAlias == null) {
                defaultCertificateAlias = "Samsung default";
            }
            privateKey = ReflectionContainer.getOpenSSLHelperReflection().getPrivateKey(ReflectionContainer.getOpenSSLHelperReflection().createInstance(), defaultCertificateAlias);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        if (privateKey != null) {
            return privateKey;
        }
        Log.d(TAG, "fail to get private key");
        return null;
    }

    public static synchronized SSLContext getSSLContext(String str) {
        SSLContext sSLContext;
        synchronized (CloudMDMSecurity.class) {
            mSSLContext = SecurityUtils.getSSLContext(str);
            sSLContext = mSSLContext;
        }
        return sSLContext;
    }

    public static SSLSocketFactory getSSLSocketFactory(String str) {
        return getSSLContext(str).getSocketFactory();
    }

    public static String getSecureRandomNumber(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return SecurityUtils.getBytesToHex(bArr);
    }

    public static void onBindComplete() {
    }

    public static boolean onBindInitiate() {
        Log.d(TAG, "onBindInitiate called!");
        try {
            Log.d(TAG, "CCM Profile Flow");
            boolean cCMProfile = UMCAdmin.setCCMProfile(mContext);
            Log.d(TAG, "@onBindInitiate - umcadmin SETCCM PROF res = " + cCMProfile);
            if (!cCMProfile) {
                return false;
            }
        } catch (Throwable th) {
            if (th.getMessage() != null) {
                Log.e(TAG, th.getMessage());
            }
            th.printStackTrace();
            Log.d(TAG, "@onBindInitiate - exception caught");
        }
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                KeyStore keyStore = KeyStore.getInstance("TimaKeyStore");
                if (keyStore != null) {
                    Log.d(TAG, "load timaKeystore");
                    keyStore.load(null, null);
                }
            } catch (IOException e) {
                e.printStackTrace();
                return false;
            } catch (KeyStoreException e2) {
                e2.printStackTrace();
                return false;
            } catch (NoSuchAlgorithmException e3) {
                e3.printStackTrace();
                return false;
            } catch (CertificateException e4) {
                e4.printStackTrace();
                return false;
            }
        } else if (NativeCrypto.ENGINE_by_id(SSL_ENGINE_NAME) == 0) {
            return SecurityUtils.registerSSLEngine(mPassword);
        }
        return getPrivateKey() != null;
    }

    public static void onFinish() {
        Log.d(TAG, "Deregister Engine being called!");
        if (Build.VERSION.SDK_INT < 23) {
            while (NativeCrypto.ENGINE_by_id(SSL_ENGINE_NAME) != 0) {
                SecurityUtils.deregisterSSLEngine();
            }
        }
        mSSLContext = null;
    }

    public boolean deleteClientCertificateEntry(String str) {
        try {
            return mSecurityUtils.deleteClientCertificateEntry(str);
        } catch (KeyStoreException e) {
            Log.e(TAG, "KeyStoreException occured: " + e.getMessage());
            return false;
        } catch (Exception e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
            return false;
        }
    }

    public boolean deleteMDMCertificate(String str) {
        try {
            return mSecurityUtils.deleteMDMCertificate(str);
        } catch (KeyStoreException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return false;
        }
    }

    public String generateCSR(KeyPair keyPair, String str, String str2, String str3, String str4) {
        try {
            SecurityUtils securityUtils = mSecurityUtils;
            return SecurityUtils.generateCSR(keyPair, str, str2, str3, str4);
        } catch (IOException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        } catch (OperatorCreationException e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
            return null;
        }
    }

    public KeyPair generateKeyPair() {
        try {
            SecurityUtils securityUtils = mSecurityUtils;
            return SecurityUtils.generateKeyPairClient();
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        }
    }

    public void generateSelfSignedPair(String str, String str2, String str3) {
        try {
            mSecurityUtils.generateKeyPairClientSelfSigned(str, str2, str3);
        } catch (IllegalStateException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
        } catch (InvalidKeyException e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
        } catch (KeyStoreException e3) {
            Log.e(TAG, "Exception occured: " + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            Log.e(TAG, "Exception occured: " + e4.getMessage());
        } catch (NoSuchProviderException e5) {
            Log.e(TAG, "Exception occured: " + e5.getMessage());
        } catch (SignatureException e6) {
            Log.e(TAG, "Exception occured: " + e6.getMessage());
        } catch (CertificateEncodingException e7) {
            Log.e(TAG, "Exception occured: " + e7.getMessage());
        }
    }

