package com.mobileiron.compliance.vpn;

import android.util.Base64;
import com.mobileiron.R;
import com.mobileiron.common.o;
import com.mobileiron.compliance.utils.ConfigurationErrors;
import com.samsung.android.knox.accounts.HostAuth;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.StringUtils;
import org.spongycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class l extends f {
    private static Set<String> g = new HashSet();
    private static Set<String> h = new HashSet();

    static {
        g.add("DES-CFB");
        g.add("DES-CBC");
        g.add("RC2-CBC");
        g.add("RC2-CFB");
        g.add("RC2-OFB");
        g.add("DES-EDE-CBC");
        g.add("DES-EDE3-CBC");
        g.add("DES-OFB");
        g.add("DES-EDE-CFB");
        g.add("DES-EDE3-CFB");
        g.add("DES-EDE-OFB");
        g.add("DES-EDE3-OFB");
        g.add("DESX-CBC");
        g.add("BF-CBC");
        g.add("BF-OFB");
        g.add("RC2-40-CBC");
        g.add("CAST5-CBC");
        g.add("CAST5-CFB");
        g.add("CAST5-OFB");
        g.add("RC2-64-CBC");
        g.add("AES-128-CBC");
        g.add("AES-128-OFB");
        g.add("AES-128-CFB");
        g.add("AES-192-CBC");
        g.add("AES-192-OFB");
        g.add("AES-192-CFB");
        g.add("AES-256-CBC");
        g.add("AES-256-OFB");
        g.add("AES-256-CFB");
        g.add("AES-128-CFB1");
        g.add("AES-192-CFB1");
        g.add("AES-256-CFB1");
        g.add("AES-128-CFB8");
        g.add("AES-192-CFB8");
        g.add("AES-256-CFB8");
        g.add("DES-CFB1");
        g.add("DES-CFB8");
        g.add("DES-EDE3-CFB1");
        g.add("DES-EDE3-CFB8");
        h.add(MessageDigestAlgorithms.MD5);
        h.add("RSA-MD5");
        h.add("SHA");
        h.add("RSA-SHA");
        h.add("SHA1");
        h.add("RSA-SHA1");
        h.add("DSA-SHA");
        h.add("DSA-SHA1");
        h.add("RSA-SHA1-2");
        h.add("DSA");
        h.add("RIPEMD160");
        h.add("RSA-RIPEMD160");
        h.add("MD4");
        h.add("RSA-MD4");
        h.add("ecdsa-with-SHA1");
        h.add("RSA-SHA256");
        h.add("RSA-SHA384");
        h.add("RSA-SHA512");
        h.add("RSA-SHA224");
        h.add("SHA256");
        h.add("SHA384");
        h.add("SHA512");
        h.add("SHA224");
    }

