package com.sec.tima_keychain;

import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
import android.sec.enterprise.ClientCertificateManager;
import android.sec.enterprise.EnterpriseDeviceManager;
import android.sec.enterprise.TimaKeystore;
import android.security.KeyStore;
import android.service.tima.ITimaService;
import android.util.Log;
import com.honeyspace.common.postposition.ReservedPositionSharedPref;
import com.samsung.android.knox.ContextInfo;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import com.samsung.android.knox.keystore.IClientCertificateManager;
import com.samsung.android.knox.keystore.KnoxKeyInfo;
import com.sec.smartcard.openssl.OpenSSLHelper;
import java.io.IOException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes5.dex */
public class TimaKeychain {
    private static final String CCM_CONTAINER_CREATOR = "com.samsung.knox.keychain";
    private static final String CCM_CREATOR = "u0_system_server";
    private static final String CCM_CREATOR_PREFIX = "u0_system_server::";
    private static final String CCM_PREFIX = "USRPKEY_u0_system_server::";
    public static final String CREATOR_LEFT_SEPARATOR = " [";
    public static final String CREATOR_RIGHT_SEPARATOR = "] ";
    private static final String KNOX_CCM_POLICY_SERVICE = "knox_ccm_policy";
    private static final String TAG = "TIMAKeyChain";
    private static final String TIMA_SERVICE = "tima";
    private static final String WIFI_ACCESSOR = "wpa_supplicant";
    private static Object mLock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static class UksAlias {
        private static final String LEFT_BRAKET = " [";
        private static final String RIGHT_BRAKET = "] ";
        private String creator;
        private boolean isCCM;
        private String longAlias;
        private String shortAlias;

        public UksAlias(String str) {
            this.longAlias = "";
            this.creator = "";
            this.isCCM = false;
            this.shortAlias = "";
            if (str == null || str.length() <= 0) {
                return;
            }
            this.longAlias = str;
            int indexOf = str.indexOf("::");
            if (indexOf > -1) {
                String substring = str.substring(0, indexOf);
                this.creator = substring;
                this.isCCM = substring.equals(TimaKeychain.CCM_CREATOR) || this.creator.endsWith("_com.samsung.knox.keychain");
                this.shortAlias = str.substring("::".length() + indexOf);
            } else {
                this.shortAlias = str;
            }
            Log.d(TimaKeychain.TAG, "created new uks alias: creator = " + this.creator + ", alias = " + this.shortAlias + ", isCCM = " + this.isCCM);
        }

        public String display() {
            if (this.isCCM) {
                return this.shortAlias;
            }
            return this.shortAlias + " [" + this.creator + "] ";
        }

        public String getCreator() {
            return this.creator;
        }

        public String getLongAlias() {
            return this.longAlias;
        }

        public String getShortAlias() {
            return this.shortAlias;
        }

        public boolean isCCM() {
            return this.isCCM;
        }
    }

    private static boolean ContainAlias(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance();
        if (keyStore == null) {
            Log.e(TAG, "In ContainAlias AKS instance is NULL");
            return false;
        }
        if (str2.equals("*")) {
            return keyStore.containsAlias(str, "*");
        }
        if (!keyStore.containsAlias(str, "USRPKEY_" + str2)) {
            if (!keyStore.containsAlias(str, CertificateProvisioning.USER_CERTIFICATE + str2)) {
                if (!keyStore.containsAlias(str, "USRCSR_" + str2)) {
                    if (!keyStore.containsAlias(str, "USRSKEY_" + str2)) {
                        if (!keyStore.containsAlias(str, CertificateProvisioning.CA_CERTIFICATE + str2)) {
                            return false;
                        }
                    }
                }
            }
        }
        return true;
    }

    private static Set<String> accessorIds2accIds(List<String> list) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().split(ReservedPositionSharedPref.COMPONENT_USER_SPLIT, 2)[0]);
        }
        return hashSet;
    }

