package com.sec.enterprise.knox.certificate;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.ContextInfo;
import android.app.enterprise.EnterpriseDeviceManager;
import android.app.enterprise.IApplicationPolicy;
import android.app.enterprise.IRestrictionPolicy;
import android.app.enterprise.license.EnterpriseLicenseManager;
import android.content.Context;
import android.content.pm.Signature;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.util.Log;
import com.sec.enterprise.knox.certificate.ICertificatePolicy;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class CertificatePolicy {
    public static final String ACTION_CERTIFICATE_FAILURE = "edm.intent.certificate.action.certificate.failure";
    public static final String ACTION_CERTIFICATE_REMOVED = "com.sec.enterprise.knox.certificate.CertificatePolicy.ACTION_CERTIFICATE_REMOVED";
    public static final String ACTION_REFRESH_CREDENTIALS_UI = "edm.intent.action.REFRESH_UI";
    public static final String APP_INFO_PKGNAME = "appInfoPkgName";
    public static final String BROWSER_MODULE = "browser_module";
    public static final int CERTIFICATE_FAIL_ALG_NON_FIPS_APPROVED = 9;
    public static final int CERTIFICATE_FAIL_ALTSUBJECT_MISMATCH = 6;
    public static final int CERTIFICATE_FAIL_BAD_CERTIFICATE = 7;
    public static final int CERTIFICATE_FAIL_EXPIRED = 4;
    public static final int CERTIFICATE_FAIL_INSTALL_PARSE_CERTIFICATE_ENCODING = 11;
    public static final int CERTIFICATE_FAIL_INSTALL_PARSE_INCONSISTENT_CERTIFICATES = 12;
    public static final int CERTIFICATE_FAIL_INSTALL_PARSE_NO_CERTIFICATES = 10;
    public static final int CERTIFICATE_FAIL_NOT_YET_VALID = 3;
    public static final int CERTIFICATE_FAIL_REVOKED = 2;
    public static final int CERTIFICATE_FAIL_SERVER_CHAIN_PROBE = 8;
    public static final int CERTIFICATE_FAIL_SUBJECT_MISMATCH = 5;
    public static final int CERTIFICATE_FAIL_UNABLE_TO_CHECK_REVOCATION_STATUS = 13;
    public static final int CERTIFICATE_FAIL_UNSPECIFIED = 0;
    public static final int CERTIFICATE_FAIL_UNTRUSTED = 1;
    public static final int CERTIFICATE_VALIDATED_SUCCESSFULLY = -1;
    public static final String EXTRA_CERTIFICATE_FAILURE_MESSAGE = "certificate_failure_message";
    public static final String EXTRA_CERTIFICATE_FAILURE_MODULE = "certificate_failure_module";
    public static final String EXTRA_CERTIFICATE_REMOVED_SUBJECT = "certificate_removed_subject";
    public static final String INSTALLER_MODULE = "installer_module";
    public static final String IS_MARKET_INSTALLATION = "isMarketInstallation";
    public static final String PACKAGE_MODULE = "package_manager_module";
    public static final String WIFI_MODULE = "wifi_module";
    private static CertificatePolicy gCertificatePolicy;
    private IApplicationPolicy mAppService;
    private ContextInfo mContextInfo;
    private IRestrictionPolicy mRestrictionService;
    private ICertificatePolicy mService;
    private static String TAG = "CertificatePolicy";
    private static final Object mSync = new Object();

