package se.leap.bitmaskclient;

import android.content.SharedPreferences;
import android.content.res.Resources;
import android.os.Bundle;
import android.text.TextUtils;
import java.io.IOException;
import java.net.URL;
import okhttp3.OkHttpClient;
import org.json.JSONException;
import org.json.JSONObject;
import se.leap.bitmaskclient.ProviderApiManagerBase;
import se.leap.bitmaskclient.ProviderSetupFailedDialog;
import se.leap.bitmaskclient.eip.EIP;
import se.leap.bitmaskclient.utils.ConfigHelper;

/* loaded from: classes.dex */
public class ProviderApiManager extends ProviderApiManagerBase {
    public ProviderApiManager(SharedPreferences sharedPreferences, Resources resources, OkHttpClientGenerator okHttpClientGenerator, ProviderApiManagerBase.ProviderApiServiceCallback providerApiServiceCallback) {
        super(sharedPreferences, resources, okHttpClientGenerator, providerApiServiceCallback);
    }

    private Bundle downloadCACert(Provider provider) {
        Bundle bundle = new Bundle();
        try {
            String string = provider.getDefinition().getString(Provider.CA_CERT_URI);
            String domainFromMainURL = getDomainFromMainURL(provider.getMainUrlString());
            String downloadWithCommercialCA = downloadWithCommercialCA(string, provider);
            if (validCertificate(provider, downloadWithCommercialCA)) {
                provider.setCaCert(downloadWithCommercialCA);
                this.preferences.edit().putString("ca_cert." + domainFromMainURL, downloadWithCommercialCA).apply();
                bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, true);
            } else {
                setErrorResult(bundle, org.calyxinstitute.vpn.R.string.warning_corrupted_provider_cert, ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING.toString());
            }
        } catch (JSONException e) {
            e.printStackTrace();
        }
        return bundle;
    }

    private String downloadFromApiUrlWithProviderCA(String str, String str2, JSONObject jSONObject) {
        JSONObject jSONObject2 = new JSONObject();
        String apiUrl = getApiUrl(jSONObject);
        OkHttpClient initSelfSignedCAHttpClient = this.clientGenerator.initSelfSignedCAHttpClient(str2, jSONObject2);
        if (initSelfSignedCAHttpClient == null) {
            return jSONObject2.toString();
        }
        return sendGetStringToServer(apiUrl + str, getAuthorizationHeader(), initSelfSignedCAHttpClient);
    }

    private String downloadWithCommercialCA(String str, Provider provider) {
        JSONObject jSONObject = new JSONObject();
        OkHttpClient initCommercialCAHttpClient = this.clientGenerator.initCommercialCAHttpClient(jSONObject);
        if (initCommercialCAHttpClient == null) {
            return jSONObject.toString();
        }
        String sendGetStringToServer = sendGetStringToServer(str, getAuthorizationHeader(), initCommercialCAHttpClient);
        if (sendGetStringToServer == null || !sendGetStringToServer.contains("errors")) {
            return sendGetStringToServer;
        }
        try {
            return new JSONObject(sendGetStringToServer).getString("errors").equals(ConfigHelper.getProviderFormattedString(this.resources, org.calyxinstitute.vpn.R.string.certificate_error)) ? downloadWithProviderCA(provider.getCaCert(), str) : sendGetStringToServer;
        } catch (JSONException e) {
            e.printStackTrace();
            return sendGetStringToServer;
        }
    }

    private String downloadWithProviderCA(String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        OkHttpClient initSelfSignedCAHttpClient = this.clientGenerator.initSelfSignedCAHttpClient(str, jSONObject);
        return initSelfSignedCAHttpClient == null ? jSONObject.toString() : sendGetStringToServer(str2, getAuthorizationHeader(), initSelfSignedCAHttpClient);
    }

    private Bundle getAndSetProviderJson(Provider provider) {
        String downloadWithCommercialCA;
        Bundle bundle = new Bundle();
        String caCert = provider.getCaCert();
        JSONObject definition = provider.getDefinition();
        if (definition.length() == 0 || caCert.isEmpty()) {
            downloadWithCommercialCA = downloadWithCommercialCA(provider.getMainUrlString() + "/provider.json", provider);
        } else {
            downloadWithCommercialCA = downloadFromApiUrlWithProviderCA("/provider.json", caCert, definition);
        }
        if (ConfigHelper.checkErroneousDownload(downloadWithCommercialCA) || !isValidJson(downloadWithCommercialCA)) {
            setErrorResult(bundle, org.calyxinstitute.vpn.R.string.malformed_url, null);
            return bundle;
        }
        try {
        } catch (JSONException unused) {
            bundle.putString("errors", pickErrorMessage(downloadWithCommercialCA));
            bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, false);
        }
        if (!provider.define(new JSONObject(downloadWithCommercialCA))) {
            return setErrorResult(bundle, org.calyxinstitute.vpn.R.string.warning_corrupted_provider_details, ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON.toString());
        }
        bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, true);
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean lastDangerOn() {
        return false;
    }

