package com.mobileiron.acom.mdm.vpn.cisco;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.RemoteException;
import android.util.Base64;
import com.cisco.anyconnect.vpn.android.service.ICertificateListener;
import com.cisco.anyconnect.vpn.android.service.IVpnCertificateList;
import com.cisco.anyconnect.vpn.android.service.IVpnConnectionList;
import com.cisco.anyconnect.vpn.android.service.IVpnService;
import com.cisco.anyconnect.vpn.android.service.ServiceConnectionCB;
import com.cisco.anyconnect.vpn.android.service.ServiceConnectionManager;
import com.cisco.anyconnect.vpn.android.service.VpnCertificate;
import com.cisco.anyconnect.vpn.android.service.VpnConnection;
import com.cisco.anyconnect.vpn.android.service.VpnConnectionValidationError;
import com.cisco.anyconnect.vpn.android.service.VpnServiceResult;
import com.cisco.anyconnect.vpn.jni.CertAuthMode;
import com.mobileiron.acom.core.android.AppsUtils;
import com.mobileiron.acom.core.utils.d;
import com.mobileiron.acom.core.utils.e;
import com.mobileiron.acom.core.utils.n;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

/* loaded from: classes.dex */
public final class CiscoConfigurator {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f2467a = n.a("CiscoConfigurator");
    private static final long b = TimeUnit.SECONDS.toMillis(10);
    private static final long c = TimeUnit.SECONDS.toMillis(10);
    private static final String[] d = {"com.cisco.anyconnect.vpn.android.avf", "com.cisco.anyconnect.vpn.android.samsung", "com.cisco.anyconnect.vpn.android.htc", "com.cisco.anyconnect.vpn.android.samsung43"};
    private final b e;
    private ServiceConnectionManager g;
    private volatile IVpnCertificateList i;
    private volatile boolean j;
    private final e k = new e();
    private final e l = new e();
    private final a f = new a();
    private final c h = new c();

    /* loaded from: classes.dex */
    public enum CiscoResultCode {
        SUCCESSFUL,
        TRANSIENT_ERROR,
        INVALID_CONFIG,
        FAILED
    }

    /* loaded from: classes.dex */
    public enum VpnAuthMethod {
        BASIC,
        CERTIFICATE
    }

    /* loaded from: classes.dex */
    private class a extends ICertificateListener.Stub {
        a() {
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ICertificateListener
        public final void a() throws RemoteException {
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ICertificateListener
        public final void a(IVpnCertificateList iVpnCertificateList) throws RemoteException {
            if (iVpnCertificateList == null) {
                CiscoConfigurator.f2467a.debug("ClientCertificateCB: cList is null");
            } else {
                CiscoConfigurator.f2467a.debug("ClientCertificateCB: cList size = {}", Integer.valueOf(iVpnCertificateList.a().size()));
            }
            CiscoConfigurator.this.i = iVpnCertificateList;
            CiscoConfigurator.this.l.a();
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ICertificateListener
        public final void a(byte[] bArr, String str) throws RemoteException {
            CiscoConfigurator.f2467a.debug("ImportPKCS12CompleteCB: error = {}", str);
            CiscoConfigurator.this.i = null;
            CiscoConfigurator.this.l.a();
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ICertificateListener
        public final void b() throws RemoteException {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class b extends ServiceConnectionCB {
        b(Context context) {
            super(context);
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ServiceConnectionCB
        public final void a(IVpnService iVpnService) {
            CiscoConfigurator.f2467a.debug("CiscoConnectionCallbacks.OnServiceConnected called");
            try {
                if (iVpnService.a(CiscoConfigurator.this.f)) {
                    CiscoConfigurator.f2467a.info("OnServiceConnected: RegisterCertificateListener ok");
                } else {
                    CiscoConfigurator.f2467a.error("OnServiceConnected: RegisterCertificateListener failed");
                }
            } catch (RemoteException e) {
                CiscoConfigurator.f2467a.error("OnServiceConnected: RegisterCertificateListener failed: {}", e.toString());
            }
            CiscoConfigurator.this.j = true;
            CiscoConfigurator.this.k.a();
        }

        @Override // com.cisco.anyconnect.vpn.android.service.ServiceConnectionCB
        public final void b() {
            CiscoConfigurator.f2467a.debug("CiscoConnectionCallbacks.OnServiceDisconnected called");
            CiscoConfigurator.this.j = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressLint({"HandlerLeak"})
    /* loaded from: classes.dex */
    public class c extends Handler {
        c() {
            super(Looper.getMainLooper());
        }