    CertificatePolicy(ContextInfo contextInfo) {
        this.mContextInfo = contextInfo;
    }

    public static CertificatePolicy createInstance(ContextInfo contextInfo, Context context) {
        return new CertificatePolicy(contextInfo);
    }

    private IApplicationPolicy getAppService() {
        if (this.mAppService == null) {
            this.mAppService = IApplicationPolicy.Stub.asInterface(ServiceManager.getService(EnterpriseDeviceManager.APPLICATION_POLICY_SERVICE));
        }
        return this.mAppService;
    }

    public static CertificatePolicy getInstance(ContextInfo contextInfo, Context context) {
        CertificatePolicy certificatePolicy;
        synchronized (mSync) {
            gCertificatePolicy = new CertificatePolicy(contextInfo);
            certificatePolicy = gCertificatePolicy;
        }
        return certificatePolicy;
    }

    public static CertificatePolicy getInstance(Context context) {
        CertificatePolicy certificatePolicy;
        synchronized (mSync) {
            gCertificatePolicy = new CertificatePolicy(new ContextInfo(Process.myUid()));
            certificatePolicy = gCertificatePolicy;
        }
        return certificatePolicy;
    }

    private IRestrictionPolicy getRestrictionService() {
        if (this.mRestrictionService == null) {
            this.mRestrictionService = IRestrictionPolicy.Stub.asInterface(ServiceManager.getService(EnterpriseDeviceManager.RESTRICTION_POLICY_SERVICE));
        }
        return this.mRestrictionService;
    }

    private ICertificatePolicy getService() {
        if (this.mService == null) {
            this.mService = ICertificatePolicy.Stub.asInterface(ServiceManager.getService(EnterpriseDeviceManager.CERTIFICATE_POLICY_SERVICE));
        }
        return this.mService;
    }

    public boolean addPermissionApplicationPrivateKey(PermissionApplicationPrivateKey permissionApplicationPrivateKey) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.addPermissionApplicationPrivateKey");
        if (getService() != null) {
            try {
                return this.mService.addPermissionApplicationPrivateKey(this.mContextInfo, permissionApplicationPrivateKey);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean addTrustedCaCertificateList(List<X509Certificate> list) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.addTrustedCaCertificateList");
        if (getService() != null && list != null) {
            try {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    if (x509Certificate == null) {
                        return false;
                    }
                    arrayList.add(new CertificateInfo(x509Certificate));
                }
                return this.mService.addTrustedCaCertificateList(this.mContextInfo, arrayList);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean addUntrustedCertificateList(List<X509Certificate> list) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.addUntrustedCertificateList");
        if (getService() != null && list != null) {
            try {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    if (x509Certificate == null) {
                        return false;
                    }
                    arrayList.add(new CertificateInfo(x509Certificate));
                }
                return this.mService.addUntrustedCertificateList(this.mContextInfo, arrayList);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean allowUserRemoveCertificates(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.allowUserRemoveCertificates");
        if (getService() != null) {
            try {
                return this.mService.allowUserRemoveCertificates(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean clearPermissionApplicationPrivateKey() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.clearPermissionApplicationPrivateKey");
        if (getService() != null) {
            try {
                return this.mService.clearPermissionApplicationPrivateKey(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean clearTrustedCaCertificateList() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.clearTrustedCaCertificateList");
        if (getService() != null) {
            try {
                return this.mService.clearTrustedCaCertificateList(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean clearUntrustedCertificateList() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.clearUntrustedCertificateList");
        if (getService() != null) {
            try {
                return this.mService.clearUntrustedCertificateList(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean enableCertificateFailureNotification(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.enableCertificateFailureNotification");
        if (getService() != null) {
            try {
                return this.mService.enableCertificateFailureNotification(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean enableCertificateValidationAtInstall(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.enableCertificateValidationAtInstall");
        if (getService() != null) {
            try {
                return this.mService.enableCertificateValidationAtInstall(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean enableOcspCheck(String str, boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.enableOcspCheck");
        if (getAppService() != null) {
            try {
                return this.mAppService.enableOcspCheck(this.mContextInfo, str, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with application policy", e);
            }
        }
        return false;
    }

    public boolean enableRevocationCheck(String str, boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.enableRevocationCheck");
        if (getAppService() != null) {
            try {
                return this.mAppService.enableRevocationCheck(this.mContextInfo, str, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with application policy", e);
            }
        }
        return false;
    }