    private static File k(com.mobileiron.acom.core.utils.k kVar) {
        if (StringUtils.isBlank(kVar.h("caCertContent"))) {
            return null;
        }
        return new File(com.mobileiron.acom.core.android.f.a().getExternalFilesDir("openvpn"), kVar.h("userDefinedName"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final String a() {
        return "OpenVPN for Android";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final String a(com.mobileiron.acom.core.utils.k kVar) {
        return kVar.h("packageName");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean a(String str, com.mobileiron.acom.core.utils.k kVar, com.mobileiron.acom.core.utils.k kVar2, com.mobileiron.acom.core.utils.k kVar3, boolean z) {
        if (!super.a(str, kVar, kVar2, kVar3, "net.openvpn.knox.connect".equals(kVar.h("packageName")))) {
            return false;
        }
        String a2 = com.mobileiron.compliance.utils.b.a(kVar2, kVar3, new String[]{"packetAuthDigest", "cipher", "port", HostAuth.PROTOCOL});
        if (a2 != null) {
            o.g("OpenVpnSslKnoxVPNConfigurator", "Config deviance: " + a2);
            return false;
        }
        if (!a(kVar2, kVar3, "userCertAlias")) {
            return false;
        }
        String h2 = kVar2.h("caCert");
        String h3 = kVar.h("caCertContent");
        if (StringUtils.isBlank(h2) && StringUtils.isBlank(h3)) {
            return true;
        }
        if (StringUtils.isBlank(h2) && !StringUtils.isBlank(h3)) {
            return false;
        }
        if (!StringUtils.isBlank(h2) && StringUtils.isBlank(h3)) {
            return false;
        }
        boolean areEqual = Arrays.areEqual(com.mobileiron.common.utils.i.a(k(kVar)), Base64.decode(h3, 0));
        if (!areEqual) {
            o.f("OpenVpnSslKnoxVPNConfigurator", "CA cert changed");
        }
        return areEqual;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean b(com.mobileiron.acom.core.utils.k kVar) {
        boolean b = super.b(kVar);
        if (b) {
            if (kVar.h("packageName") == null) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Missing package name");
                return false;
            }
            int a2 = kVar.a("httpsPort", 0, -1);
            if (a2 <= 0 || a2 > 65535) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Wrong https port: " + a2);
                return false;
            }
            String h2 = kVar.h(HostAuth.PROTOCOL);
            if (!"UDP".equals(h2) && !"TCP".equals(h2)) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Wrong protocol: " + h2);
                return false;
            }
            String h3 = kVar.h("packetAuthDigest");
            if (!h.contains(h3)) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Unknown packet auth digest: " + h3);
                return false;
            }
            String h4 = kVar.h("cipher");
            if (!g.contains(h4)) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Unknown cipher: " + h4);
                return false;
            }
            String h5 = kVar.h("authType");
            if (!"Certificate".equals(h5) && !"Password".equals(h5)) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Unknown auth type: " + h5);
                return false;
            }
            if ("Certificate".equals(h5) && StringUtils.isBlank(kVar.h("ipsecCertContent"))) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "No ID cert with certificate auth type");
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.user_cert_not_chosen_error_message);
                return false;
            }
            if ("net.openvpn.knox.connect".equals(kVar.h("packageName")) && com.mobileiron.e.a.c().f().M() < 910) {
                kVar.d("insideKnoxWorkspace", "true");
            }
        }
        return b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final String c(com.mobileiron.acom.core.utils.k kVar) {
        super.j(kVar);
        this.c.b("username", kVar.h("ipsecUserName"));
        this.c.b(HostAuth.PASSWORD, kVar.h(HostAuth.PASSWORD));
        String e = VPNManager.e(kVar);
        File k = k(kVar);
        String absolutePath = k != null ? k.getAbsolutePath() : "";
        this.d.b(HostAuth.PROTOCOL, kVar.h(HostAuth.PROTOCOL).equals("TCP") ? "tcp" : "udp");
        this.d.b("port", kVar.h("httpsPort"));
        this.d.b("lzoCompression", true);
        this.d.b("allowPullSettingsFromServer", true);
        this.d.b("ipv4Address", "");
        this.d.b("ipv6Address", "");
        this.d.b("bindToLocalAddress", false);
        this.d.b("overrideDefaultDns", false);
        this.d.b("searchDomain", "");
        this.d.b("dnsServer", "");
        this.d.b("backupDnsServer", "");
        this.d.b("serverUsesTlsCert", false);
        this.d.b("enableRemoteServerCertCheck", false);
        this.d.b("certSubjectType", "");
        this.d.b("certsubjectValue", "");
        this.d.b("isTlsAuthEnabled", false);
        this.d.b("tLSauthFile", "");
        this.d.b("tlsDirection", "");
        this.d.b("cipher", kVar.h("cipher"));
        this.d.b("userCertAlias", e);
        this.d.b("packetAuthDigest", kVar.h("packetAuthDigest"));
        this.d.b("ignorePushedRoutes", false);
        this.d.b("bypassVpnForLocalNetworks", true);
        this.d.b("useDefaultRoutev4", true);
        this.d.b("customRoutesv4", "");
        this.d.b("excludedRoutesv4", "");
        this.d.b("useDefaultRoutev6", true);
        this.d.b("customRoutesv6", "");
        this.d.b("excludedRoutesv6", "");
        this.d.b("randomHostPrefix", false);
        this.d.b("allowFloatingServer", false);
        this.d.b("persistentTun", false);
        this.d.c("numOfconnectionretries", 5);
        this.d.c("numOfSecondsBetweenRetries", 5);
        this.d.b("enableCustomOptions", false);
        this.d.b("customOptions", "");
        this.d.b("caCert", absolutePath);
        return c();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean d(com.mobileiron.acom.core.utils.k kVar) {
        return "net.openvpn.knox.connect".equals(kVar.h("packageName"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean e(com.mobileiron.acom.core.utils.k kVar) {
        return "net.openvpn.knox.connect".equals(kVar.h("packageName"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean f(com.mobileiron.acom.core.utils.k kVar) {
        return "net.openvpn.knox.connect".equals(kVar.h("packageName"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final boolean g(com.mobileiron.acom.core.utils.k kVar) {
        return "net.openvpn.knox.connect".equals(kVar.h("packageName"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final void h(com.mobileiron.acom.core.utils.k kVar) {
        File k = k(kVar);
        if (k != null) {
            if (!k.exists()) {
                o.d("OpenVpnSslKnoxVPNConfigurator", "Could not find CA file");
            } else {
                if (k.delete()) {
                    return;
                }
                o.d("OpenVpnSslKnoxVPNConfigurator", "Could not delete CA file");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mobileiron.compliance.vpn.f, com.mobileiron.compliance.vpn.a
    public final void i(com.mobileiron.acom.core.utils.k kVar) {
        File k = k(kVar);
        if (k == null || com.mobileiron.common.utils.i.a(Base64.decode(kVar.h("caCertContent"), 0), k)) {
            return;
        }
        o.d("OpenVpnSslKnoxVPNConfigurator", "CA cert copying failed");
    }
}
