package com.citrix.MAM.Android.ManagedAppHelper;

import android.text.TextUtils;
import android.util.Log;
import com.citrix.client.CtxIoUtils;
import com.citrix.client.SectionStrings;
import com.citrix.client.authmanager.accessgateway.networking.HttpHelper;
import com.citrix.client.authmanager.storefront.AuthFromPrimaryToken;
import com.citrix.client.authmanager.storefront.CitrixAuthChallenge;
import com.citrix.client.authmanager.storefront.StorefrontAuthResult;
import com.citrix.client.authmanager.storefront.StorefrontInformation;
import com.citrix.client.deliveryservices.devicemanagement.DeviceManagementUtility;
import com.citrix.client.deliveryservices.utilities.DeliveryServicesException;
import com.citrix.client.httputilities.HttpConstants;
import com.citrix.client.pnagent.enums.AsyncTaskStatus;
import com.citrix.client.pnagent.profiledata.ProfileData;
import com.citrix.client.profilemanager.ProfileDatabase;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import javax.net.ssl.SSLException;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathExpressionException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.CircularRedirectException;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.xml.sax.SAXException;

/* loaded from: classes.dex */
public class EncryptionKeyManager {
    private static final String TAG = "EncryptionKeyManager";
    private String citrixDeviceId;
    private String citrixDeviceToken;
    private boolean enableLogging;
    HttpClient httpClient;
    private URI keyManagementServiceAddressOrig;
    private URI keyManagementServiceAddressRewrite;
    private MAMAuthInfo mamAuthInfo;
    private String mamKey1;
    private String mamKey2;
    private boolean needAuthentication;
    private int numberOfVaultServers;
    private ProfileData profileData;
    public boolean retrieveKeyFlag;
    private String secretVaultServerUrl1;
    private String secretVaultServerUrl2;
    private String sfToken;
    private String token;
    private String vaultName;

    /* loaded from: classes.dex */
    private class MamEncryptionKeyDestroyThread extends Thread {
        private static final String TAG = "MamEncryptionKeyDestroyTask";
        String deleteKeyAddress;
        boolean rtrn = false;
        String vaultName;

        public MamEncryptionKeyDestroyThread(String str, String str2) {
            this.deleteKeyAddress = str;
            this.vaultName = str2;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            HttpPost httpPost = new HttpPost(EncryptionKeyManager.this.rewriteUrl(this.deleteKeyAddress + DeviceManagementUtility.DEVICE_DELETE_KEY_ADDRESS_ENDPOINT_SUFFIX));
            httpPost.setHeader("Authorization", EncryptionKeyManager.this.sfToken == null ? EncryptionKeyManager.this.token : EncryptionKeyManager.this.sfToken);
            httpPost.addHeader(DeviceManagementUtility.DEVICE_ID_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceId);
            httpPost.addHeader(DeviceManagementUtility.DEVICE_TOKEN_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceToken);
            httpPost.setHeader("Content-Type", "message/http");
            EncryptionKeyManager.this.addHeadersForAG(httpPost);
            try {
                httpPost.setEntity(new StringEntity(this.vaultName));
                HttpResponse httpResponse = null;
                try {
                    try {
                        try {
                            httpResponse = EncryptionKeyManager.this.httpClient.execute(httpPost);
                            if (httpResponse.getStatusLine().getStatusCode() == 200) {
                                this.rtrn = true;
                            }
                        } catch (IOException e) {
                            if (EncryptionKeyManager.this.enableLogging) {
                                Log.i(TAG, "Locating Vault Servers,Error Code 6");
                            }
                            if (httpResponse != null) {
                                try {
                                    httpResponse.getEntity().consumeContent();
                                } catch (IOException e2) {
                                    e2.printStackTrace();
                                }
                            }
                        }
                    } catch (ClientProtocolException e3) {
                        if (EncryptionKeyManager.this.enableLogging) {
                            Log.i(TAG, "Locating Vault Servers,Error Code 5");
                        }
                        if (httpResponse != null) {
                            try {
                                httpResponse.getEntity().consumeContent();
                            } catch (IOException e4) {
                                e4.printStackTrace();
                            }
                        }
                    }
                } finally {
                    if (0 != 0) {
                        try {
                            httpResponse.getEntity().consumeContent();
                        } catch (IOException e5) {
                            e5.printStackTrace();
                        }
                    }
                }
            } catch (UnsupportedEncodingException e6) {
                e6.printStackTrace();
            }
            EncryptionKeyManager.this.logDebug("MamEncryptionKeyDestroyThread time = " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class MamEncryptionKeyRetrieverThread extends Thread {
        private static final String TAG = "MamEncryptionKeyRetrieverTask";
        String decodedMAMKey = null;
        String vaultName;
        String vaultServerAddress;