    public boolean enableSignatureIdentityInformation(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.enableSignatureIdentityInformation");
        if (getService() != null) {
            try {
                return this.mService.enableSignatureIdentityInformation(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public List<String[]> getIdentitiesFromSignatures(Signature[] signatureArr) {
        if (getService() != null) {
            try {
                return this.mService.getIdentitiesFromSignatures(this.mContextInfo, signatureArr);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return null;
    }

    public List<PermissionApplicationPrivateKey> getListPermissionApplicationPrivateKey() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.getListPermissionApplicationPrivateKey");
        if (getService() != null) {
            try {
                return this.mService.getListPermissionApplicationPrivateKey(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return new ArrayList(0);
    }

    public List<CertificateControlInfo> getTrustedCaCertificateList() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.getTrustedCaCertificateList");
        if (getService() != null) {
            try {
                return this.mService.getTrustedCaCertificateList(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return new ArrayList();
    }

    public List<CertificateControlInfo> getUntrustedCertificateList() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.getUntrustedCertificateList");
        if (getService() != null) {
            try {
                return this.mService.getUntrustedCertificateList(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return new ArrayList();
    }

    public boolean isCaCertificateDisabled(String str) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isCaCertificateDisabled");
        try {
            if (getService() != null) {
                return this.mService.isCaCertificateDisabled(this.mContextInfo, str);
            }
        } catch (RemoteException e) {
            Log.w(TAG, "Failed at Certificate policy API isCaCertificateDisabled ", e);
        }
        return false;
    }

    public boolean isCaCertificateTrusted(byte[] bArr, boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isCaCertificateTrusted");
        if (getService() != null) {
            try {
                try {
                    return this.mService.isCaCertificateTrusted(this.mContextInfo, new CertificateInfo((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))), z);
                } catch (RemoteException e) {
                    Log.w(TAG, "Failed talking with certificate policy", e);
                }
            } catch (Exception e2) {
                Log.w(TAG, "Problem converting certificate! " + e2);
                return true;
            }
        }
        return true;
    }

    public boolean isCertificateFailureNotificationEnabled() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isCertificateFailureNotificationEnabled");
        if (getService() != null) {
            try {
                return this.mService.isCertificateFailureNotificationEnabled(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean isCertificateValidationAtInstallEnabled() {
        if (getService() != null) {
            try {
                return this.mService.isCertificateValidationAtInstallEnabled(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean isNonTrustedAppInstallBlocked() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isNonTrustedAppInstallBlocked");
        if (getRestrictionService() != null) {
            try {
                return this.mRestrictionService.isNonTrustedAppInstallBlocked(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with restriction policy", e);
            }
        }
        return false;
    }

    public boolean isNonTrustedAppInstallBlocked(int i) {
        if (getRestrictionService() != null) {
            try {
                return this.mRestrictionService.isNonTrustedAppInstallBlockedAsUser(i);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with restriction policy", e);
            }
        }
        return false;
    }

    public boolean isOcspCheckEnabled(String str) {
        if (getAppService() != null) {
            try {
                return this.mAppService.isOcspCheckEnabled(this.mContextInfo, str);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with application policy", e);
            }
        }
        return false;
    }

    public String isPrivateKeyApplicationPermitted(String str, String str2, int i) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isPrivateKeyApplicationPermitted");
        if (getService() != null) {
            try {
                return this.mService.isPrivateKeyApplicationPermitted(this.mContextInfo, str, str2, i);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return null;
    }

    public String isPrivateKeyApplicationPermittedAsUser(String str, String str2, int i, int i2) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isPrivateKeyApplicationPermittedAsUser");
        if (getService() != null) {
            try {
                return this.mService.isPrivateKeyApplicationPermittedAsUser(str, str2, i, i2);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return null;
    }

