package nl.aeteurope.mpki;

import android.text.format.DateFormat;
import android.util.Log;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import nl.aeteurope.mpki.enrollment.CertificateOrigin;
import nl.aeteurope.mpki.enrollment.EnrollmentServiceImpl;
import nl.aeteurope.mpki.enrollment.EnrollmentStorageImpl;
import nl.aeteurope.mpki.identity.CertificateWithPrivateKeyReference;
import nl.aeteurope.mpki.identity.SoftSecureElement;
import nl.aeteurope.mpki.pinCache.InMemoryPinCache;
import nl.aeteurope.mpki.secureelement.AETSmartCardUtil;
import nl.aeteurope.mpki.secureelement.IncorrectPasswordException;
import nl.aeteurope.mpki.service.push.PushRegistrationService;
import nl.aeteurope.mpki.util.AETSharedPreferencesUtil;
import nl.aeteurope.mpki.workflow.CertificateCriteria;
import nl.aeteurope.mpki.workflow.FilterParser;
import nl.aeteurope.mpki.workflow.Flow;
import nl.aeteurope.mpki.workflow.Method;
import nl.aeteurope.mpki.workflow.MissingIdentityException;
import nl.aeteurope.mpki.workflow.method.BulkSignEnd;
import nl.aeteurope.mpki.workflow.method.BulkSignStart;
import nl.aeteurope.mpki.workflow.method.CacheAuthenticationPin;
import nl.aeteurope.mpki.workflow.method.CacheSigningPin;
import nl.aeteurope.mpki.workflow.method.CanUseAuthenticationPinCacheForSigning;
import nl.aeteurope.mpki.workflow.method.CanUseSigningPinCacheForAuthentication;
import nl.aeteurope.mpki.workflow.method.CheckAndRegisterPushToken;
import nl.aeteurope.mpki.workflow.method.ClearWorkflowState;
import nl.aeteurope.mpki.workflow.method.CreateFilterForRequest;
import nl.aeteurope.mpki.workflow.method.DetermineEnrollmentType;
import nl.aeteurope.mpki.workflow.method.GetCachedAuthenticationOrSigningPin;
import nl.aeteurope.mpki.workflow.method.GetCachedAuthenticationPin;
import nl.aeteurope.mpki.workflow.method.GetCachedSigningPin;
import nl.aeteurope.mpki.workflow.method.GetCertificateForAuthentication;
import nl.aeteurope.mpki.workflow.method.GetCertificatesForPreEnrolled;
import nl.aeteurope.mpki.workflow.method.GetCertificatesForSigning;
import nl.aeteurope.mpki.workflow.method.GetDataToSign;
import nl.aeteurope.mpki.workflow.method.GetPinStateForPreEnrolled;
import nl.aeteurope.mpki.workflow.method.GetPinStateOfSoftStore;
import nl.aeteurope.mpki.workflow.method.GetPinstate;
import nl.aeteurope.mpki.workflow.method.GetRequestType;
import nl.aeteurope.mpki.workflow.method.GetSigningRequests;
import nl.aeteurope.mpki.workflow.method.GetSoftPinComplexity;
import nl.aeteurope.mpki.workflow.method.GetUsername;
import nl.aeteurope.mpki.workflow.method.HandleRenewal;
import nl.aeteurope.mpki.workflow.method.HandleRenewalPassword;
import nl.aeteurope.mpki.workflow.method.HandleRenewalRequest;
import nl.aeteurope.mpki.workflow.method.HandleSignRenewal;
import nl.aeteurope.mpki.workflow.method.HasEnrolledPin;
import nl.aeteurope.mpki.workflow.method.HasPushRegistration;
import nl.aeteurope.mpki.workflow.method.ImportEnrollmentData;
import nl.aeteurope.mpki.workflow.method.ImportSoftEnroll;
import nl.aeteurope.mpki.workflow.method.PermanentDisableCertificate;
import nl.aeteurope.mpki.workflow.method.PreEnrolled;
import nl.aeteurope.mpki.workflow.method.Reset;
import nl.aeteurope.mpki.workflow.method.RevokeCertificate;
import nl.aeteurope.mpki.workflow.method.SaveSelectedCertificateInStore;
import nl.aeteurope.mpki.workflow.method.SetServerEnvironment;
import nl.aeteurope.mpki.workflow.method.SignRequestHash;
import nl.aeteurope.mpki.workflow.method.SignRequestPKCS1;
import nl.aeteurope.mpki.workflow.method.SignRequestPKCS7;
import nl.aeteurope.mpki.workflow.method.SoftEnroll;
import nl.aeteurope.mpki.workflow.method.SubmitRejectedRequest;
import nl.aeteurope.mpki.workflow.method.SubmitSignedRequest;
import nl.aeteurope.mpki.workflow.method.TemporaryDisableCertificate;
import nl.aeteurope.mpki.workflow.state.WorkflowStateService;
import nl.aeteurope.mpki.workflow.xml.XmlFlowBuilder;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes.dex */
public class Domain {
    public static final String ENROLLMENT_STORAGE_DIRECTORY = "enrollmentstorage.tmp";
    public static final String KEYPAIRCACHE_TMP = "keypaircache.tmp";
    public static final String KEYSTORE = "keystore";
    private static final String LOG = Domain.class.getSimpleName();
    private final AETActivity activity;
    private DomainConfiguration domainConfiguration;
    private ErrorCallback errorCallBack;
    private Flow flow;
    private final Logger logger;
    private Map<String, Method> methods;
    private ServiceLocator serviceLocator;
    private InputStream workflowConfiguration = null;

