package com.mobileiron.compliance.vpn;

import android.util.Base64;
import com.google.protobuf.InvalidProtocolBufferException;
import com.mobileiron.R;
import com.mobileiron.acom.mdm.vpn.tunnel.MiTunnelVpnConfigurator;
import com.mobileiron.acom.mdm.vpn.tunnel.a;
import com.mobileiron.common.o;
import com.mobileiron.compliance.utils.ConfigurationErrors;
import com.mobileiron.protocol.androidclient.v1.AndroidDevice;
import com.mobileiron.protocol.core.v1.CoreConfigurations;
import java.util.Iterator;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class k extends c {
    private MiTunnelVpnConfigurator c;
    private boolean d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public k() {
        super("mi_tunnel_vpn_store");
        this.c = new MiTunnelVpnConfigurator();
    }

    private static AndroidDevice.AndroidMiTunnelVpnSettings a(CoreConfigurations.AndroidVpnSettings androidVpnSettings, String str) {
        if (androidVpnSettings.hasCustomParams()) {
            try {
                return AndroidDevice.AndroidMiTunnelVpnSettings.parseFrom(androidVpnSettings.getCustomParams().toByteArray());
            } catch (InvalidProtocolBufferException e) {
                o.b("MiTunnelVpnProvider", "Config '" + str + "'. CustomParams - InvalidProtocolBufferException: " + e.getMessage());
            }
        }
        return null;
    }

    private static String h(com.mobileiron.acom.core.utils.k kVar) {
        String str;
        StringBuilder sb = new StringBuilder("MI Tunnel\n");
        CoreConfigurations.AndroidVpnSettings e = VpnProtoManager.e(kVar);
        if (e == null) {
            o.b("MiTunnelVpnProvider", "Failed while parsing general VPN settings protobuf for '" + kVar.a("userDefinedName", (String) null) + "' config");
            return sb.toString();
        }
        sb.append(">>> name: ");
        sb.append(e.getName());
        sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        sb.append(">>> type: ");
        sb.append(e.getType().name());
        sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        sb.append(">>> server: ");
        sb.append(e.getServer());
        sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        if (e.hasCertBasedAuth()) {
            sb.append(">>> certBasedAuth: ");
            sb.append(e.getCertBasedAuth());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasUserName()) {
            sb.append(">>> userName: ");
            sb.append(e.getUserName());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasPassword()) {
            sb.append(">>> password: **********\n");
        }
        if (e.hasIdentityScepTag()) {
            sb.append(">>> identityScepTag: ");
            sb.append(e.getIdentityScepTag());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            str = kVar.a("clientCertAlias", (String) null);
            if (str == null) {
                o.b("MiTunnelVpnProvider", "'" + kVar.a("userDefinedName", (String) null) + "' VPN config. Failed to extract client certificate alias");
                return sb.toString();
            }
            sb.append(">>>>>> clientCertAlias: ");
            sb.append(str);
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        } else {
            str = null;
        }
        if (e.hasCaCertificateTag()) {
            sb.append(">>> caCertificateTag: ");
            sb.append(e.getCaCertificateTag());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasSamsungKnoxIntegration()) {
            sb.append(">>> samsungKnoxIntegration: ");
            sb.append(e.getSamsungKnoxIntegration());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasDeployInsideKnoxContainer()) {
            sb.append(">>> deployInsideKnoxContainer: ");
            sb.append(e.getDeployInsideKnoxContainer());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasPerAppVpn()) {
            sb.append(">>> perAppVpn: ");
            sb.append(e.getPerAppVpn());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasOnDemandVpn()) {
            sb.append(">>> onDemandVpn: ");
            sb.append(e.getOnDemandVpn());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        if (e.hasUuid()) {
            sb.append(">>> uuid: ");
            sb.append(e.getUuid());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        try {
            AndroidDevice.AndroidMiTunnelVpnSettings parseFrom = AndroidDevice.AndroidMiTunnelVpnSettings.parseFrom(e.getCustomParams().toByteArray());
            sb.append(">>> customParams.sentryService: ");
            sb.append(parseFrom.getSentryService());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            sb.append(">>> customParams.sentryPort: ");
            sb.append(parseFrom.getSentryPort());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            sb.append(">>> customParams.deviceUuid: ");
