package com.airwatch.net.securechannel;

import android.content.res.AssetManager;
import com.airwatch.util.n;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes.dex */
public final class i {
    private static h a;
    private static AssetManager b;

    private static b a(String str) {
        a aVar = new a(a.b(), a.e(), str);
        try {
            aVar.c_();
        } catch (MalformedURLException e) {
            n.c("The server certificate request endpoint was invalid.", e);
        }
        if (aVar.W() == 200 && aVar.g().c()) {
            return aVar.g();
        }
        return null;
    }

    public static h a(String str, String str2, String str3, String str4, AssetManager assetManager) {
        a = new h();
        if (str == null || str.length() == 0) {
            return a;
        }
        if (str3 == null || str3.length() == 0) {
            return a;
        }
        if (str4 == null || str4.length() == 0) {
            return a;
        }
        if (str2 == null || str2.length() == 0) {
            return a;
        }
        if (assetManager == null) {
            return a;
        }
        b = assetManager;
        a.a(str);
        a.d(str3);
        a.b(str2);
        b a2 = a(str4);
        if (a2 == null) {
            a(k.CERTIFICATE_REQUEST_FAILED);
            return new h();
        }
        X509Certificate a3 = a2.a();
        if (a3 == null || !a(a3)) {
            a(k.SERVER_CERTIFICATE_INVALID);
            return new h();
        }
        a.a(a3);
        com.airwatch.util.j a4 = a();
        if (a4 == null) {
            a(k.DEVICE_IDENTITY_CREATION_FAILED);
            return new h();
        }
        a.a(a4);
        e b2 = b(a2.b());
        if (b2 == null) {
            a(k.CHECK_IN_FAILED);
            return new h();
        }
        a.a(b2.b());
        a.e(b2.a());
        return a;
    }

    private static com.airwatch.util.j a() {
        try {
            String str = "CN=" + a.e();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()).abs());
            x509V3CertificateGenerator.setIssuerDN(new X509Principal(str));
            x509V3CertificateGenerator.setSubjectDN(new X509Principal(str));
            x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 2592000000L));
            x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 315360000000L));
            x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm("MD5WithRSAEncryption");
            return new com.airwatch.util.j(x509V3CertificateGenerator.generate(generateKeyPair.getPrivate()), generateKeyPair.getPrivate());
        } catch (IllegalStateException e) {
            n.c("Error in generating the device's certificate.", e);
            return null;
        } catch (InvalidKeyException e2) {
            n.c("Error in generating the device's certificate.", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            n.c("Error in generating the device's certificate.", e3);
            return null;
        } catch (SignatureException e4) {
            n.c("Error in generating the device's certificate.", e4);
            return null;
        } catch (CertificateEncodingException e5) {
            n.c("Error in encoding the certificate.", e5);
            return null;
        }
    }

    private static void a(k kVar) {
        n.e("Secure channel setup failed, check the server logs.");
        switch (j.a[kVar.ordinal()]) {
            case 1:
                n.e("Certificate request message was unsuccessful.");
                break;
            case 2:
                n.e("Check-in message failed.");
                break;
            case 3:
                n.e("Could not create device identity.");
                break;
            case 4:
                n.e("The server certificate is untrusted.");
                break;
        }
        a.a(SecurityLevel.NONE);
    }

    private static boolean a(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2;
        CertificateException certificateException;
        boolean z;
        CertificateEncodingException certificateEncodingException;
        boolean z2;
        SignatureException signatureException;
        boolean z3;
        NoSuchProviderException noSuchProviderException;
        boolean z4;
        NoSuchAlgorithmException noSuchAlgorithmException;
        boolean z5;
        InvalidKeyException invalidKeyException;
        boolean z6;
        try {
            x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(b.open("AWDSRoot.cer"));
        } catch (IOException e) {
            n.c("The certificate that was bundled with the agent is corrupt.", e);
            x509Certificate2 = null;
        } catch (CertificateException e2) {
            n.c("Problem with the certificate that was bundled with the agent.", e2);
            x509Certificate2 = null;
        }
        if (x509Certificate2 == null) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            try {
                n.b(String.format("The certificate %s has been deemed valid.", x509Certificate.getSubjectDN().toString()));
                return true;
            } catch (InvalidKeyException e3) {
                z6 = true;
                invalidKeyException = e3;
                n.c("The root certificate key was invalid.", invalidKeyException);
                return z6;
            } catch (NoSuchAlgorithmException e4) {
                z5 = true;
                noSuchAlgorithmException = e4;
                n.c("The signature algorithm is unsupported.", noSuchAlgorithmException);
                return z5;
            } catch (NoSuchProviderException e5) {
                z4 = true;
                noSuchProviderException = e5;
                n.c("There is not a default crypto provider.", noSuchProviderException);
                return z4;
            } catch (SignatureException e6) {
                z3 = true;
                signatureException = e6;
                n.c("A general signature error ocurred.", signatureException);
                return z3;
            } catch (CertificateEncodingException e7) {
                z2 = true;
                certificateEncodingException = e7;
                n.c("There was a problem saving the certificate to the device.", certificateEncodingException);
                return z2;
            } catch (CertificateException e8) {
                z = true;
                certificateException = e8;
                n.c("A certificate error occurred while trying to verify the server's certificate.", certificateException);
                return z;
            }
        } catch (InvalidKeyException e9) {
            invalidKeyException = e9;
            z6 = false;
        } catch (NoSuchAlgorithmException e10) {
            noSuchAlgorithmException = e10;
            z5 = false;
        } catch (NoSuchProviderException e11) {
            noSuchProviderException = e11;
            z4 = false;
        } catch (SignatureException e12) {
            signatureException = e12;
            z3 = false;
        } catch (CertificateEncodingException e13) {
            certificateEncodingException = e13;
            z2 = false;
        } catch (CertificateException e14) {
            certificateException = e14;
            z = false;
        }
    }

    private static e b(String str) {
        c cVar = new c(a, str);
        try {
            cVar.c_();
        } catch (MalformedURLException e) {
            n.c("The check-in URL is malformed.", e);
        }
        e g = cVar.g();
        if (cVar.W() == 200 && g.a(cVar.h())) {
            return g;
        }
        n.e("Secure Channel checkin has failed! Reverting to insecure communication.");
        a.a(SecurityLevel.NONE);
        return null;
    }
}
