package de.blinkt.openvpn;

import android.content.Context;
import android.content.Intent;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.tunnelbear.android.C0000R;
import com.tunnelbear.android.bj;
import com.tunnelbear.android.db;
import com.tunnelbear.android.dq;
import com.tunnelbear.android.response.ScrambleProxyResponse;
import com.tunnelbear.android.response.VpnServerResponse;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Serializable;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import java.util.Random;
import java.util.UUID;
import java.util.Vector;

/* loaded from: classes.dex */
public class VpnProfile implements Serializable {
    private static String DEFAULT_DNS1 = "208.67.222.222";
    private static String DEFAULT_DNS2 = "208.67.220.220";
    public static final String INLINE_TAG = "[[INLINE]]";
    public static final int LEGACY_SCRAMBLE_REMOTE_PORT = 3389;
    public static final int LOCAL_SCRAMBLE_PROXY_PORT = 45578;
    private static final String MINIPIEVPN = "libexecpievpn.so";
    private static final String OVPNCONFIGFILE = "android.conf";
    static final String OVPNCONFIGPKCS12 = "android.pkcs12";
    private static final String PIE_SCRAMBLE = "libexecpieproxy.so";
    public static final int TYPE_CERTIFICATES = 0;
    public static final int TYPE_KEYSTORE = 2;
    public static final int TYPE_PKCS12 = 1;
    public static final int TYPE_STATICKEYS = 4;
    public static final int TYPE_USERPASS = 3;
    public static final int TYPE_USERPASS_CERTIFICATES = 5;
    public static final int TYPE_USERPASS_KEYSTORE = 7;
    public static final int TYPE_USERPASS_PKCS12 = 6;
    private static transient String mTempPKCS12Password = null;
    private static final long serialVersionUID = 7085688938959334563L;
    public String mAlias;
    public String mCaFilename;
    public String mClientCertFilename;
    public String mClientKeyFilename;
    public String mCustomRoutes;
    public String mIPv4Address;
    public String mIPv6Address;
    public String mName;
    public String mPKCS12Filename;
    public String mPKCS12Password;
    public String mTLSAuthFilename;
    private ScrambleProxyResponse remoteScrambleServer;
    private boolean scramble;
    private boolean seamlessTunnel;
    private transient String mTransientPW = null;
    private transient String mTransientPCKS12PW = null;
    public int mAuthenticationType = 5;
    public String mTLSAuthDirection = "";
    public boolean mUseLzo = true;
    public String mServerPort = "443";
    public boolean mUseUdp = true;
    public boolean mUseTLSAuth = false;
    public String mServerName = "";
    public String mDNS1 = DEFAULT_DNS1;
    public String mDNS2 = DEFAULT_DNS2;
    public boolean mOverrideDNS = false;
    public String mSearchDomain = "";
    public boolean mUseDefaultRoute = true;
    public boolean mUsePull = true;
    public String mCustomRoutesv6 = "";
    public boolean mCheckRemoteCN = false;
    public boolean mExpectTLSCert = true;
    public String mRemoteCN = "";
    public String mPassword = "";
    public String mUsername = "";
    public boolean mRoutenopull = false;
    public boolean mUseRandomHostname = false;
    public boolean mUseFloat = false;
    public boolean mUseCustomConfig = false;
    public String mCustomConfigOptions = "";
    public String mVerb = "2";
    private final String mCipher = "AES-256-CBC";
    private final String mAuth = "SHA256";
    public boolean mNobind = false;
    public boolean mUseDefaultRoutev6 = true;
    public String mKeyPassword = "";
    private ArrayList<VpnServerResponse> remoteVPNServers = new ArrayList<>();
    private UUID mUuid = UUID.randomUUID();

    public VpnProfile(String str, Context context) throws IOException {
        this.mName = str;
        this.mCaFilename = INLINE_TAG + dq.a(context.getAssets().open("ca.crt"));
        this.mClientKeyFilename = INLINE_TAG + dq.a(context.getAssets().open("key.key"));
        this.mClientCertFilename = INLINE_TAG + dq.a(context.getAssets().open("key.crt"));
    }

    public static String[] buildOpenvpnArgv(String str, String str2) {
        return new String[]{str + "/" + getMiniVPNExecutableName(), "--config", str2 + "/android.conf", "--script-security", "0"};
    }

