package com.manageengine.mdm.framework.profile.vpn;

import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import com.manageengine.mdm.framework.R;
import com.manageengine.mdm.framework.appmgmt.ManagedAppConfiguration;
import com.manageengine.mdm.framework.certificate.CertificateInstaller;
import com.manageengine.mdm.framework.communication.HTTPHandler;
import com.manageengine.mdm.framework.communication.OKHTTPHandler;
import com.manageengine.mdm.framework.core.CommandConstants;
import com.manageengine.mdm.framework.core.MDMApplication;
import com.manageengine.mdm.framework.core.MDMDeviceManager;
import com.manageengine.mdm.framework.core.Request;
import com.manageengine.mdm.framework.core.Response;
import com.manageengine.mdm.framework.db.SCEPPayloadTableHandler;
import com.manageengine.mdm.framework.deviceadmin.DeviceAdminMonitor;
import com.manageengine.mdm.framework.exception.IncompatibilityException;
import com.manageengine.mdm.framework.logging.MDMProfileLogger;
import com.manageengine.mdm.framework.policy.PolicyUtil;
import com.manageengine.mdm.framework.profile.PayloadRequest;
import com.manageengine.mdm.framework.profile.PayloadRequestHandler;
import com.manageengine.mdm.framework.profile.PayloadResponse;
import com.manageengine.mdm.framework.profile.scep.ScepCertificateProvider;
import com.manageengine.mdm.framework.profile.scep.ScepConstants;
import com.manageengine.mdm.framework.utils.AgentUtil;
import com.manageengine.mdm.framework.utils.JSONUtil;
import java.io.IOException;
import java.util.Iterator;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class VpnConfigurePayloadHandler extends PayloadRequestHandler {
    protected static final int ERROR_UNKNOWN = 6003;
    public static final int ERROR_VPN_CANNOT_REACH_MDMSERVER = 12189;
    protected static final int INSTALL_FAILED = 12153;
    protected static final int KEYSTORE_ERROR = 12147;
    private static final int PACKAGE_ERROR = 654;
    protected static final int REMOVE_FAILED = 12152;
    public static final int STATUS_MDMSERVER_REACHABILITY_SUCCESS = 2;
    public static byte[] keystore;
    SCEPPayloadTableHandler scepPayloadTableHandler;

    private boolean applyManagedConfig(Context context, String str, JSONArray jSONArray) {
        ManagedAppConfiguration managedAppConfiguration = MDMDeviceManager.getInstance(context).getManagedAppConfiguration();
        try {
            if (managedAppConfiguration.isAppConfigWriteProtected(str)) {
                MDMProfileLogger.protectedInfo("App Config is write protected for " + str);
                return false;
            }
            managedAppConfiguration.applyManagedConfigurations(str, jSONArray);
            MDMProfileLogger.protectedInfo("Managed config applied for " + str);
            return true;
        } catch (IncompatibilityException e) {
            MDMProfileLogger.error("Invalid data format for " + str, (Exception) e);
            return false;
        } catch (SecurityException e2) {
            MDMProfileLogger.error("ManagedAppConfiguration is not supported", (Exception) e2);
            return false;
        } catch (Exception e3) {
            MDMProfileLogger.error("Exception while applying the config for " + str, e3);
            return false;
        }
    }

    private ThirdPartyVpnConfiguration getVpnConfiguration(String str) {
        if (str.equals(VpnConstants.ANY_CONNECT)) {
            return new AnyConnectConfiguration();
        }
        if (str.equals(VpnConstants.PULSE_SECURE)) {
            return new PulseSecureConfiguration();
        }
        if (str.equals(VpnConstants.F5)) {
            return new F5Configuration();
        }
        if (str.equals(VpnConstants.SONIC_WALL)) {
            return new SonicWallConfiguration();
        }
        if (str.equals(VpnConstants.PALO_ALTO)) {
            return new PaloAltoConfiguration();
        }
        return null;
    }

