package r8;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.security.KeyChain;
import com.citrix.MAM.Android.ManagedAppHelper.Interface.MAMAppInfo;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;

/* loaded from: classes2.dex */
public class b {

    /* renamed from: j, reason: collision with root package name */
    private static c f32375j = c.a();

    /* renamed from: a, reason: collision with root package name */
    private X509Certificate[] f32376a;

    /* renamed from: b, reason: collision with root package name */
    private PrivateKey f32377b;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f32378c;

    /* renamed from: d, reason: collision with root package name */
    private String f32379d;

    /* renamed from: e, reason: collision with root package name */
    private String f32380e;

    /* renamed from: f, reason: collision with root package name */
    private char[] f32381f;

    /* renamed from: g, reason: collision with root package name */
    private String f32382g;

    /* renamed from: h, reason: collision with root package name */
    private String f32383h;

    /* renamed from: i, reason: collision with root package name */
    private boolean f32384i;

    public b(Bundle bundle, Context context) throws Exception {
        this.f32380e = bundle.getString(MAMAppInfo.KEY_CERT_TYPE);
        this.f32381f = bundle.getCharArray(MAMAppInfo.KEY_CERT_PASSWORD);
        this.f32379d = bundle.getString(MAMAppInfo.KEY_CERT_ID);
        char[] cArr = this.f32381f;
        if (cArr != null) {
            this.f32382g = new String(cArr);
        }
        if (MAMAppInfo.VALUE_CERT_TYPE_BLOB.equalsIgnoreCase(this.f32380e)) {
            b(bundle);
        } else if ("KeyChain".equalsIgnoreCase(this.f32380e)) {
            c(bundle, context);
        }
        this.f32384i = false;
    }

    private static ArrayList<String> a(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            return null;
        }
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList<String> arrayList = new ArrayList<>();
        while (aliases.hasMoreElements()) {
            arrayList.add(aliases.nextElement());
        }
        return arrayList;
    }

    private void b(Bundle bundle) throws Exception {
        this.f32378c = bundle.getByteArray(MAMAppInfo.KEY_CERT_BLOB);
        Provider j10 = j();
        if (j10 != null) {
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.f32381f);
            KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", j10, passwordProtection).getKeyStore();
            keyStore.load(new ByteArrayInputStream(this.f32378c), this.f32381f);
            ArrayList<String> a10 = a(keyStore);
            if (a10 != null) {
                Iterator<String> it = a10.iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    if (keyStore.entryInstanceOf(next, KeyStore.PrivateKeyEntry.class)) {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(next, passwordProtection);
                        this.f32377b = privateKeyEntry.getPrivateKey();
                        this.f32376a = (X509Certificate[]) privateKeyEntry.getCertificateChain();
                        this.f32383h = next;
                        return;
                    }
                    f32375j.b("MVPN-MITM-Certificate", "Keystore with non private key entry found: " + next);
                }
            }
        }
    }

    @TargetApi(14)
    private void c(Bundle bundle, Context context) throws Exception {
        ArrayList<String> stringArrayList = bundle.getStringArrayList(MAMAppInfo.KEY_CERT_ALIAS);
        if (Build.VERSION.SDK_INT < 14 || stringArrayList == null || stringArrayList.size() <= 0) {
            return;
        }
        this.f32377b = KeyChain.getPrivateKey(context, stringArrayList.get(0));
        this.f32376a = KeyChain.getCertificateChain(context, stringArrayList.get(0));
        this.f32378c = d();
        this.f32383h = stringArrayList.get(0);
    }

    private byte[] d() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", null, new KeyStore.PasswordProtection(this.f32381f)).getKeyStore();
        keyStore.setKeyEntry(f(), this.f32377b, this.f32381f, this.f32376a);
        keyStore.store(byteArrayOutputStream, this.f32381f);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.f32378c = byteArray;
        return byteArray;
    }

    private static Provider j() {
        Provider[] providers = Security.getProviders("KeyStore.PKCS12");
        if (providers.length >= 2) {
            return providers[1];
        }
        if (providers.length == 1) {
            return providers[0];
        }
        return null;
    }

    private boolean n() {
        X509Certificate[] x509CertificateArr = this.f32376a;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return false;
        }
        boolean z10 = true;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            z10 = z10 && x509Certificate.getKeyUsage()[5];
        }
        return z10;
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x000b, code lost:
    
        if (r1 != null) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String e() {
        /*
            r5 = this;
            java.lang.StringBuffer r0 = new java.lang.StringBuffer
            r0.<init>()
            boolean r1 = r5.f32384i
            if (r1 == 0) goto Le
            java.lang.String r1 = r5.f32379d
            if (r1 == 0) goto L15
            goto L17
        Le:
            java.lang.String r1 = r5.f32379d
            if (r1 == 0) goto L15
            java.lang.String r1 = "<AppCertID>"
            goto L17
        L15:
            java.lang.String r1 = "<NullCert>"
        L17:
            java.lang.String r2 = "CertID : "
            r0.append(r2)
            r0.append(r1)
            java.lang.String r1 = "\n"
            r0.append(r1)
            java.lang.String r2 = "Alias : "
            r0.append(r2)
            java.lang.String r2 = r5.f32383h
            java.lang.String r3 = " null "
            if (r2 == 0) goto L30
            goto L31
        L30:
            r2 = r3
        L31:
            r0.append(r2)
            r0.append(r1)
            java.lang.String r2 = "CertType : "
            r0.append(r2)
            java.lang.String r2 = r5.f32380e
            if (r2 == 0) goto L41
            r3 = r2
        L41:
            r0.append(r3)
            r0.append(r1)
            java.lang.String r2 = "isSelfSigned  : "
            r0.append(r2)
            boolean r2 = r5.n()
            java.lang.String r3 = " Yes "
            java.lang.String r4 = " No "
            if (r2 == 0) goto L58
            r2 = r3
            goto L59
        L58:
            r2 = r4
        L59:
            r0.append(r2)
            r0.append(r1)
            java.lang.String r1 = "isItValid  : "
            r0.append(r1)
            boolean r1 = r5.o()
            if (r1 == 0) goto L6b
            goto L6c
        L6b:
            r3 = r4
        L6c:
            r0.append(r3)
            java.lang.String r0 = r0.toString()
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: r8.b.e():java.lang.String");
    }

    public String f() {
        return this.f32383h;
    }

    public byte[] g() throws Exception {
        if (this.f32378c == null) {
            this.f32378c = d();
        }
        return this.f32378c;
    }

    public X509Certificate[] h() {
        return this.f32376a;
    }

    public String i() {
        return this.f32379d;
    }

    public PrivateKey k() {
        return this.f32377b;
    }

    public String l() {
        return this.f32382g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean m() {
        return this.f32384i;
    }

    public boolean o() {
        X509Certificate[] x509CertificateArr = this.f32376a;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return true;
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
            }
            return true;
        } catch (CertificateExpiredException e10) {
            f32375j.e("MVPN-MITM-Certificate", String.format("AG user certificate is expired, cert id %s", this.f32379d), e10);
            return false;
        } catch (CertificateNotYetValidException unused) {
            f32375j.d("MVPN-MITM-Certificate", String.format("AG user certificate is not yet valid, cert id %s", this.f32379d));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void p() {
        this.f32384i = true;
    }
}
