package com.sevenprinciples.mdm.android.client.thirdparty.samsung;

import com.samsung.android.knox.keystore.CertificateInfo;
import com.sevenprinciples.mdm.android.client.base.Constants;
import com.sevenprinciples.mdm.android.client.base.logger.AppLog;
import java.security.cert.X509Certificate;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class KnoxDeviceConfiguration {
    private static final String TAG = Constants.TAG_PREFFIX + "KNXD";

    KnoxDeviceConfiguration() {
    }

    private static JSONObject buildCertificate(CertificateInfo certificateInfo, X509Certificate x509Certificate, SecurityPolicy securityPolicy, boolean z) {
        try {
            return CertificateHelper.toJson(securityPolicy, certificateInfo, x509Certificate, z);
        } catch (Throwable th) {
            AppLog.w(TAG, th.getMessage(), th);
            return null;
        }
    }

    public static JSONObject buildSecurityPolicy() throws Exception {
        SecurityPolicy singleton = SecurityPolicy.singleton();
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        List<CertificateInfo> certificatesFromKeystore = singleton.getCertificatesFromKeystore(4);
        if (certificatesFromKeystore != null && !certificatesFromKeystore.isEmpty()) {
            for (CertificateInfo certificateInfo : certificatesFromKeystore) {
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                JSONObject buildCertificate = buildCertificate(certificateInfo, x509Certificate, singleton, true);
                if (buildCertificate != null) {
                    boolean z = false;
                    try {
                        boolean[] keyUsage = x509Certificate.getKeyUsage();
                        if (keyUsage != null) {
                            z = keyUsage[5];
                        }
                    } catch (Throwable th) {
                        AppLog.w(TAG, th.getMessage());
                    }
                    if (x509Certificate.getBasicConstraints() != -1) {
                        z = true;
                    }
                    buildCertificate.put("isIdentity", !z);
                    jSONArray.put(buildCertificate);
                }
            }
        }
        jSONObject.put("certificates", jSONArray);
        return jSONObject;
    }
}
