package se.theinstitution.revival.plugin.deployment.vpn;

import android.app.enterprise.EnterpriseDeviceManager;
import android.app.enterprise.EnterpriseVpnConnection;
import android.app.enterprise.EnterpriseVpnPolicy;
import android.app.enterprise.SecurityPolicy;
import android.app.enterprise.VpnAdminProfile;
import android.app.enterprise.VpnPolicy;
import android.content.Context;
import android.text.TextUtils;
import java.security.cert.X509Certificate;
import se.theinstitution.revival.RevivalException;
import se.theinstitution.util.Certificate;
import se.theinstitution.util.SamsungKnox;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: VpnAccessor.java */
/* loaded from: classes2.dex */
public class VpnAccessorAES extends VpnAccessor {
    /* JADX INFO: Access modifiers changed from: protected */
    public VpnAccessorAES(Context context) {
        super(context);
    }

    private void configureEnterpriseVpn(VpnSettings vpnSettings) throws RevivalException {
        EnterpriseVpnPolicy enterpriseVpnPolicy = ((EnterpriseDeviceManager) this.context.getSystemService(EnterpriseDeviceManager.ENTERPRISE_POLICY_SERVICE)).getEnterpriseVpnPolicy();
        boolean z = false;
        EnterpriseVpnConnection enterpriseVpnConnection = enterpriseVpnPolicy.getEnterpriseVpnConnection(EnterpriseVpnPolicy.VPN_TYPE_ANYCONNECT, vpnSettings.vpnName);
        if (vpnSettings.configType != 1) {
            if (enterpriseVpnConnection == null) {
                throw new RevivalException("Failed to delete VPN connection: '" + vpnSettings.vpnName + "' not found");
            }
            if (!enterpriseVpnPolicy.removeEnterpriseVpnConnection(EnterpriseVpnPolicy.VPN_TYPE_ANYCONNECT, vpnSettings.vpnName)) {
                throw new RevivalException("Failed to delete VPN connection");
            }
            return;
        }
        if (enterpriseVpnConnection != null) {
            z = true;
        } else {
            enterpriseVpnConnection = new EnterpriseVpnConnection();
        }
        enterpriseVpnConnection.name = vpnSettings.vpnName;
        enterpriseVpnConnection.host = vpnSettings.hostName;
        enterpriseVpnConnection.type = EnterpriseVpnPolicy.VPN_TYPE_ANYCONNECT;
        String str = vpnSettings.authType == 1 ? EnterpriseVpnPolicy.VPN_CERT_TYPE_AUTOMATIC : vpnSettings.authType == 2 ? EnterpriseVpnPolicy.VPN_CERT_TYPE_MANUAL : EnterpriseVpnPolicy.VPN_CERT_TYPE_DISABLED;
        enterpriseVpnConnection.setCertAuthMode(str);
        if (str.equals(EnterpriseVpnPolicy.VPN_CERT_TYPE_MANUAL) && vpnSettings.clientCertData != null && vpnSettings.clientCertData.length > 0) {
            Certificate.CertificateKeyPair fromPKCS12ByteArray = Certificate.fromPKCS12ByteArray(vpnSettings.clientCertData, vpnSettings.clientCertPassword);
            if (fromPKCS12ByteArray != null) {
                X509Certificate x509Certificate = fromPKCS12ByteArray.getCertificates()[0];
                enterpriseVpnConnection.certCommonName = Certificate.getCommonName(x509Certificate);
                enterpriseVpnConnection.certHash = Certificate.getSHA1Fingerprint(x509Certificate);
            }
            if (!enterpriseVpnPolicy.installClientCertificate(EnterpriseVpnPolicy.VPN_TYPE_ANYCONNECT, vpnSettings.clientCertData, vpnSettings.clientCertPassword)) {
                throw new RevivalException("Failed to install VPN client certificate");
            }
        }
        if (z) {
            if (!enterpriseVpnPolicy.setEnterpriseVpnConnection(enterpriseVpnConnection, vpnSettings.vpnName)) {
                throw new RevivalException("Failed to update VPN connection'" + vpnSettings.vpnName + "'.");
            }
        } else if (!enterpriseVpnPolicy.setEnterpriseVpnConnection(enterpriseVpnConnection, null)) {
            throw new RevivalException("Failed to create VPN connection'" + vpnSettings.vpnName + "'.");
        }
    }

