package net.pulsesecure.modules.policy;

import android.util.Log;
import ch.qos.logback.core.joran.action.Action;
import com.cellsec.api.JsonBase;
import com.cellsec.api.JsonWrapper;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import net.pulsesecure.infra.Module;
import net.pulsesecure.modules.network.INetworkManager;
import net.pulsesecure.modules.proto.CertificateResponseMsg;
import net.pulsesecure.modules.proto.CertificateScepResponseMsg;
import net.pulsesecure.modules.proto.IWorkspaceRestProtocol;
import net.pulsesecure.modules.proto.PolicyMsg;
import net.pulsesecure.modules.proto.PolicyProperties;
import net.pulsesecure.modules.scep.ActiveSyncCsrAttributeAdder;
import net.pulsesecure.modules.scep.CertUtil;
import net.pulsesecure.modules.scep.IScepProtocol;
import net.pulsesecure.modules.scep.ScepCertificate;
import net.pulsesecure.modules.scep.ScepResponse;
import net.pulsesecure.modules.system.IAndroidWrapper;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jscep.client.EnrollmentResponse;
import org.jscep.transaction.TransactionId;

/* compiled from: ActiveSyncManager.kt */
@Metadata(bv = {1, 0, 2}, d1 = {"\u0000f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\f\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0017\u0018\u0000 I2\u00020\u0001:\u0001IB\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J \u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001eH\u0002J\b\u0010\u001f\u001a\u00020\u0018H\u0002J\b\u0010 \u001a\u00020\u0018H\u0002J\b\u0010!\u001a\u00020\u0018H\u0002J\u001a\u0010\"\u001a\u0004\u0018\u00010#2\u0006\u0010$\u001a\u00020%2\u0006\u0010\u001b\u001a\u00020\u001cH\u0002J\u0010\u0010&\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\n\u0010'\u001a\u0004\u0018\u00010\bH\u0002J\u001c\u0010(\u001a\u0004\u0018\u00010\b2\u0006\u0010)\u001a\u00020\b2\b\u0010*\u001a\u0004\u0018\u00010\bH\u0002J \u0010+\u001a\u00020,2\u0006\u0010-\u001a\u00020,2\u0006\u0010.\u001a\u00020,2\u0006\u0010/\u001a\u00020\u0015H\u0002J\b\u00100\u001a\u000201H\u0002J\b\u00102\u001a\u000203H\u0002J\b\u00104\u001a\u000203H\u0002J\u0012\u00105\u001a\u0002032\b\u00106\u001a\u0004\u0018\u00010#H\u0002J\b\u00107\u001a\u000203H\u0002J\"\u00108\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\b\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0002J\u0010\u00109\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0018\u0010:\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010;\u001a\u000203H\u0002J\u0010\u0010<\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0010\u0010=\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0010\u0010>\u001a\u00020\u00182\b\u0010\u0019\u001a\u0004\u0018\u00010\u001aJ\u0010\u0010?