package android.security;

import android.content.Context;
import android.os.IBinder;
import android.os.Process;
import android.os.RemoteException;
import android.os.UserHandle;
import android.sec.enterprise.EnterpriseDeviceManager;
import android.sec.enterprise.IEDMProxy;
import android.sec.enterprise.auditlog.AuditEvents;
import android.sec.enterprise.auditlog.AuditLog;
import android.sec.enterprise.certificate.CertificatePolicy;
import android.sec.enterprise.certificate.CertificatePolicyCache;
import android.system.keystore2.KeyDescriptor;
import android.util.Log;
import com.samsung.android.security.mdf.MdfUtils;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes5.dex */
public class KeyStoreAuditLog {
    public static final int CLEAR = 1;
    public static final int DELETE = 2;
    public static final int EXECUTION_EXCEPTION = 201;
    public static final int GENERATE = 4;
    public static final int IMPORT = 5;
    public static final int INSERT = 3;
    public static final int REMOTE_EXCEPTION = 200;
    private static final String TAG = "KeyStoreAuditLog";

    /* loaded from: classes4.dex */
    public static class AuditLogParams {
        private final String mAlias;
        private final String mClassName;
        private Context mContext;
        private byte[] mEncodedCerts;
        private int mOperationType;
        private List<X509Certificate> mX509Certificates;
        private long mNamespace = 0;
        private int mDomain = -1;
        private int mUserId = KeyStoreAuditLog.access$000(Process.myUid());
        private int mErrorCode = 1;

        public AuditLogParams(String str, String str2) {
            this.mAlias = str;
            this.mClassName = str2;
        }

        public static AuditLogParams init(KeyDescriptor keyDescriptor, int i10, String str) {
            return init(keyDescriptor, i10, str, 1);
        }

        public static AuditLogParams init(KeyDescriptor keyDescriptor, int i10, String str, int i11) {
            return init(keyDescriptor.alias, keyDescriptor.nspace, keyDescriptor.domain, i10, str, i11);
        }

        public static AuditLogParams init(String str, long j6, int i10, int i11, String str2, int i12) {
            AuditLogParams auditLogParams = new AuditLogParams(str, str2);
            auditLogParams.setNamespace(j6);
            auditLogParams.setDomain(i10);
            auditLogParams.setOperationType(i11);
            auditLogParams.setErrorCode(i12);
            return auditLogParams;
        }

        public String getAlias() {
            return this.mAlias;
        }

        public byte[] getChainBytes() {
            byte[] bArr = this.mEncodedCerts;
            if (bArr != null) {
                return bArr;
            }
            List<X509Certificate> list = this.mX509Certificates;
            if (list != null) {
                return KeyStoreAuditLog.access$100((Certificate[]) list.toArray(new X509Certificate[list.size()]));
            }
            return null;
        }

        public String getClassName() {
            return this.mClassName;
        }

        public Context getContext() {
            return this.mContext;
        }

        public int getDomain() {
            return this.mDomain;
        }

        public int getErrorCode() {
            return this.mErrorCode;
        }

        public long getNamespace() {
            return this.mNamespace;
        }

        public int getOperationType() {
            return this.mOperationType;
        }

        public int getUserId() {
            return this.mUserId;
        }

        public List<X509Certificate> getX509Certificates() {
            List<X509Certificate> list = this.mX509Certificates;
            if (list != null) {
                return list;
            }
            byte[] bArr = this.mEncodedCerts;
            return bArr != null ? KeyStoreAuditLog.toCertificates(bArr) : Collections.emptyList();
        }

        public boolean hasCertificates() {
            List<X509Certificate> list = this.mX509Certificates;
            return ((list == null || list.isEmpty()) && this.mEncodedCerts == null) ? false : true;
        }

        public void setContext(Context context) {
            this.mContext = context;
        }

        public void setDomain(int i10) {
            this.mDomain = i10;
        }

        public void setEncodedCerts(byte[] bArr) {
            this.mEncodedCerts = bArr;
        }

        public void setErrorCode(int i10) {
            this.mErrorCode = i10;
        }

        public void setNamespace(long j6) {
            this.mNamespace = j6;
        }

        public void setOperationType(int i10) {
            this.mOperationType = i10;
        }

        public void setUserCertAndChain(byte[] bArr, byte[] bArr2) {
            if (bArr != null) {
                setX509Certificates(KeyStoreAuditLog.access$200(bArr, bArr2));
            } else {
                if (bArr2 == null) {
                    return;
                }
                setEncodedCerts(bArr2);
            }
        }

        public void setUserId(int i10) {
            this.mUserId = i10;
        }

        public void setX509Certificates(List<X509Certificate> list) {
            this.mX509Certificates = list;
        }

