package org.wso2.carbon.device.mgt.ios.services.impl;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.cms.CMSException;
import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException;
import org.wso2.carbon.certificate.mgt.core.dto.CAStatus;
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPException;
import org.wso2.carbon.certificate.mgt.core.scep.TenantedDeviceWrapper;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
import org.wso2.carbon.device.mgt.common.license.mgt.License;
import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import org.wso2.carbon.device.mgt.common.policy.mgt.ProfileFeature;
import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.ComplianceFeature;
import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.PolicyComplianceException;
import org.wso2.carbon.device.mgt.ios.api.utils.beans.DeviceIdentifierBean;
import org.wso2.carbon.device.mgt.ios.api.utils.beans.LoginBean;
import org.wso2.carbon.device.mgt.ios.api.utils.beans.ProfileBean;
import org.wso2.carbon.device.mgt.ios.api.utils.beans.TokenBean;
import org.wso2.carbon.device.mgt.ios.api.utils.util.ApplicationUtils;
import org.wso2.carbon.device.mgt.ios.api.utils.util.Message;
import org.wso2.carbon.device.mgt.ios.api.utils.util.OperationMapping;
import org.wso2.carbon.device.mgt.ios.apns.exception.APNSException;
import org.wso2.carbon.device.mgt.ios.core.bean.ChallengeTokenBean;
import org.wso2.carbon.device.mgt.ios.core.exception.IOSEnrollmentException;
import org.wso2.carbon.device.mgt.ios.core.exception.TenantConfigurationException;
import org.wso2.carbon.device.mgt.ios.core.impl.SCEPOperation;
import org.wso2.carbon.device.mgt.ios.core.publisher.TokenPersistence;
import org.wso2.carbon.device.mgt.ios.core.service.IOSEnrollmentService;
import org.wso2.carbon.device.mgt.ios.core.util.TenantUtils;
import org.wso2.carbon.device.mgt.ios.exception.BadRequestException;
import org.wso2.carbon.device.mgt.ios.payload.dto.APNSStatus;
import org.wso2.carbon.device.mgt.ios.payload.dto.CertificateAttributes;
import org.wso2.carbon.device.mgt.ios.payload.dto.CheckInMessageType;
import org.wso2.carbon.device.mgt.ios.payload.dto.DeviceProperties;
import org.wso2.carbon.device.mgt.ios.payload.exception.PListException;
import org.wso2.carbon.device.mgt.ios.payload.exception.ProfileConfigurationException;
import org.wso2.carbon.device.mgt.ios.services.EnrollmentService;
import org.wso2.carbon.device.mgt.ios.util.ContentType;
import org.wso2.carbon.device.mgt.ios.util.DeviceUtils;
import org.wso2.carbon.device.mgt.ios.util.EnrollmentUtils;
import org.wso2.carbon.device.mgt.ios.util.IOSServiceUtils;
import org.wso2.carbon.device.mgt.ios.util.OAuthUtils;
import org.wso2.carbon.device.mgt.ios.util.OperationUtils;
import org.wso2.carbon.device.mgt.ios.util.PolicyUtils;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/device/mgt/ios/services/impl/EnrollmentServiceImpl.class */
public class EnrollmentServiceImpl implements EnrollmentService {
    private static final Log log = LogFactory.getLog(EnrollmentServiceImpl.class);

    /* renamed from: org.wso2.carbon.device.mgt.ios.services.impl.EnrollmentServiceImpl$2, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/device/mgt/ios/services/impl/EnrollmentServiceImpl$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$wso2$carbon$certificate$mgt$core$dto$CAStatus = new int[CAStatus.values().length];

        static {
            try {
                $SwitchMap$org$wso2$carbon$certificate$mgt$core$dto$CAStatus[CAStatus.CA_CERT_FAILED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$wso2$carbon$certificate$mgt$core$dto$CAStatus[CAStatus.CA_CERT_RECEIVED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$wso2$carbon$certificate$mgt$core$dto$CAStatus[CAStatus.CA_RA_CERT_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @GET
    @Produces({"*/*"})
    @Path("/ca")
    public void getCA(@Context HttpServletResponse httpServletResponse) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("Requesting CA certificate");
        }
        try {
            byte[] encoded = IOSServiceUtils.getCertificateManagementService().getCACertificate().getEncoded();
            httpServletResponse.setContentType(ContentType.X_X509_CA_CERT);
            httpServletResponse.setContentLength(encoded.length);
            httpServletResponse.getOutputStream().write(encoded);
        } catch (KeystoreException e) {
            log.error("Keystore error occurred while enrolling the iOS device", e);
        } catch (IOSEnrollmentException e2) {
            log.error("Error occurred while enrolling the iOS device", e2);
        } catch (CertificateEncodingException e3) {
            log.error("Error occurred in certificate encoding", e3);
        }
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @Path("/authenticate")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response authenticate(LoginBean loginBean) {
        if (log.isDebugEnabled()) {
            log.debug("Authentication endpoint called");
        }
        try {
            if (!new IOSServiceUtils().authenticate(loginBean.getUsername(), loginBean.getPassword(), loginBean.getTenantDomain())) {
                return Response.status(Response.Status.UNAUTHORIZED).build();
            }
            DeviceIdentifierBean oAuthToken = OAuthUtils.getOAuthToken(loginBean);
            String generateRandomToken = EnrollmentUtils.generateRandomToken();
            ChallengeTokenBean challengeTokenBean = new ChallengeTokenBean();
            challengeTokenBean.setChallengeToken(generateRandomToken);
            challengeTokenBean.setDeviceID("");
            challengeTokenBean.setUsername(loginBean.getUsername());
            challengeTokenBean.setDomain(loginBean.getTenantDomain());
            challengeTokenBean.setRefreshToken(oAuthToken.getRefreshToken());
