package com.ca.mas.core.policy;

import android.content.Context;
import android.util.Log;
import com.ca.mas.core.MobileSsoConfig;
import com.ca.mas.core.conf.ConfigurationManager;
import com.ca.mas.core.context.DeviceIdentifier;
import com.ca.mas.core.context.MssoContext;
import com.ca.mas.core.context.MssoException;
import com.ca.mas.core.error.MAGErrorCode;
import com.ca.mas.core.error.MAGException;
import com.ca.mas.core.error.MAGServerException;
import com.ca.mas.core.error.MAGStateException;
import com.ca.mas.core.policy.exceptions.CredentialRequiredException;
import com.ca.mas.core.policy.exceptions.TokenStoreUnavailableException;
import com.ca.mas.core.registration.DeviceRegistrationAwaitingActivationException;
import com.ca.mas.core.registration.RegistrationClient;
import com.ca.mas.core.registration.RegistrationException;
import com.ca.mas.core.security.KeyStoreException;
import com.ca.mas.core.security.KeyStoreRepository;
import com.ca.mas.core.store.TokenManager;
import com.ca.mas.core.store.TokenStoreException;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.foundation.MAS;
import com.ca.mas.foundation.MASAuthCredentials;
import com.ca.mas.foundation.MASResponse;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Calendar;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class DeviceRegistrationAssertion implements MssoAssertion {
    private Context ctx = null;
    private TokenManager tokenManager;

    private void registerDevice(MssoContext mssoContext, RequestInfo requestInfo) throws MAGException, MAGServerException {
        MASAuthCredentials credentials = requestInfo.getRequest().getGrantProvider().getCredentials(mssoContext);
        if (credentials == null || !credentials.isValid()) {
            throw new CredentialRequiredException();
        }
        if (MAS.DEBUG) {
            Log.d(MAS.TAG, "Device registration process start");
        }
        try {
            this.tokenManager.clear();
            PrivateKey clientPrivateKey = this.tokenManager.getClientPrivateKey();
            if (clientPrivateKey == null) {
                Integer num = (Integer) mssoContext.getConfigurationProvider().getProperty(MobileSsoConfig.PROP_CLIENT_CERT_RSA_KEYBITS);
                if (num == null) {
                    num = 2048;
                }
                try {
                    clientPrivateKey = this.tokenManager.createPrivateKey(this.ctx, num.intValue());
                } catch (KeyStoreException e10) {
                    throw new RegistrationException(MAGErrorCode.DEVICE_NOT_REGISTERED, "Failed to generate private key.", e10);
                }
            }
            PrivateKey privateKey = clientPrivateKey;
            PublicKey clientPublicKey = this.tokenManager.getClientPublicKey();
            String deviceName = mssoContext.getDeviceName();
            try {
                String uniqueIdentifier = new DeviceIdentifier().toString();
                byte[] generateCertificateSigningRequest = KeyStoreRepository.getKeyStoreRepository().generateCertificateSigningRequest(credentials.getUsername(), uniqueIdentifier, deviceName, (String) mssoContext.getConfigurationProvider().getProperty(MobileSsoConfig.PROP_ORGANIZATION), privateKey, clientPublicKey);
                mssoContext.resetHttpClient();
                Boolean bool = (Boolean) mssoContext.getConfigurationProvider().getProperty(MobileSsoConfig.PROP_SSO_ENABLED);
                boolean z10 = bool != null && bool.booleanValue();
                RegistrationClient.DeviceRegistrationResult registerDevice = new RegistrationClient(mssoContext).registerDevice(generateCertificateSigningRequest, requestInfo.getRequest(), mssoContext.getClientId(), mssoContext.getClientSecret(), uniqueIdentifier, deviceName, z10);
                IdToken idToken = registerDevice.getIdToken();
                try {
                    this.tokenManager.saveClientCertificateChain(registerDevice.getClientCertificateChain());
                    this.tokenManager.saveMagIdentifier(registerDevice.getMagIdentifier());
                    mssoContext.onDeviceRegistrationCompleted();
                    if (idToken != null) {
                        mssoContext.onIdTokenAvailable(idToken);
                    }
                    if (RegistrationClient.DeviceStatus.REGISTERED.equals(registerDevice.getDeviceStatus())) {
                        throw new DeviceRegistrationAwaitingActivationException();
                    }
                } catch (Exception e11) {
                    throw new TokenStoreUnavailableException(e11);
                }
            } catch (CertificateException e12) {
                throw new RegistrationException(MAGErrorCode.DEVICE_NOT_REGISTERED, e12);
            } catch (Exception e13) {
                throw new MssoException(e13);
            }
        } catch (TokenStoreException e14) {
            throw new TokenStoreUnavailableException(e14);
        }
    }

    @Override // com.ca.mas.core.policy.MssoAssertion
    public void close() {
    }

    @Override // com.ca.mas.core.policy.MssoAssertion
    public void init(MssoContext mssoContext, Context context) {
        TokenManager tokenManager = mssoContext.getTokenManager();
        this.tokenManager = tokenManager;
        this.ctx = context;
        if (tokenManager == null) {
            throw new NullPointerException("mssoContext.tokenManager");
        }
        if (mssoContext.getConfigurationProvider() == null) {
            throw new NullPointerException("mssoContext.configurationProvider");
        }
    }

    @Override // com.ca.mas.core.policy.MssoAssertion
    public synchronized void processRequest(MssoContext mssoContext, RequestInfo requestInfo) throws MAGException, MAGServerException {
        X509Certificate[] clientCertificateChain = this.tokenManager.getClientCertificateChain();
        if (clientCertificateChain != null && clientCertificateChain.length > 0) {
            X509Certificate x509Certificate = clientCertificateChain[0];
            try {
                Calendar calendar = Calendar.getInstance();
                calendar.add(6, ConfigurationManager.getInstance().getCertificateAdvancedRenewTimeframe());
                x509Certificate.checkValidity(calendar.getTime());
            } catch (CertificateExpiredException e10) {
                throw new com.ca.mas.core.policy.exceptions.CertificateExpiredException(e10);
            } catch (CertificateNotYetValidException unused) {
            }
            if (this.tokenManager.getMagIdentifier() != null) {
                if (MAS.DEBUG) {
                    Log.d(MAS.TAG, String.format("Device is registered with identifier: %s", this.tokenManager.getMagIdentifier()));
                }
                return;
            }
        }
        registerDevice(mssoContext, requestInfo);
    }

    @Override // com.ca.mas.core.policy.MssoAssertion
    public void processResponse(MssoContext mssoContext, RequestInfo requestInfo, MASResponse mASResponse) throws MAGStateException {
    }
}