    public X509Certificate getClientCertificate(String str) {
        try {
            return mSecurityUtils.getClientCertificate(str);
        } catch (KeyStoreException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        }
    }

    public KeyStore getClientStore() {
        return mSecurityUtils.getClientStore();
    }

    public String getKeyStoreKey() {
        return mSecurityUtils.getKeyStoreKey();
    }

    public X509Certificate getMDMCertificate(String str) {
        try {
            return mSecurityUtils.getMDMCertificate(str);
        } catch (KeyStoreException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        }
    }

    public byte[] getPEMFormatClientCertificate(String str) {
        try {
            return SecurityUtils.convertToPem(mSecurityUtils.getClientCertificate(str));
        } catch (IOException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        } catch (KeyStoreException e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
            return null;
        }
    }

    public byte[] getPEMFormatMDMCertificate(String str) {
        try {
            X509Certificate mDMCertificate = mSecurityUtils.getMDMCertificate(str);
            SecurityUtils securityUtils = mSecurityUtils;
            return SecurityUtils.convertToPem(mDMCertificate);
        } catch (IOException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return null;
        } catch (KeyStoreException e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
            return null;
        }
    }

    public boolean init() {
        if (String.valueOf(EnterpriseKnoxManagerWrapper.getVersion()).equalsIgnoreCase(EnterpriseKnoxManagerWrapper.KNOX_ENTERPRISE_SDK_VERSION_2_0)) {
            Log.d(TAG, "Register for Default Certificate not required");
            return true;
        }
        if (!SecurityUtils.isTIMAAvailable()) {
            Log.d(TAG, "TIMA not available");
            return false;
        }
        Object asInterface = ReflectionContainer.getITimaServiceStub().asInterface(ReflectionContainer.getServiceManagerReflection().getService("tima"));
        if (asInterface == null) {
            Log.e(TAG, "TIMA Service not found");
            return false;
        }
        try {
            if (mSecurityUtils.passwordChanged(RAND_NUM)) {
                Log.d(TAG, "Old Flow");
                int ccmRegisterForDefaultCertificate = ReflectionContainer.getITimaService().ccmRegisterForDefaultCertificate(asInterface, Process.myUid(), getClass().getSimpleName(), mSecurityUtils.getKey(RAND_NUM, 32), false);
                Log.d(TAG, "ccmRegisterForDefaultCertificate:" + ccmRegisterForDefaultCertificate);
                if (ccmRegisterForDefaultCertificate == -1) {
                    Log.d(TAG, "Password already changed to new");
                } else {
                    Log.d(TAG, "TIMA service call for password change success!!");
                }
                mSecurityUtils.removeKey(RAND_NUM);
            } else {
                Log.d(TAG, "New Flow");
                int ccmRegisterForDefaultCertificate2 = ReflectionContainer.getITimaService().ccmRegisterForDefaultCertificate(asInterface, Process.myUid(), getClass().getSimpleName(), null, false);
                Log.d(TAG, "ccmRegisterForDefaultCertificate: " + ccmRegisterForDefaultCertificate2);
                if (ccmRegisterForDefaultCertificate2 == -1) {
                    Log.d(TAG, "Already using new password");
                } else {
                    Log.d(TAG, "TIMA service call for password change success!!");
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return true;
    }

    public void storeCertKeyPair(String str, KeyPair keyPair, String str2) {
        try {
            mSecurityUtils.storeKeyCertPair(str, keyPair, str2);
        } catch (KeyStoreException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
        }
    }

    public int storeMDMCertificate(String str, String str2) {
        try {
            return mSecurityUtils.storeMDMCertificate(str, str2);
        } catch (IOException e) {
            Log.e(TAG, "Exception occured: " + e.getMessage());
            return -3;
        } catch (KeyStoreException e2) {
            Log.e(TAG, "Exception occured: " + e2.getMessage());
            return -3;
        } catch (CertificateException e3) {
            Log.e(TAG, "Exception occured: " + e3.getMessage());
            return -3;
        } catch (Exception e4) {
            Log.e(TAG, "Exception occured: " + e4.getMessage());
            return -3;
        }
    }

    public boolean verifyData(String str, String str2, String str3) {
        return mSecurityUtils.verifyData(str, str2, str3);
    }

    public boolean verifyJSONPolicyFile(String str, String str2, String str3) {
        return mSecurityUtils.verifyData(str, str2, str3);
    }
}