    private boolean isPackagePresent(Context context, String str) {
        Iterator<ApplicationInfo> it = context.getPackageManager().getInstalledApplications(0).iterator();
        while (it.hasNext()) {
            if (it.next().packageName.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void sendResponse(Context context, PayloadResponse payloadResponse, Response response, int i) {
        MDMProfileLogger.protectedInfo("VpnConfigurePayloadHandler : Cannot install certificate, error code " + i);
        String string = context.getResources().getString(R.string.mdm_agent_payload_wifi_certificate_keystoreError);
        if (i != 0) {
            int i2 = ERROR_VPN_CANNOT_REACH_MDMSERVER;
            try {
                if (i != 1 && i != 2 && i != 7) {
                    try {
                        if (i == PACKAGE_ERROR) {
                            response.setRemarks(context.getResources().getString(R.string.mdm_agent_payload_vpn_managed_config_app_not_found));
                            payloadResponse.status = CommandConstants.NOT_NOW_STATUS;
                        } else if (i != 12189) {
                            switch (i) {
                                case 9:
                                    if (PolicyUtil.getInstance().getComplianceSettingsConfigured(context, "Password") != 1 || MDMDeviceManager.getInstance(context).getRestrictionPolicyManager().isActivePasswordSufficient()) {
                                        response.setRemarks(context.getResources().getString(R.string.mdm_agent_payload_vpn_error_occurred_installing));
                                    } else {
                                        response.setRemarks(context.getResources().getString(R.string.mdm_agent_payload_vpn_certificate_no_password_found));
                                    }
                                    payloadResponse.status = CommandConstants.NOT_NOW_STATUS;
                                    return;
                                case 10:
                                    return;
                                case 11:
                                    i2 = REMOVE_FAILED;
                                    string = context.getResources().getString(R.string.mdm_agent_payload_vpn_certificate_remove_failed_error);
                                    break;
                                default:
                                    i2 = KEYSTORE_ERROR;
                                    break;
                            }
                        }
                        context.getResources().getString(R.string.mdm_agent_payload_vpn_mdm_server_not_reachable);
                        return;
                    } catch (Exception e) {
                        e = e;
                        i2 = KEYSTORE_ERROR;
                        MDMProfileLogger.error("Exception while handling certificate install/uninstall response", e);
                        payloadResponse.setErrorCode(i2);
                        payloadResponse.setErrorMsg(string);
                    }
                }
                i2 = INSTALL_FAILED;
                string = context.getResources().getString(R.string.mdm_agent_payload_vpn_certificate_install_failed_error);
            } catch (Exception e2) {
                e = e2;
            }
            payloadResponse.setErrorCode(i2);
            payloadResponse.setErrorMsg(string);
        }
    }

    private void setAlwaysONVPN(boolean z, String str, boolean z2) {
        try {
            Context context = MDMApplication.getContext();
            if (AgentUtil.getInstance().isVersionCompatible(context, 24).booleanValue()) {
                DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
                ComponentName componentName = new ComponentName(context, (Class<?>) DeviceAdminMonitor.class);
                if (!z || str == null) {
                    devicePolicyManager.setAlwaysOnVpnPackage(componentName, null, false);
                } else {
                    devicePolicyManager.setAlwaysOnVpnPackage(componentName, str, z2);
                }
            }
        } catch (Exception e) {
            MDMProfileLogger.error("Exception while setting/clearing Always On VPN :", e);
        }
    }

    @Override // com.manageengine.mdm.framework.profile.PayloadRequestHandler
    public boolean checkPayloadCompatible(Request request, Response response, PayloadRequest payloadRequest, PayloadResponse payloadResponse) {
        return JSONUtil.getInstance().getString(payloadRequest.payloadData, VpnConstants.VPN_TYPE).equals(VpnConstants.OTHER_VPN) || AgentUtil.getInstance().isSAFESupported(MDMApplication.getContext());
    }

    public int checkServerReachability() {
        try {
            String uri = MDMDeviceManager.getInstance(MDMApplication.getContext()).getMdmServerContext().getServerBaseURL().toString();
            MDMProfileLogger.protectedInfo("Server URL:" + uri);
            int status = ((OKHTTPHandler) HTTPHandler.newInstance()).postRequest(uri, new JSONObject()).getStatus();
            MDMProfileLogger.protectedInfo("Reponse=" + status);
            if (status == 0) {
                return 2;
            }
            return ERROR_VPN_CANNOT_REACH_MDMSERVER;
        } catch (IOException e) {
            MDMProfileLogger.error("IO Error during checkServerConnectivity() DIRECT proxy: " + e.toString());
            return ERROR_VPN_CANNOT_REACH_MDMSERVER;
        } catch (Exception e2) {
            MDMProfileLogger.error("Unknown error during checkServerConnectivity() DIRECT proxy: " + e2.toString());
            return ERROR_VPN_CANNOT_REACH_MDMSERVER;
        }
    }