        @Override // android.os.Handler
        public final void handleMessage(Message message) {
            if (message.what == 0) {
                CiscoConfigurator.d(CiscoConfigurator.this);
            } else {
                CiscoConfigurator.f2467a.error("Unknown message sent to ConnectHandler");
            }
        }
    }

    public CiscoConfigurator(Context context) {
        this.e = new b(context);
    }

    private VpnConnection a(String str) {
        try {
            IVpnConnectionList e = e();
            if (e != null) {
                return e.b(str);
            }
            f2467a.info("getVpnConnectionForConfig: connection list is null.");
            return null;
        } catch (RemoteException e2) {
            f2467a.error("getVpnConnectionForConfig: exception: {}", e2.toString());
            return null;
        }
    }

    public static boolean a() {
        for (String str : d) {
            if (AppsUtils.e(str)) {
                return true;
            }
        }
        return false;
    }

    public static String b() {
        for (String str : d) {
            if (AppsUtils.e(str)) {
                return str;
            }
        }
        return null;
    }

    private static String c(com.mobileiron.acom.mdm.vpn.cisco.a aVar) {
        String b2 = aVar.b();
        String c2 = aVar.c();
        if (StringUtils.isEmpty(c2)) {
            return b2;
        }
        if (c2.startsWith("/")) {
            return b2 + c2;
        }
        return b2 + "/" + c2;
    }

    public static Set<String> c() {
        HashSet hashSet = new HashSet();
        for (String str : d) {
            hashSet.add(str);
        }
        return hashSet;
    }

    private VpnCertificate d(com.mobileiron.acom.mdm.vpn.cisco.a aVar) {
        try {
            IVpnService f = f();
            if (f == null) {
                f2467a.error("Could not get service to import cert");
                return null;
            }
            this.i = null;
            this.l.b();
            f.f();
            if (!this.l.a(b)) {
                f2467a.debug("Timed out waiting for cert list");
            }
            IVpnCertificateList iVpnCertificateList = this.i;
            if (iVpnCertificateList == null) {
                f2467a.error("installed certs list is null");
                return null;
            }
            for (VpnCertificate vpnCertificate : iVpnCertificateList.a()) {
                if (Arrays.equals(vpnCertificate.a(), aVar.g())) {
                    f2467a.info("VPN cert is already installed");
                    return vpnCertificate;
                }
            }
            this.i = null;
            this.l.b();
            VpnServiceResult a2 = f.a(aVar.f(), aVar.e());
            if (a2 != VpnServiceResult.SUCCESS) {
                f2467a.error("Error importing cert: " + a2);
                return null;
            }
            f2467a.debug("Waiting for cert import result...");
            if (!this.l.a(b)) {
                f2467a.debug("Timed out waiting for cert install result");
                return null;
            }
            if (this.i == null) {
                f2467a.debug("cert install failed");
                return null;
            }
            f2467a.debug("cert install successful");
            for (VpnCertificate vpnCertificate2 : iVpnCertificateList.a()) {
                if (Arrays.equals(vpnCertificate2.a(), aVar.g())) {
                    return vpnCertificate2;
                }
            }
            f2467a.error("Successfully installed cert is not present in cert list");
            return null;
        } catch (RemoteException e) {
            f2467a.error("Exception while ensuring cert: " + e.toString());
            return null;
        }
    }

    static /* synthetic */ void d(CiscoConfigurator ciscoConfigurator) {
        boolean z;
        try {
            ciscoConfigurator.g = new ServiceConnectionManager(ciscoConfigurator.e);
            z = ciscoConfigurator.g.a();
        } catch (Exception e) {
            f2467a.error("Cisco activation threw exception: {}", e.toString());
            z = false;
        }
        if (z) {
            f2467a.debug("Cisco activation succeeded");
            return;
        }
        f2467a.debug("Cisco activation failed");
        ciscoConfigurator.j = false;
        ciscoConfigurator.k.a();
    }

    private IVpnConnectionList e() throws RemoteException {
        IVpnService f = f();
        if (f == null) {
            return null;
        }
        return f.d();
    }

    private IVpnService f() {
        boolean z = true;
        if (!this.j) {
            int i = 0;
            while (true) {
                if (i >= 3) {
                    f2467a.error("Failed to connect to Cisco too many times. Giving up.");
                    z = false;
                    break;
                }
                i++;
                f2467a.debug("Connecting to Cisco. Attempt #{}", Integer.valueOf(i));
                this.k.b();
                this.h.sendEmptyMessage(0);
                f2467a.debug("Waiting for service connect result...");
                if (this.k.a(c)) {
                    f2467a.debug("Connect result: {}", Boolean.valueOf(this.j));
                    if (this.j) {
                        break;
                    }
                } else {
                    f2467a.error("Timed out waiting for connection to Cisco");
                }
            }
        }
        if (!z) {
            f2467a.debug("Unable to establish connection to Cisco");
            return null;
        }
        try {
            IVpnService b2 = this.g.b();
            if (b2 != null) {
                return b2;
            }
            f2467a.debug("Unable to get cisco service.");
            this.j = false;
            return null;
        } catch (Exception e) {
            f2467a.debug("Exception while attempting to get service: {}", e.toString());
            this.j = false;
            return null;
        }
    }