    public static String display2KeyChainAlias(String str, boolean z7) {
        String str2 = "default uid == 0";
        if (!isUKS()) {
            return str;
        }
        String extractCreator = extractCreator(str);
        if (extractCreator != null) {
            return extractCreator + "::" + str.substring(0, ((str.length() - extractCreator.length()) - CREATOR_LEFT_SEPARATOR.length()) - CREATOR_RIGHT_SEPARATOR.length());
        }
        if (!z7) {
            return str;
        }
        String ccmInstaller = getCcmInstaller();
        try {
            IClientCertificateManager asInterface = IClientCertificateManager.Stub.asInterface(ServiceManager.getService("knox_ccm_policy"));
            if (asInterface == null) {
                Log.e(TAG, "Unable to start CCMService");
                Log.e(TAG, "default uid == 0");
            } else {
                str2 = getCcmInstaller(asInterface.getWifiAliasPreferredUid(str));
                ccmInstaller = str2;
            }
        } catch (RemoteException e10) {
            Log.e(TAG, "RemoteException", e10);
            Log.e(TAG, str2);
        }
        if (ContainAlias(ccmInstaller, str)) {
            return ccmInstaller + "::" + str;
        }
        if (!ContainAlias(CCM_CREATOR, str)) {
            return str;
        }
        return CCM_CREATOR + "::" + str;
    }

    private static String extractCreator(String str) {
        if (!str.endsWith(CREATOR_RIGHT_SEPARATOR)) {
            return null;
        }
        int length = str.length() - CREATOR_RIGHT_SEPARATOR.length();
        int lastIndexOf = str.lastIndexOf(CREATOR_LEFT_SEPARATOR);
        if (lastIndexOf < 0) {
            return null;
        }
        String substring = str.substring(lastIndexOf + CREATOR_LEFT_SEPARATOR.length(), length);
        if (validateCreator(substring)) {
            return substring;
        }
        return null;
    }

    public static List<String> getAliasListFromTimaKeystore(String str) {
        return getAliasListFromTimaKeystoreForUKS(str);
    }

    private static List<String> getAliasListFromTimaKeystoreForUKS(String str) {
        Log.d(TAG, "getAliasListFromTimaKeystore for package: " + str);
        Collections.emptyList();
        ArrayList arrayList = new ArrayList();
        if (str == null || "".equals(str)) {
            Log.e(TAG, "getAliasListFromTimaKeystore received empty/null packageName");
            Collections.emptyList();
        } else {
            try {
                java.security.KeyStore keyStore = java.security.KeyStore.getInstance("KnoxAndroidKeyStore");
                keyStore.load(null);
                ArrayList list = Collections.list(keyStore.list(1));
                Log.d(TAG, "getCertificateAliasesHavingPrivateKey - aliasList: " + list);
                if (list != null && list.size() != 0) {
                    boolean z7 = false;
                    if (str.equals("com.android.settings") && !isTimaKeystoreAndCCMEnabledForPackage(str)) {
                        z7 = true;
                    }
                    for (int i10 = 0; i10 < list.size(); i10++) {
                        String str2 = (String) list.get(i10);
                        if (!str2.contains("Samsung_default")) {
                            try {
                                KeyStore.Entry entry = keyStore.getEntry((String) list.get(i10), null);
                                if (entry != null && (entry instanceof KeyStore.PrivateKeyEntry)) {
                                    PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                                    KnoxKeyInfo knoxKeyInfo = (KnoxKeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KnoxKeyInfo.class);
                                    if (!isAccessor(knoxKeyInfo, str) || isForWifi(knoxKeyInfo)) {
                                        Log.d(TAG, "alias " + str2 + " is not accessible for package " + str);
                                    } else if (isCcmKey(knoxKeyInfo) && z7) {
                                        Log.d(TAG, "remove ccm alias " + ((String) list.get(i10)));
                                    } else {
                                        Log.d(TAG, "alias " + str2 + " added to final list " + str);
                                        arrayList.add(new UksAlias(str2).display());
                                    }
                                }
                                Log.d(TAG, "remove cert alias " + ((String) list.get(i10)));
                            } catch (Exception e10) {
                                Log.d(TAG, "getKeyEntry - Exception " + e10.getMessage());
                                e10.printStackTrace();
                            }
                        }
                    }
                }
                Log.d(TAG, "getAliasListFromTimaKeystore - returnd null");
                return null;
            } catch (Exception e11) {
                Log.d(TAG, "getKeyStore - Exception " + e11.getMessage());
                e11.printStackTrace();
            }
        }
        return arrayList;
    }

