package com.mobileiron.compliance.vpn;

import android.content.Context;
import android.util.Base64;
import com.mobileiron.C0001R;
import com.mobileiron.common.ab;
import com.mobileiron.common.g.al;
import com.mobileiron.compliance.MSComplianceManager;
import com.mobileiron.compliance.SilentAppInstallManager;
import com.mobileiron.compliance.knox.MSKnoxManager;
import com.mobileiron.compliance.utils.EasyAndroidPolicy;
import com.mobileiron.opensslwrapper.Util;
import com.mobileiron.proxy.aidl.ProxyResponse;
import com.mobileiron.signal.Slot;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;

/* loaded from: classes.dex */
public class KnoxVPNProvider extends b implements Slot {
    static final HashMap c = new HashMap();
    private com.mobileiron.compliance.knox.c d;
    private boolean e;
    private com.mobileiron.compliance.utils.c f;

    public KnoxVPNProvider(Context context) {
        super(context, "knox_vpn_store");
        this.d = new com.mobileiron.compliance.knox.c(context);
        com.mobileiron.signal.b.a().a((Slot) this);
        c.put(o.KNOX_VPN_IPSEC_MOCANA, new i());
        c.put(o.KNOX_VPN_SSL_F5, new h());
        c.put(o.KNOX_VPN_SSL_OPENVPN, new q());
        c.put(o.KNOX_VPN_SSL_JUNIPER, new j());
        this.f = com.mobileiron.compliance.utils.c.a();
    }

    private int a(o oVar) {
        int i = 0;
        for (com.mobileiron.common.q qVar : g()) {
            if (h(qVar) == oVar) {
                i++;
            }
        }
        return i;
    }

    private boolean a(String str, com.mobileiron.common.q qVar) {
        com.mobileiron.common.q a2 = a(str);
        if (a2 == null) {
            ab.c("KnoxVPNProvider", "Could not find VPN corresponding to UUID: " + str);
            return false;
        }
        qVar.b(com.mobileiron.d.o.PROFILE_UUID.name(), str);
        qVar.b(com.mobileiron.d.o.PROVIDER_PACKAGE_NAME.name(), ((a) c.get(h(a2))).a(a2));
        return true;
    }

    private static boolean a(String str, com.mobileiron.common.q qVar, com.mobileiron.common.q qVar2) {
        a aVar = (a) c.get(h(qVar));
        if (aVar.b() && !com.mobileiron.common.n.b(qVar.g("caCertContent"), qVar2.g(com.mobileiron.d.o.CA_CERT_BYTES.name()))) {
            return false;
        }
        if (aVar.a()) {
            String g = qVar.g("ipsecCertContent");
            if (!al.a(g)) {
                g = Base64.encodeToString(com.mobileiron.common.a.c.b(Base64.decode(g, 0), qVar.g("ipsecPasskey")), 0).replaceAll("\\n", "");
            }
            if (!com.mobileiron.common.n.b(g, qVar2.g(com.mobileiron.d.o.ID_CERT_BYTES.name()))) {
                return false;
            }
        }
        String g2 = qVar2.g(com.mobileiron.d.o.PROFILE_INFO.name());
        if (al.a(g2)) {
            return false;
        }
        try {
            return aVar.a(str, qVar, com.mobileiron.common.q.c(new String(Base64.decode(g2, 0), Util.DEFAULT_ENCODING)), com.mobileiron.common.q.c(aVar.c(qVar)));
        } catch (UnsupportedEncodingException e) {
            ab.a("KnoxVPNProvider", "configEqualsToProfile: " + e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean g(com.mobileiron.common.q qVar) {
        if (com.mobileiron.compliance.utils.b.b() >= 70 || h(qVar) != o.KNOX_VPN_IPSEC_MOCANA) {
            return qVar.h("perAppVpn");
        }
        return true;
    }

