package com.mobileiron.compliance.vpn;

import android.util.Base64;
import com.mobileiron.R;
import com.mobileiron.acom.mdm.vpn.pulsesecure.PulseSecureConfigurator;
import com.mobileiron.acom.mdm.vpn.pulsesecure.a;
import com.mobileiron.common.o;
import com.mobileiron.compliance.utils.ConfigurationErrors;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public final class n extends b {
    private final PulseSecureConfigurator c;

    public n() {
        super("pulse_secure_vpn_store");
        this.c = new PulseSecureConfigurator(this.f2808a);
    }

    private static void a(String str, com.mobileiron.acom.mdm.vpn.pulsesecure.a aVar) {
        o.g("PulseSecureVPNProvider", aVar.b(str));
    }

    private static com.mobileiron.acom.mdm.vpn.pulsesecure.a h(com.mobileiron.acom.core.utils.k kVar) {
        a.C0117a c0117a = new a.C0117a();
        String h = kVar.h("pppAuthName");
        if (StringUtils.isBlank(h)) {
            h = "";
        }
        c0117a.a(kVar.h("userDefinedName")).b(kVar.h("ipsecRemoteAddress")).c(h).d(kVar.h("vpnRealm")).e(kVar.h("vpnRole"));
        String h2 = kVar.h("ipsecCertContent");
        if (h2 == null) {
            return c0117a.a();
        }
        String h3 = kVar.h("ipsecPasskey");
        if (h3 == null) {
            o.b("PulseSecureVPNProvider", "Cert provided, but no passkey present with it. Ignoring cert data.");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        com.mobileiron.acom.core.utils.a.c.a(Base64.decode(h2, 0), h3, (ArrayList<X509Certificate>) arrayList, (ArrayList<PrivateKey>) arrayList2);
        if (arrayList.size() <= 0) {
            o.b("PulseSecureVPNProvider", "cert extraction failed.");
            return null;
        }
        if (arrayList2.size() <= 0) {
            o.b("PulseSecureVPNProvider", "cert extraction succeeded, but no private key was found.");
            return null;
        }
        try {
            String encodeToString = Base64.encodeToString(((X509Certificate) arrayList.get(0)).getEncoded(), 2);
            String encodeToString2 = Base64.encodeToString(((PrivateKey) arrayList2.get(0)).getEncoded(), 2);
            c0117a.f(encodeToString);
            c0117a.g(encodeToString2);
            return c0117a.a();
        } catch (CertificateEncodingException e) {
            o.b("PulseSecureVPNProvider", "Exception while encoding the id cert: " + e);
            return null;
        }
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final String a() {
        return "PulseSecureVPNProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean a(com.mobileiron.acom.core.utils.k kVar) {
        boolean z = VPNManager.c(kVar.h("vpnSubtype")) && !kVar.i("samsungOnly");
        if (z) {
            if (!PulseSecureConfigurator.a()) {
                ConfigurationErrors.a().b(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.vpn_client_not_installed_error_message, "PulseSecure");
                return false;
            }
            if (kVar.i("perAppVpn")) {
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.per_app_vpn_not_supported_error_message);
                return false;
            }
        }
        return z;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean b(com.mobileiron.acom.core.utils.k kVar) {
        if (!this.c.d()) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.vpn_creation_failed_error_message);
            return false;
        }
        com.mobileiron.acom.mdm.vpn.pulsesecure.a h = h(kVar);
        if (h == null) {
            return false;
        }
        PulseSecureConfigurator.ErrorCode a2 = this.c.a(h);
        if (a2 == PulseSecureConfigurator.ErrorCode.NOERROR) {
            o.g("PulseSecureVPNProvider", "config is compliant");
            return true;
        }
        o.g("PulseSecureVPNProvider", "Config not compliant: " + a2);
        if (a2 == PulseSecureConfigurator.ErrorCode.CALLER_NOT_VERIFIED) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.pulse_eula_should_be_accepted_error_message);
        }
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean c(com.mobileiron.acom.core.utils.k kVar) {
        if (!this.c.d()) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.vpn_creation_failed_error_message);
            return false;
        }
        if (!d(kVar)) {
            o.g("PulseSecureVPNProvider", "Unable to remove config before applying it. This might be simply because it is not present.");
        }
        com.mobileiron.acom.mdm.vpn.pulsesecure.a h = h(kVar);
        if (h == null) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.wrong_user_certificate_error_message);
            return false;
        }
        a("Adding config:", h);
        PulseSecureConfigurator.ErrorCode b = this.c.b(h);
        if (b == PulseSecureConfigurator.ErrorCode.NOERROR) {
            o.g("PulseSecureVPNProvider", "Successfully added config");
            return true;
        }
        o.g("PulseSecureVPNProvider", "Failed to add config: " + b);
        if (b == PulseSecureConfigurator.ErrorCode.CALLER_NOT_VERIFIED) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.pulse_eula_should_be_accepted_error_message);
            return false;
        }
        if (b == PulseSecureConfigurator.ErrorCode.PROFILE_ALREADY_EXISTS && this.c.a(h) == PulseSecureConfigurator.ErrorCode.PROFILE_NOT_FOUND) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.vpn_creation_failed_because_manual_exists_error_message, kVar.h("userDefinedName"));
            return false;
        }
        ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.vpn_creation_failed_eula_accepted_error_message);
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d(com.mobileiron.acom.core.utils.k kVar) {
        if (!this.c.d()) {
            return false;
        }
        com.mobileiron.acom.mdm.vpn.pulsesecure.a h = h(kVar);
        a("Removing config:", h);
        PulseSecureConfigurator.ErrorCode c = this.c.c(h);
        if (c == PulseSecureConfigurator.ErrorCode.NOERROR) {
            o.g("PulseSecureVPNProvider", "config was removed");
            return true;
        }
        o.g("PulseSecureVPNProvider", "could not remove config: " + c);
        return false;
    }
}
