package com.mobileiron.compliance.vpn;

import android.util.Base64;
import com.mobileiron.C0001R;
import com.mobileiron.common.ab;
import com.mobileiron.common.g.al;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class i extends a {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.a
    public final String a(com.mobileiron.common.q qVar) {
        return "com.mocana.vpn.android";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final boolean a() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final boolean a(String str, com.mobileiron.common.q qVar, com.mobileiron.common.q qVar2, com.mobileiron.common.q qVar3) {
        if (com.mobileiron.compliance.utils.b.a(qVar2, qVar3, new String[]{"host", "vpn_route_type", "profileName", "isUserAuthEnabled", "backup_server", "authentication_type", "psk", "ikeVersion", "p1Mode", "identity", "identity_type"}) != null) {
            ab.d("IpsecKnoxVPNConfigurator", "Deviance is not null");
            return false;
        }
        if (qVar3.h("isUserAuthEnabled")) {
            String g = qVar3.g("username");
            if (!al.a(g) && !g.equals(qVar2.g("username"))) {
                ab.d("IpsecKnoxVPNConfigurator", "User name changed");
                return false;
            }
            String g2 = qVar3.g("password");
            if (!al.a(g2) && !g2.equals(qVar2.g("password"))) {
                ab.d("IpsecKnoxVPNConfigurator", "User password changed");
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final boolean b() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final boolean b(com.mobileiron.common.q qVar) {
        if (qVar == null) {
            ab.a("IpsecKnoxVPNConfigurator", "VPN config is null - can't configure");
            return false;
        }
        String g = qVar.g("ikeVersion");
        if (!"1".equals(g) && !"2".equals(g)) {
            ab.b("IpsecKnoxVPNConfigurator", "IKE version is wrong in config: " + g);
            return false;
        }
        if (g.equals("1")) {
            String g2 = qVar.g("ikev1mode");
            if (!"aggressive".equals(g2) && !"main".equals(g2)) {
                ab.b("IpsecKnoxVPNConfigurator", "IKE version 1 mode wrong in config: " + g2);
                return false;
            }
        }
        String g3 = qVar.g("ipsecAuth");
        if (!"sharedSecret".equals(g3) && !"Certificate".equals(g3)) {
            ab.b("IpsecKnoxVPNConfigurator", "IPSEC authentication type wrong in config: " + g3);
            return false;
        }
        if (g3.equals("sharedSecret") && al.a(qVar.g("ipsecSharedSecret"))) {
            ab.b("IpsecKnoxVPNConfigurator", "Shared secret missing in config");
            return false;
        }
        String g4 = qVar.g("groupIdType");
        if (!"Default".equals(g4) && !"ikeKeyId".equals(g4) && !"ipv4".equals(g4) && !"fqdn".equals(g4) && !"userfqdn".equals(g4)) {
            ab.b("IpsecKnoxVPNConfigurator", "Unrecognized group id type: " + g4);
            return false;
        }
        com.mobileiron.compliance.utils.c a2 = com.mobileiron.compliance.utils.c.a();
        if (g3.equals("Certificate")) {
            if (!g4.equals("Default")) {
                a2.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.group_id_has_to_be_default_error_message);
                ab.b("IpsecKnoxVPNConfigurator", "Unexpected group id type for cert auth: " + g4);
                return false;
            }
            if (al.a(qVar.g("ipsecCertContent"))) {
                ab.b("IpsecKnoxVPNConfigurator", "User cert is missing");
                a2.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.user_cert_not_chosen_error_message);
                return false;
            }
            if (al.a(qVar.g("ipsecPasskey"))) {
                ab.b("IpsecKnoxVPNConfigurator", "User cert password is missing");
                a2.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.wrong_user_certificate_error_message);
                return false;
            }
            if (!al.a(qVar.g("caCertContent")) && !al.a(qVar.g("caCertPasskey"))) {
                ab.b("IpsecKnoxVPNConfigurator", "Wrong CA certificate");
                a2.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.wrong_ca_certificate_error_message);
                return false;
            }
        }
        if (g4.equals("ikeKeyId") && al.a(qVar.g("vpnGroup"))) {
            ab.b("IpsecKnoxVPNConfigurator", "Group name is empty");
            a2.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.group_name_missing_error_message);
            return false;
        }
        if (!qVar.h("perAppVpn") || !al.a(qVar.g("vpnUuid"))) {
            return true;
        }
        ab.b("IpsecKnoxVPNConfigurator", "No UUID for per app VPN");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final int c() {
        return 5;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.a
    public final String c(com.mobileiron.common.q qVar) {
        byte[] bArr;
        String str;
        super.f(qVar);
        if (this.b.length() > 15) {
            this.b = this.b.substring(0, 14);
            ab.b("IpsecKnoxVPNConfigurator", "VPN connection name is too long - truncating to: " + this.b);
            com.mobileiron.compliance.utils.c.a().b(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.vpn_name_truncated_warning_message);
        }
        this.f449a.b("profileName", this.b);
        boolean a2 = com.mobileiron.compliance.utils.b.a(qVar.g("authType"));
        this.f449a.b("isUserAuthEnabled", Boolean.toString(a2));
        this.f449a.b("vpn_type", "ipsec");
        com.mobileiron.common.q qVar2 = new com.mobileiron.common.q();
        if (a2) {
            qVar2.b("username", qVar.g("ipsecUserName"));
            qVar2.b("password", qVar.g("password"));
        }
        String g = qVar.g("backupServer");
        if (!al.a(g)) {
            qVar2.b("backup_server", g);
        }
        if ("Certificate".equals(qVar.g("ipsecAuth"))) {
            qVar2.b("authentication_type", "1");
        } else {
            qVar2.b("authentication_type", "2");
            try {
                bArr = Base64.decode(qVar.g("ipsecSharedSecret"), 0);
            } catch (IllegalArgumentException e) {
                ab.b("IpsecKnoxVPNConfigurator", "Shared secret decoding error");
                bArr = null;
            }
            if (bArr != null) {
                try {
                    str = new String(bArr, Charset.defaultCharset().displayName());
                } catch (UnsupportedEncodingException e2) {
                    ab.b("IpsecKnoxVPNConfigurator", "Shared secret encoding error");
                }
                qVar2.b("psk", str);
            }
            str = null;
            qVar2.b("psk", str);
        }
        if ("1".equals(qVar.g("ikeVersion"))) {
            qVar2.b("ikeVersion", "1");
        } else {
            qVar2.b("ikeVersion", "2");
        }
        if ("aggressive".equals(qVar.g("ikev1mode"))) {
            qVar2.b("p1Mode", "4");
        } else {
            qVar2.b("p1Mode", "2");
        }
        qVar2.b("identity", qVar.g("vpnGroup"));
        String g2 = qVar.g("groupIdType");
        if ("Default".equals(g2)) {
            qVar2.b("identity_type", "0");
        } else if ("fqdn".equals(g2)) {
            qVar2.b("identity_type", "2");
        } else if ("userfqdn".equals(g2)) {
            qVar2.b("identity_type", "3");
        } else if ("ipv4".equals(g2)) {
            qVar2.b("identity_type", "1");
        } else {
            qVar2.b("identity_type", "11");
        }
        return "{ \"KNOX_VPN_PARAMETERS\" : { \"profile_attribute\" : " + this.f449a.b() + ", \"ipsec\" : { \"basic\" : " + qVar2.b() + " }  }  }";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final void d(com.mobileiron.common.q qVar) {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.a
    public final void e(com.mobileiron.common.q qVar) {
    }
}