    @Override // se.leap.bitmaskclient.ProviderApiManagerBase
    protected Bundle getAndSetEipServiceJson(Provider provider) {
        Bundle bundle = new Bundle();
        String str = "";
        try {
            JSONObject definition = provider.getDefinition();
            str = downloadWithProviderCA(provider.getCaCert(), definition.getString(Provider.API_URL) + "/" + definition.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH);
            provider.setEipServiceJson(new JSONObject(str));
            bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, true);
        } catch (NullPointerException | JSONException unused) {
            bundle.putString("errors", pickErrorMessage(str));
            bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, false);
        }
        return bundle;
    }

    @Override // se.leap.bitmaskclient.ProviderApiManagerBase
    protected Bundle setUpProvider(Provider provider, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        if (TextUtils.isEmpty(provider.getMainUrlString()) || provider.getMainUrl().isDefault()) {
            bundle2.putBoolean(Constants.BROADCAST_RESULT_KEY, false);
            setErrorResult(bundle2, org.calyxinstitute.vpn.R.string.malformed_url, null);
            return bundle2;
        }
        getPersistedProviderUpdates(provider);
        Bundle validateProviderDetails = validateProviderDetails(provider);
        if (validateProviderDetails.containsKey("errors")) {
            validateProviderDetails.putParcelable(Constants.PROVIDER_KEY, provider);
            return validateProviderDetails;
        }
        if (validateProviderDetails.containsKey(Constants.BROADCAST_RESULT_KEY) && !validateProviderDetails.getBoolean(Constants.BROADCAST_RESULT_KEY)) {
            resetProviderDetails(provider);
        }
        Bundle andSetProviderJson = getAndSetProviderJson(provider);
        if (provider.hasDefinition() || (andSetProviderJson.containsKey(Constants.BROADCAST_RESULT_KEY) && andSetProviderJson.getBoolean(Constants.BROADCAST_RESULT_KEY))) {
            if (!provider.hasCaCert()) {
                andSetProviderJson = downloadCACert(provider);
            }
            if (provider.hasCaCert() || (andSetProviderJson.containsKey(Constants.BROADCAST_RESULT_KEY) && andSetProviderJson.getBoolean(Constants.BROADCAST_RESULT_KEY))) {
                andSetProviderJson = getAndSetEipServiceJson(provider);
            }
            if (provider.hasEIP() && !provider.allowsRegistered() && !provider.allowsAnonymous()) {
                setErrorResult(andSetProviderJson, org.calyxinstitute.vpn.R.string.setup_error_text, null);
            }
        }
        return andSetProviderJson;
    }

    @Override // se.leap.bitmaskclient.ProviderApiManagerBase
    protected Bundle updateVpnCertificate(Provider provider) {
        Bundle bundle = new Bundle();
        try {
            String downloadWithProviderCA = downloadWithProviderCA(provider.getCaCert(), new URL(provider.getApiUrlWithVersion() + "/" + Constants.PROVIDER_VPN_CERTIFICATE).toString());
            if (ConfigHelper.checkErroneousDownload(downloadWithProviderCA)) {
                if (downloadWithProviderCA != null && !downloadWithProviderCA.isEmpty()) {
                    bundle.putString("errors", pickErrorMessage(downloadWithProviderCA));
                    bundle.putBoolean(Constants.BROADCAST_RESULT_KEY, false);
                    return bundle;
                }
                setErrorResult(bundle, org.calyxinstitute.vpn.R.string.error_io_exception_user_message, null);
            }
            return loadCertificate(provider, downloadWithProviderCA);
        } catch (IOException e) {
            setErrorResult(bundle, org.calyxinstitute.vpn.R.string.downloading_vpn_certificate_failed, null);
            e.printStackTrace();
            return bundle;
        }
    }
}