    private static o h(com.mobileiron.common.q qVar) {
        String g = qVar.g("connectionType");
        String g2 = qVar.g("vpnSubtype");
        if (com.mobileiron.common.n.b(g, "Samsung KNOX IPsec")) {
            return o.KNOX_VPN_IPSEC_MOCANA;
        }
        if (!qVar.h("samsungOnly")) {
            return o.KNOX_VPN_UNKNOWN;
        }
        if (com.mobileiron.common.n.b(g, "VPN")) {
            if (com.mobileiron.common.n.b(g2, "com.f5.F5-Edge-Client.vpnplugin")) {
                return o.KNOX_VPN_SSL_F5;
            }
            if (com.mobileiron.common.n.b(g2, "com.cisco.anyconnect.applevpn.plugin")) {
                return o.KNOX_VPN_SSL_CISCO;
            }
            if (com.mobileiron.common.n.b(g2, "net.juniper.sslvpn")) {
                return o.KNOX_VPN_SSL_JUNIPER;
            }
            if (com.mobileiron.common.n.b(g2, "net.openvpn.plugin")) {
                return o.KNOX_VPN_SSL_OPENVPN;
            }
        }
        return o.KNOX_VPN_UNKNOWN;
    }

    private static com.mobileiron.common.q i(com.mobileiron.common.q qVar) {
        com.mobileiron.common.q qVar2 = new com.mobileiron.common.q();
        qVar2.b(com.mobileiron.d.o.PROVIDER_PACKAGE_NAME.name(), ((a) c.get(h(qVar))).a(qVar));
        qVar2.b(com.mobileiron.d.o.PROFILE_UUID.name(), g(qVar) ? com.mobileiron.compliance.utils.b.a(qVar) : qVar.g("userDefinedName"));
        return qVar2;
    }

    public final com.mobileiron.common.q a(String str) {
        for (com.mobileiron.common.q qVar : this.b.b()) {
            if (g(qVar) && str.equals(com.mobileiron.compliance.utils.b.a(qVar))) {
                return qVar;
            }
        }
        return null;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final String a() {
        return "KnoxVPNProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean a(com.mobileiron.common.q qVar) {
        o h = h(qVar);
        String g = qVar.g("userDefinedName");
        if (h.equals(o.KNOX_VPN_UNKNOWN)) {
            if (com.mobileiron.common.n.a(qVar.g("vpnSubtype"), "net.openvpn.plugin") || com.mobileiron.common.n.a(qVar.g("vpnSubtype"), "com.f5.F5-Edge-Client.vpnplugin")) {
                this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.knox_checkbox_should_be_enabled_error_message);
            }
            return false;
        }
        if (h.equals(o.KNOX_VPN_SSL_CISCO)) {
            this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.unsupported_knox_vpn_type_error_message);
            return false;
        }
        if (!com.mobileiron.compliance.utils.k.b()) {
            if (EasyAndroidPolicy.a().d()) {
                this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.knox_device_needed_for_this_vpn_error_message);
            } else {
                this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.no_da_vpn_could_not_be_created_error_message);
            }
            return false;
        }
        if (com.mobileiron.compliance.utils.k.g() < 120) {
            this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.knox_12_needed_for_this_vpn_error_message);
            return false;
        }
        a aVar = (a) c.get(h);
        if (aVar == null || !aVar.b(qVar)) {
            return false;
        }
        if (!com.mobileiron.common.g.c.a(this.f450a, aVar.a(qVar))) {
            this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.vpn_client_not_installed_error_message);
            return false;
        }
        if (!aVar.a()) {
            String g2 = g.g(qVar);
            if (!al.a(g2) && !new com.mobileiron.compliance.cert.m(this.f450a).a(g2)) {
                ab.b("KnoxVPNProvider", "Certificate not installed: " + g2);
                this.f.a(com.mobileiron.compliance.utils.d.VPN, g, C0001R.string.user_cert_not_installed_error_message);
                return false;
            }
        }
        return true;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean b(com.mobileiron.common.q qVar) {
        ProxyResponse e = this.d.e(i(qVar));
        com.mobileiron.compliance.knox.c cVar = this.d;
        if (!com.mobileiron.compliance.knox.c.a(e)) {
            return false;
        }
        com.mobileiron.common.q c2 = this.b.c(qVar);
        return a(c2 != null ? c2.g("hashedPassword") : null, qVar, com.mobileiron.common.q.a(e.b()));
    }

