package com.cisco.anyconnect.vpn.android.work;

import android.content.Context;
import android.os.Bundle;
import android.os.Parcelable;
import android.util.Base64;
import com.cisco.anyconnect.vpn.android.service.ConnectionType;
import com.cisco.anyconnect.vpn.android.service.VpnConnection;
import com.cisco.anyconnect.vpn.android.ui.helpers.RemoteControlMode;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.cisco.anyconnect.vpn.jni.ConnectProtocolType;
import com.cisco.anyconnect.vpn.jni.IPsecAuthMode;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class ManagedConfigParser {
    public static final String VPN_CONNECTION_PROFILE = "vpn_connection_profile";
    public static final String VPN_SETTING_ALLOW_SAVED_CREDENTIALS = "vpn_setting_allow_saved_credentials";
    public static final String VPN_SETTING_APPLY_PERAPP_TO_PROFILE = "vpn_setting_apply_perapp_to_profile";
    public static final String VPN_SETTING_CERTIFICATE_REVOCATION = "vpn_setting_certificate_revocation";
    public static final String VPN_SETTING_EXTERNAL_CONTROL = "vpn_setting_uri_external_control";
    public static final String VPN_SETTING_FIPS_MODE = "vpn_setting_fips_mode";
    public static final String VPN_SETTING_REPLACE_EXISTING_PROFILE = "vpn_setting_replace_existing_profile";
    public static final String VPN_SETTING_STRICT_MODE = "vpn_setting_strict_mode";
    private Bundle mBundle;
    private RemoteControlMode mRemoteControlMode;
    private List<ManagedConnection> mConns = new ArrayList();
    private List<String> mAllowedApps = new ArrayList();
    private List<String> mDisallowedApps = new ArrayList();

    /* loaded from: classes.dex */
    public static class ManagedConnection {
        public boolean isActive;
        public String keychainAlias;
        public VpnConnection vpnConnection;

        String getDescription() {
            return ((("isActive=" + this.isActive) + "\nkeychainAlias=" + this.keychainAlias) + "\nVpnConnection:\n") + this.vpnConnection.GetDescription();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ManagedConnectionBuilder {
        private VpnConnection mConn = new VpnConnection();
        public boolean mIsActive;
        private boolean mIsValid;
        public String mKeychainAlias;

        ManagedConnectionBuilder(String str, String str2) {
            this.mIsValid = true;
            this.mConn.SetType(ConnectionType.Profile_Android_Work);
            if (str2 != null && str2.length() > 0) {
                this.mConn.SetName(generateName((str == null || str.isEmpty()) ? str2 : str));
                this.mConn.SetHost(str2);
            } else {
                AppLog.info(this, "dd2 invalid");
                this.mIsValid = false;
            }
        }

        private String generateName(String str) {
            return str + " (Managed)";
        }

        ManagedConnection build() {
            if (!this.mIsValid) {
                return null;
            }
            ManagedConnection managedConnection = new ManagedConnection();
            managedConnection.isActive = this.mIsActive;
            managedConnection.keychainAlias = this.mKeychainAlias;
            managedConnection.vpnConnection = this.mConn;
            return managedConnection;
        }

        ManagedConnectionBuilder setActive(boolean z) {
            this.mIsActive = z;
            return this;
        }

        ManagedConnectionBuilder setAllowBypass(boolean z) {
            this.mConn.setIsBypassAllowed(z);
            return this;
        }

        ManagedConnectionBuilder setCert(String str) {
            if (str != null && str.length() > 0) {
                this.mKeychainAlias = str;
            }
            return this;
        }

        ManagedConnectionBuilder setPerApp(String str, String str2) {
            if (str == null || str.length() == 0) {
                this.mConn.setTunnelApplications(null);
            } else {
                this.mConn.setTunnelApplications(ManagedConfigParser.parsePerappRules(str));
            }
            if (str2 == null || str2.length() == 0) {
                this.mConn.setDisallowedApplications(null);
            } else {
                this.mConn.setDisallowedApplications(ManagedConfigParser.parsePerappRules(str2));
            }
            return this;
        }

