package com.airwatch.net.securechannel;

import com.airwatch.lang.CryptoException;
import com.airwatch.util.n;
import java.util.ArrayList;
import org.apache.commons.lang.StringUtils;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes.dex */
public final class g {
    h a;

    public g(h hVar) {
        this.a = hVar == null ? new h() : hVar;
    }

    public final boolean a() {
        return this.a.a() && this.a.g() == SecurityLevel.SIGN_AND_ENCRYPT;
    }

    public final byte[] a(String str, byte[] bArr) {
        byte[] bArr2;
        if (str == null || str.length() == 0) {
            return new byte[0];
        }
        if (!this.a.a()) {
            return new byte[0];
        }
        com.airwatch.plist.a aVar = new com.airwatch.plist.a();
        aVar.a("bundleId", this.a.c());
        aVar.a("uid", this.a.e());
        aVar.a("deviceType", String.valueOf(5));
        if (this.a.d().length() > 0) {
            aVar.a("configtypeid", this.a.d());
        }
        if (bArr == null || bArr.length <= 0) {
            aVar.a(str, StringUtils.EMPTY);
        } else {
            try {
                com.airwatch.util.j h = this.a.h();
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
                ArrayList arrayList = new ArrayList();
                arrayList.add(h.a);
                JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("SC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SC").build(h.b), h.a));
                cMSSignedDataGenerator.addCertificates(jcaCertStore);
                bArr2 = cMSSignedDataGenerator.generate((CMSTypedData) cMSProcessableByteArray, true).getEncoded();
            } catch (Exception e) {
                n.c("Problem creating the signed CMS.", e);
                bArr2 = null;
            }
            if (bArr2 != null) {
                try {
                    bArr2 = com.airwatch.util.i.a(bArr2, this.a.i());
                } catch (Exception e2) {
                    n.c("Problem creating the enveloped CMS", e2);
                }
                aVar.a(str, new com.airwatch.core.e(bArr2));
            }
        }
        return ("<plist>" + aVar.a() + "</plist>").getBytes();
    }

    public final byte[] a(byte[] bArr) {
        if (!this.a.a()) {
            return new byte[0];
        }
        try {
            byte[] a = com.airwatch.util.i.a(bArr, this.a.h().b);
            try {
                if (com.airwatch.util.i.b(a, this.a.i())) {
                    return com.airwatch.util.i.b(a);
                }
                throw new CryptoException("Message from server is not signed by a trusted source!");
            } catch (CryptoException e) {
                throw e;
            } catch (Exception e2) {
                n.c("Problem with the signature.", e2);
                return a;
            }
        } catch (Exception e3) {
            n.c("Could not decrypt the message.", e3);
            return new byte[0];
        }
    }
}
