package net.soti.mobicontrol.vpn;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.EnterpriseVpnConnection;
import android.app.enterprise.EnterpriseVpnPolicy;
import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import net.soti.mobicontrol.cert.b4;
import net.soti.mobicontrol.util.k3;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class b1 implements h2 {

    /* renamed from: d, reason: collision with root package name */
    private static final Logger f34978d = LoggerFactory.getLogger((Class<?>) b1.class);

    /* renamed from: a, reason: collision with root package name */
    private final Optional<EnterpriseVpnPolicy> f34979a;

    /* renamed from: b, reason: collision with root package name */
    private final net.soti.mobicontrol.cert.f0 f34980b;

    /* renamed from: c, reason: collision with root package name */
    private final net.soti.mobicontrol.cert.o0 f34981c;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class a implements Function<EnterpriseVpnConnection, String> {
        a() {
        }

        @Override // com.google.common.base.Function
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String apply(EnterpriseVpnConnection enterpriseVpnConnection) {
            return enterpriseVpnConnection == null ? "" : enterpriseVpnConnection.name;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class b {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f34982a;

        static {
            int[] iArr = new int[u1.values().length];
            f34982a = iArr;
            try {
                iArr[u1.MANUAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f34982a[u1.AUTOMATIC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f34982a[u1.UNKNOWN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    @Inject
    public b1(net.soti.mobicontrol.cert.f0 f0Var, net.soti.mobicontrol.cert.o0 o0Var, n nVar) {
        this.f34980b = f0Var;
        this.f34979a = nVar.a();
        this.f34981c = o0Var;
    }

    private EnterpriseVpnConnection e(c2 c2Var) throws net.soti.mobicontrol.processor.q {
        EnterpriseVpnConnection enterpriseVpnConnection = new EnterpriseVpnConnection();
        enterpriseVpnConnection.name = c2Var.e();
        enterpriseVpnConnection.host = c2Var.h().c();
        enterpriseVpnConnection.type = "anyconnect";
        int i10 = b.f34982a[c2Var.h().f().ordinal()];
        if (i10 == 1) {
            enterpriseVpnConnection.setCertAuthMode("Manual");
        } else {
            if (i10 != 2 && i10 != 3) {
                throw new net.soti.mobicontrol.processor.q(String.format("failed to set AnyConnect VPN payload due to unsupported CertAuthMode : %s", c2Var.h().f()));
            }
            enterpriseVpnConnection.setCertAuthMode("Automatic");
        }
        m(enterpriseVpnConnection, g(c2Var.a()));
        l(enterpriseVpnConnection);
        return enterpriseVpnConnection;
    }

    private static String f(Optional<byte[]> optional, Optional<String> optional2) {
        return net.soti.mobicontrol.cert.g0.l(net.soti.mobicontrol.cert.g0.i(optional2.get(), net.soti.mobicontrol.cert.v0.PKCS12, new ByteArrayInputStream(optional.get())).getSubjectDN().toString());
    }

    private Optional<net.soti.mobicontrol.cert.m0> g(v1 v1Var) {
        return v1Var.f() ? Optional.fromNullable(this.f34981c.h(v1Var.c(), v1Var.d())) : Optional.absent();
    }

    private boolean h(Optional<byte[]> optional, Optional<String> optional2) throws net.soti.mobicontrol.processor.q {
        boolean z10;
        if (optional.isPresent() && optional2.isPresent()) {
            try {
                z10 = this.f34979a.get().installClientCertificate("anyconnect", optional.get(), optional2.get());
            } catch (UnsupportedOperationException e10) {
                throw new net.soti.mobicontrol.processor.q("vpn", "Failed to install certificate, err: %s", e10);
            }
        } else {
            f34978d.error("cannot install pkcs12[{}], password[{}]", Boolean.valueOf(optional.isPresent()), Boolean.valueOf(optional2.isPresent()));
            z10 = false;
        }
        f34978d.debug("return[{}]", Boolean.valueOf(z10));
        return z10;
    }

    private boolean i(String str) {
        for (EnterpriseVpnConnection enterpriseVpnConnection : this.f34979a.get().getAllEnterpriseVpnConnections()) {
            if (str.equals(enterpriseVpnConnection.name)) {
                f34978d.info("Profile exists. name:{}, host:{}, type:{}, certMode:{}", enterpriseVpnConnection.name, enterpriseVpnConnection.host, enterpriseVpnConnection.type, enterpriseVpnConnection.getCertAuthMode());
                return true;
            }
        }
        return false;
    }

