package com.mobileiron.compliance.vpn;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.os.RemoteException;
import android.util.Base64;
import com.cisco.anyconnect.vpn.android.service.IVpnCertificateList;
import com.cisco.anyconnect.vpn.android.service.IVpnConnectionList;
import com.cisco.anyconnect.vpn.android.service.IVpnService;
import com.cisco.anyconnect.vpn.android.service.ServiceConnectionManager;
import com.cisco.anyconnect.vpn.android.service.VpnCertificate;
import com.cisco.anyconnect.vpn.android.service.VpnConnection;
import com.cisco.anyconnect.vpn.android.service.VpnConnectionValidationError;
import com.cisco.anyconnect.vpn.android.service.VpnServiceResult;
import com.cisco.anyconnect.vpn.jni.CertAuthMode;
import com.mobileiron.C0001R;
import com.mobileiron.common.ab;
import com.mobileiron.common.g.ac;
import com.mobileiron.common.g.x;
import com.mobileiron.signal.BlockingSlot;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: classes.dex */
public final class c extends b {
    private static final String[] c = {"com.cisco.anyconnect.vpn.android.avf", "com.cisco.anyconnect.vpn.android.samsung", "com.cisco.anyconnect.vpn.android.htc"};
    private e d;
    private d e;
    private ServiceConnectionManager f;
    private boolean g;
    private f h;
    private BlockingSlot i;

    public c(Context context) {
        super(context, "cisco_vpn_store");
        this.i = new BlockingSlot(com.mobileiron.signal.a.CISCO_CERT_CALLBACK);
        this.d = new e(this, context);
        this.e = new d(this);
        if (!h()) {
            ab.d("CiscoVPNProvider", "Note: Cisco not installed");
            Iterator it = x.a(this.f450a.getPackageManager()).iterator();
            while (it.hasNext()) {
                String str = ((PackageInfo) it.next()).packageName;
                if (str.contains("cisco")) {
                    ab.d("CiscoVPNProvider", "   Possible match: " + str);
                }
            }
        }
        this.h = new f(this);
    }

    private VpnConnection a(String str) {
        VpnConnection vpnConnection = null;
        try {
            IVpnConnectionList i = i();
            if (i == null) {
                ab.a("CiscoVPNProvider", "getVpnConnectionForConfig: connection list is null.");
            } else {
                vpnConnection = i.b(str);
            }
        } catch (RemoteException e) {
            ab.a("CiscoVPNProvider", "getVpnConnectionForConfig: exception: " + e.toString());
        }
        return vpnConnection;
    }

    private boolean a(byte[] bArr) {
        com.mobileiron.common.q[] c2 = c();
        if (c2 == null) {
            return false;
        }
        for (com.mobileiron.common.q qVar : c2) {
            String g = qVar.g("ipsecCertFingerprint");
            if (g != null && com.mobileiron.common.n.a(bArr, Base64.decode(g, 0))) {
                return true;
            }
        }
        return false;
    }

    private static String b(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    private boolean g(com.mobileiron.common.q qVar) {
        String e = e(qVar);
        try {
            IVpnConnectionList i = i();
            if (i == null) {
                ab.d("CiscoVPNProvider", "addVPNConfig: connection list is null.");
                return false;
            }
            if (i.b(e) != null) {
                ab.d("CiscoVPNProvider", "addVPNConfig: prior config for '" + e + "' found. Removing.");
                d(qVar);
            }
            VpnConnection vpnConnection = new VpnConnection();
            vpnConnection.d(qVar.g("userDefinedName"));
            vpnConnection.b(qVar.g("userDefinedName"));
            vpnConnection.c(qVar.g("ipsecRemoteAddress"));
            if (qVar.g("ipsecCertContent") != null) {
                byte[] decode = Base64.decode(qVar.g("ipsecCertFingerprint"), 0);
                String h = h(qVar);
                if (h == null) {
                    ab.a("CiscoVPNProvider", "Failed to install/find cert.");
                    return false;
                }
                vpnConnection.a(CertAuthMode.Manual);
                vpnConnection.a(decode);
                vpnConnection.f(h);
            }
            int b = i.b(vpnConnection);
            if (b == VpnConnectionValidationError.None.a()) {
                ab.d("CiscoVPNProvider", "added config '" + e + "'");
                return true;
            }
            String str = "Undefined";
            if (b == VpnConnectionValidationError.DuplicateName.a()) {
                str = "DuplicateName";
            } else if (b == VpnConnectionValidationError.InvalidCertificate.a()) {
                str = "InvalidCertificate";
            } else if (b == VpnConnectionValidationError.InvalidHost.a()) {
                str = "InvalidHost";
            } else if (b == VpnConnectionValidationError.InvalidName.a()) {
                str = "InvalidName";
            } else if (b == VpnConnectionValidationError.InvalidState.a()) {
                str = "InvalidState";
            } else if (b == VpnConnectionValidationError.Unpopulated.a()) {
                str = "InvalidState";
            } else if (b == VpnConnectionValidationError.Unknown.a()) {
                str = "Unknown";
            }
            ab.d("CiscoVPNProvider", "addVPNConfig error: " + str + "(" + b + ")");
            return false;
        } catch (RemoteException e2) {
            ab.d("CiscoVPNProvider", "addVPNConfig exception: " + e2.toString());
            return false;
        }
    }