            challengeTokenBean.setAccessToken(oAuthToken.getAccessToken());
            challengeTokenBean.setClient(oAuthToken.getClientCredentials());
            challengeTokenBean.setAgentAvailable(loginBean.isAgentAvailable());
            EnrollmentUtils.persistChallengeToken(challengeTokenBean);
            TokenBean tokenBean = new TokenBean();
            tokenBean.setChallengeToken(generateRandomToken);
            return Response.ok(tokenBean).build();
        } catch (UserStoreException e) {
            log.error("Error occurred while initializing the userstore for the tenant: " + loginBean.getTenantDomain(), e);
            return Response.serverError().build();
        } catch (IOSEnrollmentException e2) {
            log.error("Error occurred while enrolling the iOS device", e2);
            return Response.serverError().build();
        } catch (APIManagerException e3) {
            log.error("Error occurred while enrolling the iOS device", e3);
            return Response.serverError().build();
        }
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @Path("/enroll")
    @Consumes({"application/json"})
    @POST
    @Produces({ContentType.APPLE_ASPEN_CONFIG})
    public Response getMobileConfigurations(LoginBean loginBean) {
        if (log.isDebugEnabled()) {
            log.debug("Requesting mobile configurations");
        }
        try {
            if (!new IOSServiceUtils().authenticate(loginBean.getUsername(), loginBean.getPassword(), loginBean.getTenantDomain())) {
                return Response.status(Response.Status.UNAUTHORIZED).build();
            }
            IOSEnrollmentService enrollmentService = IOSServiceUtils.getEnrollmentService();
            String tenantDomain = loginBean.getTenantDomain();
            if (StringUtils.isEmpty(tenantDomain)) {
                tenantDomain = TenantUtils.getTenantDomainName();
            }
            return Response.ok(enrollmentService.getSignedData(enrollmentService.generateMobileConfigurations(loginBean.getChallengeToken(), tenantDomain).getBytes())).build();
        } catch (IOSEnrollmentException e) {
            log.error("Error occurred while enrolling the iOS device", e);
            return Response.serverError().build();
        }
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @GET
    @Path("/enrolled")
    public Response isEnrolled(@QueryParam("deviceid") String str) {
        TenantedDeviceWrapper validatedDevice;
        if (log.isDebugEnabled()) {
            log.debug("Invoking isEnrolled method");
        }
        DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
        deviceIdentifier.setId(str);
        deviceIdentifier.setType("ios");
        try {
            validatedDevice = IOSServiceUtils.getSCEPManager().getValidatedDevice(deviceIdentifier);
        } catch (IOSEnrollmentException e) {
            log.error("Error occurred while enrolling the iOS device", e);
        } catch (SCEPException e2) {
            log.error("Error occurred while fetching the device", e2);
        }
        if (validatedDevice == null || validatedDevice.getTenantDomain() == null || validatedDevice.getTenantId() == -1) {
            return Response.serverError().build();
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(validatedDevice.getTenantId());
            threadLocalCarbonContext.setTenantDomain(validatedDevice.getTenantDomain());
            threadLocalCarbonContext.setUsername(validatedDevice.getDevice().getEnrolmentInfo().getOwner());
            if (IOSServiceUtils.getEnrollmentService().isEnrolled(deviceIdentifier)) {
                Response build = Response.ok().build();
                PrivilegedCarbonContext.endTenantFlow();
                return build;
            }
            Response build2 = Response.status(Response.Status.NOT_FOUND).build();
            PrivilegedCarbonContext.endTenantFlow();
            return build2;
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    @Path("/profile-dep")
    @Consumes({"*/*"})
    @POST
    @Produces({ContentType.APPLE_ASPEN_CONFIG, "application/json"})
    public Response getDEPProfileRequest(InputStream inputStream) {
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        if (username == null) {
            return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
        }
        IOSEnrollmentService iOSEnrollmentService = null;
        InputStream[] inputStreamArr = null;
        try {
            inputStreamArr = new OperationUtils().cloneInputStream(inputStream);
            iOSEnrollmentService = IOSServiceUtils.getEnrollmentService();
        } catch (IOSEnrollmentException e) {
            log.error("Error occurred while enrolling the iOS device", e);
        }
        try {
            if (StringUtils.isNotEmpty(username)) {
                Message message = new Message();
                TenantUtils tenantUtils = new TenantUtils();
                CertificateAttributes certificateAttributes = tenantUtils.getCertificateAttributes();
                String topicID = tenantUtils.getTopicID();
                String tenantDisplayName = tenantUtils.getTenantDisplayName();
                if (tenantDisplayName == null || tenantDisplayName.isEmpty()) {
                    tenantDisplayName = "";
                }
                if (certificateAttributes == null) {
                    message.setErrorMessage("Certificate attributes are not configured.");
                    throw new BadRequestException(message, MediaType.APPLICATION_JSON_TYPE);
                }
                if (topicID == null) {
                    message.setErrorMessage("Topic ID is not configured.");
                    throw new BadRequestException(message, MediaType.APPLICATION_JSON_TYPE);
                }
                if (iOSEnrollmentService != null) {