    public static String[] buildScrambleArgv(String str, String str2, String str3, int i) {
        return new String[]{str + "/" + getScrambleExecutableName(), "-obfsProtocol=".concat(String.valueOf(str2)), "-sharedSecret=".concat(String.valueOf(str3)), "-iatMode=".concat(String.valueOf(i))};
    }

    private String cidrToIPAndNetmask(String str) {
        String[] split = str.split("/");
        if (split.length == 1) {
            return str;
        }
        if (split.length != 2) {
            return null;
        }
        try {
            int parseInt = Integer.parseInt(split[1]);
            if (parseInt < 0 || parseInt > 32) {
                return null;
            }
            long j = (4294967295 << (32 - parseInt)) & 4294967295L;
            return split[0] + "  " + String.format(Locale.US, "%d.%d.%d.%d", Long.valueOf(((-16777216) & j) >> 24), Long.valueOf((16711680 & j) >> 16), Long.valueOf((65280 & j) >> 8), Long.valueOf(j & 255));
        } catch (NumberFormatException unused) {
            return null;
        }
    }

    private Collection<String> getCustomRoutes() {
        Vector vector = new Vector();
        if (this.mCustomRoutes == null) {
            return vector;
        }
        for (String str : this.mCustomRoutes.split("[\n \t]")) {
            if (!str.equals("")) {
                vector.add(cidrToIPAndNetmask(str));
            }
        }
        return vector;
    }

    private Collection<String> getCustomRoutesv6() {
        Vector vector = new Vector();
        if (this.mCustomRoutesv6 == null) {
            return vector;
        }
        for (String str : this.mCustomRoutesv6.split("[\n \t]")) {
            if (!str.equals("")) {
                vector.add(str);
            }
        }
        return vector;
    }

    public static int getLocalScrambleProxyPort() {
        return LOCAL_SCRAMBLE_PROXY_PORT;
    }

    public static String getMiniVPNExecutableName() {
        return MINIPIEVPN;
    }

    public static String getScrambleExecutableName() {
        return PIE_SCRAMBLE;
    }

    private String getTemporaryPKCS12Password() {
        if (mTempPKCS12Password != null) {
            return mTempPKCS12Password;
        }
        String str = "";
        Random random = new Random();
        for (int i = 0; i < 4; i++) {
            str = str + Integer.valueOf(random.nextInt(1000)).toString();
        }
        mTempPKCS12Password = str;
        return str;
    }

    private String insertFileData(String str, String str2) {
        return str2 == null ? String.format("%s %s\n", str, "missing") : str2.startsWith(INLINE_TAG) ? String.format("<%s>\n%s\n</%s>\n", str, str2.substring(10), str) : String.format("%s %s\n", str, openVpnEscape(str2));
    }

    private boolean isUserPWAuth() {
        int i = this.mAuthenticationType;
        if (i == 3) {
            return true;
        }
        switch (i) {
            case 5:
            case 6:
            case 7:
                return true;
            default:
                return false;
        }
    }

    private boolean nonNull(String str) {
        return (str == null || str.equals("")) ? false : true;
    }

    public static String openVpnEscape(String str) {
        if (str == null) {
            return null;
        }
        return "\"" + str.replace("\\", "\\\\").replace("\"", "\\\"").replace("\n", "\\n") + '\"';
    }

    private void savePKCS12(Context context) {
        try {
            PrivateKey privateKey = KeyChain.getPrivateKey(context, this.mAlias);
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, this.mAlias);
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry("usercert", privateKey, null, certificateChain);
            String temporaryPKCS12Password = getTemporaryPKCS12Password();
            FileOutputStream fileOutputStream = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/android.pkcs12");
            keyStore.store(fileOutputStream, temporaryPKCS12Password.toCharArray());
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (KeyChainException unused) {
            db.a(context.getString(C0000R.string.keychain_access));
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        } catch (InterruptedException e3) {
            e3.printStackTrace();
        } catch (KeyStoreException e4) {
            e4.printStackTrace();
        } catch (NoSuchAlgorithmException e5) {
            e5.printStackTrace();
        } catch (CertificateException e6) {
            e6.printStackTrace();
        }
    }