    private static List<String> getAliasesForUKS(boolean z7) {
        Collections.emptyList();
        HashSet hashSet = new HashSet();
        try {
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance("KnoxAndroidKeyStore");
            keyStore.load(null);
            ArrayList list = Collections.list(keyStore.list(1));
            Log.d(TAG, "getAliasesForWifi - aliasList: " + list);
            boolean z9 = false;
            if (!z7 || isTimaKeystoreAndCCMEnabledForPackage("com.android.settings")) {
                List<String> emptyList = Collections.emptyList();
                try {
                    IClientCertificateManager asInterface = IClientCertificateManager.Stub.asInterface(ServiceManager.getService("knox_ccm_policy"));
                    if (asInterface != null) {
                        emptyList = asInterface.getAliasesForWiFi();
                    } else {
                        Log.e(TAG, "Unable to start CCMService");
                    }
                    if (emptyList != null) {
                        hashSet.addAll(emptyList);
                    }
                } catch (Exception e10) {
                    Log.e(TAG, "Exception", e10);
                }
            } else {
                z9 = true;
            }
            for (int i10 = 0; i10 < list.size(); i10++) {
                String str = (String) list.get(i10);
                if (!str.contains("Samsung_default")) {
                    try {
                        KeyStore.Entry entry = keyStore.getEntry((String) list.get(i10), null);
                        if (entry != null && (entry instanceof KeyStore.PrivateKeyEntry)) {
                            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                            KnoxKeyInfo knoxKeyInfo = (KnoxKeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KnoxKeyInfo.class);
                            if (!isForWifi(knoxKeyInfo)) {
                                Log.d(TAG, "alias  is not for wifi");
                            } else if (isCcmKey(knoxKeyInfo) && z9) {
                                Log.d(TAG, "remove ccm alias " + ((String) list.get(i10)));
                            } else {
                                Log.d(TAG, "alias " + str + " is for wifi");
                                hashSet.add(new UksAlias(str).display());
                            }
                        }
                        Log.d(TAG, "not key entry, remove cert alias " + ((String) list.get(i10)));
                    } catch (Exception e11) {
                        Log.d(TAG, "getKeyEntry - Exception " + e11.getMessage());
                        e11.printStackTrace();
                    }
                }
            }
        } catch (Exception e12) {
            Log.d(TAG, "getKeyStore - Exception " + e12.getMessage());
            e12.printStackTrace();
        }
        return new ArrayList(hashSet);
    }

    public static List<String> getAliasesForWifi(boolean z7) {
        return isUKS() ? getAliasesForUKS(z7) : getCCMWifiAliases();
    }

    public static List<String> getAliasesListFromOtherApp(String str) {
        List<String> aliasListFromTimaKeystore = getAliasListFromTimaKeystore(str);
        List<String> emptyList = aliasListFromTimaKeystore == null ? Collections.emptyList() : aliasListFromTimaKeystore;
        List<String> emptyList2 = emptyList.size() == 0 ? Collections.emptyList() : new ArrayList<>();
        Collections.sort(emptyList);
        String str2 = "u" + String.valueOf(UserHandle.getUserId(Process.myUid())) + "_system_server";
        for (String str3 : emptyList) {
            if (!str3.contains(str2)) {
                Log.d(TAG, "getAliasesListFromOtherApp alias " + str3 + " added to final list " + str);
                emptyList2.add(str3);
            }
        }
        return emptyList2;
    }

    private static List<String> getCCMWifiAliases() {
        ClientCertificateManager clientCertificateManager;
        List<String> emptyList = Collections.emptyList();
        try {
            ITimaService asInterface = ITimaService.Stub.asInterface(ServiceManager.getService(TIMA_SERVICE));
            return (asInterface == null || !asInterface.getTimaVersion().equals("3.0") || (clientCertificateManager = EnterpriseDeviceManager.getInstance().getClientCertificateManager()) == null) ? emptyList : clientCertificateManager.getAliasesForWiFi();
        } catch (RemoteException e10) {
            Log.e(TAG, "RemoteException", e10);
            return emptyList;
        }
    }

    public static String getCcmInstaller() {
        return getCcmInstaller(UserHandle.getUserId(Process.myUid()));
    }

    public static String getCcmInstaller(int i10) {
        return "u" + String.valueOf(i10) + "_" + CCM_CONTAINER_CREATOR;
    }

    public static String getCcmInstallerPrefix() {
        return getCcmInstaller() + "::";
    }

    public static String getCcmInstallerPrefix(int i10) {
        return getCcmInstaller(i10) + "::";
    }