                    Response build = Response.ok(iOSEnrollmentService.handleProfileRequest(inputStreamArr[2], tenantDisplayName, topicID, certificateAttributes, true)).build();
                    PrivilegedCarbonContext.endTenantFlow();
                    return build;
                }
            }
        } catch (TenantConfigurationException e2) {
            log.error("Error occurred while reading registry entries", e2);
        } catch (DeviceManagementException e3) {
            log.error("Error occurred while fetching tenant configurations", e3);
        } catch (IOSEnrollmentException e4) {
            log.error("Error occurred while enrolling the iOS device", e4);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
        return Response.serverError().build();
    }

    @Path("/agent-authenticate")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response agentAuthenticate(LoginBean loginBean) {
        if (log.isDebugEnabled()) {
            log.debug("Authentication endpoint called");
        }
        try {
            if (!new IOSServiceUtils().authenticate(loginBean.getUsername(), loginBean.getPassword(), loginBean.getTenantDomain())) {
                return Response.status(Response.Status.UNAUTHORIZED).build();
            }
            DeviceIdentifierBean oAuthToken = OAuthUtils.getOAuthToken(loginBean);
            String generateRandomToken = EnrollmentUtils.generateRandomToken();
            ChallengeTokenBean challengeTokenBean = new ChallengeTokenBean();
            challengeTokenBean.setChallengeToken(generateRandomToken);
            challengeTokenBean.setDeviceID("");
            challengeTokenBean.setUsername(loginBean.getUsername());
            challengeTokenBean.setDomain(loginBean.getTenantDomain());
            challengeTokenBean.setRefreshToken(oAuthToken.getRefreshToken());
            challengeTokenBean.setAccessToken(oAuthToken.getAccessToken());
            challengeTokenBean.setClient(oAuthToken.getClientCredentials());
            challengeTokenBean.setAgentAvailable(loginBean.isAgentAvailable());
            EnrollmentUtils.persistChallengeToken(challengeTokenBean);
            return Response.ok(challengeTokenBean).build();
        } catch (UserStoreException e) {
            log.error("Error occurred while initializing the userstore for the tenant: " + loginBean.getTenantDomain(), e);
            return Response.serverError().build();
        } catch (IOSEnrollmentException e2) {
            log.error("Error occurred while enrolling the iOS device", e2);
            return Response.serverError().build();
        } catch (APIManagerException e3) {
            log.error("Error occurred while getting an access token for the iOS device", e3);
            return Response.serverError().build();
        }
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @Path("/profile")
    @Consumes({"*/*"})
    @POST
    @Produces({ContentType.APPLE_ASPEN_CONFIG, "application/json"})
    public Response getProfileRequest(InputStream inputStream) {
        if (log.isDebugEnabled()) {
            log.debug("Executing profile request");
        }
        IOSEnrollmentService iOSEnrollmentService = null;
        InputStream[] inputStreamArr = null;
        String str = null;
        String str2 = null;
        int i = -1234;
        try {
            inputStreamArr = new OperationUtils().cloneInputStream(inputStream);
            iOSEnrollmentService = IOSServiceUtils.getEnrollmentService();
            String extractChallengeTokenFromProfile = iOSEnrollmentService.extractChallengeTokenFromProfile(inputStreamArr[0]);
            String extractDeviceIdentifierFromProfile = iOSEnrollmentService.extractDeviceIdentifierFromProfile(inputStreamArr[1]);
            if (StringUtils.isNotEmpty(extractChallengeTokenFromProfile) && StringUtils.isNotEmpty(extractDeviceIdentifierFromProfile)) {
                ChallengeTokenBean challengeTokenBean = new ChallengeTokenBean();
                challengeTokenBean.setChallengeToken(extractChallengeTokenFromProfile);
                challengeTokenBean.setDeviceID(extractDeviceIdentifierFromProfile);
                EnrollmentUtils.persistChallengeToken(challengeTokenBean);
            }
            ChallengeTokenBean tokenEntry = StringUtils.isNotEmpty(extractChallengeTokenFromProfile) ? EnrollmentUtils.getTokenEntry(extractChallengeTokenFromProfile) : EnrollmentUtils.getTokenEntryByDeviceId(extractDeviceIdentifierFromProfile);
            if (tokenEntry != null) {
                str = tokenEntry.getUsername();
                str2 = tokenEntry.getDomain();
                if (StringUtils.isNotEmpty(str2) && !"carbon.super".equals(str2)) {
                    i = IOSServiceUtils.getTenantID(str2);
                }
            }
        } catch (PListException e) {
            log.error("Error occurred while reading input stream payload", e);
        } catch (IOSEnrollmentException e2) {
            log.error("Error occurred while enrolling the iOS device", e2);
        }
        try {
            if (StringUtils.isNotEmpty(str)) {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                if (StringUtils.isNotEmpty(str2)) {
                    threadLocalCarbonContext.setTenantDomain(str2);
                } else {
                    threadLocalCarbonContext.setTenantDomain("carbon.super");
                }
                threadLocalCarbonContext.setTenantId(i);
                threadLocalCarbonContext.setUsername(str);
                Message message = new Message();
                TenantUtils tenantUtils = new TenantUtils();
                CertificateAttributes certificateAttributes = tenantUtils.getCertificateAttributes();
                String topicID = tenantUtils.getTopicID();
                String tenantDisplayName = tenantUtils.getTenantDisplayName();
                if (tenantDisplayName == null || tenantDisplayName.isEmpty()) {
