package com.mobileiron.compliance.vpn;

import android.content.pm.PackageInfo;
import android.util.Base64;
import com.mobileiron.R;
import com.mobileiron.acom.core.android.AppsUtils;
import com.mobileiron.acom.mdm.vpn.cisco.CiscoConfigurator;
import com.mobileiron.acom.mdm.vpn.cisco.a;
import com.mobileiron.common.o;
import com.mobileiron.compliance.utils.ConfigurationErrors;
import com.mobileiron.opensslwrapper.CryptoProvider;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public final class e extends b {
    private CiscoConfigurator c;

    public e() {
        super("cisco_vpn_store");
        this.c = new CiscoConfigurator(this.f2808a);
        if (CiscoConfigurator.a()) {
            o.g("CiscoVPNProvider", "Note: Cisco not installed");
            Iterator<PackageInfo> it = AppsUtils.b(0).iterator();
            while (it.hasNext()) {
                String str = it.next().packageName;
                if (str.contains("cisco")) {
                    o.g("CiscoVPNProvider", "   Possible match: " + str);
                }
            }
        }
    }

    private String b(String str, String str2) {
        byte[] c = c(str, str2);
        if (c == null) {
            return null;
        }
        return Base64.encodeToString(c, 2);
    }

    private static byte[] c(String str, String str2) {
        byte[] c;
        if (str == null || (c = com.mobileiron.acom.core.utils.a.c.c(Base64.decode(str, 0), str2)) == null) {
            return null;
        }
        return CryptoProvider.doSHA1(c);
    }

    private Set<String> g() {
        HashSet hashSet = new HashSet();
        com.mobileiron.acom.core.utils.k[] b = b();
        if (b == null) {
            return hashSet;
        }
        for (int i = 0; i < b.length; i++) {
            String h = b[i].h("ipsecCertContent");
            if (h != null) {
                hashSet.add(b(h, b[i].h("ipsecPasskey")));
            }
        }
        return hashSet;
    }

    private com.mobileiron.acom.mdm.vpn.cisco.a h(com.mobileiron.acom.core.utils.k kVar) {
        a.C0114a c0114a = new a.C0114a();
        CiscoConfigurator.VpnAuthMethod vpnAuthMethod = CiscoConfigurator.VpnAuthMethod.BASIC;
        String h = kVar.h("ipsecCertContent");
        String h2 = kVar.h("ipsecPasskey");
        if (h != null) {
            vpnAuthMethod = CiscoConfigurator.VpnAuthMethod.CERTIFICATE;
        }
        return c0114a.a(kVar.h("userDefinedName")).b(kVar.h("ipsecRemoteAddress")).c(kVar.h("vpnGroup")).a(vpnAuthMethod).d(h).e(h2).f(b(h, h2)).a();
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final String a() {
        return "CiscoVPNProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean a(com.mobileiron.acom.core.utils.k kVar) {
        boolean z = com.mobileiron.acom.core.utils.d.a(kVar.h("vpnSubtype"), "com.cisco.anyconnect.applevpn.plugin") && !kVar.i("samsungOnly");
        if (z) {
            String e = e(kVar);
            if (!CiscoConfigurator.a()) {
                ConfigurationErrors.a().b(ConfigurationErrors.ConfigurationType.VPN, e, R.string.vpn_client_not_installed_error_message, "Cisco AnyConnect");
                return false;
            }
            if (kVar.i("perAppVpn")) {
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, e, R.string.per_app_vpn_not_supported_error_message);
                return false;
            }
            if (!kVar.g("ipsecRemoteAddress")) {
                o.d("CiscoVPNProvider", "VPN config '" + e + " 'missing server field. Rejecting.");
                return false;
            }
            String h = kVar.h("ipsecCertContent");
            String h2 = kVar.h("ipsecPasskey");
            if (StringUtils.isNotBlank(h)) {
                if (StringUtils.isBlank(h2)) {
                    o.d("CiscoVPNProvider", "VPN config '" + e + " 'has cert data but no passkey. Rejecting.");
                    ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, e, R.string.wrong_user_certificate_error_message);
                    return false;
                }
                if (c(h, h2) == null) {
                    o.d("CiscoVPNProvider", "VPN config '" + e + " 'has invalid cert. Rejecting.");
                    ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, e, R.string.wrong_user_certificate_error_message);
                    return false;
                }
            }
        }
        return z;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean b(com.mobileiron.acom.core.utils.k kVar) {
        boolean a2 = this.c.a(h(kVar));
        o.f("CiscoVPNProvider", "Is VPN compliant: " + a2);
        return a2;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean c(com.mobileiron.acom.core.utils.k kVar) {
        String e = e(kVar);
        d(kVar);
        CiscoConfigurator.CiscoResultCode b = this.c.b(h(kVar));
        if (b.equals(CiscoConfigurator.CiscoResultCode.SUCCESSFUL)) {
            o.g("CiscoVPNProvider", "added config '" + e + "'");
            return true;
        }
        o.g("CiscoVPNProvider", "Failed to add VPN config: '" + e + "' result code : " + b);
        ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, e(kVar), R.string.vpn_creation_failed_error_message);
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d(com.mobileiron.acom.core.utils.k kVar) {
        String e = e(kVar);
        o.f("CiscoVPNProvider", "Removing configuration : " + e);
        return this.c.a(e, g());
    }
}
