package net.soti.mobicontrol.vpn;

import android.app.enterprise.CertificateInfo;
import android.app.enterprise.EnterpriseVpnConnection;
import android.app.enterprise.EnterpriseVpnPolicy;
import android.text.TextUtils;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import net.soti.mobicontrol.appcontrol.ApplicationManager;
import net.soti.mobicontrol.cert.CertificateDataStorage;
import net.soti.mobicontrol.cert.CertificateHelper;
import net.soti.mobicontrol.cert.CertificateMetadata;
import net.soti.mobicontrol.cert.CertificateMetadataStorage;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.script.command.CommentCommand;
import net.soti.mobicontrol.settings.SettingsStorage;
import net.soti.mobicontrol.settings.StorageKey;
import net.soti.mobicontrol.settings.StorageValue;
import net.soti.mobicontrol.settings.StorageValueOptional;
import net.soti.mobicontrol.util.Assert;
import net.soti.mobicontrol.util.StringUtils;

/* loaded from: classes.dex */
public class MdmV2AnyConnectVpnSettingsManager implements AnyConnectVpnSettingsManager {
    private static final String CISCO_ANYCONNECT_VPN = "com.cisco.anyconnect.vpn.android";
    private static final String SAVED_VPN_PROFILE_LIST = "AnyConnectVpn.savedProfileList";
    private static final String TAG = "MdmV2AnyConnectVpnSettingsManager";
    private final ApplicationManager applicationManager;
    private final CertificateDataStorage certificateDataStorage;
    private final CertificateMetadataStorage certificateMetadataStorage;
    private final EnterpriseVpnPolicy enterpriseVpnPolicy;
    private final Logger logger;
    private final SettingsStorage settingsStorage;

    @Inject
    public MdmV2AnyConnectVpnSettingsManager(EnterpriseVpnPolicy enterpriseVpnPolicy, ApplicationManager applicationManager, CertificateDataStorage certificateDataStorage, CertificateMetadataStorage certificateMetadataStorage, SettingsStorage settingsStorage, Logger logger) {
        this.enterpriseVpnPolicy = enterpriseVpnPolicy;
        this.applicationManager = applicationManager;
        this.certificateDataStorage = certificateDataStorage;
        this.certificateMetadataStorage = certificateMetadataStorage;
        this.settingsStorage = settingsStorage;
        this.logger = logger;
    }

    private List<String> enumManagedVpnProfiles() {
        String or = this.settingsStorage.getValue(StorageKey.fromString(SAVED_VPN_PROFILE_LIST)).getString().or((StorageValueOptional<String>) "");
        return !TextUtils.isEmpty(or) ? StringUtils.split(or, CommentCommand.NAME) : new LinkedList();
    }

    private String extractVpnUserIdentity(String str) {
        return (str == null || !str.contains(",")) ? str : str.startsWith("Users,") ? str.replace("Users,", "") : str.split(",")[0];
    }

    private CertificateInfo findAnyConnectClientCertificate(byte[] bArr) {
        List<CertificateInfo> clientCertificates = this.enterpriseVpnPolicy.getClientCertificates(BaseVpnSettings.VPN_TYPE_ANYCONNECT);
        if (clientCertificates != null) {
            for (CertificateInfo certificateInfo : clientCertificates) {
                try {
                } catch (Exception e) {
                    this.logger.warn("[%s] Failed looking up for AnyConnect client CERT, err=%s", TAG, e);
                }
                if (Arrays.equals(certificateInfo.getCertificate().getEncoded(), bArr)) {
                    return certificateInfo;
                }
            }
        }
        return null;
    }