    public boolean isRevocationCheckEnabled(String str) {
        if (getAppService() != null) {
            try {
                return this.mAppService.isRevocationCheckEnabled(this.mContextInfo, str);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with application policy", e);
            }
        }
        return false;
    }

    public boolean isSignatureIdentityInformationEnabled() {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isSignatureIdentityInformationEnabled");
        if (getService() == null) {
            return false;
        }
        try {
            return this.mService.isSignatureIdentityInformationEnabled(this.mContextInfo, false);
        } catch (RemoteException e) {
            Log.w(TAG, "Failed talking with certificate policy", e);
            return false;
        }
    }

    public boolean isSignatureIdentityInformationEnabled(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.isSignatureIdentityInformationEnabled");
        if (getService() != null) {
            try {
                return this.mService.isSignatureIdentityInformationEnabled(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean isUserRemoveCertificatesAllowed() {
        if (getService() != null) {
            try {
                return this.mService.isUserRemoveCertificatesAllowed(this.mContextInfo);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return true;
    }

    public void notifyCertificateFailure(String str, String str2) {
        if (getService() != null) {
            try {
                this.mService.notifyCertificateFailure(str, str2, false);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
    }

    public void notifyCertificateFailure(String str, String str2, boolean z) {
        if (getService() != null) {
            try {
                this.mService.notifyCertificateFailure(str, str2, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
    }

    public boolean removePermissionApplicationPrivateKey(PermissionApplicationPrivateKey permissionApplicationPrivateKey) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.removePermissionApplicationPrivateKey");
        if (getService() != null) {
            try {
                return this.mService.removePermissionApplicationPrivateKey(this.mContextInfo, permissionApplicationPrivateKey);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean removeTrustedCaCertificateList(List<X509Certificate> list) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.removeTrustedCaCertificateList");
        if (getService() != null && list != null) {
            try {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    if (x509Certificate == null) {
                        return false;
                    }
                    arrayList.add(new CertificateInfo(x509Certificate));
                }
                return this.mService.removeTrustedCaCertificateList(this.mContextInfo, arrayList);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean removeUntrustedCertificateList(List<X509Certificate> list) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.removeUntrustedCertificateList");
        if (getService() != null && list != null) {
            try {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    if (x509Certificate == null) {
                        return false;
                    }
                    arrayList.add(new CertificateInfo(x509Certificate));
                }
                return this.mService.removeUntrustedCertificateList(this.mContextInfo, arrayList);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return false;
    }

    public boolean setNonTrustedAppInstallBlock(boolean z) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.setNonTrustedAppInstallBlock");
        if (getRestrictionService() != null) {
            try {
                return this.mRestrictionService.setNonTrustedAppInstallBlock(this.mContextInfo, z);
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with restriction policy", e);
            }
        }
        return false;
    }

    public int validateCertificateAtInstall(byte[] bArr) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.validateCertificateAtInstall");
        if (getService() != null) {
            try {
                try {
                    return this.mService.validateCertificateAtInstall(new CertificateInfo((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))));
                } catch (RemoteException e) {
                    Log.w(TAG, "Failed talking with certificate policy", e);
                }
            } catch (Exception e2) {
                Log.w(TAG, "Problem converting certificate! " + e2);
                return -1;
            }
        }
        return -1;
    }

    public int validateChainAtInstall(List<X509Certificate> list) {
        EnterpriseLicenseManager.log(this.mContextInfo, "CertificatePolicy.validateChainAtInstall");
        if (getService() != null && list != null) {
            try {
                if (list.size() != 0) {
                    ArrayList arrayList = new ArrayList();
                    Iterator<X509Certificate> it = list.iterator();
                    while (it.hasNext()) {
                        arrayList.add(new CertificateInfo(it.next()));
                    }
                    return this.mService.validateChainAtInstall(arrayList);
                }
            } catch (RemoteException e) {
                Log.w(TAG, "Failed talking with certificate policy", e);
            }
        }
        return -1;
    }
}
