package com.mobileiron.compliance.vpn;

import android.util.Base64;
import com.mobileiron.C0001R;
import com.mobileiron.common.ab;
import com.mobileiron.common.g.ac;
import com.mobileiron.common.g.al;
import java.io.File;
import java.util.HashSet;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class q extends g {
    private static Set f = new HashSet();
    private static Set g = new HashSet();

    static {
        f.add("DES-CFB");
        f.add("DES-CBC");
        f.add("RC2-CBC");
        f.add("RC2-CFB");
        f.add("RC2-OFB");
        f.add("DES-EDE-CBC");
        f.add("DES-EDE3-CBC");
        f.add("DES-OFB");
        f.add("DES-EDE-CFB");
        f.add("DES-EDE3-CFB");
        f.add("DES-EDE-OFB");
        f.add("DES-EDE3-OFB");
        f.add("DESX-CBC");
        f.add("BF-CBC");
        f.add("BF-OFB");
        f.add("RC2-40-CBC");
        f.add("CAST5-CBC");
        f.add("CAST5-CFB");
        f.add("CAST5-OFB");
        f.add("RC2-64-CBC");
        f.add("AES-128-CBC");
        f.add("AES-128-OFB");
        f.add("AES-128-CFB");
        f.add("AES-192-CBC");
        f.add("AES-192-OFB");
        f.add("AES-192-CFB");
        f.add("AES-256-CBC");
        f.add("AES-256-OFB");
        f.add("AES-256-CFB");
        f.add("AES-128-CFB1");
        f.add("AES-192-CFB1");
        f.add("AES-256-CFB1");
        f.add("AES-128-CFB8");
        f.add("AES-192-CFB8");
        f.add("AES-256-CFB8");
        f.add("DES-CFB1");
        f.add("DES-CFB8");
        f.add("DES-EDE3-CFB1");
        f.add("DES-EDE3-CFB8");
        g.add("MD5");
        g.add("RSA-MD5");
        g.add("SHA");
        g.add("RSA-SHA");
        g.add("SHA1");
        g.add("RSA-SHA1");
        g.add("DSA-SHA");
        g.add("DSA-SHA1");
        g.add("RSA-SHA1-2");
        g.add("DSA");
        g.add("RIPEMD160");
        g.add("RSA-RIPEMD160");
        g.add("MD4");
        g.add("RSA-MD4");
        g.add("ecdsa-with-SHA1");
        g.add("RSA-SHA256");
        g.add("RSA-SHA384");
        g.add("RSA-SHA512");
        g.add("RSA-SHA224");
        g.add("SHA256");
        g.add("SHA384");
        g.add("SHA512");
        g.add("SHA224");
    }