    private EnterpriseVpnConnection fromSettingsToEnterpriseVpn(SamsungAnyConnectVpnSettings samsungAnyConnectVpnSettings) {
        CertificateMetadata findCertificate;
        EnterpriseVpnConnection enterpriseVpnConnection = new EnterpriseVpnConnection();
        enterpriseVpnConnection.name = samsungAnyConnectVpnSettings.getProfileName();
        enterpriseVpnConnection.host = samsungAnyConnectVpnSettings.getServerName();
        enterpriseVpnConnection.type = samsungAnyConnectVpnSettings.getVpnType();
        enterpriseVpnConnection.certCommonName = null;
        enterpriseVpnConnection.setCertAuthMode("Automatic");
        if (!TextUtils.isEmpty(samsungAnyConnectVpnSettings.getUserCertificateIssuer()) && (findCertificate = this.certificateMetadataStorage.findCertificate(samsungAnyConnectVpnSettings.getUserCertificateIssuer(), samsungAnyConnectVpnSettings.getUserCertificateSn())) != null) {
            byte[] data = this.certificateDataStorage.getData(findCertificate);
            String password = this.certificateDataStorage.getPassword(findCertificate);
            if (data != null && password != null) {
                String findAlias = this.certificateMetadataStorage.findAlias(samsungAnyConnectVpnSettings.getUserCertificateIssuer(), samsungAnyConnectVpnSettings.getUserCertificateSn());
                if (importClientCertificate(data, password)) {
                    X509Certificate certificate = CertificateHelper.getCertificate(password, CertificateHelper.PKCS12, new ByteArrayInputStream(data));
                    if (certificate != null) {
                        try {
                            enterpriseVpnConnection.certCommonName = extractVpnUserIdentity(CertificateHelper.getCommonName(certificate.getSubjectDN().getName()));
                            enterpriseVpnConnection.certHash = CertificateHelper.getCertificateDigest(data);
                        } catch (Exception e) {
                            enterpriseVpnConnection.certCommonName = null;
                            this.logger.warn("[%s] Failed calculating CERT digest, err=%s", TAG, e);
                        }
                    }
                } else {
                    this.logger.warn("[%s] Failed importing AnyConnect client CERT, alias=%s", TAG, findAlias);
                }
            }
        }
        if (TextUtils.isEmpty(enterpriseVpnConnection.certCommonName) && this.enterpriseVpnPolicy.getClientCertificates(BaseVpnSettings.VPN_TYPE_ANYCONNECT).isEmpty()) {
            enterpriseVpnConnection.setCertAuthMode("Disabled");
        }
        printDumpAnyConnectSettings(enterpriseVpnConnection);
        return enterpriseVpnConnection;
    }

    private boolean hasProfile(String str) {
        List<String> listManagedProfiles = listManagedProfiles();
        return listManagedProfiles != null && listManagedProfiles.contains(str);
    }

    private boolean importClientCertificate(byte[] bArr, String str) {
        return findAnyConnectClientCertificate(bArr) != null || this.enterpriseVpnPolicy.installClientCertificate(BaseVpnSettings.VPN_TYPE_ANYCONNECT, bArr, str);
    }

    private void printDumpAnyConnectSettings(EnterpriseVpnConnection enterpriseVpnConnection) {
        this.logger.debug("[%s] Dump Enterprise VPN policy settings: \nVPN name=%s\nVPN host=***\nVPN certCN=***\nVPN CERT mode=%s", TAG, enterpriseVpnConnection.name, enterpriseVpnConnection.getCertAuthMode());
    }

    private void removeManagedVpnProfile(String str) {
        List<String> enumManagedVpnProfiles = enumManagedVpnProfiles();
        Assert.notNull(enumManagedVpnProfiles, "currentList parameter can't be null.");
        int size = enumManagedVpnProfiles.size();
        if (size > 0) {
            Iterator<String> it = enumManagedVpnProfiles.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.equals(str)) {
                    enumManagedVpnProfiles.remove(next);
                    break;
                }
            }
            if (size != enumManagedVpnProfiles.size()) {
                if (enumManagedVpnProfiles.isEmpty()) {
                    this.settingsStorage.setValue(StorageKey.fromString(SAVED_VPN_PROFILE_LIST), StorageValue.fromString(""));
                } else {
                    this.settingsStorage.setValue(StorageKey.fromString(SAVED_VPN_PROFILE_LIST), StorageValue.fromString(StringUtils.join(enumManagedVpnProfiles, CommentCommand.NAME)));
                }
            }
        }
    }

    private void setManagedVpnProfile(String str) {
        if (str == null) {
            this.settingsStorage.setValue(StorageKey.fromString(SAVED_VPN_PROFILE_LIST), StorageValue.fromString(""));
            return;
        }
        List<String> enumManagedVpnProfiles = enumManagedVpnProfiles();
        enumManagedVpnProfiles.add(str);
        this.settingsStorage.setValue(StorageKey.fromString(SAVED_VPN_PROFILE_LIST), StorageValue.fromString(StringUtils.join(enumManagedVpnProfiles, CommentCommand.NAME)));
    }