\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0010\u0010@\u001a\u00020\u00182\u0006\u0010A\u001a\u00020\bH\u0002J\u001a\u0010B\u001a\u00020\u00182\u0006\u0010C\u001a\u00020\b2\b\u0010D\u001a\u0004\u0018\u00010#H\u0002J\u0010\u0010E\u001a\u00020\u00182\u0006\u0010F\u001a\u00020#H\u0002J\u001a\u0010G\u001a\u00020\u00182\u0006\u0010)\u001a\u00020\b2\b\u0010H\u001a\u0004\u0018\u00010\bH\u0002R\u000e\u0010\u0007\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0013\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0014\u001a\u00020\u0015X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0016\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000¨\u0006J"}, d2 = {"Lnet/pulsesecure/modules/policy/ActiveSyncManager;", "", "networkManager", "Lnet/pulsesecure/modules/network/INetworkManager;", "androidWrapper", "Lnet/pulsesecure/modules/system/IAndroidWrapper;", "(Lnet/pulsesecure/modules/network/INetworkManager;Lnet/pulsesecure/modules/system/IAndroidWrapper;)V", "activeSyncScepCertAlias", "", "getAndroidWrapper", "()Lnet/pulsesecure/modules/system/IAndroidWrapper;", "prefKeyActiveSyncAfwCertInstalled", "prefKeyActiveSyncAfwCertificate", "prefKeyActiveSyncScepCert", "prefKeyActiveSyncScepCertAlias", "prefKeyActiveSyncScepCertInstalled", "prefKeyActiveSyncScepCertPassword", "prefKeyActiveSyncScepCertPending", "prefKeyActiveSyncScepCertTransactionId", "prefKeyActiveSyncScepConfig", "scepCertRenewValidityPercentage", "", "tag", "attachScepActiveSyncCert", "", "policyMsg", "Lnet/pulsesecure/modules/proto/PolicyMsg;", "keyPair", "Ljava/security/KeyPair;", "scepResponse", "Lnet/pulsesecure/modules/scep/ScepResponse;", "clearAfwCertificateDetails", "clearPendingScepCertDetails", "clearScepCertificateDetails", "createScepCertResponseMsg", "Lnet/pulsesecure/modules/proto/CertificateResponseMsg;", "certificate", "Ljava/security/cert/X509Certificate;", "enrolNewScepCertificate", "getCertificateVersionNumber", "getPreferenceValue", Action.KEY_ATTRIBUTE, "defaultValue", "getRenewalTime", "Ljava/util/Date;", "notBefore", "notAfter", "percentage", "getScepConfiguration", "Lnet/pulsesecure/modules/proto/CertificateScepResponseMsg;", "isActiveSyncAfwCertInstalled", "", "isActiveSyncScepCertInstalled", "isNewCertAvailable", "resp", "isPendingActiveSyncScepCertPresent", "onScepCertEnrolled", "pollScepCertificate", "renewOrPollScepCert", "shouldPoll", "renewScepCert", "requestActiveSyncAFWApiCertificate", "requestActiveSyncCertificateIfNeeded", "requestActiveSyncScepCertificate", "saveAfwCertificateDetails", "certDetailsJsonString", "savePendingCertDetails", "transactionId", "responseMsg", "saveScepCertificateDetails", "certDetails", "saveValueToPreference", "value", "Companion", "app_release"}, k = 1, mv = {1, 1, 11})
/* loaded from: classes2.dex */
public final class ActiveSyncManager {