    public Domain(AETActivity aETActivity, DomainConfiguration domainConfiguration, Logger logger, ProgressIndicator progressIndicator) throws AETException, IOException {
        this.activity = aETActivity;
        this.domainConfiguration = domainConfiguration;
        this.logger = logger;
        this.serviceLocator = createServiceLocator(domainConfiguration, logger, progressIndicator);
        loadWorkFlowStream();
        if (!isWorkFlowConfigurationSetupValid()) {
            throw new AETException(ErrorCode.AET_ERROR_WORKFLOW_CONFIGURATION);
        }
        Map<String, Method> createMethodListeners = createMethodListeners(this.serviceLocator, domainConfiguration.getWorkflowMethods());
        this.methods = createMethodListeners;
        createFlow(logger, createMethodListeners);
    }

    private void createFlow(Logger logger, Map<String, Method> map) throws AETException {
        try {
            this.flow = XmlFlowBuilder.createFlowBuilder(this.workflowConfiguration, logger, this.domainConfiguration.isLogWorkflowStateChange()).registerMethodListeners(map).build();
        } catch (Exception e) {
            throw new AETException(ErrorCode.AET_ERROR_WORKFLOW, e);
        }
    }

    private Map<String, Method> createMethodListeners(ServiceLocator serviceLocator, Map<String, Method> map) {
        HashMap hashMap = new HashMap();
        hashMap.put("getCertificateForAuthentication", new GetCertificateForAuthentication(serviceLocator));
        hashMap.put("getCertificatesForSigning", new GetCertificatesForSigning(serviceLocator));
        hashMap.put("getSigningRequests", new GetSigningRequests(serviceLocator));
        hashMap.put("signRequestPKCS7", new SignRequestPKCS7(serviceLocator));
        hashMap.put("signRequestPKCS1", new SignRequestPKCS1(serviceLocator));
        hashMap.put("signRequestHash", new SignRequestHash(serviceLocator));
        hashMap.put("submitSignedRequest", new SubmitSignedRequest(serviceLocator));
        hashMap.put("submitRejectedRequest", new SubmitRejectedRequest(serviceLocator));
        hashMap.put("getRequestType", new GetRequestType(serviceLocator));
        hashMap.put("getDataToSign", new GetDataToSign(serviceLocator));
        hashMap.put("getUserName", new GetUsername(serviceLocator));
        hashMap.put("getSoftPinComplexity", new GetSoftPinComplexity(serviceLocator));
        hashMap.put("preEnrolled", new PreEnrolled(serviceLocator));
        hashMap.put("softEnroll", new SoftEnroll(serviceLocator));
        hashMap.put("importSoftEnroll", new ImportSoftEnroll(serviceLocator));
        hashMap.put("hasEnrolledPin", new HasEnrolledPin(serviceLocator));
        hashMap.put("setServerEnvironment", new SetServerEnvironment(serviceLocator));