    @Override // com.mobileiron.signal.Slot
    public final com.mobileiron.signal.a[] b() {
        return new com.mobileiron.signal.a[]{com.mobileiron.signal.a.ADD_CONTAINER_TO_VPN, com.mobileiron.signal.a.ADD_CONTAINER_APP_TO_VPN, com.mobileiron.signal.a.REMOVE_CONTAINER_APP_FROM_VPN, com.mobileiron.signal.a.ADD_APP_TO_VPN, com.mobileiron.signal.a.REMOVE_APP_FROM_VPN, com.mobileiron.signal.a.REMOVE_CONTAINER_FROM_VPN, com.mobileiron.signal.a.INSTALLED_APPS_CHANGED, com.mobileiron.signal.a.DEVICE_REBOOT};
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean c(com.mobileiron.common.q qVar) {
        if (((MSKnoxManager) MSComplianceManager.a().e("KnoxManager")).a(com.mobileiron.compliance.knox.q.KLK) == null) {
            this.f.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.no_klk_vpn_could_not_be_created_error_message);
            return false;
        }
        o h = h(qVar);
        a aVar = (a) c.get(h);
        int c2 = aVar.c();
        if (a(h) == c2) {
            ab.b("KnoxVPNProvider", "Too many connections of type: " + h.name());
            if (c2 == 1) {
                this.f.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.too_many_connections_error_message_1);
            } else if (c2 == 5) {
                this.f.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.too_many_connections_error_message_5);
            } else {
                ab.a("KnoxVPNProvider", "Unexpected max number of connections: " + c2);
            }
            return false;
        }
        com.mobileiron.common.q i = i(qVar);
        try {
            i.b(com.mobileiron.d.o.PROFILE_INFO.name(), Base64.encodeToString(((a) c.get(h(qVar))).c(qVar).getBytes(Util.DEFAULT_ENCODING), 0));
            if (aVar.a()) {
                String g = qVar.g("ipsecCertContent");
                if (!al.a(g)) {
                    i.b(com.mobileiron.d.o.ID_CERT_BYTES.name(), g);
                    i.b(com.mobileiron.d.o.ID_CERT_PASSWORD.name(), qVar.g("ipsecPasskey"));
                }
            }
            if (aVar.b()) {
                String g2 = qVar.g("caCertContent");
                if (!al.a(g2)) {
                    i.b(com.mobileiron.d.o.CA_CERT_BYTES.name(), g2);
                }
            }
            if (((r) MSComplianceManager.a().e("VPNManager")).i()) {
                ab.d("KnoxVPNProvider", "Upgrade to Atherton detected");
                i.a(com.mobileiron.d.o.CLIENT_UPGRADE.name(), true);
            }
            aVar.e(qVar);
            com.mobileiron.compliance.knox.c cVar = this.d;
            if (com.mobileiron.compliance.knox.c.a(this.d.a(i))) {
                ab.d("KnoxVPNProvider", "successfully applied config");
                this.e = true;
                return true;
            }
            this.f.a(com.mobileiron.compliance.utils.d.VPN, qVar.g("userDefinedName"), C0001R.string.vpn_creation_failed_error_message);
            aVar.d(qVar);
            return false;
        } catch (UnsupportedEncodingException e) {
            ab.a("KnoxVPNProvider", "Failed to encode profile");
            return false;
        }
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d(com.mobileiron.common.q qVar) {
        ProxyResponse d = this.d.d(i(qVar));
        o h = h(qVar);
        a aVar = (a) c.get(h);
        aVar.d(qVar);
        if (a(h) == 1) {
            SilentAppInstallManager.c(aVar.a(qVar));
        }
        com.mobileiron.compliance.knox.c cVar = this.d;
        if (!com.mobileiron.compliance.knox.c.a(d)) {
            return false;
        }
        ab.d("KnoxVPNProvider", "successfully removed config");
        return true;
    }