                    tenantDisplayName = "";
                }
                if (certificateAttributes == null) {
                    message.setErrorMessage("Certificate attributes are not configured");
                    throw new BadRequestException(message, MediaType.APPLICATION_JSON_TYPE);
                }
                if (topicID == null) {
                    message.setErrorMessage("Topic ID is not configured");
                    throw new BadRequestException(message, MediaType.APPLICATION_JSON_TYPE);
                }
                if (iOSEnrollmentService != null) {
                    Response build = Response.ok(iOSEnrollmentService.handleProfileRequest(inputStreamArr[2], tenantDisplayName, topicID, certificateAttributes, false)).build();
                    PrivilegedCarbonContext.endTenantFlow();
                    return build;
                }
            }
        } catch (DeviceManagementException e3) {
            log.error("Error occurred while fetching tenant configurations", e3);
        } catch (IOSEnrollmentException e4) {
            log.error("Error occurred while enrolling the iOS device", e4);
        } catch (TenantConfigurationException e5) {
            log.error("Error occurred while reading registry entries", e5);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
        return Response.serverError().build();
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @GET
    @Path("/scep")
    public Response scepRequest(@QueryParam("operation") String str, @QueryParam("message") String str2) {
        Response.ResponseBuilder serverError;
        if (log.isDebugEnabled()) {
            log.debug("Invoking SCEP operation " + str);
        }
        if (SCEPOperation.GET_CA_CERT.getValue().equals(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Invoking GetCACert");
            }
            try {
                SCEPResponse cACertSCEP = IOSServiceUtils.getCertificateManagementService().getCACertSCEP();
                switch (AnonymousClass2.$SwitchMap$org$wso2$carbon$certificate$mgt$core$dto$CAStatus[cACertSCEP.getResultCriteria().ordinal()]) {
                    case 1:
                        log.error("CA cert failed");
                        serverError = Response.serverError();
                        break;
                    case 2:
                        if (log.isDebugEnabled()) {
                            log.debug("CA certificate received in GetCACert");
                        }
                        serverError = Response.ok(cACertSCEP.getEncodedResponse(), ContentType.X_X509_CA_CERT);
                        break;
                    case 3:
                        if (log.isDebugEnabled()) {
                            log.debug("CA and RA certificates received in GetCACert");
                        }
                        serverError = Response.ok(cACertSCEP.getEncodedResponse(), ContentType.X_X509_CA_RA_CERT);
                        break;
                    default:
                        log.error("Invalid SCEP request");
                        serverError = Response.serverError();
                        break;
                }
                return serverError.build();
            } catch (IOSEnrollmentException e) {
                log.error("Error occurred while enrolling the iOS device", e);
            } catch (KeystoreException e2) {
                log.error("Keystore error occurred while enrolling the iOS device", e2);
            }
        } else if (SCEPOperation.GET_CA_CAPS.getValue().equals(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Invoking GetCACaps");
            }
            try {
                return Response.ok(IOSServiceUtils.getCertificateManagementService().getCACapsSCEP(), "text/plain").build();
            } catch (IOSEnrollmentException e3) {
                log.error("Error occurred while enrolling the iOS device", e3);
            }
        } else {
            log.error("Invalid SCEP operation " + str);
        }
        return Response.serverError().build();
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @POST
    @Path("/scep")
    @Consumes({ContentType.X_PKI_MESSAGE})
    public Response scepRequestPost(@QueryParam("operation") String str, InputStream inputStream) {
        if (log.isDebugEnabled()) {
            log.debug("Invoking SCEP operation " + str);
        }
        if (SCEPOperation.PKI_OPERATION.getValue().equals(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Invoking PKIOperation");
            }
            try {
                return Response.ok(IOSServiceUtils.getCertificateManagementService().getPKIMessageSCEP(inputStream), ContentType.X_PKI_MESSAGE).build();
            } catch (KeystoreException e) {
                log.error("Keystore error occurred while enrolling the iOS device", e);
            } catch (IOSEnrollmentException e2) {
                log.error("Error occurred while enrolling the iOS device", e2);
            }
        }
        return Response.serverError().build();
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @Path("/checkin")
    @Consumes({"*/*"})
    @Produces({"*/*"})
    @PUT
    public Response checkInRequest(InputStream inputStream) {
        if (log.isDebugEnabled()) {
            log.debug("Invoking check-in url");
        }
        CheckInMessageType checkInMessageType = null;
        try {
            StringWriter stringWriter = new StringWriter();
            IOUtils.copy(inputStream, stringWriter, "UTF-8");
            checkInMessageType = IOSServiceUtils.getEnrollmentService().extractTokens(stringWriter.toString());
            if (log.isDebugEnabled()) {
                log.debug("CheckIn url message type is " + checkInMessageType.getMessageType());
            }
        } catch (PListException e) {
            log.error("Error occurred when extracting plist elements in check-in request", e);