    private String h(com.mobileiron.common.q qVar) {
        IVpnCertificateList iVpnCertificateList;
        String g = qVar.g("ipsecCertContent");
        if (g == null) {
            return null;
        }
        byte[] decode = Base64.decode(g, 0);
        String g2 = qVar.g("ipsecPasskey");
        byte[] decode2 = Base64.decode(qVar.g("ipsecCertFingerprint"), 0);
        try {
            IVpnService j = j();
            if (j == null) {
                ab.a("CiscoVPNProvider", "Could not get service to import cert");
                return null;
            }
            this.i.a();
            j.f();
            Object[] a2 = this.i.a(10000);
            if (a2 == null) {
                ab.d("CiscoVPNProvider", "Timed out waiting for cert list");
                iVpnCertificateList = null;
            } else {
                iVpnCertificateList = (IVpnCertificateList) a2[0];
            }
            if (iVpnCertificateList == null) {
                ab.a("CiscoVPNProvider", "installed certs list is null");
                return null;
            }
            for (VpnCertificate vpnCertificate : iVpnCertificateList.a()) {
                if (org.a.h.a.a(vpnCertificate.a(), decode2)) {
                    return vpnCertificate.b();
                }
            }
            this.i.a();
            VpnServiceResult a3 = j.a(decode, g2);
            if (a3 != VpnServiceResult.SUCCESS) {
                ab.a("CiscoVPNProvider", "Error importing cert: " + a3);
                return null;
            }
            ab.d("CiscoVPNProvider", "Waiting for cert import result...");
            Object[] a4 = this.i.a(10000);
            if (a4 == null) {
                ab.d("CiscoVPNProvider", "Timed out waiting for cert install result");
                return null;
            }
            if (a4[0] == null) {
                ab.d("CiscoVPNProvider", "cert install failed");
                return null;
            }
            ab.d("CiscoVPNProvider", "cert install successful");
            for (VpnCertificate vpnCertificate2 : iVpnCertificateList.a()) {
                if (com.mobileiron.common.n.a(vpnCertificate2.a(), decode2)) {
                    return vpnCertificate2.b();
                }
            }
            ab.a("CiscoVPNProvider", "Successfully installed cert not present in cert list");
            return null;
        } catch (RemoteException e) {
            ab.a("CiscoVPNProvider", "Exception while ensuring cert: " + e.toString());
            return null;
        }
    }

    private boolean h() {
        for (int i = 0; i < c.length; i++) {
            if (com.mobileiron.common.g.c.a(this.f450a, c[i])) {
                return true;
            }
        }
        return false;
    }

    private IVpnConnectionList i() {
        IVpnService j = j();
        if (j == null) {
            return null;
        }
        return j.d();
    }

    private IVpnService j() {
        boolean z = true;
        if (!this.g) {
            if (h()) {
                int i = 0;
                while (true) {
                    if (i >= 3) {
                        ab.a("CiscoVPNProvider", "Failed to connect to Cisco too many times. Giving up.");
                        z = false;
                        break;
                    }
                    ab.d("CiscoVPNProvider", "Connnecting to Cisco. Attempt #" + (i + 1));
                    BlockingSlot blockingSlot = new BlockingSlot(com.mobileiron.signal.a.VPN_CISCO_CONNECT_RESULT);
                    blockingSlot.a();
                    this.h.sendEmptyMessage(0);
                    Object[] a2 = blockingSlot.a(10000);
                    if (a2 == null) {
                        ab.a("CiscoVPNProvider", "Timed out waiting for connection to Cisco");
                    } else {
                        boolean a3 = com.mobileiron.signal.b.a(a2[0], false);
                        ab.d("CiscoVPNProvider", "Connect result: " + a3);
                        if (a3) {
                            break;
                        }
                    }
                    i++;
                }
            } else {
                ab.d("CiscoVPNProvider", "Cisco client not installed.");
                z = false;
            }
        }
        if (!z) {
            ab.d("CiscoVPNProvider", "Unable to establish connection to Cisco");
            return null;
        }
        try {
            IVpnService b = this.f.b();
            if (b != null) {
                return b;
            }
            ab.d("CiscoVPNProvider", "Unable to get cisco service.");
            this.g = false;
            return null;
        } catch (Exception e) {
            ab.d("CiscoVPNProvider", "Exception while attempting to get service: " + e.toString());
            ab.a("CiscoVPNProvider", e);
            this.g = false;
            return null;
        }
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final String a() {
        return "CiscoVPNProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean a(com.mobileiron.common.q qVar) {
        boolean z = ac.a(qVar.g("vpnSubtype"), "com.cisco.anyconnect.applevpn.plugin") && !qVar.h("samsungOnly");
        if (z) {
            if (!h()) {
                com.mobileiron.compliance.utils.c.a().a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.vpn_client_not_installed_error_message);
                return false;
            }
            if (KnoxVPNProvider.g(qVar)) {
                com.mobileiron.compliance.utils.c.a().a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.per_app_vpn_not_supported_error_message);
                return false;
            }
        }
        return z;
    }