    private void configureVpn(VpnSettings vpnSettings) throws RevivalException {
        EnterpriseDeviceManager enterpriseDeviceManager = (EnterpriseDeviceManager) this.context.getSystemService(EnterpriseDeviceManager.ENTERPRISE_POLICY_SERVICE);
        VpnPolicy vpnPolicy = enterpriseDeviceManager.getVpnPolicy();
        SecurityPolicy securityPolicy = enterpriseDeviceManager.getSecurityPolicy();
        int credentialStorageStatus = securityPolicy.getCredentialStorageStatus();
        if (credentialStorageStatus != 1) {
            if (credentialStorageStatus == 3) {
                throw new RevivalException("A passcode must be present on the device to install VPN profiles");
            }
            securityPolicy.unlockCredentialStorage("");
        }
        boolean isVpnProfileInstalled = isVpnProfileInstalled(vpnPolicy, vpnSettings.vpnName);
        if (vpnSettings.configType != 1) {
            if (!isVpnProfileInstalled) {
                throw new RevivalException("VPN profile '" + vpnSettings.vpnName + "' does not exist");
            }
            vpnPolicy.deleteProfile(vpnSettings.vpnName);
            if (isVpnProfileInstalled(vpnPolicy, vpnSettings.vpnName)) {
                throw new RevivalException("Failed to delete VPN profile '" + vpnSettings.vpnName + "'");
            }
            return;
        }
        VpnAdminProfile vpnAdminProfile = new VpnAdminProfile();
        vpnAdminProfile.profileName = vpnSettings.vpnName;
        vpnAdminProfile.serverName = vpnSettings.hostName;
        vpnAdminProfile.userName = vpnSettings.userName;
        vpnAdminProfile.userPassword = vpnSettings.password;
        String str = null;
        switch (vpnSettings.vpnType) {
            case 256:
                str = VpnAdminProfile.VPN_TYPE_PPTP;
                break;
            case 257:
                str = VpnAdminProfile.VPN_TYPE_L2TP_IPSEC_PSK;
                break;
            case 258:
                str = VpnAdminProfile.VPN_TYPE_L2TP_IPSEC_CRT;
                break;
            case 259:
                str = VpnAdminProfile.VPN_TYPE_IPSEC_XAUTH_PSK;
                break;
            case 260:
                str = VpnAdminProfile.VPN_TYPE_IPSEC_XAUTH_RSA;
                break;
            case 261:
                str = VpnAdminProfile.VPN_TYPE_IPSEC_HYBRID_RSA;
                break;
            case 262:
                str = VpnAdminProfile.VPN_TYPE_IPSEC_IKEV2_PSK;
                break;
            case 263:
                str = VpnAdminProfile.VPN_TYPE_IPSEC_IKEV2_RSA;
                break;
        }
        if (str == null) {
            throw new RevivalException("Invalid or empty VPN type");
        }
        vpnAdminProfile.vpnType = str;
        if (TextUtils.isEmpty(vpnSettings.l2tpSecret)) {
            vpnAdminProfile.L2TPSecretEnable = false;
        } else {
            vpnAdminProfile.L2TPSecret = vpnSettings.l2tpSecret;
            vpnAdminProfile.L2TPSecretEnable = true;
        }
        vpnAdminProfile.PPTPEncryptionEnable = vpnSettings.pptpEncryption;
        if (!TextUtils.isEmpty(vpnSettings.ipSecPresharedkey)) {
            vpnAdminProfile.IPSecPreSharedKey = vpnSettings.ipSecPresharedkey;
        }
        if (!TextUtils.isEmpty(vpnSettings.ipSecIdentifier)) {
            vpnAdminProfile.ipsecIdentifier = vpnSettings.ipSecIdentifier;
        }
        if (vpnSettings.clientCertData != null && vpnSettings.clientCertData.length > 0) {
            String commonName = Certificate.getCommonName(Certificate.fromPKCS12ByteArray(vpnSettings.clientCertData, vpnSettings.clientCertPassword).getCertificates()[0]);
            if (!securityPolicy.installCertificate(SecurityPolicy.TYPE_PKCS12, vpnSettings.clientCertData, commonName, vpnSettings.clientCertPassword)) {
                throw new RevivalException("Failed to install user certificate '" + commonName + "'");
            }
            vpnAdminProfile.IPSecUserCertificate = commonName;
        }
        if (vpnSettings.caCertData != null && vpnSettings.caCertData.length > 0) {
            String commonName2 = Certificate.getCommonName(Certificate.fromX509ByteArray(vpnSettings.caCertData));
            if (!securityPolicy.installCertificate(SecurityPolicy.TYPE_CERTIFICATE, vpnSettings.caCertData, commonName2, "")) {
                throw new RevivalException("Failed to install CA certificate '" + commonName2 + "'");
            }
            vpnAdminProfile.IPSecCaCertificate = commonName2;
        }
        vpnAdminProfile.dnsServers = vpnSettings.dnsServers;
        vpnAdminProfile.searchDomains = vpnSettings.dnsSearchDomains;
        vpnAdminProfile.forwardRoutes = vpnSettings.forwardingRoutes;
        if (!TextUtils.isEmpty(vpnSettings.ocsp)) {
            vpnAdminProfile.ocspServerUrl = vpnSettings.ocsp;
        }
        if (isVpnProfileInstalled) {
            vpnPolicy.deleteProfile(vpnSettings.vpnName);
        }
        if (!vpnPolicy.createProfile(vpnAdminProfile)) {
            throw new RevivalException("Failed to create VPN profile '" + vpnSettings.vpnName + "'");
        }
        if (!vpnSettings.alwaysOn || SamsungKnox.querySupportedSdkVersion(SamsungKnox.ENTERPRISE_SDK_VERSION_5)) {
            return;
        }
        vpnPolicy.setAlwaysOnProfile(vpnAdminProfile.profileName);
    }

    private boolean isVpnProfileInstalled(VpnPolicy vpnPolicy, String str) {
        String[] vpnList = vpnPolicy.getVpnList();
        if (vpnList == null || vpnList.length <= 0) {
            return false;
        }
        for (String str2 : vpnList) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // se.theinstitution.revival.plugin.deployment.vpn.VpnAccessor
    public void applyConfiguration(VpnSettings vpnSettings) throws RevivalException {
        if (!SamsungKnox.querySupportedSdkVersion(SamsungKnox.ENTERPRISE_SDK_VERSION_2)) {
            throw new RevivalException("VPN configuration not supported. Too old SDK");
        }
        if (vpnSettings.vpnName == null || vpnSettings.vpnName.length() == 0) {
            throw new RevivalException("VPN name must be provided");
        }
        if (vpnSettings.vpnType != 1) {
            configureVpn(vpnSettings);
        } else {
            if (vpnSettings.hostName == null || vpnSettings.hostName.length() == 0) {
                throw new RevivalException("VPN host name must be provided");
            }
            configureEnterpriseVpn(vpnSettings);
        }
    }
}