    @Override // net.soti.mobicontrol.vpn.VpnSettingsManager
    public synchronized void deleteProfile(String str) {
        this.logger.warn("[%s] Deleting Enterprise VPN policy '%s' ..", TAG, str);
        this.enterpriseVpnPolicy.removeEnterpriseVpnConnection(BaseVpnSettings.VPN_TYPE_ANYCONNECT, str);
        removeManagedVpnProfile(str);
    }

    @Override // net.soti.mobicontrol.vpn.AnyConnectVpnSettingsManager
    public boolean isAnyConnectClientAvailable() {
        Iterator<String> it = this.applicationManager.getInstalledPrograms().iterator();
        while (it.hasNext()) {
            if (it.next().contains(CISCO_ANYCONNECT_VPN)) {
                return true;
            }
        }
        return false;
    }

    @Override // net.soti.mobicontrol.vpn.VpnSettingsManager
    public boolean isVpnTypeSupported(BaseVpnSettings baseVpnSettings) {
        return (baseVpnSettings instanceof SamsungAnyConnectVpnSettings) && baseVpnSettings.getVpnClientType().equals(BaseVpnSettings.VPN_TYPE_ANYCONNECT) && isAnyConnectClientAvailable();
    }

    @Override // net.soti.mobicontrol.vpn.VpnSettingsManager
    public List<String> listManagedProfiles() {
        LinkedList linkedList = new LinkedList();
        List<String> enumManagedVpnProfiles = enumManagedVpnProfiles();
        try {
            List<EnterpriseVpnConnection> allEnterpriseVpnConnections = this.enterpriseVpnPolicy.getAllEnterpriseVpnConnections();
            if (allEnterpriseVpnConnections != null && !allEnterpriseVpnConnections.isEmpty()) {
                for (EnterpriseVpnConnection enterpriseVpnConnection : allEnterpriseVpnConnections) {
                    if (enumManagedVpnProfiles.contains(enterpriseVpnConnection.name)) {
                        linkedList.add(enterpriseVpnConnection.name);
                    }
                }
            }
        } catch (Exception e) {
            this.logger.warn("[%s] Failed looking up managed AnyConnect profiles, err=%s", TAG, e);
        }
        return linkedList;
    }

    @Override // net.soti.mobicontrol.vpn.VpnSettingsManager
    public synchronized boolean setProfile(BaseVpnSettings baseVpnSettings) {
        boolean enterpriseVpnConnection;
        Assert.notNull(baseVpnSettings);
        if (!(baseVpnSettings instanceof SamsungAnyConnectVpnSettings)) {
            this.logger.error("[%s][setProfile] Invalid VPN settings passed", new Object[0]);
            throw new IllegalStateException("MdmV2AnyConnectVpnSettingsManager[setProfile] Invalid VPN settings passed");
        }
        SamsungAnyConnectVpnSettings samsungAnyConnectVpnSettings = (SamsungAnyConnectVpnSettings) baseVpnSettings;
        String profileName = baseVpnSettings.getProfileName();
        if (hasProfile(profileName)) {
            this.logger.info("[%s] Updating Enterprise VPN policy '%s' ..", TAG, profileName);
            enterpriseVpnConnection = this.enterpriseVpnPolicy.setEnterpriseVpnConnection(fromSettingsToEnterpriseVpn(samsungAnyConnectVpnSettings), profileName);
        } else {
            this.logger.info("[%s] Creating Enterprise VPN policy '%s' ..", TAG, profileName);
            enterpriseVpnConnection = this.enterpriseVpnPolicy.setEnterpriseVpnConnection(fromSettingsToEnterpriseVpn(samsungAnyConnectVpnSettings), (String) null);
        }
        if (enterpriseVpnConnection) {
            setManagedVpnProfile(profileName);
        } else {
            this.logger.error("[%s] Failed creating/updating AnyConnect VPN profile '%s'", TAG, profileName);
        }
        return enterpriseVpnConnection;
    }
}