        } catch (IOSEnrollmentException e2) {
            log.error("Error occurred while enrolling the iOS device", e2);
        } catch (IOException e3) {
            log.error("Input stream cannot be parsed in check-in request", e3);
        }
        if (checkInMessageType != null) {
            DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
            deviceIdentifier.setId(checkInMessageType.getDeviceIdentifier());
            deviceIdentifier.setType("ios");
            try {
                TenantedDeviceWrapper validatedDevice = IOSServiceUtils.getSCEPManager().getValidatedDevice(deviceIdentifier);
                if (validatedDevice != null && validatedDevice.getTenantDomain() != null) {
                    try {
                        if (validatedDevice.getTenantId() != -1) {
                            try {
                                PrivilegedCarbonContext.startTenantFlow();
                                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                                threadLocalCarbonContext.setTenantDomain(validatedDevice.getTenantDomain());
                                threadLocalCarbonContext.setTenantId(validatedDevice.getTenantId());
                                threadLocalCarbonContext.setUsername(validatedDevice.getDevice().getEnrolmentInfo().getOwner());
                                if (log.isDebugEnabled()) {
                                    log.debug("Starting tenant flow with tenant: " + validatedDevice.getTenantDomain());
                                }
                                Message message = new Message();
                                if (checkInMessageType.getMessageType() == CheckInMessageType.MessageType.CHECKOUT) {
                                    if (log.isDebugEnabled()) {
                                        log.debug("UDID " + checkInMessageType.getDeviceIdentifier());
                                    }
                                    List<Operation> operations = IOSServiceUtils.getDeviceManagementService().getOperations(deviceIdentifier);
                                    if (operations != null) {
                                        for (Operation operation : operations) {
                                            operation.setStatus(Operation.Status.COMPLETED);
                                            IOSServiceUtils.getDeviceManagementService().updateOperation(deviceIdentifier, operation);
                                        }
                                    }
                                    new TokenPersistence().disEnrollDevice(checkInMessageType.getDeviceIdentifier());
                                    Response build = Response.ok().build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build;
                                }
                                if (checkInMessageType.getMessageType() == CheckInMessageType.MessageType.TOKEN_UPDATE) {
                                    if (log.isDebugEnabled()) {
                                        log.debug("Magic Token " + checkInMessageType.getPushMagic());
                                        log.debug("Token " + checkInMessageType.getToken());
                                        log.debug("Unlock Token " + checkInMessageType.getUnlockToken());
                                        log.debug("UDID " + checkInMessageType.getDeviceIdentifier());
                                    }
                                    TokenPersistence tokenPersistence = new TokenPersistence();
                                    message.setErrorMessage("Device ID not found");
                                    DeviceProperties deviceProperties = new DeviceProperties();
                                    deviceProperties.setChallenge((String) null);
                                    deviceProperties.setDeviceIdentifier(checkInMessageType.getDeviceIdentifier());
                                    tokenPersistence.savePushTokens(deviceProperties, checkInMessageType.getToken(), checkInMessageType.getPushMagic(), checkInMessageType.getUnlockToken());
                                    ChallengeTokenBean tokenEntryByDeviceId = EnrollmentUtils.getTokenEntryByDeviceId(checkInMessageType.getDeviceIdentifier());
                                    if (tokenEntryByDeviceId == null || !tokenEntryByDeviceId.isAgentAvailable()) {
                                        new PolicyUtils().enforceEffectivePolicy(checkInMessageType.getDeviceIdentifier());
                                    }
                                    Response build2 = Response.ok().build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build2;
                                }
                                if (checkInMessageType.getMessageType() == CheckInMessageType.MessageType.AUTHENTICATE) {
                                    Response build3 = Response.ok().build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build3;
                                }
                                PrivilegedCarbonContext.endTenantFlow();
                            } catch (OperationManagementException e4) {
                                log.error("Error occurred while updating unenroll status", e4);
                                PrivilegedCarbonContext.endTenantFlow();
                            } catch (APNSException e5) {
                                log.error("Error occurred while sending a push notification message to APNS", e5);
                                PrivilegedCarbonContext.endTenantFlow();
                            } catch (DeviceManagementException e6) {
                                log.error("Error occurred when saving push token in check-in request", e6);
                                PrivilegedCarbonContext.endTenantFlow();
                            }