    @NotNull
    public static final String PREF_KEY_ACTIVE_SYNC_SCEP_RENEW_CERT = "activeSyncScepRenewCert";
    private final String activeSyncScepCertAlias;

    @NotNull
    private final IAndroidWrapper androidWrapper;
    private final INetworkManager networkManager;
    private final String prefKeyActiveSyncAfwCertInstalled;
    private final String prefKeyActiveSyncAfwCertificate;
    private final String prefKeyActiveSyncScepCert;
    private final String prefKeyActiveSyncScepCertAlias;
    private final String prefKeyActiveSyncScepCertInstalled;
    private final String prefKeyActiveSyncScepCertPassword;
    private final String prefKeyActiveSyncScepCertPending;
    private final String prefKeyActiveSyncScepCertTransactionId;
    private final String prefKeyActiveSyncScepConfig;
    private final int scepCertRenewValidityPercentage;
    private final String tag;

    public ActiveSyncManager(@NotNull INetworkManager networkManager, @NotNull IAndroidWrapper androidWrapper) {
        Intrinsics.checkParameterIsNotNull(networkManager, "networkManager");
        Intrinsics.checkParameterIsNotNull(androidWrapper, "androidWrapper");
        this.networkManager = networkManager;
        this.androidWrapper = androidWrapper;
        this.tag = "ActiveSyncManager";
        this.scepCertRenewValidityPercentage = 90;
        this.activeSyncScepCertAlias = "pulsesecure.activesync.cert";
        this.prefKeyActiveSyncAfwCertificate = "activeSyncAfwCertCertificate";
        this.prefKeyActiveSyncAfwCertInstalled = "activeSyncAfwCertInstalled";
        this.prefKeyActiveSyncScepConfig = "activeSyncScepConfig";
        this.prefKeyActiveSyncScepCert = "activeSyncScepCert";
        this.prefKeyActiveSyncScepCertTransactionId = "activeSyncScepCertTransactionId";
        this.prefKeyActiveSyncScepCertInstalled = "activeSyncScepCertInstalled";
        this.prefKeyActiveSyncScepCertPending = "activeSyncScepCertPending";
        this.prefKeyActiveSyncScepCertAlias = "activeSyncScepCertAlias";
        this.prefKeyActiveSyncScepCertPassword = "activeSyncScepCertPassword";
    }

    private final void attachScepActiveSyncCert(PolicyMsg policyMsg, KeyPair keyPair, ScepResponse scepResponse) {
        try {
            EnrollmentResponse enrollmentResponse = scepResponse.enrollmentResponse;
            Intrinsics.checkExpressionValueIsNotNull(enrollmentResponse, "scepResponse.enrollmentResponse");
            Certificate next = enrollmentResponse.getCertStore().getCertificates(null).iterator().next();
            if (next == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) next;
            CertificateResponseMsg createScepCertResponseMsg = createScepCertResponseMsg(x509Certificate, keyPair);
            if (createScepCertResponseMsg != null) {
                saveScepCertificateDetails(createScepCertResponseMsg);
                clearPendingScepCertDetails();
                this.androidWrapper.registerCertRenewAlarm(5, getRenewalTime(new Date(), new Date(createScepCertResponseMsg.validTo), this.scepCertRenewValidityPercentage).getTime());
                policyMsg.active_sync_cert_msg = createScepCertResponseMsg;
                Log.d(this.tag, "Cert enrollment completed SN: " + x509Certificate.getSerialNumber().toString(16) + ", Issuer: " + x509Certificate.getIssuerDN());
            }
        } catch (CertStoreException e) {
            Log.e(this.tag, "Error while accessing the certificate", e);
        }
    }

    private final void clearAfwCertificateDetails() {
        saveValueToPreference(this.prefKeyActiveSyncAfwCertInstalled, String.valueOf(false));
        saveValueToPreference(this.prefKeyActiveSyncAfwCertificate, null);
    }

    private final void clearPendingScepCertDetails() {
        saveValueToPreference(this.prefKeyActiveSyncScepCertPending, String.valueOf(false));
        saveValueToPreference(this.prefKeyActiveSyncScepCertTransactionId, null);
        saveValueToPreference(PREF_KEY_ACTIVE_SYNC_SCEP_RENEW_CERT, String.valueOf(false));
    }

    private final void clearScepCertificateDetails() {
        saveValueToPreference(this.prefKeyActiveSyncScepCertInstalled, String.valueOf(false));
        saveValueToPreference(this.prefKeyActiveSyncScepCertAlias, null);
        saveValueToPreference(this.prefKeyActiveSyncScepCertPassword, null);
        saveValueToPreference(this.prefKeyActiveSyncScepCert, null);
        clearPendingScepCertDetails();
    }