    protected String getPackageName(String str) {
        if (str.equals(VpnConstants.ANY_CONNECT)) {
            return VpnConstants.ANYCONNECT_ID;
        }
        if (str.equals(VpnConstants.F5)) {
            return VpnConstants.F5_ID;
        }
        if (str.equals(VpnConstants.PULSE_SECURE)) {
            return VpnConstants.PULSESECURE_ID;
        }
        if (str.equals(VpnConstants.SONIC_WALL)) {
            return VpnConstants.SONICWALL_ID;
        }
        if (str.equals(VpnConstants.PALO_ALTO)) {
            return VpnConstants.PALOALTO_ID;
        }
        return null;
    }

    protected int installCert(JSONObject jSONObject) {
        int i;
        CertificateInstaller certificateInstaller;
        if (jSONObject == null || (certificateInstaller = MDMDeviceManager.getInstance(MDMApplication.getContext()).getCertificateInstaller()) == null) {
            i = 3;
        } else {
            byte[] bytes = JSONUtil.getInstance().getBytes(jSONObject, "Certificate");
            String optString = jSONObject.optString("CertificatePassword");
            String optString2 = jSONObject.optString("ClientCertAlias");
            i = !optString.isEmpty() ? certificateInstaller.installCert(bytes, optString2, optString) : certificateInstaller.installCert(bytes, optString2);
        }
        MDMProfileLogger.protectedInfo("VpnConfigurePayloadHandler : The certificate install status is " + i);
        return i;
    }

    protected boolean isCertificateAvailable(JSONObject jSONObject) {
        return jSONObject.has("Certificate");
    }

    @Override // com.manageengine.mdm.framework.profile.PayloadRequestHandler
    public void processInstallPayload(Request request, Response response, PayloadRequest payloadRequest, PayloadResponse payloadResponse) {
        MDMProfileLogger.info(" \n-----VpnConfigurePayloadHandler : Installing payload in MDMFramework-----\n ");
        Context applicationContext = request.getContainer().getApplicationContext();
        JSONObject jSONObject = payloadRequest.payloadData;
        try {
            this.scepPayloadTableHandler = new SCEPPayloadTableHandler(applicationContext);
            JSONObject jSONObject2 = jSONObject.getJSONObject(VpnConstants.OTHER_VPN);
            String string = jSONObject2.getString(VpnConstants.APP_ID);
            String string2 = jSONObject.getString("VPNName");
            String string3 = jSONObject.getString(VpnConstants.SERVER_NAME);
            boolean optBoolean = jSONObject.optBoolean(VpnConstants.ALWAYS_ON);
            boolean optBoolean2 = jSONObject.optBoolean(VpnConstants.LOCKDOWN_MODE);
            ThirdPartyVpnConfiguration vpnConfiguration = getVpnConfiguration(string);
            jSONObject2.put("VPNName", string2);
            jSONObject2.put(VpnConstants.SERVER_NAME, string3);
            String optString = jSONObject.optString("ClientCertEnrollType", ScepConstants.CCET_RAW);
            MDMProfileLogger.info("VPNConfigurePaylaodHandler: Enroll type: " + optString);
            if (optString.equals("Scep")) {
                JSONObject extractScepCertPayloadFromDb = new ScepCertificateProvider(jSONObject).extractScepCertPayloadFromDb(jSONObject.getString("ScepPayloadUUID"));
                sendResponse(applicationContext, payloadResponse, response, installCert(extractScepCertPayloadFromDb));
                jSONObject2.put("ClientCertAlias", JSONUtil.getInstance().getString(extractScepCertPayloadFromDb, "ClientCertAlias"));
            } else if (optString.equals(ScepConstants.CCET_RAW) && isCertificateAvailable(jSONObject2)) {
                try {
                    sendResponse(applicationContext, payloadResponse, response, installCert(jSONObject2));
                    jSONObject2.put("ClientCertAlias", JSONUtil.getInstance().getString(jSONObject2, "ClientCertAlias").toString());
                } catch (Exception e) {
                    MDMProfileLogger.info("Exception while handling certificate", e);
                }
            }
            JSONArray managedConfiguration = vpnConfiguration.getManagedConfiguration(jSONObject2);
            String packageName = vpnConfiguration.getPackageName();
            applyManagedConfig(applicationContext, packageName, managedConfiguration);
            if (!isPackagePresent(applicationContext, packageName)) {
                sendResponse(applicationContext, payloadResponse, response, PACKAGE_ERROR);
            }
            setAlwaysONVPN(optBoolean, packageName, optBoolean2);
            int checkServerReachability = checkServerReachability();
            if (string.equals(VpnConstants.F5)) {
                checkServerReachability = 2;
            }
            if (!optBoolean2 || checkServerReachability == 2) {
                return;
            }
            removeManagedConfig(applicationContext, string);
            setAlwaysONVPN(false, packageName, optBoolean2);
            sendResponse(applicationContext, payloadResponse, response, ERROR_VPN_CANNOT_REACH_MDMSERVER);
        } catch (JSONException e2) {
            MDMProfileLogger.error("VpnConfigurePayloadHandler : Error parsing JSON " + e2.toString());
        }
    }