        public MamEncryptionKeyRetrieverThread(String str, String str2) {
            this.vaultServerAddress = str;
            this.vaultName = str2;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            HttpPost httpPost = new HttpPost(EncryptionKeyManager.this.rewriteUrl(this.vaultServerAddress + DeviceManagementUtility.DEVICE_RETRIEVE_KEY_ADDRESS_ENDPOINT_SUFFIX));
            httpPost.setHeader("Authorization", EncryptionKeyManager.this.sfToken == null ? EncryptionKeyManager.this.token : EncryptionKeyManager.this.sfToken);
            httpPost.addHeader(DeviceManagementUtility.DEVICE_ID_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceId);
            httpPost.addHeader(DeviceManagementUtility.DEVICE_TOKEN_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceToken);
            httpPost.addHeader(DeviceManagementUtility.DEVICE_X_CITRIX_KMS_CREATE_HEADER_KEY, SectionStrings.INI_TRUE);
            httpPost.setHeader("Content-Type", "message/http");
            EncryptionKeyManager.this.addHeadersForAG(httpPost);
            try {
                httpPost.setEntity(new StringEntity(this.vaultName));
                HttpResponse execute = EncryptionKeyManager.this.httpClient.execute(httpPost);
                if (execute.getStatusLine().getStatusCode() == 200) {
                    HttpEntity entity = execute.getEntity();
                    try {
                        InputStream content = entity.getContent();
                        this.decodedMAMKey = CtxIoUtils.toString(content);
                        content.close();
                        if (EncryptionKeyManager.this.enableLogging) {
                            if (this.decodedMAMKey != null) {
                                Log.i(TAG, "MAM key retrieved successfully");
                            } else {
                                Log.e(TAG, "MAM key retrieved failed");
                            }
                        }
                    } catch (IOException e) {
                        e.printStackTrace();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                    } finally {
                        entity.consumeContent();
                    }
                }
            } catch (UnsupportedEncodingException e3) {
                e3.printStackTrace();
            } catch (ClientProtocolException e4) {
                e4.printStackTrace();
            } catch (IOException e5) {
                e5.printStackTrace();
            }
            EncryptionKeyManager.this.logDebug("MamEncryptionKeyRetrieverThread time = " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
        }
    }

    /* loaded from: classes.dex */
    public class ServerUrlRetrieverThread extends Thread {
        private boolean bSucceeded = false;

        public ServerUrlRetrieverThread() {
        }

        private StorefrontAuthResult getTokenFromToken(StorefrontInformation storefrontInformation, CitrixAuthChallenge citrixAuthChallenge) {
            EncryptionKeyManager.this.logDebug("getTokenFromToken entry");
            StorefrontAuthResult storefrontAuthResult = new StorefrontAuthResult();
            try {
                storefrontAuthResult.secondaryToken = AuthFromPrimaryToken.getSecondaryToken(citrixAuthChallenge, storefrontInformation.primaryToken, storefrontInformation.tokenManager, storefrontInformation.agAuthInfo, storefrontInformation.deviceMgmtInfo.deviceId, EncryptionKeyManager.this.httpClient);
                storefrontAuthResult.status = AsyncTaskStatus.StatusSuccess;
            } catch (DeliveryServicesException e) {
                storefrontAuthResult.status = e.getErrorCode();
            } catch (IOException e2) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusIOException;
            } catch (IllegalStateException e3) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusErrorOther;
            } catch (SSLException e4) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusSSLException;
            } catch (ParserConfigurationException e5) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusParserConfigurationException;
            } catch (TransformerException e6) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusTransformerException;
            } catch (XPathExpressionException e7) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusXPathException;
            } catch (ClientProtocolException e8) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusIOException;
            } catch (SAXException e9) {
                storefrontAuthResult.status = AsyncTaskStatus.StatusSAXException;
            }
            EncryptionKeyManager.this.logDebug("getTokenFromToken exit result = " + storefrontAuthResult.status);
            return storefrontAuthResult;
        }