    @Override // com.mobileiron.compliance.vpn.b
    protected final void f(com.mobileiron.common.q qVar) {
        super.f(qVar);
        o h = h(qVar);
        if (a(h) == 1) {
            SilentAppInstallManager.b(((a) c.get(h)).a(qVar));
        }
        if (this.e) {
            this.e = false;
            if (g(qVar)) {
                com.mobileiron.signal.b.a().a(com.mobileiron.signal.a.RECONNECT_VPN, com.mobileiron.compliance.utils.b.a(qVar));
            }
        }
    }

    @Override // com.mobileiron.signal.Slot
    public void slot(com.mobileiron.signal.a aVar, Object[] objArr) {
        ab.c("KnoxVPNProvider", "Signal: " + aVar.name());
        com.mobileiron.common.q qVar = new com.mobileiron.common.q();
        switch (n.f456a[aVar.ordinal()]) {
            case 1:
                com.mobileiron.common.q[] g = g();
                if (g != null) {
                    for (com.mobileiron.common.q qVar2 : g) {
                        if (g(qVar2)) {
                            this.d.d(i(qVar2));
                        }
                    }
                    return;
                }
                return;
            case 2:
                if (((String) objArr[0]).equals("android.intent.action.PACKAGE_ADDED")) {
                    String str = (String) objArr[1];
                    com.mobileiron.common.q[] c2 = c();
                    if (c2 != null) {
                        for (com.mobileiron.common.q qVar3 : c2) {
                            a aVar2 = (a) c.get(h(qVar3));
                            if (aVar2 != null && str.equals(aVar2.a(qVar3))) {
                                MSComplianceManager.a().a("VPN client " + str + " installed");
                                return;
                            }
                        }
                        return;
                    }
                    return;
                }
                return;
            case 3:
                if (a((String) objArr[1], qVar)) {
                    com.mobileiron.compliance.knox.c cVar = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.a(((Integer) objArr[0]).intValue(), qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "addContainerToVpn failed");
                    return;
                }
                return;
            case 4:
                if (a((String) objArr[1], qVar)) {
                    com.mobileiron.compliance.knox.c cVar2 = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.b(((Integer) objArr[0]).intValue(), qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "removeContainerFromVpn failed");
                    return;
                }
                return;
            case 5:
                if (a((String) objArr[2], qVar)) {
                    qVar.b(com.mobileiron.d.o.APP_PACKAGE_NAME.name(), (String) objArr[1]);
                    com.mobileiron.compliance.knox.c cVar3 = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.d(((Integer) objArr[0]).intValue(), qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "addContainerAppToVpn failed");
                    return;
                }
                return;
            case 6:
                if (a((String) objArr[2], qVar)) {
                    qVar.b(com.mobileiron.d.o.APP_PACKAGE_NAME.name(), (String) objArr[1]);
                    com.mobileiron.compliance.knox.c cVar4 = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.c(((Integer) objArr[0]).intValue(), qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "removeContainerAppFromVpn failed");
                    return;
                }
                return;
            case 7:
                if (a((String) objArr[1], qVar)) {
                    qVar.b(com.mobileiron.d.o.APP_PACKAGE_NAME.name(), (String) objArr[0]);
                    com.mobileiron.compliance.knox.c cVar5 = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.c(qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "addAppToVpn failed");
                    return;
                }
                return;
            case 8:
                if (a((String) objArr[1], qVar)) {
                    qVar.b(com.mobileiron.d.o.APP_PACKAGE_NAME.name(), (String) objArr[0]);
                    com.mobileiron.compliance.knox.c cVar6 = this.d;
                    if (com.mobileiron.compliance.knox.c.a(this.d.b(qVar))) {
                        return;
                    }
                    ab.b("KnoxVPNProvider", "removeAppFromVpn failed");
                    return;
                }
                return;
            default:
                throw new IllegalArgumentException("Unexpected signal: " + aVar);
        }
    }
}
