package net.soti.mobicontrol.knox.certificate;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.SecurityPolicy;
import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.sec.enterprise.knox.certificate.CertificateControlInfo;
import com.sec.enterprise.knox.certificate.CertificatePolicy;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.soti.mobicontrol.ah.br;
import net.soti.mobicontrol.ah.u;
import net.soti.mobicontrol.ah.z;
import net.soti.mobicontrol.cj.q;
import net.soti.mobicontrol.ey.a.a.b;
import net.soti.mobicontrol.ey.a.b.a;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes4.dex */
public class KnoxTrustedCertificateManager {
    private final CertificatePolicy certificatePolicy;
    private final q logger;
    private final SecurityPolicy securityPolicy;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class CertificatePair {
        private final X509Certificate certificate;
        private final z metadata;

        private CertificatePair(z zVar, X509Certificate x509Certificate) {
            this.certificate = x509Certificate;
            this.metadata = zVar;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CertificatePair certificatePair = (CertificatePair) obj;
            if (!Optional.fromNullable(this.certificate).isPresent() ? Optional.fromNullable(certificatePair.certificate).isPresent() : !this.certificate.equals(certificatePair.certificate)) {
                return !Optional.fromNullable(this.metadata).isPresent() ? Optional.fromNullable(certificatePair.metadata).isPresent() : !this.metadata.equals(certificatePair.metadata);
            }
            return false;
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public z getMetadata() {
            return this.metadata;
        }

        public int hashCode() {
            return ((Optional.fromNullable(this.metadata).isPresent() ? this.metadata.hashCode() : 0) * 31) + (Optional.fromNullable(this.certificate).isPresent() ? this.certificate.hashCode() : 0);
        }
    }

    @Inject
    public KnoxTrustedCertificateManager(@NotNull CertificatePolicy certificatePolicy, @NotNull SecurityPolicy securityPolicy, @NotNull q qVar) {
        this.certificatePolicy = certificatePolicy;
        this.securityPolicy = securityPolicy;
        this.logger = qVar;
    }

    private static a<CertificatePair, CertificateInfo> certInfoToPair() {
        return new a<CertificatePair, CertificateInfo>() { // from class: net.soti.mobicontrol.knox.certificate.KnoxTrustedCertificateManager.2
            @Override // net.soti.mobicontrol.ey.a.b.a
            public CertificatePair f(CertificateInfo certificateInfo) {
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                return new CertificatePair(new z("", x509Certificate, br.NATIVE), x509Certificate);
            }
        };
    }

    private static a<z, CertificateInfo> certificateInfo2Metadata() {
        return new a<z, CertificateInfo>() { // from class: net.soti.mobicontrol.knox.certificate.KnoxTrustedCertificateManager.1
            @Override // net.soti.mobicontrol.ey.a.b.a
            public z f(CertificateInfo certificateInfo) {
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                return new z(u.a(x509Certificate), x509Certificate, br.NATIVE);
            }
        };
    }

    private static Set<z> certificateInfoList2MetadataList(List<CertificateControlInfo> list) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateControlInfo> it = list.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().entries) {
                hashSet.add(new z(u.a(x509Certificate), x509Certificate, br.NATIVE));
            }
        }
        return hashSet;
    }

    private static Set<CertificatePair> certificateInfoList2PairList(List<CertificateControlInfo> list) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateControlInfo> it = list.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().entries) {
                hashSet.add(new CertificatePair(new z(u.a(x509Certificate), x509Certificate, br.NATIVE), x509Certificate));
            }
        }
        return hashSet;
    }

    private Set<z> getSystemRootCertificateMetadataList() {
        List list;
        try {
            list = this.securityPolicy.getSystemCertificates();
        } catch (SecurityException e) {
            List emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getSystemRootCertificateMetadataList] Security exception ", e);
            list = emptyList;
        }
        return b.a(list).a(certificateInfo2Metadata()).c();
    }

    private Set<CertificatePair> getSystemRootCertificates() {
        List list;
        try {
            list = this.securityPolicy.getSystemCertificates();
        } catch (SecurityException e) {
            List emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getSystemRootCertificates] Security exception ", e);
            list = emptyList;
        }
        return b.a(list).a(certInfoToPair()).c();
    }

    private Set<z> getUserTrustedCertificateMetadataList() {
        List list;
        try {
            list = this.certificatePolicy.getTrustedCaCertificateList();
        } catch (SecurityException e) {
            List emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getUserTrustedCertificateMetadataList] Security exception ", e);
            list = emptyList;
        }
        return certificateInfoList2MetadataList(list);
    }

    private Set<CertificatePair> getUserTrustedCertificates() {
        List list;
        try {
            list = this.certificatePolicy.getTrustedCaCertificateList();
        } catch (SecurityException e) {
            List emptyList = Collections.emptyList();
            this.logger.d("[KnoxTrustedCertificateManager][getUserTrustedCertificates] Security exception ", e);
            list = emptyList;
        }
        return certificateInfoList2PairList(list);
    }

    @Nullable
    public X509Certificate findCertificate(String str, String str2) {
        Set<CertificatePair> systemRootCertificates = getSystemRootCertificates();
        systemRootCertificates.addAll(getUserTrustedCertificates());
        for (CertificatePair certificatePair : systemRootCertificates) {
            String a2 = u.a(certificatePair.getMetadata().d());
            String b2 = certificatePair.getMetadata().b();
            if (u.c(a2, str) && b2.equalsIgnoreCase(str2)) {
                return certificatePair.getCertificate();
            }
        }
        return null;
    }

    @NotNull
    public Set<z> getTrustedCertificateMetadataList() {
        Set<z> systemRootCertificateMetadataList = getSystemRootCertificateMetadataList();
        systemRootCertificateMetadataList.addAll(getUserTrustedCertificateMetadataList());
        return systemRootCertificateMetadataList;
    }
}