        private void handleChallenge(CitrixAuthChallenge citrixAuthChallenge) {
            StorefrontInformation storefrontInformation = EncryptionKeyManager.this.profileData.m_dsInfo;
            if (storefrontInformation == null) {
                EncryptionKeyManager.this.logError("handleChallenge: No Storefront information");
                return;
            }
            if (storefrontInformation.primaryToken.getToken() == null) {
                EncryptionKeyManager.this.logError("handleChallenge: No primary token");
                return;
            }
            EncryptionKeyManager.this.logInfo("Calling getTokenFromToken");
            StorefrontAuthResult tokenFromToken = getTokenFromToken(storefrontInformation, citrixAuthChallenge);
            if (tokenFromToken.status != AsyncTaskStatus.StatusSuccess || tokenFromToken.secondaryToken == null || TextUtils.isEmpty(tokenFromToken.secondaryToken.getToken())) {
                return;
            }
            EncryptionKeyManager.this.logInfo("got a secondary token");
            EncryptionKeyManager.this.sfToken = "CitrixAuth " + tokenFromToken.secondaryToken.getToken();
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            runWithToken(EncryptionKeyManager.this.token);
            if (this.bSucceeded || EncryptionKeyManager.this.sfToken == null) {
                return;
            }
            runWithToken(EncryptionKeyManager.this.sfToken);
        }

        public void runWithToken(String str) {
            long currentTimeMillis = System.currentTimeMillis();
            if (EncryptionKeyManager.this.keyManagementServiceAddressRewrite == null || str == null || (EncryptionKeyManager.this.citrixDeviceId == null && EncryptionKeyManager.this.citrixDeviceToken == null)) {
                EncryptionKeyManager.this.logError("Could not find all information to locate vault servers");
            } else {
                EncryptionKeyManager.this.logInfo("Locating Vault Servers with token '" + str + "'");
                HttpPost httpPost = new HttpPost(EncryptionKeyManager.this.keyManagementServiceAddressRewrite);
                httpPost.setHeader("Authorization", str);
                httpPost.addHeader(DeviceManagementUtility.DEVICE_ID_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceId);
                httpPost.addHeader(DeviceManagementUtility.DEVICE_TOKEN_HEADER_KEY, EncryptionKeyManager.this.citrixDeviceToken);
                httpPost.setHeader("Content-Type", "message/http");
                EncryptionKeyManager.this.addHeadersForAG(httpPost);
                try {
                    HttpResponse execute = EncryptionKeyManager.this.httpClient.execute(httpPost);
                    int statusCode = execute.getStatusLine().getStatusCode();
                    if (statusCode == 200) {
                        HttpEntity entity = execute.getEntity();
                        try {
                            InputStream content = entity.getContent();
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(content));
                            EncryptionKeyManager.this.numberOfVaultServers = Integer.parseInt(bufferedReader.readLine());
                            EncryptionKeyManager.this.secretVaultServerUrl1 = bufferedReader.readLine();
                            EncryptionKeyManager.this.secretVaultServerUrl2 = bufferedReader.readLine();
                            EncryptionKeyManager.this.logInfo("Vault servers located successfully");
                            this.bSucceeded = true;
                            bufferedReader.close();
                            content.close();
                        } catch (Exception e) {
                            if (EncryptionKeyManager.this.enableLogging) {
                                Log.i(EncryptionKeyManager.TAG, "Locating Vault Servers,Error Code 2");
                            }
                        } catch (IOException e2) {
                            if (EncryptionKeyManager.this.enableLogging) {
                                Log.i(EncryptionKeyManager.TAG, "Locating Vault Servers,Error Code 1");
                            }
                        } finally {
                            entity.consumeContent();
                        }
                    } else {
                        EncryptionKeyManager.this.logError("Locating Vault Servers, server returned status " + statusCode);
                        try {
                            CitrixAuthChallenge Parse = CitrixAuthChallenge.Parse(execute, EncryptionKeyManager.this.keyManagementServiceAddressOrig);
                            if (Parse != null && EncryptionKeyManager.this.profileData != null) {
                                EncryptionKeyManager.this.logInfo("Handling a CitrixAuthChallenge");
                                handleChallenge(Parse);
                            }
                        } catch (DeliveryServicesException e3) {
                            EncryptionKeyManager.this.logError("Apparently not a CitrixAuthChallenge...");
                        } catch (Exception e4) {
                            EncryptionKeyManager.this.logError("Exception while checking/handling challenge");
                        }
                    }
                } catch (ClientProtocolException e5) {
                    if (EncryptionKeyManager.this.enableLogging) {
                        if (e5.getCause() instanceof CircularRedirectException) {
                            Log.i(EncryptionKeyManager.TAG, "Locating Vault Servers,Error Code 3.1");
                        } else {
                            Log.i(EncryptionKeyManager.TAG, "Locating Vault Servers,Error Code 3.2");
                        }
                    }
                } catch (IOException e6) {
                    if (EncryptionKeyManager.this.enableLogging) {
                        Log.i(EncryptionKeyManager.TAG, "Locating Vault Servers,Error Code 4");
                    }
                }
            }
            EncryptionKeyManager.this.logDebug("setSecretVaultServers = " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
        }
    }