    public static String getCcmKeyId(String str, int i10, String str2) {
        if (!isUKS()) {
            return null;
        }
        Log.e(TAG, "getCcmKeyId alias : " + str);
        if (str != null && !"".equals(str)) {
            String replaceFirst = str.replaceFirst("USRPKEY_", "");
            try {
                IClientCertificateManager asInterface = IClientCertificateManager.Stub.asInterface(ServiceManager.getService("knox_ccm_policy"));
                if (asInterface == null) {
                    Log.e(TAG, "Unable to start CCMService");
                    return null;
                }
                if (i10 != 1000) {
                    TimaKeystore timaKeystore = EnterpriseDeviceManager.getInstance().getTimaKeystore();
                    if (timaKeystore != null) {
                        try {
                            if (!timaKeystore.isTimaKeystoreEnabledForPackage(str2)) {
                            }
                        } catch (Exception e10) {
                            e = e10;
                            Log.d(TAG, "getCertificateAliasesHavingPrivateKey - Exception " + e.getMessage());
                            e.printStackTrace();
                            return null;
                        }
                    }
                    return null;
                }
                if (!asInterface.hasGrantWithCxt(replaceFirst, new ContextInfo(i10, UserHandle.getCallingUserId()))) {
                    return null;
                }
                try {
                    try {
                        try {
                            try {
                                java.security.KeyStore keyStore = java.security.KeyStore.getInstance("KnoxAndroidKeyStore");
                                keyStore.load(null);
                                String ccmInstallerPrefix = getCcmInstallerPrefix();
                                Key key = keyStore.getKey(ccmInstallerPrefix + replaceFirst, null);
                                if (key == null) {
                                    ccmInstallerPrefix = CCM_CREATOR_PREFIX;
                                    key = keyStore.getKey(ccmInstallerPrefix + replaceFirst, null);
                                }
                                if (key == null) {
                                    ccmInstallerPrefix = "";
                                    key = keyStore.getKey(replaceFirst, null);
                                }
                                if (key == null) {
                                    return null;
                                }
                                if (!((KnoxKeyInfo) KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore").getKeySpec(key, KnoxKeyInfo.class)).isKnoxObjectProtectionRequired()) {
                                    Log.d(TAG, "CCM Keyid is null");
                                    return null;
                                }
                                Log.d(TAG, "CCM Keyid USRPKEY_" + ccmInstallerPrefix + replaceFirst);
                                return "USRPKEY_" + ccmInstallerPrefix + replaceFirst;
                            } catch (Exception e11) {
                                e11.printStackTrace();
                                return null;
                            }
                        } catch (NoSuchAlgorithmException e12) {
                            e12.printStackTrace();
                            return null;
                        }
                    } catch (CertificateException e13) {
                        e13.printStackTrace();
                        return null;
                    }
                } catch (IOException e14) {
                    e14.printStackTrace();
                    return null;
                } catch (KeyStoreException e15) {
                    e15.printStackTrace();
                    return null;
                }
            } catch (Exception e16) {
                e = e16;
            }
        }
        Log.e(TAG, "getCcmKeyId received empty/null alias");
        return null;
    }

    public static X509Certificate[] getCertificateChainFromTimaKeystore(String str) {
        return isUKS() ? getCertificateChainFromTimaKeystoreForUKS(str) : getCertificateChainFromTimaKeystoreForLegacy(str);
    }

    private static X509Certificate[] getCertificateChainFromTimaKeystoreForLegacy(String str) {
        X509Certificate[] x509CertificateArr;
        synchronized (mLock) {
            x509CertificateArr = null;
            Log.d(TAG, "getCertificateChainFromTimaKeystore called");
            if (str == null || "".equals(str)) {
                Log.e(TAG, "getCertificateChainFromTimaKeystore received empty/null alias");
            } else {
                try {
                    try {
                        java.security.KeyStore.getInstance("TimaKeyStore").load(null, null);
                        java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS11", "SECPkcs11");
                        keyStore.load(null, null);
                        Certificate[] certificateChain = keyStore.getCertificateChain(str);
                        if (certificateChain != null) {
                            x509CertificateArr = new X509Certificate[certificateChain.length];
                            for (int i10 = 0; i10 < certificateChain.length; i10++) {
                                x509CertificateArr[i10] = (X509Certificate) certificateChain[i10];
                            }
                        }
                    } catch (KeyStoreException e10) {
                        Log.e(TAG, "KeyStoreException", e10);
                    } catch (CertificateException e11) {
                        Log.e(TAG, "CertificateException", e11);
                    }
                } catch (IOException e12) {
                    Log.e(TAG, "IOException", e12);
                } catch (NoSuchAlgorithmException e13) {
                    Log.e(TAG, "NoSuchAlgorithmException", e13);
                } catch (NoSuchProviderException e14) {
                    Log.e(TAG, "java.security.NoSuchProviderException", e14);
                }
            }
        }
        return x509CertificateArr;
    }