        public String toString() {
            return "AuditLogParams{mAlias='" + this.mAlias + "', mClassName='" + this.mClassName + "', mUserId=" + this.mUserId + ", mNamespace=" + this.mNamespace + ", mDomain=" + this.mDomain + ", mContext=" + this.mContext + ", mOperationType=" + this.mOperationType + ", mErrorCode=" + this.mErrorCode + ", mX509Certificates=" + this.mX509Certificates + ", mEncodedCerts=" + Arrays.toString(this.mEncodedCerts) + '}';
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class LogMessage {
        public static final String KEEP = null;
        public static final String REMOVE = "";
        String message;
        String redactedMessage;

        public LogMessage(String str, String str2) {
            this.message = str;
            this.redactedMessage = str2;
        }

        public String toString() {
            return "LogMessage{message='" + this.message + "', redactedMessage='" + this.redactedMessage + "'}";
        }
    }

    private KeyStoreAuditLog() {
    }

    public static void auditLogPrivilegedAsUser(Context context, String str, int i10, int i11, int i12, String str2) {
        auditLogPrivilegedAsUser(context, str, i10, i11, new ArrayList(), i12, str2);
    }

    public static void auditLogPrivilegedAsUser(Context context, String str, int i10, int i11, List<X509Certificate> list, int i12, String str2) {
        String str3;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        char c = 0;
        boolean z7 = i12 == 1;
        int i13 = z7 ? 5 : 1;
        String keystoreString = getKeystoreString(i10);
        String str4 = z7 ? AuditEvents.SUCCEEDED : AuditEvents.FAILED;
        if (i11 != 1) {
            char c10 = 2;
            if (i11 != 2) {
                if (i11 != 3) {
                    if (i11 == 4) {
                        arrayList.add(AuditEvents.KEY_GEN_FAILED + getErrorMessage(i12));
                        arrayList2.add("");
                        str3 = null;
                    } else {
                        if (i11 != 5) {
                            return;
                        }
                        arrayList.add(AuditEvents.KEY_IMPORTING + String.format("(Keystore=%s, key=%s, uid=%s, requested by %s)", keystoreString, str, Integer.valueOf(i10), getRequestorInfo(context)) + str4 + getErrorMessage(i12));
                        arrayList2.add("");
                        str3 = null;
                    }
                } else if (keystoreString.isEmpty()) {
                    str3 = null;
                } else {
                    for (X509Certificate x509Certificate : list) {
                        Object[] objArr = new Object[4];
                        objArr[c] = keystoreString;
                        objArr[1] = str;
                        objArr[c10] = x509Certificate.getSubjectDN();
                        objArr[3] = x509Certificate.getIssuerDN();
                        arrayList.add(AuditEvents.CERT_INSTALL + getKeyString(str) + str4 + String.format("(Keystore=%s, key=%s, Subject=%s, Issuer=%s)", objArr) + getErrorMessage(i12));
                        arrayList2.add("");
                        c = 0;
                        c10 = 2;
                    }
                    str3 = null;
                }
            } else if (list == null || list.size() <= 0) {
                arrayList.add(AuditEvents.KEY_DESTRUCTION + String.format("(Keystore=%s, key=%s, uid=%s, requested by %s)", keystoreString, str, Integer.valueOf(i10), getRequestorInfo(context)) + str4 + getErrorMessage(i12));
                arrayList2.add("");
                str3 = null;
            } else {
                for (X509Certificate x509Certificate2 : list) {
                    arrayList.add(AuditEvents.CERT_DELETE + getKeyString(str) + str4 + String.format("(Keystore=%s, key=%s, Subject=%s, Issuer=%s)", keystoreString, str, x509Certificate2.getSubjectDN(), x509Certificate2.getIssuerDN()));
                    arrayList2.add("");
                }
                str3 = null;
            }
        } else {
            arrayList.add(AuditEvents.CLEAR_CREDENTIALS + str4 + " Keystore : " + keystoreString + getErrorMessage(i12));
            str3 = null;
            arrayList2.add(null);
        }
        int userId = getUserId(i10, true);
        int i14 = 0;
        while (i14 < arrayList.size()) {
            int myPid = Process.myPid();
            String str5 = (String) arrayList.get(i14);
            String str6 = userId != -1 ? (String) arrayList2.get(i14) : str3;
            String str7 = str3;
            int i15 = userId;
            AuditLog.logPrivilegedAsUser(i13, 1, z7, myPid, str2, str5, str6, i15);
            i14++;
            userId = i15;
            str3 = str7;
            str4 = str4;
        }
    }

    public static void auditLogPrivilegedAsUser(Context context, String str, int i10, int i11, byte[] bArr, int i12, String str2) {
        auditLogPrivilegedAsUser(context, str, i10, i11, convertFromPem(bArr), i12, str2);
    }