    public EncryptionKeyManager(ProfileData profileData, int i, ProfileDatabase profileDatabase, MAMAuthInfo mAMAuthInfo, String str, HttpClient httpClient, boolean z) {
        String str2 = null;
        this.needAuthentication = true;
        if (mAMAuthInfo == null) {
            if (z) {
                Log.e(TAG, "no authInfo");
            }
        } else if (mAMAuthInfo.primaryToken.getToken() != null) {
            str2 = mAMAuthInfo.primaryToken.getToken();
            if (str2 != null) {
                this.needAuthentication = false;
            } else if (z) {
                Log.e(TAG, "authInfo.primaryToken has no token");
            }
        } else if (z) {
            Log.e(TAG, "authInfo has no primaryToken");
        }
        int deviceManagementId = profileDatabase.getDeviceManagementId(i);
        this.citrixDeviceId = profileDatabase.getDeviceId(deviceManagementId);
        this.citrixDeviceToken = profileDatabase.getDeviceToken(deviceManagementId);
        this.keyManagementServiceAddressOrig = null;
        this.keyManagementServiceAddressRewrite = null;
        if (str2 != null) {
            this.token = "CitrixAuth " + str2;
        }
        this.vaultName = str;
        this.httpClient = httpClient;
        this.mamAuthInfo = mAMAuthInfo;
        this.profileData = profileData;
        this.enableLogging = z;
        try {
            String keyManagementServiceAddress = profileDatabase.getKeyManagementServiceAddress(deviceManagementId);
            if (keyManagementServiceAddress == null) {
                if (z) {
                    Log.w(TAG, "No key management service address");
                    return;
                }
                return;
            }
            this.keyManagementServiceAddressOrig = new URI(keyManagementServiceAddress);
            this.keyManagementServiceAddressRewrite = new URI(rewriteUrl(keyManagementServiceAddress));
            ServerUrlRetrieverThread serverUrlRetrieverThread = new ServerUrlRetrieverThread();
            serverUrlRetrieverThread.start();
            try {
                serverUrlRetrieverThread.join(30000L);
                if (z && serverUrlRetrieverThread.isAlive()) {
                    Log.e(TAG, "Could not get Server URLs -- timed out");
                }
            } catch (InterruptedException e) {
                if (z) {
                    Log.e(TAG, "Could not get Server URLs");
                }
            }
            if (z) {
                Log.v(TAG, "******************************************************");
                Log.v(TAG, "keyManagementServiceAddress -> " + this.keyManagementServiceAddressRewrite);
                Log.v(TAG, "secretVaultServerUrl1 -> " + this.secretVaultServerUrl1);
                Log.v(TAG, "secretVaultServerUrl2 -> " + this.secretVaultServerUrl2);
                Log.v(TAG, "Authorization: " + this.token);
                Log.v(TAG, "X-Citrix-Device-ID: " + this.citrixDeviceId);
                Log.v(TAG, "X-Citrix-Device-Token: " + this.citrixDeviceToken);
                Log.v(TAG, "Vault Name: " + str);
                Log.v(TAG, "******************************************************");
            }
        } catch (URISyntaxException e2) {
            if (z) {
                Log.e(TAG, "Incorrect Key Management Server URL ->" + this.keyManagementServiceAddressRewrite);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addHeadersForAG(HttpPost httpPost) {
        if (this.mamAuthInfo == null || !this.mamAuthInfo.UsingAG || this.mamAuthInfo.urlRewriter == null || this.mamAuthInfo.cookies == null) {
            return;
        }
        httpPost.addHeader(HttpConstants.CookieHeaderName, HttpHelper.getCookieHeader(this.mamAuthInfo.cookies));
        URL gatewayAddress = this.mamAuthInfo.urlRewriter.getGatewayAddress();
        if (gatewayAddress != null) {
            httpPost.addHeader(HttpConstants.XCitrixGatewayHeaderName, gatewayAddress.getHost());
        }
    }