    private static X509Certificate[] getCertificateChainFromTimaKeystoreForUKS(String str) {
        X509Certificate[] x509CertificateArr;
        synchronized (mLock) {
            x509CertificateArr = null;
            Log.d(TAG, "getCertificateChainFromTimaKeystore called");
            if (str == null || "".equals(str)) {
                Log.e(TAG, "getCertificateChainFromTimaKeystore received empty/null alias");
            } else {
                try {
                    try {
                        java.security.KeyStore keyStore = java.security.KeyStore.getInstance("KnoxAndroidKeyStore");
                        keyStore.load(null);
                        String str2 = getCcmInstallerPrefix() + str;
                        Log.d(TAG, "trying alias " + str2);
                        Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                        String str3 = CCM_CREATOR_PREFIX + str;
                        if (certificateChain == null) {
                            Log.d(TAG, "can't get cert chain for alias " + str2 + " try " + str3);
                            certificateChain = keyStore.getCertificateChain(str3);
                        }
                        if (certificateChain == null) {
                            Log.d(TAG, "can't get cert chain for alias " + str3 + " try " + str);
                            certificateChain = keyStore.getCertificateChain(str);
                        }
                        if (certificateChain == null) {
                            String display2KeyChainAlias = display2KeyChainAlias(str, false);
                            Log.d(TAG, "can't get cert chain  for alias " + str + " try " + display2KeyChainAlias);
                            certificateChain = keyStore.getCertificateChain(display2KeyChainAlias);
                        }
                        if (certificateChain != null) {
                            x509CertificateArr = new X509Certificate[certificateChain.length];
                            for (int i10 = 0; i10 < certificateChain.length; i10++) {
                                x509CertificateArr[i10] = (X509Certificate) certificateChain[i10];
                            }
                        }
                    } catch (NoSuchAlgorithmException e10) {
                        Log.e(TAG, "NoSuchAlgorithmException", e10);
                    } catch (CertificateException e11) {
                        Log.e(TAG, "CertificateException", e11);
                    }
                } catch (IOException e12) {
                    Log.e(TAG, "IOException", e12);
                } catch (KeyStoreException e13) {
                    Log.e(TAG, "KeyStoreException", e13);
                }
            }
        }
        return x509CertificateArr;
    }

    public static PrivateKey getPrivateKeyFromKnoxKeyStore(String str) {
        java.security.KeyStore keyStore;
        Log.d(TAG, "getPrivateKeyFromTimaKeyStore called");
        synchronized (mLock) {
            PrivateKey privateKey = null;
            try {
                try {
                    try {
                        keyStore = java.security.KeyStore.getInstance("KnoxAndroidKeyStore");
                        keyStore.load(null);
                    } catch (NoSuchAlgorithmException e10) {
                        Log.e(TAG, "NoSuchAlgorithmException", e10);
                    } catch (CertificateException e11) {
                        Log.e(TAG, "CertificateException", e11);
                    }
                } catch (RemoteException e12) {
                    e12.printStackTrace();
                } catch (KeyStoreException e13) {
                    Log.e(TAG, "KeyStoreException", e13);
                }
            } catch (IOException e14) {
                Log.e(TAG, "IOException", e14);
            } catch (UnrecoverableEntryException e15) {
                e15.printStackTrace();
            }
            if (str != null && !"".equals(str)) {
                IClientCertificateManager asInterface = IClientCertificateManager.Stub.asInterface(ServiceManager.getService("knox_ccm_policy"));
                if (asInterface == null) {
                    Log.e(TAG, "Unable to start CCMService");
                    return null;
                }
                if (!asInterface.hasGrant(str)) {
                    return null;
                }
                String str2 = getCcmInstallerPrefix() + str;
                KeyStore.Entry entry = keyStore.getEntry(str2, null);
                String str3 = CCM_CREATOR_PREFIX + str;
                if (entry == null) {
                    Log.e(TAG, "Unable to get private key " + str2);
                    Log.e(TAG, "try " + str3);
                    entry = keyStore.getEntry(str3, null);
                }
                if (entry == null) {
                    Log.e(TAG, "Unable to get private key " + str3);
                    Log.e(TAG, "try " + str);
                    entry = keyStore.getEntry(str, null);
                }
                if (entry == null || !(entry instanceof KeyStore.PrivateKeyEntry)) {
                    Log.e(TAG, "Unable to get private key " + str);
                    if (entry == null) {
                        Log.e(TAG, "key entry is null ");
                    } else if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                        Log.e(TAG, "key entry is not private key: " + entry.getClass().getName().toString());
                    }
                } else {
                    privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                }
                return privateKey;
            }
            Log.e(TAG, "getPrivateKeyFromTimaKeyStore received empty/null alias");
            return privateKey;
        }
    }