        hashMap.put("importEnrollmentData", new ImportEnrollmentData(serviceLocator));
        hashMap.put("determineEnrollmentType", new DetermineEnrollmentType(serviceLocator));
        hashMap.put("hasPushRegistration", new HasPushRegistration(serviceLocator));
        hashMap.put("checkAndRegisterPushToken", new CheckAndRegisterPushToken(serviceLocator));
        hashMap.put("cacheAuthenticationPin", new CacheAuthenticationPin(serviceLocator));
        hashMap.put("canUseSigningPinCacheForAuthentication", new CanUseSigningPinCacheForAuthentication(serviceLocator));
        hashMap.put("canUseAuthenticationPinCacheForSigning", new CanUseAuthenticationPinCacheForSigning(serviceLocator));
        hashMap.put("clearWorkflowState", new ClearWorkflowState(serviceLocator));
        hashMap.put("createFilterForRequest", new CreateFilterForRequest(serviceLocator));
        hashMap.put("getCertificatesForPreEnrolled", new GetCertificatesForPreEnrolled(serviceLocator));
        hashMap.put("getCachedAuthenticationOrSigningPin", new GetCachedAuthenticationOrSigningPin(serviceLocator));
        hashMap.put("getCachedAuthenticationPin", new GetCachedAuthenticationPin(serviceLocator));
        hashMap.put("getCachedSigningPin", new GetCachedSigningPin(serviceLocator));
        hashMap.put("saveSelectedCertificateInStore", new SaveSelectedCertificateInStore(serviceLocator));
        hashMap.put("revokeCertificate", new RevokeCertificate(serviceLocator));
        hashMap.put("temporaryDisableCertificate", new TemporaryDisableCertificate(serviceLocator));
        hashMap.put("permanentDisableCertificate", new PermanentDisableCertificate(serviceLocator));
        hashMap.put("cacheSigningPin", new CacheSigningPin(serviceLocator));
        hashMap.put("getPinStateOfSoftStore", new GetPinStateOfSoftStore(serviceLocator));
        hashMap.put("getPinState", new GetPinstate(serviceLocator));
        hashMap.put(GetPinstate.GET_PIN_STATE_FOR_PRE_ENROLLED, new GetPinStateForPreEnrolled(serviceLocator));
        hashMap.put("reset", new Reset(serviceLocator));
        hashMap.put("bulkSignStart", new BulkSignStart(serviceLocator));
        hashMap.put("bulkSignStop", new BulkSignEnd(serviceLocator));
        hashMap.put("cacheSigningPinAfterSigning", new CacheSigningPin(serviceLocator));
        hashMap.put("handleRenewalRequest", new HandleRenewalRequest(serviceLocator));
        hashMap.put("handleSignRenewal", new HandleSignRenewal(serviceLocator));
        hashMap.put("handleRenewalPassword", new HandleRenewalPassword(serviceLocator));
        hashMap.put("handleRenewal", new HandleRenewal(serviceLocator));
        hashMap.putAll(map);
        return hashMap;
    }