    private boolean areClassMembersValid() {
        return (TextUtils.isEmpty(this.secretVaultServerUrl1) || TextUtils.isEmpty(this.secretVaultServerUrl2) || TextUtils.isEmpty(this.token) || (TextUtils.isEmpty(this.citrixDeviceId) && TextUtils.isEmpty(this.citrixDeviceToken)) || TextUtils.isEmpty(this.vaultName)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logDebug(String str) {
        if (this.enableLogging) {
            Log.d(TAG, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logError(String str) {
        if (this.enableLogging) {
            Log.e(TAG, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logInfo(String str) {
        if (this.enableLogging) {
            Log.i(TAG, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String rewriteUrl(String str) {
        String str2 = str;
        if (this.mamAuthInfo != null && this.mamAuthInfo.UsingAG && this.mamAuthInfo.urlRewriter != null) {
            try {
                str2 = this.mamAuthInfo.urlRewriter.translateUrl(new URL(str)).toExternalForm();
            } catch (MalformedURLException e) {
                str2 = str;
            }
        }
        logDebug("Rewrote URL from " + str + " to " + str2);
        return str2;
    }

    public boolean destroyKeys() {
        boolean z = false;
        boolean z2 = false;
        if (areClassMembersValid()) {
            MamEncryptionKeyDestroyThread mamEncryptionKeyDestroyThread = new MamEncryptionKeyDestroyThread(this.secretVaultServerUrl1, this.vaultName);
            mamEncryptionKeyDestroyThread.start();
            MamEncryptionKeyDestroyThread mamEncryptionKeyDestroyThread2 = new MamEncryptionKeyDestroyThread(this.secretVaultServerUrl2, this.vaultName);
            mamEncryptionKeyDestroyThread2.start();
            try {
                mamEncryptionKeyDestroyThread.join();
                z = mamEncryptionKeyDestroyThread.rtrn;
                mamEncryptionKeyDestroyThread2.join();
                z2 = mamEncryptionKeyDestroyThread2.rtrn;
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
        }
        return z && z2;
    }

    public String getMamKey1() {
        return this.mamKey1;
    }

    public String getMamKey2() {
        return this.mamKey2;
    }

    public boolean needAuthentication() {
        return this.needAuthentication;
    }

    public void retrieveKeys() {
        if (areClassMembersValid()) {
            MamEncryptionKeyRetrieverThread mamEncryptionKeyRetrieverThread = new MamEncryptionKeyRetrieverThread(this.secretVaultServerUrl1, this.vaultName);
            mamEncryptionKeyRetrieverThread.start();
            MamEncryptionKeyRetrieverThread mamEncryptionKeyRetrieverThread2 = new MamEncryptionKeyRetrieverThread(this.secretVaultServerUrl2, this.vaultName);
            mamEncryptionKeyRetrieverThread2.start();
            try {
                mamEncryptionKeyRetrieverThread.join();
                this.mamKey1 = mamEncryptionKeyRetrieverThread.decodedMAMKey;
                mamEncryptionKeyRetrieverThread2.join();
                this.mamKey2 = mamEncryptionKeyRetrieverThread2.decodedMAMKey;
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
        }
        this.retrieveKeyFlag = (this.mamKey1 == null || this.mamKey2 == null) ? false : true;
    }
}