    private final CertificateResponseMsg createScepCertResponseMsg(X509Certificate certificate, KeyPair keyPair) {
        try {
            String uuid = UUID.randomUUID().toString();
            String convertToPKCS12Base64 = CertUtil.convertToPKCS12Base64(certificate, keyPair.getPrivate(), this.activeSyncScepCertAlias, uuid);
            CertificateResponseMsg certificateResponseMsg = new CertificateResponseMsg();
            certificateResponseMsg.certificate = convertToPKCS12Base64;
            certificateResponseMsg.cert_alias = this.activeSyncScepCertAlias;
            certificateResponseMsg.serialNumber = certificate.getSerialNumber();
            certificateResponseMsg.password = uuid;
            Date notBefore = certificate.getNotBefore();
            Intrinsics.checkExpressionValueIsNotNull(notBefore, "certificate.notBefore");
            certificateResponseMsg.validFrom = notBefore.getTime();
            Date notAfter = certificate.getNotAfter();
            Intrinsics.checkExpressionValueIsNotNull(notAfter, "certificate.notAfter");
            certificateResponseMsg.validTo = notAfter.getTime();
            return certificateResponseMsg;
        } catch (IOException e) {
            Log.d(this.tag, "Error while creating PKCS#12 base64 encoded string", e);
            return null;
        } catch (KeyStoreException e2) {
            Log.d(this.tag, "Error while creating PKCS#12 base64 encoded string", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            Log.d(this.tag, "Error while creating PKCS#12 base64 encoded string", e3);
            return null;
        } catch (CertificateException e4) {
            Log.d(this.tag, "Error while creating PKCS#12 base64 encoded string", e4);
            return null;
        }
    }

    private final void enrolNewScepCertificate(PolicyMsg policyMsg) {
        try {
            CertificateScepResponseMsg scepConfiguration = getScepConfiguration();
            if (scepConfiguration == null) {
                Log.d(this.tag, "SCEP enrolment process cancelled as SCEP configuration not found");
                return;
            }
            String str = scepConfiguration.challenge;
            scepConfiguration.challenge = "";
            saveValueToPreference(this.prefKeyActiveSyncScepConfig, scepConfiguration.toString());
            scepConfiguration.challenge = str;
            String preferenceValue = getPreferenceValue(this.prefKeyActiveSyncScepCertAlias, null);
            if (isActiveSyncScepCertInstalled()) {
                boolean removeCertFromManagedProfile = this.androidWrapper.removeCertFromManagedProfile(preferenceValue);
                Log.d(this.tag, "Removing existing active sync cert from keychain - " + removeCertFromManagedProfile);
            }
            IScepProtocol iScepProtocol = (IScepProtocol) Module.getProxy(this, IScepProtocol.class, null);
            KeyPair keyPair = iScepProtocol.generateKeyPair(scepConfiguration.key_size, scepConfiguration.key_type);
            ScepResponse enrollCertificate = iScepProtocol.enrollCertificate(keyPair, scepConfiguration, new ActiveSyncCsrAttributeAdder());
            Intrinsics.checkExpressionValueIsNotNull(keyPair, "keyPair");
            onScepCertEnrolled(policyMsg, keyPair, enrollCertificate);
        } catch (IOException e) {
            Log.e(this.tag, "Failed to retrieve scep config for active sync cert enrollment", e);
        } catch (InvalidParameterException e2) {
            Log.e(this.tag, "Error while generating key pair", e2);
        } catch (NoSuchAlgorithmException e3) {
            Log.e(this.tag, "Error while generating key pair", e3);
        }
    }

    private final String getCertificateVersionNumber() {
        CertificateResponseMsg certificateResponseMsg = (CertificateResponseMsg) JsonWrapper.fromJson(getPreferenceValue(this.prefKeyActiveSyncAfwCertificate, null), CertificateResponseMsg.class);
        if (certificateResponseMsg != null) {
            return certificateResponseMsg.version;
        }
        return null;
    }

    private final String getPreferenceValue(String key, String defaultValue) {
        return this.androidWrapper.getPrefs().getString(key, defaultValue);
    }

    private final Date getRenewalTime(Date notBefore, Date notAfter, int percentage) {
        return new Date(notBefore.getTime() + (((notAfter.getTime() - notBefore.getTime()) / 100) * percentage));
    }

