package com.samsung.android.email.provider.policy.controller;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.os.RemoteException;
import android.os.UserHandle;
import android.text.TextUtils;
import com.samsung.android.email.DaggerEmailComponent;
import com.samsung.android.email.common.newsecurity.smime.SMIMEControllerWrapper;
import com.samsung.android.email.common.util.SemCertificateUtil;
import com.samsung.android.emailcommon.account.StoredAccount;
import com.samsung.android.emailcommon.basic.log.LogUtility;
import com.samsung.android.emailcommon.basic.log.SemPolicyLog;
import com.samsung.android.emailcommon.basic.service.ProxyArgs;
import com.samsung.android.emailcommon.newsecurity.MDMPolicyConst;
import com.samsung.android.emailcommon.preferences.UpgradeAccountPreference;
import com.samsung.android.emailcommon.provider.HostAuth;
import com.samsung.android.knox.util.SemKeyStoreManager;
import java.io.FileOutputStream;
import java.io.IOException;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class CbaCertificateController {
    private final String TAG = CbaCertificateController.class.getSimpleName();
    private final Context mContext;

    @Inject
    PackageManager mPackageManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public CbaCertificateController(Context context) {
        this.mContext = context;
        DaggerEmailComponent.factory().create(context).inject(this);
    }

    private String importCertificateData(byte[] bArr, String str) {
        Bundle importCertificateByByteData = SMIMEControllerWrapper.getInstance().importCertificateByByteData(str, bArr);
        if (importCertificateByByteData != null) {
            return importCertificateByByteData.getString(ProxyArgs.ARG_ALIAS);
        }
        return null;
    }

    private String installCbaCertificateData(String str, byte[] bArr, String str2, String str3) {
        if (bArr == null || StringUtils.isEmpty(str2)) {
            SemPolicyLog.e("%s::installCbaCertificate() - Wrong certificate data! return null!", LogUtility.getSecureAddress(str));
            return null;
        }
        String str4 = str3 + ".p12";
        Object[] objArr = new Object[6];
        objArr[0] = this.TAG;
        objArr[1] = bArr;
        objArr[2] = TextUtils.isEmpty(str2) ? "" : "********";
        objArr[3] = LogUtility.getSecureAddress(str);
        objArr[4] = str4;
        objArr[5] = false;
        SemPolicyLog.d("%s::installCertificate() - data[%s], password[%s], emailAddress[%s], fileName[%s], isRestrictionsAccount[%s]", objArr);
        makeCertificateFile(bArr, str4);
        if (!SemCertificateUtil.canInstallCertificate(this.mContext)) {
            SemPolicyLog.w("%s::installCertificate() - can't install certificate. Save the certificate file", this.TAG);
            UpgradeAccountPreference.getInstance(this.mContext).setMDMCBACertPref(str3, str2, str4);
            return null;
        }
        String importCertificateData = importCertificateData(bArr, str2);
        if (importCertificateData != null) {
            requestKnoxEmailPermission();
            this.mContext.deleteFile(str4);
        }
        SemPolicyLog.i("%s::installCertificate() - certificate installed alias[%s]", this.TAG, importCertificateData);
        return importCertificateData;
    }

    private void makeCertificateFile(byte[] bArr, String str) {
        try {
            FileOutputStream openFileOutput = this.mContext.openFileOutput(str, 0);
            try {
                openFileOutput.write(bArr);
                openFileOutput.flush();
                if (openFileOutput != null) {
                    openFileOutput.close();
                }
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private void requestKnoxEmailPermission() {
        Intent intent = new Intent("com.samsung.android.knox.intent.action.CBA_INSTALL_STATUS_INTERNAL");
        intent.putExtra("com.samsung.android.knox.intent.extra.STATUS", 0);
        intent.putExtra("com.samsung.android.knox.intent.extra.USER_ID_INTERNAL", UserHandle.semGetMyUserId());
        intent.putExtra("com.samsung.android.knox.intent.extra.ACCOUNT_ID_INTERNAL", -1);
        this.mContext.sendBroadcast(intent, MDMPolicyConst.KNOX_EMAIL_PERMISSION);
    }

    public String getCbaCertificateAlias(String str, byte[] bArr, String str2, StoredAccount storedAccount, boolean z) {
        if (z) {
            str = HostAuth.USE_KERBEROS_TOKEN;
        }
        if (StringUtils.isEmpty(str)) {
            return installCbaCertificateData(storedAccount.getEmail(), bArr, str2, storedAccount.getUuid());
        }
        grantAccessToAlias(str);
        return str;
    }

    void grantAccessToAlias(String str) {
        PackageManager packageManager;
        SemKeyStoreManager semKeyStoreManager = SemKeyStoreManager.getInstance();
        if (semKeyStoreManager == null || (packageManager = this.mPackageManager) == null) {
            SemPolicyLog.e("%s::grantAccessToAlias() - Can't grant grant for alias[%s]!!", this.TAG, str);
            return;
        }
        try {
            semKeyStoreManager.grantAccess(packageManager.getApplicationInfo("com.samsung.android.email.provider", 128).uid, str);
        } catch (PackageManager.NameNotFoundException | RemoteException e) {
            SemPolicyLog.e("%s::grantAccessToAlias() - Can't grant for alias[%s]!!", this.TAG, str);
            e.printStackTrace();
        }
        SemPolicyLog.i("%s::grantAccessToAlias() - granted for alias[%s]", this.TAG, str);
    }
}
