package c.d.a.a.d;

import android.content.Context;
import com.sophos.jsceplib.ScepException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public abstract class b extends com.sophos.cloud.core.command.a {
    public static final String ACT_ERROR_ALREADY_MANAGED = "device_already_managed";
    public static final String ACT_ERROR_NO_LICENSE = "not_licensed";
    public static final String ACT_ERROR_VERSION_TOO_LOW = "os_version_too_low";
    public static final String ACT_HOME_LIMIT_REACHED = " home_device_limit_reached";
    public static final String ACT_HOME_MULTIPLE_ENROLLMENT = "home_multiple_enrollment";
    public static final String CHECKING_URL_PART = "/checkin";
    protected static final String CLIENT_API_PART = "/client-api";
    public static final String ENROLL_URL_PART = "/enroll";
    public static final String TAG = "REST";
    private c.d.a.a.c.b mActivationResData;
    private boolean mCloudClient;
    private String mEmail;
    private boolean mIsFirstEnrolledApp;
    private boolean mMtdClient;
    private int mResIdErrorString;
    private c.d.a.a.c.e mRestConfig;
    private String mServerUrl;
    private boolean mSetBearer;
    private boolean mSetXConfigurationToken;
    private String mSignature;
    private String mToken;
    private boolean mUseUnSecuredSSL;
    private static final Set<c.d.a.a.c.i> sScepPreProcessors = new HashSet();
    private static final Set<c.d.a.a.c.h> sActivationPostProcessors = new HashSet();
    private static final Set<c.d.a.a.c.i> sActivationPreProcessors = new HashSet();

    public b(Context context) {
        super(context);
        this.mActivationResData = null;
        this.mResIdErrorString = c.d.a.a.a.enrollment_no_communication;
        this.mCloudClient = true;
        this.mMtdClient = false;
        this.mUseUnSecuredSSL = false;
        this.mSetXConfigurationToken = false;
    }

    public static void addActivationPostProcessor(c.d.a.a.c.h hVar) {
        synchronized (sActivationPostProcessors) {
            sActivationPostProcessors.add(hVar);
        }
    }

    public static void addActivationPreProcessor(c.d.a.a.c.i iVar) {
        synchronized (sActivationPreProcessors) {
            sActivationPreProcessors.add(iVar);
        }
    }

    public static void addScepPreProcessor(c.d.a.a.c.i iVar) {
        synchronized (sScepPreProcessors) {
            sScepPreProcessors.add(iVar);
        }
    }

    private void callPostProcessor(int i) {
        synchronized (sActivationPostProcessors) {
            Iterator<c.d.a.a.c.h> it = sActivationPostProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a(i);
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.d.d("REST", "Calling Post Processor failed.", e2);
                }
            }
        }
    }

    private void callPreProcessor() {
        synchronized (sActivationPreProcessors) {
            Iterator<c.d.a.a.c.i> it = sActivationPreProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.d.d("REST", "Calling Pre Processor failed", e2);
                }
            }
        }
    }

    private void callScepPreProcessor() {
        synchronized (sScepPreProcessors) {
            Iterator<c.d.a.a.c.i> it = sScepPreProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.d.d("REST", "Calling SCEP Pre Processor failed.", e2);
                }
            }
        }
    }

    private int postRequestToServerCloud(j jVar, JSONObject jSONObject) {
        return jVar.a(getCloudActivationUrl(), this.mSignature, jSONObject);
    }

    private int postRequestToServerCloudMtd(j jVar, JSONObject jSONObject) {
        return jVar.a(getCloudMtdActivationUrl(), this.mSignature, jSONObject);
    }

    private int postRequestToServerSmc(j jVar, JSONObject jSONObject) {
        int a2 = jVar.a(getSmcActivationUrl(), this.mSignature, jSONObject);
        if (a2 == 200 || !jVar.c()) {
            return a2;
        }
        com.sophos.smsec.core.smsectrace.d.c("REST", "Let's try unsecured SSL!");
        jVar.a(true);
        int a3 = jVar.a(getSmcActivationUrl(), this.mSignature, jSONObject);
        this.mUseUnSecuredSSL = true;
        return a3;
    }

    public static void removeActivationPostProcessor(c.d.a.a.c.h hVar) {
        synchronized (sActivationPostProcessors) {
            sActivationPostProcessors.remove(hVar);
        }
    }

    public static void removeActivationPreProcessor(c.d.a.a.c.i iVar) {
        synchronized (sActivationPreProcessors) {
            sActivationPreProcessors.remove(iVar);
        }
    }

