package net.soti.mobicontrol.knox.certificate;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.SecurityPolicy;
import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.sec.enterprise.knox.certificate.CertificateControlInfo;
import com.sec.enterprise.knox.certificate.CertificatePolicy;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.soti.mobicontrol.bu.p;
import net.soti.mobicontrol.dy.a.a.b;
import net.soti.mobicontrol.dy.a.b.a;
import net.soti.mobicontrol.z.bj;
import net.soti.mobicontrol.z.u;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes.dex */
public class KnoxTrustedCertificateManager {
    private final CertificatePolicy certificatePolicy;
    private final p logger;
    private final SecurityPolicy securityPolicy;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class CertificatePair {
        private final X509Certificate certificate;
        private final u metadata;

        private CertificatePair(u uVar, X509Certificate x509Certificate) {
            this.certificate = x509Certificate;
            this.metadata = uVar;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CertificatePair certificatePair = (CertificatePair) obj;
            if (!Optional.fromNullable(this.certificate).isPresent() ? !Optional.fromNullable(certificatePair.certificate).isPresent() : this.certificate.equals(certificatePair.certificate)) {
                return false;
            }
            if (Optional.fromNullable(this.metadata).isPresent()) {
                if (this.metadata.equals(certificatePair.metadata)) {
                    return true;
                }
            } else if (!Optional.fromNullable(certificatePair.metadata).isPresent()) {
                return true;
            }
            return false;
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public u getMetadata() {
            return this.metadata;
        }

        public int hashCode() {
            return ((Optional.fromNullable(this.metadata).isPresent() ? this.metadata.hashCode() : 0) * 31) + (Optional.fromNullable(this.certificate).isPresent() ? this.certificate.hashCode() : 0);
        }
    }

    @Inject
    public KnoxTrustedCertificateManager(@NotNull CertificatePolicy certificatePolicy, @NotNull SecurityPolicy securityPolicy, @NotNull p pVar) {
        this.certificatePolicy = certificatePolicy;
        this.securityPolicy = securityPolicy;
        this.logger = pVar;
    }

    private static a<CertificatePair, CertificateInfo> certInfoToPair() {
        return new a<CertificatePair, CertificateInfo>() { // from class: net.soti.mobicontrol.knox.certificate.KnoxTrustedCertificateManager.2
            @Override // net.soti.mobicontrol.dy.a.b.a
            public CertificatePair f(CertificateInfo certificateInfo) {
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                return new CertificatePair(new u("", x509Certificate, bj.NATIVE), x509Certificate);
            }
        };
    }

    private static a<u, CertificateInfo> certificateInfo2Metadata() {
        return new a<u, CertificateInfo>() { // from class: net.soti.mobicontrol.knox.certificate.KnoxTrustedCertificateManager.1
            @Override // net.soti.mobicontrol.dy.a.b.a
            public u f(CertificateInfo certificateInfo) {
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                return new u(net.soti.mobicontrol.z.p.a(x509Certificate), x509Certificate, bj.NATIVE);
            }
        };
    }

    private static Set<u> certificateInfoList2MetadataList(List<CertificateControlInfo> list) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateControlInfo> it = list.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().entries) {
                hashSet.add(new u(net.soti.mobicontrol.z.p.a(x509Certificate), x509Certificate, bj.NATIVE));
            }
        }
        return hashSet;
    }

    private static Set<CertificatePair> certificateInfoList2PairList(List<CertificateControlInfo> list) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateControlInfo> it = list.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().entries) {
                hashSet.add(new CertificatePair(new u(net.soti.mobicontrol.z.p.a(x509Certificate), x509Certificate, bj.NATIVE), x509Certificate));
            }
        }
        return hashSet;
    }

    private Set<u> getSystemRootCertificateMetadataList() {
        List emptyList;
        try {
            emptyList = this.securityPolicy.getSystemCertificates();
        } catch (SecurityException e) {
            emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getSystemRootCertificateMetadataList] Security exception " + e.getMessage());
        }
        return b.a(emptyList).a(certificateInfo2Metadata()).c();
    }

    private Set<CertificatePair> getSystemRootCertificates() {
        List emptyList;
        try {
            emptyList = this.securityPolicy.getSystemCertificates();
        } catch (SecurityException e) {
            emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getSystemRootCertificates] Security exception " + e.getMessage());
        }
        return b.a(emptyList).a(certInfoToPair()).c();
    }

    private Set<u> getUserTrustedCertificateMetadataList() {
        List emptyList;
        try {
            emptyList = this.certificatePolicy.getTrustedCaCertificateList();
        } catch (SecurityException e) {
            emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getUserTrustedCertificateMetadataList] Security exception " + e.getMessage());
        }
        return certificateInfoList2MetadataList(emptyList);
    }

    private Set<CertificatePair> getUserTrustedCertificates() {
        List emptyList;
        try {
            emptyList = this.certificatePolicy.getTrustedCaCertificateList();
        } catch (SecurityException e) {
            emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getUserTrustedCertificates] Security exception " + e.getMessage());
        }
        return certificateInfoList2PairList(emptyList);
    }

    private Set<u> getUserUntrustedCertificateMetadataList() {
        List emptyList;
        try {
            emptyList = this.certificatePolicy.getUntrustedCertificateList();
        } catch (SecurityException e) {
            emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getUserUntrustedCertificateMetadataList] Security exception " + e.getMessage());
        }
        return certificateInfoList2MetadataList(emptyList);
    }

    @Nullable
    public X509Certificate findCertificate(String str, String str2) {
        Set<CertificatePair> systemRootCertificates = getSystemRootCertificates();
        systemRootCertificates.addAll(getUserTrustedCertificates());
        for (CertificatePair certificatePair : systemRootCertificates) {
            String a2 = net.soti.mobicontrol.z.p.a(certificatePair.getMetadata().d());
            String b = certificatePair.getMetadata().b();
            if (net.soti.mobicontrol.z.p.c(a2, str) && b.equalsIgnoreCase(str2)) {
                return certificatePair.getCertificate();
            }
        }
        return null;
    }

    @NotNull
    public Set<u> getTrustedCertificateMetadataList() {
        Set<u> systemRootCertificateMetadataList = getSystemRootCertificateMetadataList();
        systemRootCertificateMetadataList.addAll(getUserTrustedCertificateMetadataList());
        return systemRootCertificateMetadataList;
    }
}