    private static List<X509Certificate> convertFromPem(byte[] bArr) {
        List<X509Certificate> list = null;
        if (bArr != null) {
            try {
                list = Credentials.convertFromPem(bArr);
            } catch (IOException e10) {
                Log.e(TAG, "Failed converting certificate from pem", e10);
            } catch (IllegalArgumentException e11) {
                Log.e(TAG, "Failed converting certificate from pem", e11);
            } catch (CertificateException e12) {
                Log.e(TAG, "Failed converting certificate from pem", e12);
            }
        }
        return list == null ? new ArrayList() : list;
    }

    private static String getErrorMessage(int i10) {
        if (i10 == 1) {
            return "";
        }
        if (i10 == 200) {
            return " Cannot connect to KeyStore";
        }
        if (i10 == 201) {
            return " Completed with execution exception";
        }
        return " with error " + i10;
    }

    private static String getKeyString(String str) {
        return (str == null || !str.startsWith("USRPKEY_")) ? "certificate" : "private key";
    }

    private static String getKeystoreString(int i10) {
        return i10 == 1010 ? AuditEvents.WIFI : (i10 == -1 || UserHandle.getAppId(i10) == 1000) ? "VPN and Apps" : "";
    }

    private static String getRequestorInfo(Context context) {
        int myPid = Process.myPid();
        int myUid = Process.myUid();
        String str = myUid == 1000 ? "SystemApp" : "UserApp";
        String str2 = "";
        try {
            str2 = context.getPackageManager().getNameForUid(myUid);
            Object invoke = Class.forName("com.samsung.android.knox.IEnterpriseDeviceManager$Stub").getMethod("asInterface", IBinder.class).invoke(null, (IBinder) Class.forName("android.os.ServiceManager").getMethod("getService", String.class).invoke(null, "enterprise_policy"));
            if (((Boolean) invoke.getClass().getMethod("packageHasActiveAdmins", String.class).invoke(invoke, str2)).booleanValue()) {
                str = str + "|Administrator";
            } else {
                str = str + "|NonAdministrator";
            }
        } catch (Exception e10) {
            Log.d(TAG, "Administrator status cannot be defined for requestor: uid=" + myUid + " pid=" + myPid, e10);
        }
        return str2 + ": uid=" + myUid + " pid=" + myPid + " role=" + str;
    }

    private static int getUserId(int i10) {
        return getUserId(i10, false);
    }

    private static int getUserId(int i10, boolean z7) {
        int userId = UserHandle.getUserId(i10);
        if (i10 == -1) {
            return UserHandle.myUserId();
        }
        if (z7 && i10 == 1010) {
            return -1;
        }
        return userId;
    }

    public static boolean isAuditLogEnabledAsUser(int i10) {
        return AuditLog.isAuditLogEnabledAsUser(getUserId(i10));
    }

    public static boolean isCertificateTrustedByMdm(Context context, byte[] bArr, int i10) {
        int userId = getUserId(i10);
        CertificatePolicyCache certificatePolicyCache = CertificatePolicyCache.getInstance(context);
        CertificatePolicy certificatePolicy = EnterpriseDeviceManager.getInstance().getCertificatePolicy();
        if (!certificatePolicyCache.isCertificateTrustedUntrustedEnabled() || certificatePolicy.isCaCertificateTrustedAsUser(bArr, false, userId)) {
            return !certificatePolicyCache.isCertificateValidationAtInstallEnabled() || certificatePolicy.validateCertificateAtInstallAsUser(bArr, userId) == -1;
        }
        return false;
    }

    public static void logMdfKeyGenFailed(String str, String str2) {
        MdfUtils.logMdf(MdfUtils.isMdfEnforced(), "Key generation failed  with error: " + str, false, 3, str2);
    }

    public static void notifyCertificateRemovedAsUser(List<X509Certificate> list, int i10) {
        if (list == null || list.size() <= 0) {
            return;
        }
        CertificatePolicy certificatePolicy = EnterpriseDeviceManager.getInstance().getCertificatePolicy();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            certificatePolicy.notifyCertificateRemovedAsUser(it.next().getSubjectX500Principal().getName(), getUserId(i10));
        }
    }

    public static void notifyCertificateRemovedAsUser(byte[] bArr, int i10) {
        notifyCertificateRemovedAsUser(convertFromPem(bArr), i10);
    }

    public static void refreshRollbackUserKeystore(int i10) {
        IEDMProxy service = EnterpriseDeviceManager.EDMProxyServiceHelper.getService();
        if (service != null) {
            try {
                service.notifyUserKeystoreUnlocked(i10);
            } catch (RemoteException e10) {
                Log.e(TAG, "Failed talking with Certificate Policy", e10);
            }
        }
    }
}