    private ServiceLocator createServiceLocator(DomainConfiguration domainConfiguration, Logger logger, ProgressIndicator progressIndicator) throws AETException, IOException {
        File file = new File(this.activity.getDir("keystore", 0), KEYPAIRCACHE_TMP);
        EnrollmentStorageImpl enrollmentStorageImpl = new EnrollmentStorageImpl(this.activity.getDir("keystore", 0), new SecureElementPasswordImpl(this.activity), new File(this.activity.getDir("keystore", 0), ENROLLMENT_STORAGE_DIRECTORY), logger);
        SoftSecureElement softSecureElement = new SoftSecureElement(enrollmentStorageImpl, logger);
        AETSmartCardUtil aETSmartCardUtil = new AETSmartCardUtil(this.activity, logger);
        if (enrollmentStorageImpl.hasEnrolled()) {
            String stringSetting = AETSharedPreferencesUtil.getStringSetting(DomainConfiguration.SP_ENVIRONMENT_CODE, this.activity);
            if (stringSetting == null) {
                stringSetting = this.domainConfiguration.getDefaultEnvironmentCode();
                AETSharedPreferencesUtil.setStringSetting(DomainConfiguration.SP_ENVIRONMENT_CODE, stringSetting, this.activity);
                this.domainConfiguration.setEnvironmentCode(stringSetting);
            }
            if (domainConfiguration.setEnvironmentConfigs(stringSetting)) {
                logger.d(LOG, "Configs Loaded with Success!");
            } else {
                logger.e(LOG, "Failed to reload configs!");
            }
        }
        CertificateStore certificateStore = new CertificateStore(logger, softSecureElement, aETSmartCardUtil, enrollmentStorageImpl, domainConfiguration);
        EnrollmentServiceImpl enrollmentServiceImpl = new EnrollmentServiceImpl(domainConfiguration, logger, file, progressIndicator, enrollmentStorageImpl);
        PushRegistrationService pushRegistrationService = new PushRegistrationService(logger, enrollmentStorageImpl, domainConfiguration);
        return new ServiceLocator(certificateStore, logger, enrollmentStorageImpl, domainConfiguration, enrollmentServiceImpl, aETSmartCardUtil, new InMemoryPinCache(), new WorkflowStateService(new Runnable() { // from class: nl.aeteurope.mpki.Domain.2
            @Override // java.lang.Runnable
            public void run() {
                Domain.this.reset();
            }
        }, new Runnable() { // from class: nl.aeteurope.mpki.Domain.3
            @Override // java.lang.Runnable
            public void run() {
                Domain.this.flow.clearContext();
            }
        }), pushRegistrationService, progressIndicator);
    }

    private X509Certificate getEnrolledCertificate() {
        try {
            CertificateStore certificateStore = this.serviceLocator.getCertificateStore();
            CertificateCriteria parse = new FilterParser().parse("(usage=clientAuth)");
            parse.setCertificateOrigin(CertificateOrigin.ENROLLED);
            List<CertificateWithPrivateKeyReference> certificateWithPrivateKeys = certificateStore.getCertificateWithPrivateKeys(parse, null);
            if (certificateWithPrivateKeys != null && !certificateWithPrivateKeys.isEmpty()) {
                return certificateWithPrivateKeys.get(0).getCertificate();
            }
            return null;
        } catch (Exception e) {
            this.logger.e(LOG, "Error during getCertificateExpirationDate", e);
            return null;
        }
    }

    private String getFirstValueFromRDNs(RDN[] rdnArr) {
        if (rdnArr.length == 0) {
            return "";
        }
        RDN rdn = rdnArr[0];
        return rdn.size() == 0 ? "" : rdn.getFirst().getValue().toString();
    }

    private boolean isWorkFlowConfigurationSetupValid() {
        return this.domainConfiguration.isDomainConfigurationValid() && this.workflowConfiguration != null;
    }

