package com.mobileiron.compliance.vpn;

import android.content.pm.PackageInfo;
import android.support.v4.media.session.MediaSessionCompat;
import android.util.Base64;
import com.mobileiron.R;
import com.mobileiron.acom.core.android.AppsUtils;
import com.mobileiron.acom.core.utils.cert.CertificateUtils;
import com.mobileiron.acom.mdm.vpn.cisco.CiscoConfigurator;
import com.mobileiron.acom.mdm.vpn.cisco.a;
import com.mobileiron.common.a0;
import com.mobileiron.compliance.utils.ConfigurationErrors;
import com.mobileiron.opensslwrapper.CryptoProvider;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class e extends b {

    /* renamed from: d, reason: collision with root package name */
    private CiscoConfigurator f12730d;

    public e() {
        super("cisco_vpn_store");
        CiscoConfigurator ciscoConfigurator = new CiscoConfigurator(this.f12727a);
        this.f12730d = ciscoConfigurator;
        if (ciscoConfigurator.o()) {
            a0.d("CiscoVPNProvider", "Note: Cisco not installed");
            Iterator<PackageInfo> it = AppsUtils.r(0).iterator();
            while (it.hasNext()) {
                String str = it.next().packageName;
                if (str.contains("cisco")) {
                    d.a.a.a.a.P0("   Possible match: ", str, "CiscoVPNProvider");
                }
            }
        }
    }

    private com.mobileiron.acom.mdm.vpn.cisco.a r(com.mobileiron.acom.core.utils.i iVar) {
        a.C0172a c0172a = new a.C0172a();
        CiscoConfigurator.VpnAuthMethod vpnAuthMethod = CiscoConfigurator.VpnAuthMethod.BASIC;
        String m = iVar.m("ipsecCertContent");
        String m2 = iVar.m("ipsecPasskey");
        if (m != null) {
            vpnAuthMethod = CiscoConfigurator.VpnAuthMethod.CERTIFICATE;
        }
        c0172a.g(iVar.m("userDefinedName"));
        c0172a.f(iVar.m("ipsecRemoteAddress"));
        c0172a.e(iVar.m("vpnGroup"));
        c0172a.h(vpnAuthMethod);
        c0172a.b(m);
        c0172a.d(m2);
        byte[] s = s(m, m2);
        c0172a.c(s == null ? null : Base64.encodeToString(s, 2));
        return c0172a.a();
    }

    private byte[] s(String str, String str2) {
        byte[] d2;
        if (str == null || (d2 = CertificateUtils.d(Base64.decode(str, 0), str2)) == null) {
            return null;
        }
        return CryptoProvider.doSHA1(d2);
    }

    @Override // com.mobileiron.compliance.vpn.b
    public boolean c(com.mobileiron.acom.core.utils.i iVar) {
        String i2 = i(iVar);
        o(iVar);
        CiscoConfigurator.CiscoResultCode h2 = this.f12730d.h(r(iVar));
        if (h2.equals(CiscoConfigurator.CiscoResultCode.SUCCESSFUL)) {
            d.a.a.a.a.T0("added config '", i2, "'", "CiscoVPNProvider");
            return true;
        }
        a0.d("CiscoVPNProvider", "Failed to add VPN config: '" + i2 + "' result code : " + h2);
        ConfigurationErrors.w().a(ConfigurationErrors.ConfigurationType.VPN, i(iVar), R.string.vpn_creation_failed_error_message);
        return false;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public boolean d(com.mobileiron.acom.core.utils.i iVar) {
        ConfigurationErrors.ConfigurationType configurationType = ConfigurationErrors.ConfigurationType.VPN;
        boolean z = MediaSessionCompat.a(iVar.m("vpnSubtype"), "com.cisco.anyconnect.applevpn.plugin") && !iVar.t("samsungOnly");
        if (z) {
            String i2 = i(iVar);
            if (!this.f12730d.o()) {
                ConfigurationErrors.w().d(configurationType, i2, R.string.vpn_client_not_installed_error_message, "Cisco AnyConnect");
                return false;
            }
            if (iVar.t("perAppVpn")) {
                ConfigurationErrors.w().a(configurationType, i2, R.string.per_app_vpn_not_supported_error_message);
                return false;
            }
            if (!(iVar.u("ipsecRemoteAddress") > 0)) {
                a0.C("CiscoVPNProvider", "VPN config '" + i2 + " 'missing server field. Rejecting.");
                return false;
            }
            String m = iVar.m("ipsecCertContent");
            String m2 = iVar.m("ipsecPasskey");
            if (StringUtils.isNotBlank(m)) {
                if (StringUtils.isBlank(m2)) {
                    a0.C("CiscoVPNProvider", "VPN config '" + i2 + " 'has cert data but no passkey. Rejecting.");
                    ConfigurationErrors.w().a(configurationType, i2, R.string.wrong_user_certificate_error_message);
                    return false;
                }
                if (s(m, m2) == null) {
                    a0.C("CiscoVPNProvider", "VPN config '" + i2 + " 'has invalid cert. Rejecting.");
                    ConfigurationErrors.w().a(configurationType, i2, R.string.wrong_user_certificate_error_message);
                    return false;
                }
            }
        }
        return z;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public String h() {
        return "CiscoVPNProvider";
    }

    @Override // com.mobileiron.compliance.vpn.b
    public boolean m(com.mobileiron.acom.core.utils.i iVar) {
        boolean q = this.f12730d.q(r(iVar));
        a0.n("CiscoVPNProvider", "Is VPN compliant: " + q);
        return q;
    }

    @Override // com.mobileiron.compliance.vpn.b
    public boolean o(com.mobileiron.acom.core.utils.i iVar) {
        String i2 = i(iVar);
        a0.n("CiscoVPNProvider", "Removing configuration : " + i2);
        CiscoConfigurator ciscoConfigurator = this.f12730d;
        HashSet hashSet = new HashSet();
        com.mobileiron.acom.core.utils.i[] g2 = g();
        if (g2 != null) {
            for (int i3 = 0; i3 < g2.length; i3++) {
                String m = g2[i3].m("ipsecCertContent");
                if (m != null) {
                    byte[] s = s(m, g2[i3].m("ipsecPasskey"));
                    hashSet.add(s == null ? null : Base64.encodeToString(s, 2));
                }
            }
        }
        return ciscoConfigurator.p(i2, hashSet);
    }
}