    private final CertificateScepResponseMsg getScepConfiguration() {
        JsonBase fromJson = JsonWrapper.fromJson(this.networkManager.sendHttpRequest("/afw/spaces/%s/scep-configuration", "GET", null).result, CertificateScepResponseMsg.class);
        Intrinsics.checkExpressionValueIsNotNull(fromJson, "JsonWrapper.fromJson(sce…pResponseMsg::class.java)");
        return (CertificateScepResponseMsg) fromJson;
    }

    private final boolean isActiveSyncAfwCertInstalled() {
        return Boolean.parseBoolean(getPreferenceValue(this.prefKeyActiveSyncAfwCertInstalled, String.valueOf(false)));
    }

    private final boolean isActiveSyncScepCertInstalled() {
        return Boolean.parseBoolean(getPreferenceValue(this.prefKeyActiveSyncScepCertInstalled, String.valueOf(false)));
    }

    private final boolean isNewCertAvailable(CertificateResponseMsg resp) {
        return resp != null;
    }

    private final boolean isPendingActiveSyncScepCertPresent() {
        return Boolean.parseBoolean(getPreferenceValue(this.prefKeyActiveSyncScepCertPending, String.valueOf(false)));
    }

    private final void onScepCertEnrolled(PolicyMsg policyMsg, KeyPair keyPair, ScepResponse scepResponse) {
        if ((scepResponse != null ? scepResponse.enrollmentResponse : null) == null) {
            return;
        }
        EnrollmentResponse enrollmentResponse = scepResponse.enrollmentResponse;
        Intrinsics.checkExpressionValueIsNotNull(enrollmentResponse, "scepResponse.enrollmentResponse");
        if (enrollmentResponse.isSuccess()) {
            attachScepActiveSyncCert(policyMsg, keyPair, scepResponse);
            return;
        }
        EnrollmentResponse enrollmentResponse2 = scepResponse.enrollmentResponse;
        Intrinsics.checkExpressionValueIsNotNull(enrollmentResponse2, "scepResponse.enrollmentResponse");
        if (enrollmentResponse2.isFailure()) {
            clearPendingScepCertDetails();
            String str = this.tag;
            StringBuilder sb = new StringBuilder();
            sb.append("Error while enrolling/renewing the certificate: ");
            EnrollmentResponse enrollmentResponse3 = scepResponse.enrollmentResponse;
            Intrinsics.checkExpressionValueIsNotNull(enrollmentResponse3, "scepResponse.enrollmentResponse");
            sb.append(enrollmentResponse3.getFailInfo());
            Log.e(str, sb.toString());
            return;
        }
        Log.d(this.tag, "Received pending response from the server, require certificate poll.");
        X509Certificate x509Certificate = scepResponse.identity;
        Intrinsics.checkExpressionValueIsNotNull(x509Certificate, "scepResponse.identity");
        CertificateResponseMsg createScepCertResponseMsg = createScepCertResponseMsg(x509Certificate, keyPair);
        EnrollmentResponse enrollmentResponse4 = scepResponse.enrollmentResponse;
        Intrinsics.checkExpressionValueIsNotNull(enrollmentResponse4, "scepResponse.enrollmentResponse");
        String transactionId = enrollmentResponse4.getTransactionId().toString();
        Intrinsics.checkExpressionValueIsNotNull(transactionId, "transactionId");
        savePendingCertDetails(transactionId, createScepCertResponseMsg);
    }

    private final void pollScepCertificate(PolicyMsg policyMsg) {
        renewOrPollScepCert(policyMsg, true);
    }