        ManagedConnectionBuilder setProtocol(String str, String str2, String str3) {
            if (str == null) {
                this.mConn.SetConnectProtocolType(ConnectProtocolType.Ssl);
            } else {
                this.mConn.SetConnectProtocolType(ConnectProtocolType.fromString(str));
            }
            if (str2 == null) {
                this.mConn.SetIPsecAuthMode(IPsecAuthMode.USER_AUTH_IKE_EAP_ANYCONNECT);
            } else {
                this.mConn.SetIPsecAuthMode(IPsecAuthMode.fromString(str2));
            }
            this.mConn.SetIKEIdentity(str3);
            return this;
        }
    }

    public ManagedConfigParser(Bundle bundle) {
        this.mBundle = bundle;
    }

    public static ManagedConfigParser get(Context context) {
        try {
            Object systemService = context.getSystemService("restrictions");
            Bundle bundle = (Bundle) systemService.getClass().getMethod("getApplicationRestrictions", new Class[0]).invoke(systemService, new Object[0]);
            AppLog.info(ManagedConfigParser.class, "Applying managed configuration.");
            ManagedConfigParser managedConfigParser = new ManagedConfigParser(bundle);
            managedConfigParser.parse();
            return managedConfigParser;
        } catch (Exception e) {
            AppLog.error(ManagedConfigParser.class, "Failed to retrieve restrictions", (Throwable) e);
            return null;
        }
    }

    private void parseGlobalPerAppRules() {
        String string = this.mBundle.getString("vpn_connection_allowed_apps");
        if (string == null || string.length() == 0) {
            string = this.mBundle.getString("vpn_connection_perapp");
        }
        String string2 = this.mBundle.getString("vpn_connection_disallowed_apps");
        this.mAllowedApps = parsePerappRules(string);
        this.mDisallowedApps = parsePerappRules(string2);
    }

    private ManagedConnection parseLegacyVpnConfig() {
        ManagedConnectionBuilder managedConnectionBuilder = new ManagedConnectionBuilder(this.mBundle.getString("vpn_connection_name"), this.mBundle.getString("vpn_connection_host"));
        managedConnectionBuilder.setProtocol(this.mBundle.getString("vpn_connection_protocol"), this.mBundle.getString("vpn_connection_ipsec_auth_mode"), this.mBundle.getString("vpn_connection_ipsec_ike_identity"));
        String string = this.mBundle.getString("vpn_connection_allowed_apps");
        if (string == null || string.length() == 0) {
            string = this.mBundle.getString("vpn_connection_perapp");
        }
        managedConnectionBuilder.setPerApp(string, this.mBundle.getString("vpn_connection_disallowed_apps"));
        managedConnectionBuilder.setAllowBypass(this.mBundle.getBoolean("vpn_connection_allow_bypass"));
        managedConnectionBuilder.setCert(this.mBundle.getString("vpn_connection_keychain_cert_alias"));
        managedConnectionBuilder.setActive(this.mBundle.getBoolean("vpn_connection_set_active", true));
        return managedConnectionBuilder.build();
    }

    static List<String> parsePerappRules(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        return new ArrayList(Arrays.asList(str.split("\\s*,\\s*")));
    }

    private ManagedConnection parseVpnConfig(Bundle bundle) {
        ManagedConnectionBuilder managedConnectionBuilder = new ManagedConnectionBuilder(bundle.getString("vpn_name"), bundle.getString("vpn_host"));
        managedConnectionBuilder.setProtocol(bundle.getString("vpn_protocol"), bundle.getString("vpn_ipsec_auth_mode"), bundle.getString("vpn_ipsec_ike_identity"));
        managedConnectionBuilder.setPerApp(bundle.getString("vpn_allowed_apps"), this.mBundle.getString("vpn_disallowed_apps"));
        managedConnectionBuilder.setAllowBypass(bundle.getBoolean("vpn_allow_bypass"));
        managedConnectionBuilder.setCert(bundle.getString("vpn_keychain_cert_alias"));
        managedConnectionBuilder.setActive(bundle.getBoolean("vpn_set_active", false));
        return managedConnectionBuilder.build();
    }

    public List<String> getAllowedApps() {
        if (this.mAllowedApps == null) {
            return null;
        }
        return new ArrayList(this.mAllowedApps);
    }

    public boolean getCertRevocation() {
        return this.mBundle.getBoolean(VPN_SETTING_CERTIFICATE_REVOCATION, false);
    }

    public List<ManagedConnection> getConnections() {
        return new ArrayList(this.mConns);
    }

