package com.aetherpal.enrollment.enroll.messages;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.net.Uri;
import android.os.Build;
import com.aetherpal.core.cert.ApCertificate;
import com.aetherpal.core.codes.SystemCodes;
import com.aetherpal.core.exceptions.CryptoException;
import com.aetherpal.core.exceptions.WebException;
import com.aetherpal.core.logger.ApLog;
import com.aetherpal.core.modules.data.EnrollmentData;
import com.aetherpal.core.utils.AppUtils;
import com.aetherpal.core.utils.CryptoUtils;
import com.aetherpal.core.utils.DeviceId;
import com.aetherpal.core.utils.StringUtils;
import com.aetherpal.core.utils.TelephonyUtils;
import com.aetherpal.core.xml.annotations.XmlElement;
import com.aetherpal.core.xml.annotations.XmlRoot;
import com.aetherpal.core.xml.annotations.XmlSerializable;
import com.aetherpal.enrollment.AnchorResolve;
import com.aetherpal.enrollment.AnchorWebMessage;
import com.aetherpal.enrollment.BaseWebMessage;
import com.aetherpal.enrollment.cert.messages.CertificateWebMessage;
import com.aetherpal.enrollment.mgmt.messages.ClientSupportedWebMessage;
import com.aetherpal.messages.signal.SignalParamNames;
import com.aetherpal.tutorials.xml.serialization.TutorialXmlExporter;
import com.google.gson.annotations.SerializedName;
import com.google.gson.reflect.TypeToken;
import java.lang.reflect.Type;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public class PreEnrollWebMessage {
    public static final String URL = "/preenrollment/PreEnroll";

    @XmlSerializable
    @XmlRoot("Message")
    /* loaded from: classes.dex */
    public static class PreEnrollRequest extends BaseWebMessage {

        @XmlElement(SignalParamNames.PKOI)
        @SerializedName(SignalParamNames.PKOI)
        public int pkoi;

        @XmlElement(SignalParamNames.PKOID)
        @SerializedName(SignalParamNames.PKOID)
        public int pkoid;

        @XmlElement("AlternativeIdentifiers")
        @SerializedName("AlternativeIdentifiers")
        public String alternativeIdentifiers = "";

        @XmlElement("Country")
        @SerializedName("Country")
        public String country = "";

        @XmlElement("CryptoSuite")
        @SerializedName("CryptoSuite")
        public Integer cryptosuite = 2;

        @XmlElement("DeviceIdentifier")
        @SerializedName("DeviceIdentifier")
        public String deviceIdentifier = "";

        @XmlElement("MDN")
        @SerializedName("MDN")
        public String mdn = "";

        @XmlElement("Random")
        @SerializedName("Random")
        public byte[] random = null;

        @Override // com.aetherpal.enrollment.BaseWebMessage
        public Type getTypeToken() {
            return new TypeToken<AnchorWebMessage<PreEnrollRequest>>() { // from class: com.aetherpal.enrollment.enroll.messages.PreEnrollWebMessage.PreEnrollRequest.1
            }.getType();
        }

        @Override // com.aetherpal.enrollment.BaseWebMessage
        public String getUrlPath() {
            return PreEnrollWebMessage.URL;
        }
    }

    @XmlSerializable
    @XmlRoot("Message")
    /* loaded from: classes.dex */
    public static class PreEnrollResponse extends BaseWebMessage {

        @XmlElement("AnchorUrl")
        @SerializedName("AnchorUrl")
        public String anchorUrl = "";

        @XmlElement("UrlSignature")
        @SerializedName("UrlSignature")
        public byte[] urlSignature = null;

        @Override // com.aetherpal.enrollment.BaseWebMessage
        public Type getTypeToken() {
            return new TypeToken<AnchorWebMessage<PreEnrollResponse>>() { // from class: com.aetherpal.enrollment.enroll.messages.PreEnrollWebMessage.PreEnrollResponse.1
            }.getType();
        }

        @Override // com.aetherpal.enrollment.BaseWebMessage
        public String getUrlPath() {
            return PreEnrollWebMessage.URL;
        }

        public boolean verifySignature(X509Certificate x509Certificate, byte[] bArr) {
            try {
                byte[] bytes = this.anchorUrl.getBytes(TutorialXmlExporter.ENCODING);
                byte[] bArr2 = new byte[bArr.length + bytes.length + bArr.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(bytes, 0, bArr2, bArr.length, bytes.length);
                System.arraycopy(bArr, 0, bArr2, bytes.length + bArr.length, bArr.length);
                return CryptoUtils.verifySignature(x509Certificate, bArr2, this.urlSignature);
            } catch (CryptoException e) {
                ApLog.printStackTrace(e);
                return false;
            } catch (Exception e2) {
                ApLog.printStackTrace(e2);
                return false;
            }
        }
    }