                        }
                    } catch (Throwable th) {
                        PrivilegedCarbonContext.endTenantFlow();
                        throw th;
                    }
                }
            } catch (IOSEnrollmentException e7) {
                log.error("Error occurred while enrolling the iOS device", e7);
            } catch (SCEPException e8) {
                log.error("Error occurred while fetching the device", e8);
            }
        }
        return Response.serverError().build();
    }

    /* JADX WARN: Type inference failed for: r0v144, types: [org.wso2.carbon.device.mgt.ios.services.impl.EnrollmentServiceImpl$1] */
    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @Path("/server")
    @Consumes({"*/*"})
    @Produces({"*/*"})
    @PUT
    public Response serverRequest(@Context HttpServletRequest httpServletRequest, InputStream inputStream) throws CMSException {
        Operation operation;
        if (log.isDebugEnabled()) {
            log.debug("Invoking server URL");
        }
        OperationUtils operationUtils = new OperationUtils();
        APNSStatus aPNSStatus = null;
        Operation operation2 = null;
        try {
            String header = httpServletRequest.getHeader(IOSServiceUtils.HEADER_MDM_SIGNATURE);
            Message message = new Message();
            StringWriter stringWriter = new StringWriter();
            X509Certificate extractCertificateFromSignature = IOSServiceUtils.getCertificateManagementService().extractCertificateFromSignature(header);
            IOUtils.copy(inputStream, stringWriter, "UTF-8");
            APNSStatus extractAPNSResponse = IOSServiceUtils.getEnrollmentService().extractAPNSResponse(stringWriter.toString());
            DeviceIdentifier fetchDeviceIdentifierInstance = new DeviceUtils().fetchDeviceIdentifierInstance(extractAPNSResponse.getDeviceIdentifier(), message, MediaType.APPLICATION_JSON_TYPE);
            Device device = IOSServiceUtils.getDeviceManagementService().getDevice(fetchDeviceIdentifierInstance);
            TenantedDeviceWrapper validatedDevice = IOSServiceUtils.getSCEPManager().getValidatedDevice(fetchDeviceIdentifierInstance);
            if (validatedDevice != null && validatedDevice.getTenantDomain() != null) {
                try {
                    if (validatedDevice.getTenantId() != -1) {
                        try {
                            PrivilegedCarbonContext.startTenantFlow();
                            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                            threadLocalCarbonContext.setTenantDomain(validatedDevice.getTenantDomain());
                            threadLocalCarbonContext.setTenantId(validatedDevice.getTenantId());
                            threadLocalCarbonContext.setUsername(validatedDevice.getDevice().getEnrolmentInfo().getOwner());
                            if (log.isDebugEnabled()) {
                                log.debug("Starting tenant flow with tenant: " + validatedDevice.getTenantDomain());
                            }
                            if (APNSStatus.APNSResponseStatus.Acknowledged.toString().equals(extractAPNSResponse.getStatus())) {
                                Operation operation3 = new Operation();
                                String responseData = extractAPNSResponse.getResponseData();
                                if (APNSStatus.APNSResponse.QueryResponses.toString().equals(extractAPNSResponse.getOperation())) {
                                    new TokenPersistence().saveDeviceInformation(fetchDeviceIdentifierInstance, responseData);
                                    DeviceUtils.saveDeviceDetails(fetchDeviceIdentifierInstance, responseData);
                                } else if (APNSStatus.APNSResponse.InstalledApplicationList.toString().equals(extractAPNSResponse.getOperation())) {
                                    operationUtils.updateApplicationList(new ApplicationUtils().parseApplicationList(responseData), fetchDeviceIdentifierInstance);
                                } else if (APNSStatus.APNSResponse.ProfileList.toString().equals(extractAPNSResponse.getOperation())) {
                                    boolean z = false;
                                    Iterator it = ((List) new Gson().fromJson(responseData, new TypeToken<List<ProfileBean>>() { // from class: org.wso2.carbon.device.mgt.ios.services.impl.EnrollmentServiceImpl.1
                                    }.getType())).iterator();
                                    while (true) {
                                        if (!it.hasNext()) {
                                            break;
                                        }
                                        if ("POLICY_BUNDLE".equals(((ProfileBean) it.next()).getPayloadIdentifier())) {
                                            z = true;
                                            break;
                                        }
                                    }
                                    Policy appliedPolicyToDevice = IOSServiceUtils.getPolicyManagerService().getAppliedPolicyToDevice(fetchDeviceIdentifierInstance);
                                    if (appliedPolicyToDevice != null) {
                                        List<ProfileFeature> profileFeaturesList = appliedPolicyToDevice.getProfile().getProfileFeaturesList();
                                        ArrayList arrayList = new ArrayList();
                                        for (ProfileFeature profileFeature : profileFeaturesList) {
                                            ComplianceFeature complianceFeature = new ComplianceFeature();
                                            complianceFeature.setFeature(profileFeature);
                                            complianceFeature.setFeatureCode(profileFeature.getFeatureCode());