    public void addRemoteVPNServer(VpnServerResponse vpnServerResponse) {
        this.remoteVPNServers.add(vpnServerResponse);
    }

    int checkProfile() {
        return ((this.mAuthenticationType == 2 || this.mAuthenticationType == 7) && this.mAlias == null) ? C0000R.string.no_keystore_cert_selected : (this.mUsePull || !(this.mIPv4Address == null || cidrToIPAndNetmask(this.mIPv4Address) == null)) ? (!isUserPWAuth() || nonNull(this.mUsername)) ? (this.mUseDefaultRoute || getCustomRoutes() != null) ? C0000R.string.no_error_found : C0000R.string.custom_route_format_error : C0000R.string.error_empty_username : C0000R.string.ipv4_format_error;
    }

    public void clearDefaults() {
        this.mServerName = "unknown";
        this.mUsePull = false;
        this.mUseLzo = false;
        this.mUseDefaultRoute = false;
        this.mExpectTLSCert = false;
    }

    public void clearRemoteVPNServers() {
        this.remoteVPNServers.clear();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    public String getConfigFile(File file) {
        String str;
        String str2;
        String str3;
        String str4 = ((((((((("# Enables connection to GUI\n") + "management ") + file.getAbsolutePath() + "/mgmtsocket") + " unix\n") + "management-client\n") + "management-signal\n") + "management-query-passwords\n") + "management-hold\n\n") + "# Log window is better readable this way\n") + "suppress-timestamps\n";
        boolean z = this.mAuthenticationType != 4;
        if (z && this.mUsePull) {
            str4 = str4 + "client\n";
        } else if (this.mUsePull) {
            str4 = str4 + "pull\n";
        } else if (z) {
            str4 = str4 + "tls-client\n";
        }
        String str5 = (((str4 + "verb " + this.mVerb + "\n") + "connect-retry-max 10\n") + "resolv-retry 5\n") + "dev tun\n";
        if (this.scramble) {
            str = str5 + "hand-window 120\n";
        } else {
            str = str5 + "hand-window 30\n";
        }
        if (this.scramble) {
            str = (str + "remote " + getRemoteScrambleServer().getIp() + " " + getRemoteScrambleServer().getPort() + " tcp\n") + "socks-proxy 127.0.0.1 45578\n";
        } else {
            Iterator<VpnServerResponse> it = this.remoteVPNServers.iterator();
            while (it.hasNext()) {
                VpnServerResponse next = it.next();
                String str6 = (((str + "remote ") + next.getHost()) + " ") + next.getPort();
                if (next.isUdp()) {
                    str = str6 + " udp\n";
                } else {
                    str = str6 + " tcp\n";
                }
            }
        }
        String str7 = str + "management-query-remote\n";
        switch (this.mAuthenticationType) {
            case 0:
                str7 = ((str7 + insertFileData("ca", this.mCaFilename)) + insertFileData("key", this.mClientKeyFilename)) + insertFileData("cert", this.mClientCertFilename);
                break;
            case 1:
                str7 = str7 + insertFileData("pkcs12", this.mPKCS12Filename);
                break;
            case 2:
                str7 = ((str7 + "pkcs12 ") + file.getAbsolutePath() + "/android.pkcs12") + "\n";
                break;
            case 3:
                str7 = (str7 + "auth-user-pass\n") + insertFileData("ca", this.mCaFilename);
                break;
            case 5:
                str7 = str7 + "auth-user-pass\n";
                str7 = ((str7 + insertFileData("ca", this.mCaFilename)) + insertFileData("key", this.mClientKeyFilename)) + insertFileData("cert", this.mClientCertFilename);
                break;
            case 6:
                str7 = str7 + "auth-user-pass\n";
                str7 = str7 + insertFileData("pkcs12", this.mPKCS12Filename);
                break;
            case 7:
                str7 = str7 + "auth-user-pass\n";
                str7 = ((str7 + "pkcs12 ") + file.getAbsolutePath() + "/android.pkcs12") + "\n";
                break;
        }
        if (this.mUseLzo) {
            str7 = str7 + "comp-lzo\n";
        }
        if (this.mUseTLSAuth) {