    public static PrivateKey getPrivateKeyFromOpenSSL(String str) {
        return isUKS() ? getPrivateKeyFromKnoxKeyStore(str) : getPrivateKeyFromOpenSSLLegacy(str);
    }

    private static PrivateKey getPrivateKeyFromOpenSSLLegacy(String str) {
        synchronized (mLock) {
            PrivateKey privateKey = null;
            try {
                try {
                    try {
                        try {
                            java.security.KeyStore.getInstance("TimaKeyStore").load(null, null);
                            java.security.KeyStore.getInstance("PKCS11", "SECPkcs11").load(null, null);
                            Log.d(TAG, "getPrivateKeyFromOpenSSL called");
                        } catch (CertificateException e10) {
                            Log.e(TAG, "CertificateException", e10);
                        }
                    } catch (NoSuchProviderException e11) {
                        Log.e(TAG, "java.security.NoSuchProviderException", e11);
                    }
                } catch (IOException e12) {
                    Log.e(TAG, "IOException", e12);
                } catch (KeyStoreException e13) {
                    Log.e(TAG, "KeyStoreException", e13);
                }
            } catch (RemoteException e14) {
                Log.e(TAG, "RemoteException", e14);
            } catch (NoSuchAlgorithmException e15) {
                Log.e(TAG, "NoSuchAlgorithmException", e15);
            }
            if (str != null && !"".equals(str)) {
                IClientCertificateManager asInterface = IClientCertificateManager.Stub.asInterface(ServiceManager.getService("knox_ccm_policy"));
                if (asInterface == null) {
                    Log.e(TAG, "Unable start CCMservice");
                    return null;
                }
                if (!asInterface.hasGrant(str)) {
                    return null;
                }
                OpenSSLHelper openSSLHelper = new OpenSSLHelper();
                if (openSSLHelper.registerEngine(str)) {
                    privateKey = openSSLHelper.getPrivateKey(str);
                } else {
                    Log.e(TAG, "Unable to register openssl engine");
                }
                return privateKey;
            }
            Log.e(TAG, "getPrivateKeyFromOpenSSL received empty/null alias");
            return privateKey;
        }
    }

    private static boolean isAccessor(KnoxKeyInfo knoxKeyInfo, String str) {
        int userId = UserHandle.getUserId(Process.myUid());
        Set<String> accessorIds2accIds = accessorIds2accIds(knoxKeyInfo.getAccessorIds());
        String str2 = "u" + String.valueOf(userId) + "_";
        if (!accessorIds2accIds.contains("u*_" + str)) {
            if (!accessorIds2accIds.contains("u*_*")) {
                if (!accessorIds2accIds.contains(str2 + str)) {
                    if (!accessorIds2accIds.contains(str2 + "*") && !accessorIds2accIds.contains("*")) {
                        return false;
                    }
                }
            }
        }
        Log.d(TAG, "is accessor" + str);
        return true;
    }

    public static boolean isCCMStoredAlias(String str, String str2) {
        new ArrayList();
        List<String> aliasListFromTimaKeystore = getAliasListFromTimaKeystore(str);
        if (aliasListFromTimaKeystore == null || aliasListFromTimaKeystore.isEmpty()) {
            return false;
        }
        Iterator<String> it = aliasListFromTimaKeystore.iterator();
        while (it.hasNext()) {
            if (it.next().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isCcmKey(KnoxKeyInfo knoxKeyInfo) {
        String creator = knoxKeyInfo.getCreator();
        return creator.equals(CCM_CREATOR) || creator.equals(getCcmInstaller());
    }