                                            complianceFeature.setCompliance(z);
                                            arrayList.add(complianceFeature);
                                        }
                                        IOSServiceUtils.getPolicyManagerService().checkCompliance(fetchDeviceIdentifierInstance, arrayList);
                                    }
                                } else {
                                    operation3.setOperationResponse(responseData);
                                }
                                if (responseData == null && (operation = operationUtils.getOperation(fetchDeviceIdentifierInstance, Integer.parseInt(extractAPNSResponse.getCommandUUID()))) != null && OperationMapping.WIPE_DATA.getCode().equals(operation.getCode())) {
                                    if (log.isDebugEnabled()) {
                                        log.debug(OperationMapping.WIPE_DATA.getCode() + " command has been executed in the device. Terminating /server call.");
                                    }
                                    Response build = Response.ok().build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build;
                                }
                                operation3.setId(Integer.valueOf(extractAPNSResponse.getCommandUUID()).intValue());
                                operation3.setStatus(Operation.Status.COMPLETED);
                                operationUtils.updateOperation(operation3, fetchDeviceIdentifierInstance);
                            } else if (APNSStatus.APNSResponseStatus.Error.toString().equals(extractAPNSResponse.getStatus())) {
                                Operation operation4 = new Operation();
                                operation4.setId(Integer.valueOf(extractAPNSResponse.getCommandUUID()).intValue());
                                operation4.setStatus(Operation.Status.ERROR);
                                operation4.setOperationResponse(extractAPNSResponse.getError());
                                operationUtils.updateOperation(operation4, fetchDeviceIdentifierInstance);
                            } else if (APNSStatus.APNSResponseStatus.NotNow.toString().equals(extractAPNSResponse.getStatus())) {
                                if (log.isDebugEnabled()) {
                                    log.debug("NotNow Response received for the operation with OperationID: " + extractAPNSResponse.getCommandUUID() + ", for " + fetchDeviceIdentifierInstance.toString());
                                }
                                Operation operation5 = new Operation();
                                operation5.setId(Integer.valueOf(extractAPNSResponse.getCommandUUID()).intValue());
                                operation5.setStatus(Operation.Status.PENDING);
                                operationUtils.updateOperation(operation5, fetchDeviceIdentifierInstance);
                            }
                            Operation pendingOperation = operationUtils.getPendingOperation(extractAPNSResponse.getDeviceIdentifier());
                            if (pendingOperation != null) {
                                if (operationUtils.isOneWayOperation(pendingOperation)) {
                                    pendingOperation.setStatus(Operation.Status.COMPLETED);
                                } else {
                                    pendingOperation.setStatus(Operation.Status.IN_PROGRESS);
                                }
                                operationUtils.updateOperation(pendingOperation, fetchDeviceIdentifierInstance);
                                if (OperationMapping.ENTERPRISE_WIPE.getCode().equals(pendingOperation.getCode())) {
                                    Response build2 = Response.status(Response.Status.UNAUTHORIZED).build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build2;
                                }
                                String generateOperationPayload = operationUtils.generateOperationPayload(device, pendingOperation, extractCertificateFromSignature);
                                if (OperationMapping.WIPE_DATA.getCode().equals(pendingOperation.getCode())) {
                                    if (log.isDebugEnabled()) {
                                        log.debug("WIPE_DATA operation (id: " + pendingOperation.getId() + ") is added to the device: " + fetchDeviceIdentifierInstance.getId() + ". Therefore removing the device.");
                                    }
                                    new TokenPersistence().disEnrollDevice(fetchDeviceIdentifierInstance.getId());
                                }
                                if (generateOperationPayload != null && !generateOperationPayload.isEmpty()) {
                                    Response build3 = Response.status(Response.Status.OK).entity(generateOperationPayload.getBytes("UTF-8")).type(ContentType.APPLE_ASPEN_CONFIG).build();
                                    PrivilegedCarbonContext.endTenantFlow();
                                    return build3;
                                }
                            }
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (PolicyComplianceException e) {
                            log.error("Error occurred while checking policy compliance", e);
                            operationUtils.updateOperationWithErrorStatus(extractAPNSResponse.getCommandUUID(), "Error occurred while checking policy compliance", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (OperationManagementException e2) {
                            log.error("Issue in retrieving operation management service instance", e2);
                            operationUtils.updateOperationWithErrorStatus(extractAPNSResponse.getCommandUUID(), "Issue in retrieving operation management service instance", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (ProfileConfigurationException e3) {