    @Override // com.manageengine.mdm.framework.profile.PayloadRequestHandler
    public void processModifyPayload(Request request, Response response, PayloadRequest payloadRequest, PayloadRequest payloadRequest2, PayloadResponse payloadResponse) {
        MDMProfileLogger.info("VpnConfigurePayloadHandler : Modifying payload in MDMFramework");
        processInstallPayload(request, response, payloadRequest2, payloadResponse);
    }

    @Override // com.manageengine.mdm.framework.profile.PayloadRequestHandler
    public void processRemovePayload(Request request, Response response, PayloadRequest payloadRequest, PayloadResponse payloadResponse) {
        MDMProfileLogger.info("VpnConfigurePayloadHandler : Removing payload in MDMFramework");
        JSONObject jSONObject = payloadRequest.payloadData;
        Context applicationContext = request.getContainer().getApplicationContext();
        try {
            JSONObject jSONObject2 = jSONObject.getJSONObject(VpnConstants.OTHER_VPN);
            String packageName = getPackageName(jSONObject2.getString(VpnConstants.APP_ID));
            if (isCertificateAvailable(jSONObject2)) {
                unInstallCert(jSONObject2);
            }
            if (packageName.isEmpty()) {
                MDMProfileLogger.info("VpnConfigurePayloadHandler : App name not found");
            } else {
                removeManagedConfig(applicationContext, packageName);
                setAlwaysONVPN(false, packageName, false);
            }
        } catch (JSONException e) {
            MDMProfileLogger.error("VpnConfigurePayloadHandler : Error parsing JSON " + e.toString());
        }
    }

    @Override // com.manageengine.mdm.framework.profile.PayloadRequestHandler
    public void processRevertToPreviousPayload(Context context, JSONObject jSONObject) {
        super.processRevertToPreviousPayload(context, jSONObject);
        MDMProfileLogger.info("VpnConfigurePayloadHandler : Reverting payload in MDMFramework");
    }

    protected void removeManagedConfig(Context context, String str) {
        MDMProfileLogger.protectedInfo("VpnConfigurePayloadHandler : The package is " + str);
        MDMDeviceManager.getInstance(context).getManagedAppConfiguration().removeManagedConfigurations(str);
    }

    protected int unInstallCert(JSONObject jSONObject) {
        int i;
        CertificateInstaller certificateInstaller;
        if (jSONObject == null || (certificateInstaller = MDMDeviceManager.getInstance(MDMApplication.getContext()).getCertificateInstaller()) == null) {
            i = 3;
        } else {
            byte[] bytes = JSONUtil.getInstance().getBytes(jSONObject, "Certificate");
            String optString = jSONObject.optString("CertificatePassword");
            String optString2 = jSONObject.optString("ClientCertAlias");
            i = !optString.isEmpty() ? certificateInstaller.uninstallCert(bytes, optString2, optString) : certificateInstaller.uninstallCert(bytes, optString2);
        }
        MDMProfileLogger.protectedInfo("VpnConfigurePayloadHandler : The certificate uninstall status is " + i);
        return i;
    }
}