            if (this.mAuthenticationType == 4) {
                str3 = str7 + insertFileData("secret", this.mTLSAuthFilename);
            } else {
                str3 = str7 + insertFileData("tls-auth", this.mTLSAuthFilename);
            }
            String str8 = str3 + " ";
            if (nonNull(this.mTLSAuthDirection)) {
                str8 = (str8 + "key-direction ") + this.mTLSAuthDirection;
            }
            str7 = str8 + "\n";
        }
        if (!this.mUsePull) {
            if (nonNull(this.mIPv4Address)) {
                str7 = str7 + "ifconfig " + cidrToIPAndNetmask(this.mIPv4Address) + "\n";
            }
            if (nonNull(this.mIPv6Address)) {
                str7 = str7 + "ifconfig-ipv6 " + this.mIPv6Address + "\n";
            }
        }
        if (this.mUsePull && this.mRoutenopull) {
            str7 = str7 + "route-nopull\n";
        }
        if (this.scramble) {
            try {
                Iterator<String> it2 = bj.a(getRemoteScrambleServer().getIp()).iterator();
                while (it2.hasNext()) {
                    str7 = str7 + "route " + it2.next() + "\n";
                }
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        } else if (this.mUseDefaultRoute) {
            str7 = str7 + "route 0.0.0.0 0.0.0.0\n";
        } else {
            Iterator<String> it3 = getCustomRoutes().iterator();
            while (it3.hasNext()) {
                str7 = str7 + "route " + it3.next() + "\n";
            }
        }
        if (this.mUseDefaultRoutev6) {
            str2 = str7 + "route-ipv6 ::/0\n";
        } else {
            Iterator<String> it4 = getCustomRoutesv6().iterator();
            while (it4.hasNext()) {
                str7 = str7 + "route-ipv6 " + it4.next() + "\n";
            }
            str2 = str7;
        }
        if (this.mOverrideDNS || !this.mUsePull) {
            if (!this.mDNS1.equals("") && this.mDNS1 != null) {
                StringBuilder sb = new StringBuilder();
                sb.append(str2);
                sb.append("dhcp-option ");
                sb.append(this.mDNS1.contains(":") ? "DNS6 " : "DNS ");
                sb.append(this.mDNS1);
                sb.append("\n");
                str2 = sb.toString();
            }
            if (!this.mDNS2.equals("") && this.mDNS2 != null) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append(str2);
                sb2.append("dhcp-option ");
                sb2.append(this.mDNS2.contains(":") ? "DNS6 " : "DNS ");
                sb2.append(this.mDNS2);
                sb2.append("\n");
                str2 = sb2.toString();
            }
        }
        if (this.mNobind) {
            str2 = str2 + "nobind\n";
        }
        if (this.mCheckRemoteCN) {
            if (this.mRemoteCN == null || this.mRemoteCN.equals("")) {
                str2 = str2 + "tls-remote " + this.mServerName + "\n";
            } else {
                str2 = str2 + "tls-remote " + this.mRemoteCN + "\n";
            }
        }
        if (this.mExpectTLSCert) {
            str2 = str2 + "remote-cert-tls server\n";
        }
        if (nonNull("AES-256-CBC")) {
            str2 = str2 + "cipher AES-256-CBC\n";
        }
        if (nonNull("SHA256")) {
            str2 = str2 + "auth SHA256\n";
        }
        if (this.mUseRandomHostname) {
            str2 = str2 + "#my favorite options :)\nremote-random-hostname\n";
        }
        if (this.mUseFloat) {
            str2 = str2 + "float\n";
        }
        if (this.seamlessTunnel) {
            str2 = (str2 + "persist-tun\n") + "preresolve\n";
        }
        if (!this.mUseCustomConfig) {
            return str2;
        }
        return (((str2 + "# Custom configuration options\n") + "# You are on your on own here :)\n") + this.mCustomConfigOptions) + "\n";
    }

    public String getName() {
        return this.mName;
    }

    public String getPasswordAuth() {
        if (this.mTransientPW == null) {
            return this.mPassword;
        }
        String str = this.mTransientPW;
        this.mTransientPW = null;
        return str;
    }

