package com.airwatch.net.securechannel;

import android.content.Context;
import android.content.res.AssetManager;
import com.airwatch.certpinning.CertPinningManager;
import com.airwatch.core.AirWatchDevice;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.util.CertificateAndPrivateKey;
import com.airwatch.util.Logger;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;

/* loaded from: classes.dex */
public class SecureChannelUtility {
    private static SecureChannelConfiguration a;

    /* loaded from: classes.dex */
    private enum SetupFailureReason {
        CERTIFICATE_REQUEST_FAILED,
        SERVER_CERTIFICATE_INVALID,
        DEVICE_IDENTITY_CREATION_FAILED,
        CHECK_IN_FAILED
    }

    private SecureChannelUtility() {
    }

    private static CertificateResponse a(String str) {
        Logger.a("Perform certificate request");
        CertificateRequestMessage certificateRequestMessage = new CertificateRequestMessage(a.b(), a.e(), str);
        try {
            certificateRequestMessage.send();
        } catch (MalformedURLException e) {
            Logger.b("The server certificate request endpoint was invalid.", e);
        }
        if (certificateRequestMessage.getResponseStatusCode() == 200) {
            CertificateResponse a2 = certificateRequestMessage.a();
            if ((a2.b == null || a2.c == null || a2.c.length() <= 0) ? false : true) {
                return certificateRequestMessage.a();
            }
        }
        Logger.e("Response was invalid.");
        return null;
    }

    private static CheckInResponse a(CheckInMessage checkInMessage) {
        Logger.a("Register device ID");
        try {
            checkInMessage.send();
        } catch (MalformedURLException e) {
            Logger.b("The check-in URL is malformed.", e);
        }
        CheckInResponse checkInResponse = checkInMessage.b == null ? CheckInResponse.a : checkInMessage.b;
        if (checkInMessage.getResponseStatusCode() == 200 && checkInResponse.a(checkInMessage.a())) {
            return checkInResponse;
        }
        Logger.e("Secure Channel checkin has failed! Reverting to insecure communication.");
        a.a(SecurityLevel.NONE);
        return null;
    }

    private static SecureChannelConfiguration a(SetupFailureReason setupFailureReason) {
        Logger.e("Secure channel setup failed, check the server logs.");
        switch (setupFailureReason) {
            case CERTIFICATE_REQUEST_FAILED:
                Logger.e("Certificate request message was unsuccessful.");
                break;
            case CHECK_IN_FAILED:
                Logger.e("Check-in message failed.");
                break;
            case DEVICE_IDENTITY_CREATION_FAILED:
                Logger.e("Could not create device identity.");
                break;
            case SERVER_CERTIFICATE_INVALID:
                Logger.e("The server certificate is untrusted.");
                break;
        }
        a.a(SecurityLevel.NONE);
        return new SecureChannelConfiguration();
    }

    public static SecureChannelConfiguration a(String str, String str2, String str3, String str4, AssetManager assetManager, Context context) {
        boolean z;
        Logger.c("Setup secure channel");
        a = new SecureChannelConfiguration();
        if (str == null || str.length() == 0) {
            return a;
        }
        if (str3 == null || str3.length() == 0) {
            return a;
        }
        if (str4 == null || str4.length() == 0) {
            return a;
        }
        if (str2 == null || str2.length() == 0) {
            return a;
        }
        if (assetManager == null) {
            return a;
        }
        a.a(str);
        a.d(str3);
        a.b(str2);
        CertificateResponse a2 = a(str4);
        if (a2 == null) {
            return a(SetupFailureReason.CERTIFICATE_REQUEST_FAILED);
        }
        if (!a(context, a2.b)) {
            return a(SetupFailureReason.SERVER_CERTIFICATE_INVALID);
        }
        Logger.a("Create device identity");
        File file = new File(context.getFilesDir().getAbsolutePath() + "/signedCert.cer");
        File file2 = new File(context.getFilesDir().getAbsolutePath() + "/certPkey.enc");
        String absolutePath = file.getAbsolutePath();
        String absolutePath2 = file2.getAbsolutePath();
        OpenSSLCryptUtil.a();
        if (OpenSSLCryptUtil.a(absolutePath, a.e(), absolutePath2, AirWatchDevice.getSeedValue("VEVNUF9LRVkx"))) {
            a.a(new CertificateAndPrivateKey(file.getAbsolutePath(), file2.getAbsolutePath()));
            z = true;
        } else {
            Logger.e("Failed generating device identity");
            z = false;
        }
        if (!z) {
            return a(SetupFailureReason.DEVICE_IDENTITY_CREATION_FAILED);
        }
        CheckInResponse a3 = a(new CheckInMessage(a, a2.c));
        if (a3 == null) {
            return a(SetupFailureReason.CHECK_IN_FAILED);
        }
        a.a(a3.b());
        a.e(a3.a());
        CertPinningManager.a().a(a);
        Logger.c("Secure channel setup completed successfully");
        return a;
    }

    private static boolean a(Context context, byte[] bArr) {
        Logger.a("Store certificate");
        try {
            FileOutputStream openFileOutput = context.openFileOutput("serverCert.cer", 0);
            openFileOutput.write(bArr, 0, bArr.length);
            openFileOutput.flush();
            openFileOutput.close();
            File file = new File(context.getFilesDir().getAbsolutePath() + "/serverCert.cer");
            if (bArr == null || !a(file)) {
                return false;
            }
            a.f(file.getAbsolutePath());
            return true;
        } catch (Exception e) {
            Logger.b("Failed writing file", e);
            return false;
        }
    }

    private static boolean a(File file) {
        File file2 = null;
        try {
            file2 = OpenSSLCryptUtil.b();
        } catch (IOException e) {
            Logger.b("The certificate that was bundled with the agent is corrupt.", e);
        }
        if (file2 == null || !file2.exists() || !file.exists()) {
            return false;
        }
        OpenSSLCryptUtil.a();
        return OpenSSLCryptUtil.b(file.getAbsolutePath(), file2.getAbsolutePath());
    }
}