    private final void renewOrPollScepCert(PolicyMsg policyMsg, boolean shouldPoll) {
        String preferenceValue = getPreferenceValue(this.prefKeyActiveSyncScepCert, null);
        String preferenceValue2 = getPreferenceValue(this.prefKeyActiveSyncScepConfig, null);
        ScepCertificate extractPKCS12Keystore = CertUtil.extractPKCS12Keystore(preferenceValue, getPreferenceValue(this.prefKeyActiveSyncScepCertAlias, null), getPreferenceValue(this.prefKeyActiveSyncScepCertPassword, null));
        if (extractPKCS12Keystore == null || preferenceValue2 == null) {
            String str = this.tag;
            StringBuilder sb = new StringBuilder();
            sb.append("Unable to ");
            sb.append(shouldPoll ? "poll" : "renew");
            sb.append(" as existing certificate details not found");
            Log.d(str, sb.toString());
            return;
        }
        JsonBase fromJson = JsonWrapper.fromJson(preferenceValue2, CertificateScepResponseMsg.class);
        Intrinsics.checkExpressionValueIsNotNull(fromJson, "JsonWrapper.fromJson(sce…pResponseMsg::class.java)");
        CertificateScepResponseMsg certificateScepResponseMsg = (CertificateScepResponseMsg) fromJson;
        X509Certificate identity = extractPKCS12Keystore.getCertificate();
        Intrinsics.checkExpressionValueIsNotNull(identity, "identity");
        KeyPair keyPair = new KeyPair(identity.getPublicKey(), extractPKCS12Keystore.getPrivateKey());
        IScepProtocol iScepProtocol = (IScepProtocol) Module.getProxy(this, IScepProtocol.class, null);
        if (shouldPoll) {
            Log.d(this.tag, "Performing certificate polling as pending certificate exists");
            String preferenceValue3 = getPreferenceValue(this.prefKeyActiveSyncScepCertTransactionId, null);
            if (preferenceValue3 == null) {
                Log.d(this.tag, "Certificate polling not done as transaction id is not found");
                return;
            }
            byte[] bytes = preferenceValue3.getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
            onScepCertEnrolled(policyMsg, keyPair, iScepProtocol.pollCertificate(identity, keyPair, new TransactionId(bytes), certificateScepResponseMsg, new ActiveSyncCsrAttributeAdder()));
            return;
        }
        Date date = new Date();
        long time = date.getTime();
        Date notAfter = identity.getNotAfter();
        Intrinsics.checkExpressionValueIsNotNull(notAfter, "identity.notAfter");
        if (time > notAfter.getTime()) {
            Log.w(this.tag, "Active sync certificate expired");
            clearScepCertificateDetails();
            enrolNewScepCertificate(policyMsg);
            return;
        }
        boolean parseBoolean = Boolean.parseBoolean(getPreferenceValue(PREF_KEY_ACTIVE_SYNC_SCEP_RENEW_CERT, String.valueOf(false)));
        Date notBefore = identity.getNotBefore();
        Intrinsics.checkExpressionValueIsNotNull(notBefore, "identity.notBefore");
        Date notAfter2 = identity.getNotAfter();
        Intrinsics.checkExpressionValueIsNotNull(notAfter2, "identity.notAfter");
        Date renewalTime = getRenewalTime(notBefore, notAfter2, this.scepCertRenewValidityPercentage);
        if (parseBoolean || date.getTime() >= renewalTime.getTime()) {
            Log.d(this.tag, "Initiating renew certificate");
            onScepCertEnrolled(policyMsg, keyPair, iScepProtocol.renewCertificate(identity, keyPair, certificateScepResponseMsg, new ActiveSyncCsrAttributeAdder()));
        }
    }

    private final void renewScepCert(PolicyMsg policyMsg) {
        renewOrPollScepCert(policyMsg, false);
    }