    private static boolean isForWifi(KnoxKeyInfo knoxKeyInfo) {
        int userId = UserHandle.getUserId(Process.myUid());
        if (!accessorIds2accIds(knoxKeyInfo.getAccessorIds()).contains(("u" + String.valueOf(userId) + "_") + WIFI_ACCESSOR)) {
            return false;
        }
        Log.d(TAG, "is for wifi");
        return true;
    }

    public static boolean isTimaKeystoreAndCCMEnabledForCaller() {
        boolean z7 = false;
        boolean z9 = false;
        Log.d(TAG, "isTimaKeystoreAndCCMEnabled called");
        try {
            ITimaService asInterface = ITimaService.Stub.asInterface(ServiceManager.getService(TIMA_SERVICE));
            if (asInterface != null && asInterface.getTimaVersion().equals("3.0")) {
                ClientCertificateManager clientCertificateManager = EnterpriseDeviceManager.getInstance().getClientCertificateManager();
                if (clientCertificateManager != null) {
                    z7 = clientCertificateManager.isCCMPolicyEnabledForCaller() && !clientCertificateManager.isAccessControlMethodPassword();
                }
                TimaKeystore timaKeystore = EnterpriseDeviceManager.getInstance().getTimaKeystore();
                if (timaKeystore != null) {
                    z9 = timaKeystore.isTimaKeystoreEnabled();
                }
            }
        } catch (RemoteException e10) {
            Log.e(TAG, "RemoteException", e10);
        }
        return z7 && z9;
    }

    public static boolean isTimaKeystoreAndCCMEnabledForPackage(String str) {
        boolean z7 = false;
        boolean z9 = false;
        Log.d(TAG, "isTimaKeystoreAndCCMEnabledForPackage called");
        if (str == null || "".equals(str)) {
            Log.e(TAG, "isTimaKeystoreAndCCMEnabledForPackage received empty/null package name");
        } else {
            try {
                ITimaService asInterface = ITimaService.Stub.asInterface(ServiceManager.getService(TIMA_SERVICE));
                if (asInterface != null && asInterface.getTimaVersion().equals("3.0")) {
                    ClientCertificateManager clientCertificateManager = EnterpriseDeviceManager.getInstance().getClientCertificateManager();
                    if (clientCertificateManager != null) {
                        z7 = clientCertificateManager.isCCMPolicyEnabledForPackage(str) && !clientCertificateManager.isAccessControlMethodPassword();
                    }
                    TimaKeystore timaKeystore = EnterpriseDeviceManager.getInstance().getTimaKeystore();
                    if (timaKeystore != null) {
                        z9 = timaKeystore.isTimaKeystoreEnabledForPackage(str);
                    }
                }
            } catch (RemoteException e10) {
                Log.e(TAG, "RemoteException", e10);
            }
            Log.d(TAG, "isCCMEnabled : " + z7);
            Log.d(TAG, "isTimaKeystoreEnabled : " + z9);
        }
        return z7 && z9;
    }

    private static boolean isUKS() {
        return true;
    }

    private static boolean validateCreator(String str) {
        if (str == null) {
            return false;
        }
        int length = str.length();
        if (!str.startsWith("u")) {
            return false;
        }
        String[] split = str.substring("u".length(), length).split("_", 2);
        if (split.length != 2) {
            return false;
        }
        for (int i10 = 0; i10 < split[0].length(); i10++) {
            char charAt = split[0].charAt(i10);
            if (charAt < '0' || charAt > '9') {
                return false;
            }
        }
        return validateName(split[1]) || str.equals(CCM_CREATOR);
    }

    private static boolean validateName(String str) {
        if (str == null) {
            return false;
        }
        int length = str.length();
        boolean z7 = true;
        boolean z9 = false;
        for (int i10 = 0; i10 < length; i10++) {
            char charAt = str.charAt(i10);
            if ((charAt >= 'a' && charAt <= 'z') || (charAt >= 'A' && charAt <= 'Z')) {
                z7 = false;
            } else if (z7 || ((charAt < '0' || charAt > '9') && charAt != '_')) {
                if (charAt != '.') {
                    return false;
                }
                z9 = true;
                z7 = true;
            }
        }
        return z9;
    }
}