    public static void removeScepPreProcessor(c.d.a.a.c.i iVar) {
        synchronized (sScepPreProcessors) {
            sScepPreProcessors.remove(iVar);
        }
    }

    public abstract JSONObject buildActivationJson() throws JSONException, SecurityException;

    public boolean detectFirstEnrolledApp() {
        try {
            if (this.mRestConfig.getCertificateSubjectCn() == null || this.mRestConfig.getCertificateSubjectCn().length() <= 0 || this.mRestConfig.getCertificateSubjectO() == null) {
                return true;
            }
            return this.mRestConfig.getCertificateSubjectO().length() <= 0;
        } catch (NullPointerException unused) {
            com.sophos.smsec.core.smsectrace.d.b("REST", "NPE while reading REST config. assuming empty values.");
            return true;
        }
    }

    @Override // com.sophos.cloud.core.command.a
    public int doExecute() {
        callPreProcessor();
        this.mRestConfig = loadRestConfig();
        this.mEmail = this.mRestConfig.getActivationEmail();
        this.mToken = this.mRestConfig.getActivationSecCode();
        this.mServerUrl = this.mRestConfig.getActivationServer();
        if (runCloudActivation()) {
            com.sophos.smsec.core.smsectrace.d.c("REST", "Cloud activation finished successfully.");
            onActivationSuccess();
            callPostProcessor(0);
            finish(0);
            return 0;
        }
        com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation failed");
        onActivationFailure();
        callPostProcessor(-2);
        finish(-2);
        return -2;
    }

    public abstract String getActivationProtocol();

    public abstract c.d.a.a.c.b getActivationResponseParser();

    public String getCloudActivationUrl() {
        if (this.mIsFirstEnrolledApp) {
            return "https://" + this.mServerUrl + ENROLL_URL_PART + "/" + this.mToken + CHECKING_URL_PART;
        }
        return "https://" + this.mServerUrl + ENROLL_URL_PART + CHECKING_URL_PART + "/" + this.mRestConfig.getDeviceId();
    }

    public String getCloudMtdActivationUrl() {
        return this.mServerUrl;
    }

    public String getEmail() {
        return this.mEmail;
    }

    public int getErrorString() {
        return this.mResIdErrorString;
    }

    public c.d.a.a.c.e getRestConfig() {
        return this.mRestConfig;
    }

    public String getServerUrl() {
        return this.mServerUrl;
    }

    public String getSmcActivationUrl() {
        String str;
        if (this.mIsFirstEnrolledApp) {
            str = "https://" + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + "/" + this.mToken + CHECKING_URL_PART;
        } else {
            str = "https://" + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + CHECKING_URL_PART + "/" + this.mRestConfig.getDeviceId();
        }
        com.sophos.smsec.core.smsectrace.d.b("REST", "URL: " + str + " first: " + this.mIsFirstEnrolledApp);
        return str;
    }

    public String getToken() {
        return this.mToken;
    }

    public boolean isCloudClient() {
        return a.e(this.mRestConfig.getActivationSecCode());
    }

    public boolean isFirstEnrolledApp() {
        return this.mIsFirstEnrolledApp;
    }

    public boolean isMtdClient() {
        return this.mMtdClient;
    }

    public abstract c.d.a.a.c.e loadRestConfig();

    public abstract void onActivationFailure();

    public abstract void onActivationSuccess();

    public void onPreScep() {
    }

    public int postRequestToServer(j jVar, JSONObject jSONObject) {
        return this.mCloudClient ? isMtdClient() ? postRequestToServerCloudMtd(jVar, jSONObject) : postRequestToServerCloud(jVar, jSONObject) : postRequestToServerSmc(jVar, jSONObject);
    }