    private final void requestActiveSyncAFWApiCertificate(PolicyMsg policyMsg) {
        try {
            String response = this.networkManager.sendHttpRequest("/afw/spaces/%s/activesync-certificate", "POST", JsonWrapper.toJson(new IWorkspaceRestProtocol.CertificateRequestMsg(getCertificateVersionNumber()))).result;
            CertificateResponseMsg certificateResponseMsg = (CertificateResponseMsg) JsonWrapper.fromJson(response, CertificateResponseMsg.class);
            if (isNewCertAvailable(certificateResponseMsg)) {
                Log.d(this.tag, "AFW API certificate downloaded from server");
                policyMsg.active_sync_cert_msg = certificateResponseMsg;
                Intrinsics.checkExpressionValueIsNotNull(response, "response");
                saveAfwCertificateDetails(response);
            } else {
                Log.d(this.tag, "New certificate not found, client already have latest AFW API certificiate");
                policyMsg.active_sync_cert_msg = (CertificateResponseMsg) JsonWrapper.fromJson(getPreferenceValue(this.prefKeyActiveSyncAfwCertificate, null), CertificateResponseMsg.class);
            }
        } catch (IOException e) {
            Log.w(this.tag, "Failed to retrieve active sync certificate certificate", e);
        }
    }

    private final void requestActiveSyncScepCertificate(PolicyMsg policyMsg) {
        if (policyMsg.properties.activesync_force_update_scep_certificate) {
            enrolNewScepCertificate(policyMsg);
            return;
        }
        if (isPendingActiveSyncScepCertPresent()) {
            pollScepCertificate(policyMsg);
        } else if (isActiveSyncScepCertInstalled()) {
            renewScepCert(policyMsg);
        } else {
            enrolNewScepCertificate(policyMsg);
        }
    }

    private final void saveAfwCertificateDetails(String certDetailsJsonString) {
        saveValueToPreference(this.prefKeyActiveSyncAfwCertInstalled, String.valueOf(true));
        saveValueToPreference(this.prefKeyActiveSyncAfwCertificate, certDetailsJsonString);
        if (isActiveSyncScepCertInstalled()) {
            clearScepCertificateDetails();
        }
    }

    private final void savePendingCertDetails(String transactionId, CertificateResponseMsg responseMsg) {
        saveValueToPreference(this.prefKeyActiveSyncScepCertPending, String.valueOf(true));
        saveValueToPreference(this.prefKeyActiveSyncScepCertTransactionId, transactionId);
        String str = this.prefKeyActiveSyncScepCert;
        if (responseMsg == null) {
            Intrinsics.throwNpe();
        }
        saveValueToPreference(str, responseMsg.certificate);
        saveValueToPreference(this.prefKeyActiveSyncScepCertAlias, responseMsg.cert_alias);
        saveValueToPreference(this.prefKeyActiveSyncScepCertPassword, responseMsg.password);
    }

    private final void saveScepCertificateDetails(CertificateResponseMsg certDetails) {
        saveValueToPreference(this.prefKeyActiveSyncScepCertInstalled, String.valueOf(true));
        saveValueToPreference(this.prefKeyActiveSyncScepCert, certDetails.certificate);
        saveValueToPreference(this.prefKeyActiveSyncScepCertAlias, certDetails.cert_alias);
        saveValueToPreference(this.prefKeyActiveSyncScepCertPassword, certDetails.password);
        if (isActiveSyncAfwCertInstalled()) {
            clearAfwCertificateDetails();
        }
    }

    private final void saveValueToPreference(String key, String value) {
        this.androidWrapper.getPrefs().putString(key, value);
    }

    @NotNull
    public final IAndroidWrapper getAndroidWrapper() {
        return this.androidWrapper;
    }

    public final void requestActiveSyncCertificateIfNeeded(@Nullable PolicyMsg policyMsg) {
        if (policyMsg == null) {
            return;
        }
        PolicyProperties policyProperties = policyMsg.properties;
        if (policyProperties.activesync_allow_authentication_via_certificate) {
            if (policyProperties.activesync_use_scep_certificate) {
                requestActiveSyncScepCertificate(policyMsg);
                return;
            } else {
                requestActiveSyncAFWApiCertificate(policyMsg);
                return;
            }
        }
        if (isActiveSyncAfwCertInstalled()) {
            clearAfwCertificateDetails();
        }
        if (isActiveSyncScepCertInstalled()) {
            clearScepCertificateDetails();
        }
    }
}