    public static void checkClientSupported(Context context, boolean z, String str, int i) {
        if (z) {
            return;
        }
        try {
            if (ClientSupportedWebMessage.get(context, str, i)) {
                return;
            }
            context.getPackageManager().setApplicationEnabledSetting(context.getPackageName(), 3, 0);
        } catch (WebException e) {
            e.printStackTrace();
        }
    }

    private static EnrollmentData doDeviceRegistration(Context context, EnrollmentData enrollmentData, int i, ApCertificate apCertificate, String str, boolean z) throws WebException {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = apCertificate.getCert();
        } catch (CertificateException e) {
            ApLog.printStackTrace(e);
        }
        if (x509Certificate == null) {
            ApLog.e("Certificate retrieval failed, Null X.509Certificate", apCertificate.toString());
            return null;
        }
        AnchorWebMessage anchorWebMessage = new AnchorWebMessage();
        anchorWebMessage.message = new PreEnrollRequest();
        ((PreEnrollRequest) anchorWebMessage.message).pkoi = enrollmentData.getPkoi();
        ((PreEnrollRequest) anchorWebMessage.message).pkoid = enrollmentData.getPkoid();
        ((PreEnrollRequest) anchorWebMessage.message).random = SecureRandom.getSeed(32);
        ((PreEnrollRequest) anchorWebMessage.message).country = TelephonyUtils.getCountryCode(context);
        ((PreEnrollRequest) anchorWebMessage.message).deviceIdentifier = DeviceId.getUniqueDeviceId(context);
        ((PreEnrollRequest) anchorWebMessage.message).alternativeIdentifiers = "mdn:" + TelephonyUtils.getMDN(context);
        if (StringUtils.isValid(str)) {
            StringBuilder sb = new StringBuilder();
            PreEnrollRequest preEnrollRequest = (PreEnrollRequest) anchorWebMessage.message;
            preEnrollRequest.alternativeIdentifiers = sb.append(preEnrollRequest.alternativeIdentifiers).append(";email:").append(str).toString();
        } else if (Build.VERSION.SDK_INT < 21 || !AppUtils.checkAccountsPrivileged(context)) {
            ApLog.d("No Mail excists ");
        } else {
            try {
                DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
                if (devicePolicyManager.getActiveAdmins() != null && devicePolicyManager.getActiveAdmins().size() > 0) {
                    boolean z2 = false;
                    boolean z3 = false;
                    String str2 = null;
                    Iterator<ComponentName> it = devicePolicyManager.getActiveAdmins().iterator();
                    while (it.hasNext()) {
                        String packageName = it.next().getPackageName();
                        z2 = devicePolicyManager.isProfileOwnerApp(packageName);
                        if (z2) {
                            break;
                        }
                        z3 = devicePolicyManager.isDeviceOwner(packageName);
                        if (z3) {
                            str2 = packageName;
                        }
                    }
                    if (z2) {
                        str = AppUtils.getInstance(context).getWorkProfileAccount();
                    } else if (z3) {
                        ApLog.e("This is device owner profile. Owner is ", str2);
                    } else {
                        ApLog.e("No owner set up");
                    }
                    if (str != null) {
                        StringBuilder sb2 = new StringBuilder();
                        PreEnrollRequest preEnrollRequest2 = (PreEnrollRequest) anchorWebMessage.message;
                        preEnrollRequest2.alternativeIdentifiers = sb2.append(preEnrollRequest2.alternativeIdentifiers).append(";email:").append(str).toString();
                    }
                }
            } catch (Exception e2) {
                ApLog.printStackTrace(e2);
            }
        }
        ((PreEnrollRequest) anchorWebMessage.message).mdn = TelephonyUtils.getMDN(context);
        AnchorWebMessage anchorWebMessage2 = new AnchorWebMessage();
        anchorWebMessage2.message = new PreEnrollResponse();
        AnchorWebMessage execute = anchorWebMessage.execute(BaseWebMessage.FORMAT, enrollmentData.getAnchorUrl(), anchorWebMessage2, i);
        if (execute == null || execute.message == 0) {
            ApLog.e("PreEnroll failed");
        } else {
            short code = SystemCodes.getCode(execute.statusCode);
            if (code == 302) {
                enrollmentData.setAnchorUrl(((PreEnrollResponse) execute.message).anchorUrl);
                ApCertificate verify = VerifyUrlWebMessage.verify(context, ((PreEnrollResponse) execute.message).anchorUrl, i, z);
                if (verify == null) {
                    ApLog.e("Certificate retrieval failed, in SC_MOVED_TEMPORARILY flow");
                    return null;
                }
                enrollmentData.setPkoi(verify.getPkoi());
                enrollmentData.setPkoid(verify.getPkoid());
                return z ? enrollmentData : doDeviceRegistration(context, enrollmentData, i, verify, str, z);
            }
            if (code == 200) {
                if (!Pattern.matches("((\\w*)\\://([a-zA-Z0-9\\-\\.]+\\.[a-zA-Z0-9]{2,3})(:?([0-9]*))*)?/?([a-zA-Z0-9=\\-]*)?/?([a-zA-Z0-9=\\-]*)", ((PreEnrollResponse) execute.message).anchorUrl)) {
                    ApLog.e("pre-enroll response anchor url is not supported pattern ", ((PreEnrollResponse) execute.message).anchorUrl);
                    return null;
                }
                Matcher matcher = Pattern.compile("((\\w*)\\://([a-zA-Z0-9\\-\\.]+\\.[a-zA-Z0-9]{2,3})(:?([0-9]*))*)?/?([a-zA-Z0-9=\\-]*)?/?([a-zA-Z0-9=\\-]*)").matcher(((PreEnrollResponse) execute.message).anchorUrl);
                if (!matcher.matches()) {
                    ApLog.e("Unsupported Pattern: ", ((PreEnrollResponse) execute.message).anchorUrl);
                    return null;
                }
                String group = matcher.group(7);
                String group2 = matcher.group(6);
                String group3 = matcher.group(1);
                if (!enrollmentData.getAnchorUrl().equalsIgnoreCase(group3)) {
                    enrollmentData.setTinyUrl("");
                    apCertificate = CertificateWebMessage.getCertificate(context, group3, 1, i, z);
                }
                if (apCertificate == null) {
                    ApLog.e("certificate is not available to do pre-enroll", ((PreEnrollResponse) execute.message).anchorUrl);
                    return null;
                }
                enrollmentData.setAnchorUrl(group3);
                enrollmentData.setId(group);
                enrollmentData.setPin(group2);
                enrollmentData.setPkoid(apCertificate.getPkoid());
                enrollmentData.setPkoi(apCertificate.getPkoi());
                enrollmentData.setIdentifiers(((PreEnrollRequest) anchorWebMessage.message).deviceIdentifier + ";" + ((PreEnrollRequest) anchorWebMessage.message).alternativeIdentifiers);
                if (!StringUtils.isValid(enrollmentData.getId()) || !StringUtils.isValid(enrollmentData.getPin())) {
                    return doDeviceRegistration(context, enrollmentData, i, apCertificate, str, z);
                }
                if (!((PreEnrollResponse) execute.message).verifySignature(x509Certificate, ((PreEnrollRequest) anchorWebMessage.message).random)) {
                    ApLog.e("verify signature failed", ((PreEnrollResponse) execute.message).anchorUrl);
                    enrollmentData = null;
                }
                return enrollmentData;
            }
        }
        return null;
    }