    private void loadWorkFlowStream() {
        this.workflowConfiguration = this.activity.getResources().openRawResource(this.domainConfiguration.getWorkflowResourceId().intValue());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void reset() {
        try {
            invalidatePinCaches();
            this.serviceLocator.getEnrollmentStorage().reset();
            restart();
        } catch (AETException e) {
            this.errorCallBack.handle(e);
        }
    }

    private void startAsync(final ErrorCallback errorCallback) {
        Executors.newFixedThreadPool(1).execute(new Runnable() { // from class: nl.aeteurope.mpki.Domain.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    Domain.this.flow.start();
                } catch (Exception e) {
                    Log.e(Domain.LOG, "Exception occurred starting the workflow", e);
                    errorCallback.handle((AETException) e);
                }
            }
        });
    }

    public String exportEnrollment(String str, String str2, String str3, String str4) {
        return this.serviceLocator.getEnrollmentStorage().exportEnrollment(str, str2, str3, str4);
    }

    public Hashtable<String, String> getCertificateInformation() {
        Hashtable<String, String> hashtable = new Hashtable<>();
        X509Certificate enrolledCertificate = getEnrolledCertificate();
        if (enrolledCertificate == null) {
            return null;
        }
        hashtable.put("expirationDate", DateFormat.getLongDateFormat(this.activity.getApplicationContext()).format(enrolledCertificate.getNotAfter()));
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(enrolledCertificate);
            hashtable.put("commonName", getFirstValueFromRDNs(jcaX509CertificateHolder.getSubject().getRDNs(BCStyle.CN)));
            hashtable.put("issuerCommonName", getFirstValueFromRDNs(jcaX509CertificateHolder.getIssuer().getRDNs(BCStyle.CN)));
            hashtable.put("issuerOrganization", getFirstValueFromRDNs(jcaX509CertificateHolder.getIssuer().getRDNs(BCStyle.O)));
        } catch (CertificateEncodingException unused) {
            hashtable.put("commonName", "");
            hashtable.put("issuerCommonName", "");
            hashtable.put("issuerOrganization", "");
        }
        return hashtable;
    }

    public String getEnrolledOptPrefix() {
        return this.domainConfiguration.getEnvironmentCode();
    }

    public String getEnrolledUsername() {
        return this.serviceLocator.getEnrollmentStorage().getUsername();
    }

    public String getVersion() {
        return VersionLibAET.getVersion() + " ; " + VersionLibAET.getGitCommit();
    }

    public void invalidatePinCaches() {
        this.serviceLocator.getPinCache().invalidateAuthenticationPin();
        this.serviceLocator.getPinCache().invalidateSigningPin();
    }

    public void restart() throws AETException {
        if (this.errorCallBack == null) {
            throw new IllegalStateException("This method can only be called if start was called first");
        }
        this.flow.deactivate();
        loadWorkFlowStream();
        createFlow(this.logger, this.methods);
        startAsync(this.errorCallBack);
    }

    public void start(ErrorCallback errorCallback) throws AETException {
        this.errorCallBack = errorCallback;
        CertificateCriteria certificateCriteria = new CertificateCriteria();
        certificateCriteria.setCertificateOrigin(CertificateOrigin.ENROLLED);
        try {
            for (CertificateWithPrivateKeyReference certificateWithPrivateKeyReference : this.serviceLocator.getCertificateStore().getCertificateWithPrivateKeys(certificateCriteria, null)) {
                if (certificateWithPrivateKeyReference.isDontUseTemporarily()) {
                    certificateWithPrivateKeyReference.setDontUseTemporarily(false);
                    this.serviceLocator.getEnrollmentStorage().updateCertificateMetadata(certificateWithPrivateKeyReference);
                }
            }
        } catch (IncorrectPasswordException | MissingIdentityException e) {
            this.logger.e(LOG, "Error during resetting of temporary disabled certificates", e);
        }
        startAsync(errorCallback);
    }

    public void unregisterFCMToken() {
        this.serviceLocator.getEnrollmentStorage().safePushToken(null);
    }
}