    private Optional<X509Certificate> j(net.soti.mobicontrol.cert.m0 m0Var) {
        List list;
        Optional<X509Certificate> absent = Optional.absent();
        try {
            list = this.f34979a.get().getClientCertificates("anyconnect");
        } catch (UnsupportedOperationException e10) {
            f34978d.error("getClientCertificates() throw exception", (Throwable) e10);
            list = null;
        }
        if (list == null) {
            f34978d.error("Failed to get installed client certificates");
            return absent;
        }
        Iterator it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate x509Certificate = (X509Certificate) ((CertificateInfo) it.next()).getCertificate();
            if (b4.b(x509Certificate, m0Var)) {
                absent = Optional.of(x509Certificate);
                break;
            }
        }
        f34978d.info("{} existing AnyConnect certificate among {} certificates", absent.isPresent() ? "Found" : "Could not find", Integer.valueOf(list.size()));
        return absent;
    }

    private static Function<EnterpriseVpnConnection, String> k() {
        return new a();
    }

    private static void l(EnterpriseVpnConnection enterpriseVpnConnection) {
        f34978d.debug("Enterprise VPN policy \nName: {}\nHost: {}\nType: {}\ncertCN: {}\nVPN certificate auth mode: {}", enterpriseVpnConnection.name, enterpriseVpnConnection.host, enterpriseVpnConnection.type, enterpriseVpnConnection.certCommonName, enterpriseVpnConnection.getCertAuthMode());
    }

    private void m(EnterpriseVpnConnection enterpriseVpnConnection, Optional<net.soti.mobicontrol.cert.m0> optional) throws net.soti.mobicontrol.processor.q {
        if (optional.isPresent()) {
            Optional<X509Certificate> j10 = j(optional.get());
            try {
                if (j10.isPresent()) {
                    enterpriseVpnConnection.certCommonName = net.soti.mobicontrol.cert.g0.l(j10.get().getSubjectDN().getName());
                    enterpriseVpnConnection.certHash = net.soti.mobicontrol.cert.g0.j(j10.get().getEncoded());
                    return;
                }
                Optional<byte[]> fromNullable = Optional.fromNullable(this.f34980b.b(optional.get()));
                Optional<String> fromNullable2 = Optional.fromNullable(this.f34980b.i(optional.get()));
                if (h(fromNullable, fromNullable2)) {
                    enterpriseVpnConnection.certCommonName = f(fromNullable, fromNullable2);
                    enterpriseVpnConnection.certHash = net.soti.mobicontrol.cert.g0.j(fromNullable.get());
                }
            } catch (NoSuchAlgorithmException e10) {
                throw new net.soti.mobicontrol.processor.q("vpn", "Failed to calculate certificate digest, err: %s", e10);
            } catch (CertificateEncodingException e11) {
                throw new net.soti.mobicontrol.processor.q("vpn", "Failed to get encoded, err: %s", e11);
            }
        }
    }

    @Override // net.soti.mobicontrol.vpn.h2
    public boolean a() {
        return true;
    }

    @Override // net.soti.mobicontrol.vpn.h2
    public boolean b(c2 c2Var) throws net.soti.mobicontrol.processor.q {
        net.soti.mobicontrol.util.c0.c(c2Var);
        if (!this.f34979a.isPresent()) {
            throw new net.soti.mobicontrol.processor.q("vpn", "Cannot get EnterpriseVpnPolicy");
        }
        String e10 = c2Var.e();
        if (k3.m(e10)) {
            throw new net.soti.mobicontrol.processor.q("vpn", "Profile name is null or empty.");
        }
        boolean enterpriseVpnConnection = i(e10) ? this.f34979a.get().setEnterpriseVpnConnection(e(c2Var), e10) : this.f34979a.get().setEnterpriseVpnConnection(e(c2Var), (String) null);
        f34978d.debug("{} create/update AnyConnect VPN profile:{}", enterpriseVpnConnection ? "Succeeded" : net.soti.mobicontrol.debug.l.f22061p, e10);
        return enterpriseVpnConnection;
    }

    @Override // net.soti.mobicontrol.vpn.h2
    public Collection<String> c() {
        List allEnterpriseVpnConnections = this.f34979a.get().getAllEnterpriseVpnConnections();
        return allEnterpriseVpnConnections == null ? new ArrayList() : Lists.transform(allEnterpriseVpnConnections, k());
    }

    @Override // net.soti.mobicontrol.vpn.h2
    public void d(String str) {
        this.f34979a.get().removeEnterpriseVpnConnection("anyconnect", str);
    }
}