    public String getPasswordPrivateKey() {
        if (this.mTransientPCKS12PW != null) {
            String str = this.mTransientPCKS12PW;
            this.mTransientPCKS12PW = null;
            return str;
        }
        switch (this.mAuthenticationType) {
            case 0:
            case 5:
                return this.mKeyPassword;
            case 1:
            case 6:
                return this.mPKCS12Password;
            case 2:
            case 7:
                return getTemporaryPKCS12Password();
            case 3:
            case 4:
            default:
                return null;
        }
    }

    public ScrambleProxyResponse getRemoteScrambleServer() {
        return this.remoteScrambleServer;
    }

    public ArrayList<VpnServerResponse> getRemoteVPNServers() {
        return this.remoteVPNServers;
    }

    public UUID getUUID() {
        return this.mUuid;
    }

    public String getUUIDString() {
        return this.mUuid.toString();
    }

    public int needUserPWInput() {
        if ((this.mAuthenticationType == 1 || this.mAuthenticationType == 6) && ((this.mPKCS12Password.equals("") || this.mPKCS12Password == null) && this.mTransientPCKS12PW == null)) {
            return C0000R.string.pkcs12_file_encryption_key;
        }
        if ((this.mAuthenticationType == 0 || this.mAuthenticationType == 5) && requireTLSKeyPassword() && !nonNull(this.mKeyPassword) && this.mTransientPCKS12PW == null) {
            return C0000R.string.private_key_password;
        }
        if (!isUserPWAuth()) {
            return 0;
        }
        if ((this.mPassword.equals("") || this.mPassword == null) && this.mTransientPW == null) {
            return C0000R.string.password;
        }
        return 0;
    }

    public Intent prepareIntent(Context context) {
        String packageName = context.getPackageName();
        Intent intent = new Intent(context, (Class<?>) OpenVpnService.class);
        if (this.mAuthenticationType == 2 || this.mAuthenticationType == 7) {
            savePKCS12(context);
        }
        intent.putExtra(packageName + ".ARGV", buildOpenvpnArgv(dq.e(context) ? context.getCacheDir().getAbsolutePath() : context.getApplicationInfo().nativeLibraryDir, context.getCacheDir().getAbsolutePath()));
        intent.putExtra(packageName + ".profileUUID", this.mUuid.toString());
        intent.putExtra(packageName + ".nativelib", context.getApplicationInfo().nativeLibraryDir);
        intent.putExtra(packageName + ".SCRAMBLEARGV", buildScrambleArgv(dq.e(context) ? context.getCacheDir().getAbsolutePath() : context.getApplicationInfo().nativeLibraryDir, getRemoteScrambleServer().getProtocol(), getRemoteScrambleServer().getSecret(), getRemoteScrambleServer().getIatMode()));
        writeConfigToDisk(context);
        return intent;
    }

    public boolean requireTLSKeyPassword() {
        if (!nonNull(this.mClientKeyFilename)) {
            return false;
        }
        String str = "";
        if (this.mClientKeyFilename.startsWith(INLINE_TAG)) {
            str = this.mClientKeyFilename;
        } else {
            char[] cArr = new char[2048];
            try {
                FileReader fileReader = new FileReader(this.mClientKeyFilename);
                for (int read = fileReader.read(cArr); read > 0; read = fileReader.read(cArr)) {
                    str = str + new String(cArr, 0, read);
                }
            } catch (FileNotFoundException unused) {
                return false;
            } catch (IOException unused2) {
                return false;
            }
        }
        return str.contains("Proc-Type: 4,ENCRYPTED") || str.contains("-----BEGIN ENCRYPTED PRIVATE KEY-----");
    }

    public void setRemoteScrambleServer(ScrambleProxyResponse scrambleProxyResponse) {
        this.remoteScrambleServer = scrambleProxyResponse;
    }

    public void setScramble(boolean z) {
        this.scramble = z;
    }

    public void setSeamlessTunnel(boolean z) {
        this.seamlessTunnel = z;
    }

    public String toString() {
        return this.mName;
    }

    public void writeConfigToDisk(Context context) {
        try {
            FileWriter fileWriter = new FileWriter(context.getCacheDir().getAbsolutePath() + "/android.conf");
            fileWriter.write(getConfigFile(context.getCacheDir()));
            fileWriter.flush();
            fileWriter.close();
        } catch (IOException unused) {
        }
    }
}