            sb.append(parseFrom.getDeviceUuid());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            sb.append(">>> customParams.configUuid: ");
            sb.append(parseFrom.getConfigUuid());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            sb.append(">>> customParams.authName: ");
            sb.append(parseFrom.getAuthName());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            if (parseFrom.getAllowedAppListCount() > 0) {
                sb.append(">>> customParams.allowedAppList:\n");
                Iterator<String> it = parseFrom.getAllowedAppListList().iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.getDisallowedAppListCount() > 0) {
                sb.append(">>> customParams.disallowedAppList:\n");
                Iterator<String> it2 = parseFrom.getDisallowedAppListList().iterator();
                while (it2.hasNext()) {
                    sb.append(it2.next());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.getAddedRoutesListCount() > 0) {
                sb.append(">>> customParams.addedRoutesList:\n");
                Iterator<String> it3 = parseFrom.getAddedRoutesListList().iterator();
                while (it3.hasNext()) {
                    sb.append(it3.next());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.getDnsResolverIpListCount() > 0) {
                sb.append(">>> customParams.dnsResolverIpList:\n");
                Iterator<String> it4 = parseFrom.getDnsResolverIpListList().iterator();
                while (it4.hasNext()) {
                    sb.append(it4.next());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.getSearchDomainListCount() > 0) {
                sb.append(">>> customParams.searchDomainList:\n");
                Iterator<String> it5 = parseFrom.getSearchDomainListList().iterator();
                while (it5.hasNext()) {
                    sb.append(it5.next());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.getCustomParamsCount() > 0) {
                sb.append(">>> customParams.customParams:\n");
                for (AndroidDevice.KeyValuePair keyValuePair : parseFrom.getCustomParamsList()) {
                    sb.append(keyValuePair.getKey());
                    sb.append("=");
                    sb.append(keyValuePair.getValue());
                    sb.append(IOUtils.LINE_SEPARATOR_UNIX);
                }
            }
            if (parseFrom.hasSentryCertificate()) {
                sb.append(">>> customParams.sentryCertificate: ***removed***");
                sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            }
            com.mobileiron.acom.mdm.vpn.tunnel.a a2 = new a.C0118a().a(e.getName()).b(e.getServer()).c(str).a(parseFrom).a();
            sb.append(">>> MiTunnelVpnSettings.toJson(): ");
            try {
                sb.append(new JSONObject(a2.b()).toString());
            } catch (JSONException unused) {
                sb.append("not a parsable JSON string");
            }
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            return sb.toString();
        } catch (InvalidProtocolBufferException e2) {
            o.b("MiTunnelVpnProvider", "Config '" + kVar.a("userDefinedName", (String) null) + "'. Parse MI Tunnel specific VPN protobuf. InvalidProtocolBufferException: " + e2.getMessage());
            return sb.toString();
        }
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final String a() {
        return "MiTunnelVpnProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean a(com.mobileiron.acom.core.utils.k kVar) {
        String str;
        StringBuilder sb = new StringBuilder("canConfig(...)");
        if (o.e() == 2) {
            str = IOUtils.LINE_SEPARATOR_UNIX + h(kVar);
        } else {
            str = "";
        }
        sb.append(str);
        o.g("MiTunnelVpnProvider", sb.toString());
        String h = kVar.h("userDefinedName");
        ConfigurationErrors.a().b(ConfigurationErrors.ConfigurationType.VPN, h);
        if (!MiTunnelVpnConfigurator.d()) {
            ConfigurationErrors.a().b(ConfigurationErrors.ConfigurationType.VPN, h, R.string.vpn_client_not_installed_error_message, "MI Tunnel");
            return false;
        }
        if (this.c.a()) {
            return true;
        }
        ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, h, R.string.cant_communicate_error_message, "MI Tunnel");
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.c
    public final boolean a(com.mobileiron.acom.core.utils.k kVar, CoreConfigurations.AndroidVpnSettings androidVpnSettings) {
        String a2;
        o.g("MiTunnelVpnProvider", "processConfig(...)");
        String h = kVar.h("userDefinedName");
        if (a(androidVpnSettings, h) == null) {
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, h, R.string.mi_tunnel_specific_settings_parsing_failed, "MI Tunnel");
            return false;