    public static EnrollmentData preEnroll(Context context, String str, int i, String str2, boolean z) throws WebException {
        String host;
        String str3;
        if (!StringUtils.isValid(str)) {
            ApLog.f("The Deployment Url is invalid!! Either null or empty");
            return null;
        }
        Uri parse = Uri.parse(str);
        if (parse.getPathSegments() == null || parse.getPathSegments().size() <= 0) {
            host = parse.getHost();
            str3 = str;
        } else {
            Uri.Builder builder = new Uri.Builder();
            builder.scheme(parse.getScheme());
            builder.authority(parse.getAuthority());
            host = parse.getPathSegments().get(0);
            str3 = resolveAnchor(builder.build().toString(), parse.getPathSegments().get(0), i);
        }
        if (!StringUtils.isValid(str3)) {
            ApLog.d("Can't find anchor url");
            return null;
        }
        ApLog.e("Anchor:", str3);
        checkClientSupported(context, z, str3, i);
        ApCertificate verify = VerifyUrlWebMessage.verify(context, str3, i, z);
        if (verify == null) {
            ApLog.e("Verifying URL failed or Certificate retrieval failed");
            return null;
        }
        EnrollmentData enrollmentData = new EnrollmentData(str3, host, str);
        enrollmentData.setPkoi(verify.getPkoi());
        enrollmentData.setPkoid(verify.getPkoid());
        return doDeviceRegistration(context, enrollmentData, i, verify, str2, z);
    }

    public static String resolveAnchor(String str, String str2, int i) {
        AnchorResolve.AnchorResolveRequest anchorResolveRequest = new AnchorResolve.AnchorResolveRequest();
        anchorResolveRequest.domain = str2;
        AnchorResolve.AnchorResolveResponse execute = anchorResolveRequest.execute(str, i);
        if (execute == null || execute.anchor == null || execute.anchor.isEmpty()) {
            ApLog.e("Tiny Url Resolve failed");
            return null;
        }
        int indexOf = execute.anchor.indexOf("anchor:");
        if (indexOf >= 0) {
            return execute.anchor.substring("anchor:".length() + indexOf);
        }
        ApLog.e("Unsupported Result ", execute.anchor);
        return null;
    }
}