    public String getDescription() {
        String str;
        String str2;
        String str3;
        String str4;
        String str5 = "MANAGED CONFIGURATION\n--------------------------------------------";
        if (isFipsSet()) {
            str = str5 + "\nfips = " + getFips();
        } else {
            str = str5 + "\nfips is not set";
        }
        if (isStrictCertSet()) {
            str2 = str + "\nstrictCert = " + getStrictCert();
        } else {
            str2 = str + "\nstrictCert is not set";
        }
        if (isCertRevocationSet()) {
            str3 = str2 + "\ncertRevocation = " + getCertRevocation();
        } else {
            str3 = str2 + "\ncertRevocation is not set";
        }
        if (isSavePasswordSet()) {
            str4 = str3 + "\nsavePass = " + getSavePassword();
        } else {
            str4 = str3 + "\nsavePass is not set";
        }
        String str6 = (((((str4 + "\nremote control mode=" + this.mRemoteControlMode) + "\napply per-app to profile=" + shouldApplyPerappToProfile()) + "\nshould delete profile=" + shouldDeleteProfile()) + "\nhas profile=" + hasProfile()) + "\nreplace existing profile=" + shouldReplaceExistingProfile()) + "\n--------------------------------------------\n";
        Iterator<ManagedConnection> it = this.mConns.iterator();
        while (it.hasNext()) {
            str6 = (str6 + it.next().getDescription()) + "\n--------------------------------------------\n";
        }
        return str6;
    }

    public List<String> getDisallowedApps() {
        if (this.mDisallowedApps == null) {
            return null;
        }
        return new ArrayList(this.mDisallowedApps);
    }

    public boolean getFips() {
        return this.mBundle.getBoolean(VPN_SETTING_FIPS_MODE, false);
    }

    public Set<String> getKeychainAliases() {
        HashSet hashSet = new HashSet();
        Iterator<ManagedConnection> it = this.mConns.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().keychainAlias);
        }
        return hashSet;
    }

    public String getProfile() {
        String string = this.mBundle.getString(VPN_CONNECTION_PROFILE);
        if (string == null) {
            return null;
        }
        try {
            return new String(Base64.decode(string, 0), "UTF-8");
        } catch (Exception unused) {
            return string;
        }
    }

    public RemoteControlMode getRemoteControlMode() {
        return this.mRemoteControlMode;
    }

    public boolean getSavePassword() {
        return this.mBundle.getBoolean(VPN_SETTING_ALLOW_SAVED_CREDENTIALS, false);
    }

    public boolean getStrictCert() {
        return this.mBundle.getBoolean(VPN_SETTING_STRICT_MODE, false);
    }

    public boolean hasProfile() {
        return this.mBundle.getString(VPN_CONNECTION_PROFILE) != null && this.mBundle.getString(VPN_CONNECTION_PROFILE).length() > 0;
    }

    public boolean isCertRevocationSet() {
        return this.mBundle.containsKey(VPN_SETTING_CERTIFICATE_REVOCATION);
    }

    public boolean isFipsSet() {
        return this.mBundle.containsKey(VPN_SETTING_FIPS_MODE);
    }

    public boolean isRemoteControlModeSet() {
        return this.mRemoteControlMode != null;
    }

    public boolean isSavePasswordSet() {
        return this.mBundle.containsKey(VPN_SETTING_ALLOW_SAVED_CREDENTIALS);
    }

    public boolean isStrictCertSet() {
        return this.mBundle.containsKey(VPN_SETTING_STRICT_MODE);
    }

    public void parse() {
        this.mConns = new ArrayList();
        ManagedConnection parseLegacyVpnConfig = parseLegacyVpnConfig();
        if (parseLegacyVpnConfig != null) {
            this.mConns.add(parseLegacyVpnConfig);
        }
        Parcelable[] parcelableArray = this.mBundle.getParcelableArray("vpn_configuration_list");
        if (parcelableArray != null) {
            for (Parcelable parcelable : parcelableArray) {
                ManagedConnection parseVpnConfig = parseVpnConfig((Bundle) parcelable);
                if (parseVpnConfig != null) {
                    this.mConns.add(parseVpnConfig);
                }
            }
        }
        parseGlobalPerAppRules();
        if (this.mBundle.containsKey(VPN_SETTING_EXTERNAL_CONTROL)) {
            String string = this.mBundle.getString(VPN_SETTING_EXTERNAL_CONTROL);
            try {
                this.mRemoteControlMode = RemoteControlMode.valueOf(string);
            } catch (Error e) {
                AppLog.error(this, "Failed to parse remote control mode: " + string, e);
            }
        }
    }

    public boolean shouldApplyPerappToProfile() {
        return this.mBundle.getBoolean(VPN_SETTING_APPLY_PERAPP_TO_PROFILE, false);
    }

    public boolean shouldDeleteProfile() {
        return this.mBundle.containsKey(VPN_CONNECTION_PROFILE) && this.mBundle.getString(VPN_CONNECTION_PROFILE) != null && this.mBundle.getString(VPN_CONNECTION_PROFILE).isEmpty();
    }

    public boolean shouldReplaceExistingProfile() {
        return this.mBundle.getBoolean(VPN_SETTING_REPLACE_EXISTING_PROFILE, true);
    }
}