        }
        if (!androidVpnSettings.hasCertBasedAuth() || !androidVpnSettings.getCertBasedAuth()) {
            o.b("MiTunnelVpnProvider", "MI Tunnel supports only certificate based auth, but certBasedAuth field missed from protobuf or defined as 'false'");
            ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, h, R.string.cert_based_auth_must_be_defined_for_vpn_client, "MI Tunnel");
            return false;
        }
        com.mobileiron.acom.core.utils.k kVar2 = new com.mobileiron.acom.core.utils.k();
        boolean hasIdentityScepTag = androidVpnSettings.hasIdentityScepTag();
        if (hasIdentityScepTag) {
            o.g("MiTunnelVpnProvider", "get SCEP cert by file id: " + androidVpnSettings.getIdentityScepTag());
            kVar2.c("scep cert file id", androidVpnSettings.getIdentityScepTag());
        } else {
            if (!androidVpnSettings.hasIdentityCertificateTag() || !androidVpnSettings.hasIdentityCertificatePassword()) {
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, h, R.string.user_cert_not_chosen_error_message);
                return false;
            }
            o.g("MiTunnelVpnProvider", "get cert by file id: " + androidVpnSettings.getIdentityCertificateTag());
            kVar2.c("cert file id", androidVpnSettings.getIdentityCertificateTag());
        }
        VpnProtoManager.a().a(kVar2, "scep cert file id", "cert file id", "vpnProtobuf", "scep password");
        String a3 = kVar2.a("fileFetchError", "");
        if (StringUtils.isBlank(a3) && (a2 = kVar2.a("vpnProtobuf", (String) null)) != null) {
            kVar.c("clientCertAlias", com.mobileiron.acom.core.utils.a.c.b(Base64.decode(a2, 0), hasIdentityScepTag ? kVar2.a("scep password", (String) null) : androidVpnSettings.getIdentityCertificatePassword()));
            return true;
        }
        o.b("MiTunnelVpnProvider", "processFileIds() returned some 'fileFetchError' for '" + h + "': " + a3);
        ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, h, R.string.file_fetching_failed, a3);
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean b(com.mobileiron.acom.core.utils.k kVar) {
        String str;
        this.d = false;
        MiTunnelVpnConfigurator.b g = this.c.g();
        StringBuilder sb = new StringBuilder("isCompliant(...). MiTunnelVpnConfigurator.requestConfigStatus() returns: status=");
        sb.append(g.a().name());
        if (g.b() != null) {
            str = ", error=" + g.b();
        } else {
            str = "";
        }
        sb.append(str);
        o.g("MiTunnelVpnProvider", sb.toString());
        switch (g.a()) {
            case Successful:
            case ConfiguredAlreadyOrNotReady:
                return true;
            case NeedsConfig:
                return false;
            case ConfigValidationFailed:
                this.d = true;
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.mi_tunnel_reports_set_config_error, g.b());
                return false;
            default:
                this.d = true;
                ConfigurationErrors.a().a(ConfigurationErrors.ConfigurationType.VPN, kVar.h("userDefinedName"), R.string.cant_communicate_error_message, "MI Tunnel");
                return false;
        }
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean c(com.mobileiron.acom.core.utils.k kVar) {
        if (this.d) {
            o.d("MiTunnelVpnProvider", "MI Tunnel reported error. Skip addVpn() call until provider NEEDS_CONFIG.");
            return false;
        }
        MiTunnelVpnConfigurator miTunnelVpnConfigurator = this.c;
        CoreConfigurations.AndroidVpnSettings e = VpnProtoManager.e(kVar);
        MiTunnelVpnConfigurator.MiTunnelResultCode a2 = miTunnelVpnConfigurator.a(new a.C0118a().a(e.getName()).b(e.getServer()).c(kVar.h("clientCertAlias")).a(a(e, kVar.h("userDefinedName"))).a()).a();
        o.g("MiTunnelVpnProvider", "applyConfig(...), add VPN result=" + a2.name());
        return a2 == MiTunnelVpnConfigurator.MiTunnelResultCode.Successful;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d() {
        boolean z;
        com.mobileiron.acom.core.utils.k[] b = b();
        com.mobileiron.acom.core.utils.k[] a2 = this.b.a(b);
        if (a2.length > 0) {
            z = true;
            for (com.mobileiron.acom.core.utils.k kVar : a2) {
                if (b.length == 0) {
                    z = z && d(kVar);
                }
                this.b.b(kVar);
            }
        } else {
            z = true;
        }
        return z && (b.length == 0 || g(b[0]));
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final boolean d(com.mobileiron.acom.core.utils.k kVar) {
        return this.c.f().a() == MiTunnelVpnConfigurator.MiTunnelResultCode.Successful;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public final void e() {
        super.e();
        this.c.e();
    }
}