    public final boolean b() {
        this.f = new ServiceConnectionManager(this.d);
        if (this.f.a()) {
            ab.d("CiscoVPNProvider", "Cisco activation succeeded");
            return true;
        }
        ab.d("CiscoVPNProvider", "Cisco activation failed");
        com.mobileiron.signal.b.a().a(com.mobileiron.signal.a.VPN_CISCO_CONNECT_RESULT, false);
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean b(com.mobileiron.common.q qVar) {
        VpnConnection a2 = a(e(qVar));
        if (a2 == null) {
            ab.d("CiscoVPNProvider", e(qVar) + ": not configured");
            return false;
        }
        String d = a2.d();
        String g = qVar.g("ipsecRemoteAddress");
        if (!ac.a(d, g)) {
            ab.d("CiscoVPNProvider", e(qVar) + ": server changed (" + d + ", " + g + ")");
            return false;
        }
        byte[] c2 = a2.c();
        String g2 = qVar.g("ipsecCertFingerprint");
        if (c2 == null && g2 == null) {
            ab.d("CiscoVPNProvider", e(qVar) + ": compliant");
            return true;
        }
        if (c2 == null && g2 != null) {
            ab.d("CiscoVPNProvider", e(qVar) + ": cert status changed (didn't have one, should have one now)");
            return false;
        }
        if (c2 != null && g2 == null) {
            ab.d("CiscoVPNProvider", e(qVar) + ": cert status changed (has one, shouldn't have one now)");
            return false;
        }
        if (Base64.encodeToString(c2, 2).equals(g2)) {
            ab.d("CiscoVPNProvider", e(qVar) + ": compliant");
            return true;
        }
        ab.d("CiscoVPNProvider", e(qVar) + ": cert changed");
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean c(com.mobileiron.common.q qVar) {
        boolean z = false;
        String e = e(qVar);
        if (qVar.f("ipsecRemoteAddress")) {
            if (qVar.f("ipsecCertContent")) {
                if (!qVar.f("ipsecPasskey")) {
                    ab.a("CiscoVPNProvider", "VPN config '" + e + "'Has cert data but no passkey. Rejecting.");
                    com.mobileiron.compliance.utils.c.a().a(com.mobileiron.compliance.utils.d.VPN, e, C0001R.string.wrong_user_certificate_error_message);
                } else if (!qVar.f("ipsecCertFingerprint")) {
                    ab.a("CiscoVPNProvider", "VPN config '" + e + "'Has cert data but no fingerprint. Rejecting.");
                }
            }
            z = g(qVar);
            if (!z) {
                com.mobileiron.compliance.utils.c.a().a(com.mobileiron.compliance.utils.d.VPN, e, C0001R.string.vpn_creation_failed_error_message);
            }
        } else {
            ab.a("CiscoVPNProvider", "VPN config '" + e + "'missing server field. Rejecting.");
        }
        return z;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d(com.mobileiron.common.q qVar) {
        String e = e(qVar);
        try {
            IVpnConnectionList i = i();
            VpnConnection b = i.b(e);
            if (b == null) {
                ab.d("CiscoVPNProvider", "removeVPNConfig: config '" + e + "' not found. Ignoring.");
                return true;
            }
            byte[] c2 = b.c();
            if (c2 != null && !a(c2)) {
                IVpnService j = j();
                if (j != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(b(c2));
                    if (j.a(0, arrayList)) {
                        ab.d("CiscoVPNProvider", "removed cert for config '" + e + "'");
                    } else {
                        ab.a("CiscoVPNProvider", "failed to remove cert for config '" + e + "'");
                    }
                } else {
                    ab.a("CiscoVPNProvider", "Service is null; failed to remove cert for config '" + e + "'");
                }
            }
            if (i.a(b)) {
                ab.d("CiscoVPNProvider", "removed config '" + e + "'");
                return true;
            }
            ab.a("CiscoVPNProvider", "failed to remove config '" + e + "'");
            return false;
        } catch (RemoteException e2) {
            ab.d("CiscoVPNProvider", "removeVPNConfig exception: " + e2.toString());
            return false;
        }
    }
}