                            log.error("Error occurred when creating the profile for server request. Discarding the operation.", e3);
                            operationUtils.updateOperationWithErrorStatus(extractAPNSResponse.getCommandUUID(), "Error occurred when creating the profile for server request. Discarding the operation.", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (PolicyManagementException e4) {
                            log.error("Error occurred while enforcing policies", e4);
                            operationUtils.updateOperationWithErrorStatus(extractAPNSResponse.getCommandUUID(), "Error occurred while enforcing policies", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (ApplicationManagementException e5) {
                            log.error("Issue in updating application list of device", e5);
                            operationUtils.updateOperationWithErrorStatus(extractAPNSResponse.getCommandUUID(), "Issue in updating application list of device", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (APNSException e6) {
                            log.error("Error occurred while sending a push notification message to APNS", e6);
                            operationUtils.updateOperationWithErrorStatus(String.valueOf(operation2.getId()), "Error occurred while sending a push notification message to APNS", fetchDeviceIdentifierInstance);
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            }
        } catch (IOException e7) {
            log.error("IOException occurred when copying input stream.", e7);
            operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "IOException occurred when copying input stream.", null);
        } catch (DeviceManagementException e8) {
            log.error("Error occurred when retrieving device from device management service", e8);
            operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "Error occurred when retrieving device from device management service", null);
        } catch (SCEPException e9) {
            log.error("Error occurred when retrieving tenanted device.", e9);
            operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "Error occurred when retrieving tenanted device.", null);
        } catch (PListException e10) {
            try {
                operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "Error occurred when extracting plist elements in check-in request.", null);
            } catch (Exception e11) {
                log.error("Error when communicating with an iOS device. Device responded with the payload: " + ((String) null));
            }
        } catch (KeystoreException e12) {
            log.error("KeystoreException occurred when verifying signature", e12);
            operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "KeystoreException occurred when verifying signature", null);
        } catch (IOSEnrollmentException e13) {
            log.error("Error occurred while retrieving enrollment service.", e13);
            operationUtils.updateOperationWithErrorStatus(aPNSStatus.getCommandUUID(), "Error occurred while retrieving enrollment service.", null);
        }
        return Response.ok().build();
    }

    @Override // org.wso2.carbon.device.mgt.ios.services.EnrollmentService
    @GET
    @Path("/license")
    @Consumes({"*/*"})
    @Produces({"application/json"})
    public License getLicense() {
        License license = null;
        try {
            license = IOSServiceUtils.getDeviceManagementService().getLicense("ios", "en_US");
            if (license == null || license.getText() == null) {
                license.setName("ios");
                license.setLanguage("en_US");
                license.setVersion("1.0.0");
                license.setText("This End User License Agreement (\"Agreement\") is a legal agreement between you (\"You\") and WSO2, Inc., regarding the enrollment of Your personal mobile device (\"Device\") in SoR's mobile device management program, and the loading to and removal from Your Device and Your use of certain applications and any associated software and user documentation, whether provided in \"online\" or electronic format, used in connection with the operation of or provision of services to WSO2, Inc.,  BY SELECTING \"I ACCEPT\" DURING INSTALLATION, YOU ARE ENROLLING YOUR DEVICE, AND THEREBY AUTHORIZING SOR OR ITS AGENTS TO INSTALL, UPDATE AND REMOVE THE APPS FROM YOUR DEVICE AS DESCRIBED IN THIS AGREEMENT.  YOU ARE ALSO EXPLICITLY ACKNOWLEDGING AND AGREEING THAT (1) THIS IS A BINDING CONTRACT AND (2) YOU HAVE READ AND AGREE TO THE TERMS OF THIS AGREEMENT.\n\nIF YOU DO NOT ACCEPT THESE TERMS, DO NOT ENROLL YOUR DEVICE AND DO NOT PROCEED ANY FURTHER.\n\nYou agree that: (1) You understand and agree to be bound by the terms and conditions contained in this Agreement, and (2) You are at least 21 years old and have the legal capacity to enter into this Agreement as defined by the laws of Your jurisdiction.  SoR shall have the right, without prior notice, to terminate or suspend (i) this Agreement, (ii) the enrollment of Your Device, or (iii) the functioning of the Apps in the event of a violation of this Agreement or the cessation of Your relationship with SoR (including termination of Your employment if You are an employee or expiration or termination of Your applicable franchise or supply agreement if You are a franchisee of or supplier to the WSO2 WSO2, Inc., system).  SoR expressly reserves all rights not expressly granted herein.");
            }
        } catch (DeviceManagementException e) {
            log.error("Error occurred while retrieving the license configured for iOS device enrolment", e);
        }
        return license;
    }
}