    public boolean runCloudActivation() {
        this.mIsFirstEnrolledApp = detectFirstEnrolledApp();
        this.mCloudClient = isCloudClient();
        try {
            JSONObject buildActivationJson = buildActivationJson();
            if (this.mIsFirstEnrolledApp) {
                this.mUseUnSecuredSSL = false;
            } else {
                this.mSignature = h.a(getContext(), this.mRestConfig, buildActivationJson);
                if (this.mSignature == null) {
                    com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud sync failed. Cannot create signature sync failed");
                    return false;
                }
                this.mUseUnSecuredSSL = this.mRestConfig.useUnsecuredSSL();
            }
            j jVar = new j(getContext(), this.mRestConfig, this.mUseUnSecuredSSL, getActivationProtocol());
            if (this.mSetXConfigurationToken) {
                jVar.b(this.mToken);
            }
            if (this.mSetBearer) {
                jVar.a(this.mRestConfig.getActivationSecCode());
            }
            int postRequestToServer = postRequestToServer(jVar, buildActivationJson);
            if (postRequestToServer != 200 || jVar.a() == null) {
                com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation. failed. Cannot post activation package. Status: " + postRequestToServer);
                if (postRequestToServer == 403) {
                    setErrorString(jVar.a());
                } else if (postRequestToServer == 410) {
                    this.mResIdErrorString = c.d.a.a.a.enrollment_old_activation_data;
                } else if (jVar.b()) {
                    this.mResIdErrorString = c.d.a.a.a.error_cert_pinning;
                } else {
                    this.mResIdErrorString = c.d.a.a.a.enrollment_no_communication;
                }
                return false;
            }
            try {
                this.mActivationResData = getActivationResponseParser();
                this.mActivationResData.parseBody(jVar.a());
                onPreScep();
                callScepPreProcessor();
                if (!this.mIsFirstEnrolledApp || !this.mActivationResData.areScepDataPresent()) {
                    return true;
                }
                p pVar = new p(this.mRestConfig, this.mUseUnSecuredSSL);
                com.sophos.jsceplib.b bVar = new com.sophos.jsceplib.b(getContext(), this.mActivationResData.getScepUrl(), this.mActivationResData.getCommonName(), this.mActivationResData.getOrganisation(), this.mRestConfig.getUniqueAppId());
                try {
                    com.sophos.jsceplib.b.a(pVar);
                    bVar.a(this.mActivationResData.getKeyUsage());
                    bVar.a();
                    return bVar.a(this.mActivationResData.getChallenge());
                } catch (ScepException e2) {
                    com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation. failed. Cannot enroll communication certificate.", e2);
                    return false;
                }
            } catch (JSONException e3) {
                com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation. failed. Cannot decode activation response", e3);
                return false;
            }
        } catch (SecurityException e4) {
            com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation failed. Cannot get activation data.", e4);
            return false;
        } catch (JSONException e5) {
            com.sophos.smsec.core.smsectrace.d.b("REST", "Cloud activation failed. Cannot build activation JSON.", e5);
            return false;
        }
    }

    public void setAuthorizationBearer(boolean z) {
        this.mSetBearer = z;
    }

    public void setEmail(String str) {
        this.mEmail = str;
    }

    protected void setErrorString(JSONObject jSONObject) {
        this.mResIdErrorString = c.d.a.a.a.enrollment_no_communication;
        if (jSONObject != null) {
            boolean optBoolean = jSONObject.optBoolean(ACT_ERROR_ALREADY_MANAGED);
            boolean optBoolean2 = jSONObject.optBoolean(ACT_ERROR_NO_LICENSE);
            boolean optBoolean3 = jSONObject.optBoolean(ACT_ERROR_VERSION_TOO_LOW);
            boolean optBoolean4 = jSONObject.optBoolean(ACT_HOME_LIMIT_REACHED);
            boolean optBoolean5 = jSONObject.optBoolean(ACT_HOME_MULTIPLE_ENROLLMENT);
            if (optBoolean) {
                this.mResIdErrorString = c.d.a.a.a.enrollment_already_managed;
                return;
            }
            if (optBoolean2) {
                this.mResIdErrorString = c.d.a.a.a.enrollment_no_license;
                return;
            }
            if (optBoolean3) {
                this.mResIdErrorString = c.d.a.a.a.enrollment_version_to_low;
            } else if (optBoolean4) {
                this.mResIdErrorString = c.d.a.a.a.enrollment_device_limit_reached;
            } else if (optBoolean5) {
                this.mResIdErrorString = c.d.a.a.a.enrollment_multiple_devices;
            }
        }
    }

    public void setMtdClient(boolean z) {
        this.mMtdClient = z;
    }

    public void setResIdErrorString(int i) {
        this.mResIdErrorString = i;
    }

    public void setRestConfig(c.d.a.a.c.e eVar) {
        this.mRestConfig = eVar;
    }

    public void setServerUrl(String str) {
        this.mServerUrl = str;
    }

    public void setToken(String str) {
        this.mToken = str;
    }

    public void setXConfigurationToken(boolean z) {
        this.mSetXConfigurationToken = z;
    }

    public boolean useUnsecuredSSL() {
        return this.mUseUnSecuredSSL;
    }
}