    private static File h(com.mobileiron.common.q qVar) {
        if (al.a(qVar.g("caCertContent"))) {
            return null;
        }
        return new File(com.mobileiron.common.f.b().c().getExternalFilesDir("openvpn"), qVar.g("userDefinedName"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final String a(com.mobileiron.common.q qVar) {
        return qVar.g("packageName");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final boolean a(String str, com.mobileiron.common.q qVar, com.mobileiron.common.q qVar2, com.mobileiron.common.q qVar3) {
        if (!super.a(str, qVar, qVar2, qVar3)) {
            return false;
        }
        String a2 = com.mobileiron.compliance.utils.b.a(qVar2, qVar3, new String[]{"packetAuthDigest", "cipher", "port", "protocol"});
        if (a2 != null) {
            ab.d("OpenVpnSslKnoxVPNConfigurator", "Config deviance: " + a2);
            return false;
        }
        if (!a(qVar2, qVar3, "userCertAlias")) {
            return false;
        }
        String g2 = qVar2.g("caCert");
        String g3 = qVar.g("caCertContent");
        if (al.a(g2) && al.a(g3)) {
            return true;
        }
        if (al.a(g2) && !al.a(g3)) {
            return false;
        }
        if (!al.a(g2) && al.a(g3)) {
            return false;
        }
        boolean a3 = org.a.h.a.a(ac.b(h(qVar)), Base64.decode(g3, 0));
        if (a3) {
            return a3;
        }
        ab.c("OpenVpnSslKnoxVPNConfigurator", "CA cert changed");
        return a3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final boolean b(com.mobileiron.common.q qVar) {
        boolean b = super.b(qVar);
        if (b) {
            if (qVar.g("packageName") == null) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Missing package name");
                return false;
            }
            int a2 = qVar.a("httpsPort", -1);
            if (a2 <= 0 || a2 > 65535) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Wrong https port: " + a2);
                return false;
            }
            String g2 = qVar.g("protocol");
            if (!"UDP".equals(g2) && !"TCP".equals(g2)) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Wrong protocol: " + g2);
                return false;
            }
            String g3 = qVar.g("packetAuthDigest");
            if (!g.contains(g3)) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Unknown packet auth digest: " + g3);
                return false;
            }
            String g4 = qVar.g("cipher");
            if (!f.contains(g4)) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Unknown cipher: " + g4);
                return false;
            }
            String g5 = qVar.g("authType");
            if (!"Certificate".equals(g5) && !"Password".equals(g5)) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Unknown auth type: " + g5);
                return false;
            }
            if ("Certificate".equals(g5) && al.a(qVar.g("ipsecCertContent"))) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "No ID cert with certificate auth type");
                com.mobileiron.compliance.utils.c.a().a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.user_cert_not_chosen_error_message);
                return false;
            }
        }
        return b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final String c(com.mobileiron.common.q qVar) {
        super.f(qVar);
        this.c.b("username", qVar.g("ipsecUserName"));
        this.c.b("password", qVar.g("password"));
        String g2 = g(qVar);
        File h = h(qVar);
        String absolutePath = h != null ? h.getAbsolutePath() : "";
        this.d.b("protocol", qVar.g("protocol").equals("TCP") ? "tcp" : "udp");
        this.d.b("port", qVar.g("httpsPort"));
        this.d.a("lzoCompression", true);
        this.d.a("allowPullSettingsFromServer", true);
        this.d.b("ipv4Address", "");
        this.d.b("ipv6Address", "");
        this.d.a("bindToLocalAddress", false);
        this.d.a("overrideDefaultDns", false);
        this.d.b("searchDomain", "");
        this.d.b("dnsServer", "");
        this.d.b("backupDnsServer", "");
        this.d.a("serverUsesTlsCert", false);
        this.d.a("enableRemoteServerCertCheck", false);
        this.d.b("certSubjectType", "");
        this.d.b("certsubjectValue", "");
        this.d.a("isTlsAuthEnabled", false);
        this.d.b("tLSauthFile", "");
        this.d.b("tlsDirection", "");
        this.d.b("cipher", qVar.g("cipher"));
        this.d.b("userCertAlias", g2);
        this.d.b("packetAuthDigest", qVar.g("packetAuthDigest"));
        this.d.a("ignorePushedRoutes", false);
        this.d.a("bypassVpnForLocalNetworks", true);
        this.d.a("useDefaultRoutev4", true);
        this.d.b("customRoutesv4", "");
        this.d.b("excludedRoutesv4", "");
        this.d.a("useDefaultRoutev6", true);
        this.d.b("customRoutesv6", "");
        this.d.b("excludedRoutesv6", "");
        this.d.a("randomHostPrefix", false);
        this.d.a("allowFloatingServer", false);
        this.d.a("persistentTun", false);
        this.d.d("numOfconnectionretries", 5);
        this.d.d("numOfSecondsBetweenRetries", 5);
        this.d.a("enableCustomOptions", false);
        this.d.b("customOptions", "");
        this.d.b("caCert", absolutePath);
        return d();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final void d(com.mobileiron.common.q qVar) {
        File h = h(qVar);
        if (h != null) {
            if (!h.exists()) {
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Could not find CA file");
            } else {
                if (h.delete()) {
                    return;
                }
                ab.b("OpenVpnSslKnoxVPNConfigurator", "Could not delete CA file");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.g, com.mobileiron.compliance.vpn.a
    public final void e(com.mobileiron.common.q qVar) {
        File h = h(qVar);
        if (h == null || ac.a(Base64.decode(qVar.g("caCertContent"), 0), h)) {
            return;
        }
        ab.b("OpenVpnSslKnoxVPNConfigurator", "CA cert copying failed");
    }
}