    public final boolean a(com.mobileiron.acom.mdm.vpn.cisco.a aVar) {
        VpnConnection a2 = a(aVar.a());
        if (a2 == null) {
            f2467a.info("isCompliant?  no - name not found");
            return false;
        }
        String d2 = a2.d();
        String c2 = c(aVar);
        if (!d.a(d2, c2)) {
            f2467a.info("isCompliant?  no - server changed: haveServer: {}, wantServer: {}", d2, c2);
            return false;
        }
        byte[] c3 = a2.c();
        byte[] g = aVar.g();
        if (g == null) {
            if (c3 == null) {
                return true;
            }
            f2467a.info("isCompliant?  no - cert has been removed");
            return false;
        }
        if (c3 == null || c3.length == 0) {
            f2467a.info("isCompliant?  no - cert has been added");
            return false;
        }
        if (Arrays.equals(c3, g)) {
            return true;
        }
        f2467a.info("isCompliant?  no - cert has been changed");
        return false;
    }

    public final boolean a(String str, Set<String> set) {
        try {
            IVpnConnectionList e = e();
            if (e == null) {
                f2467a.debug("removeVpn: connection list is null.");
                return false;
            }
            VpnConnection b2 = e.b(str);
            if (b2 == null) {
                f2467a.debug("removeVpn: config '{}' not found. Ignoring.", str);
                return true;
            }
            byte[] c2 = b2.c();
            if (c2 != null) {
                if (!((c2 == null || set == null) ? false : set.contains(Base64.encodeToString(c2, 2)))) {
                    IVpnService f = f();
                    if (f != null) {
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(com.mobileiron.acom.core.utils.b.a(c2));
                        if (f.a(0, arrayList)) {
                            f2467a.debug("removed cert for config '{}'", str);
                        } else {
                            f2467a.error("failed to remove cert for config '{}'", str);
                        }
                    } else {
                        f2467a.error("Service is null; failed to remove cert for config '{}'", str);
                    }
                }
            }
            if (e.a(b2)) {
                f2467a.debug("removed config '{}'", str);
                return true;
            }
            f2467a.error("failed to remove config '{}'", str);
            return false;
        } catch (RemoteException e2) {
            f2467a.debug("removeVpn exception: {}", e2.toString());
            return false;
        }
    }

    public final CiscoResultCode b(com.mobileiron.acom.mdm.vpn.cisco.a aVar) {
        String a2 = aVar.a();
        try {
            IVpnConnectionList e = e();
            if (e == null) {
                f2467a.debug("addVpn: connection list is null.");
                return CiscoResultCode.TRANSIENT_ERROR;
            }
            f2467a.debug("Got vpn connection list");
            VpnConnection vpnConnection = new VpnConnection();
            vpnConnection.d(a2);
            vpnConnection.b(a2);
            vpnConnection.c(c(aVar));
            if (aVar.d() != null && VpnAuthMethod.CERTIFICATE.equals(aVar.d())) {
                VpnCertificate d2 = d(aVar);
                if (d2 == null) {
                    f2467a.error("Failed to install/find vpn cert.");
                    return CiscoResultCode.TRANSIENT_ERROR;
                }
                String b2 = d2.b();
                if (b2 == null) {
                    f2467a.debug("Failed to find common name in installed vpn cert. Invalid config.");
                    return CiscoResultCode.INVALID_CONFIG;
                }
                vpnConnection.a(CertAuthMode.Manual);
                vpnConnection.a(aVar.g());
                vpnConnection.f(b2);
            }
            int b3 = e.b(vpnConnection);
            if (b3 == VpnConnectionValidationError.None.a()) {
                f2467a.debug("added config '{}'", a2);
                return CiscoResultCode.SUCCESSFUL;
            }
            String str = "Undefined";
            if (b3 == VpnConnectionValidationError.DuplicateName.a()) {
                str = "DuplicateName";
            } else if (b3 == VpnConnectionValidationError.InvalidCertificate.a()) {
                str = "InvalidCertificate";
            } else if (b3 == VpnConnectionValidationError.InvalidHost.a()) {
                str = "InvalidHost";
            } else if (b3 == VpnConnectionValidationError.InvalidName.a()) {
                str = "InvalidName";
            } else if (b3 == VpnConnectionValidationError.InvalidState.a()) {
                str = "InvalidState";
            } else if (b3 == VpnConnectionValidationError.Unpopulated.a()) {
                str = "Unpopulated";
            } else if (b3 == VpnConnectionValidationError.Unknown.a()) {
                str = "Unknown";
            }
            f2467a.debug("addVpn error: {} ({})", str, Integer.valueOf(b3));
            return CiscoResultCode.INVALID_CONFIG;
        } catch (RemoteException e2) {
            f2467a.debug("addVpn exception: {}", e2.toString());
            return CiscoResultCode.FAILED;
        }
    }
}
