package c5;

import android.text.TextUtils;
import com.checkpoint.urlrsdk.UrlReputationSdk;
import com.checkpoint.vpnsdk.model.AuthRealm;
import com.checkpoint.vpnsdk.model.AuthRealmsConfiguration;
import com.checkpoint.vpnsdk.model.AuthenticationMethod;
import com.checkpoint.vpnsdk.model.CertificateTokenCredentials;
import com.checkpoint.vpnsdk.model.Credentials;
import com.checkpoint.vpnsdk.model.NemoConfiguration;
import com.checkpoint.vpnsdk.model.NemoParameters;
import com.checkpoint.vpnsdk.model.NemoTunnelType;
import com.checkpoint.vpnsdk.model.PKCS12FileCredentials;
import com.checkpoint.vpnsdk.model.RealmResult;
import com.checkpoint.vpnsdk.model.UserFilledSecretCredentials;
import com.checkpoint.vpnsdk.model.VerifyResult;
import com.checkpoint.vpnsdk.nemo.NemoFacade;
import com.checkpoint.vpnsdk.utils.d;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import y2.h;

/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private final NemoFacade f10372a;

    /* renamed from: b, reason: collision with root package name */
    private String f10373b;

    /* renamed from: d, reason: collision with root package name */
    private String f10375d;

    /* renamed from: e, reason: collision with root package name */
    private String f10376e;

    /* renamed from: f, reason: collision with root package name */
    private String f10377f;

    /* renamed from: g, reason: collision with root package name */
    private String f10378g;

    /* renamed from: h, reason: collision with root package name */
    private NemoConfiguration.LegacyAuthMethod f10379h;

    /* renamed from: i, reason: collision with root package name */
    private NemoTunnelType f10380i;

    /* renamed from: l, reason: collision with root package name */
    private String f10383l;

    /* renamed from: m, reason: collision with root package name */
    private Credentials f10384m;

    /* renamed from: n, reason: collision with root package name */
    private AuthRealmsConfiguration f10385n;

    /* renamed from: o, reason: collision with root package name */
    private String f10386o;

    /* renamed from: c, reason: collision with root package name */
    private int f10374c = 0;

    /* renamed from: j, reason: collision with root package name */
    private boolean f10381j = false;

    /* renamed from: k, reason: collision with root package name */
    private int f10382k = -1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c5.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class C0216a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f10387a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f10388b;

        static {
            int[] iArr = new int[Credentials.Type.values().length];
            f10388b = iArr;
            try {
                iArr[Credentials.Type.CertificateToken.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f10388b[Credentials.Type.PKC12File.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f10388b[Credentials.Type.UserFilledSecret.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[AuthenticationMethod.values().length];
            f10387a = iArr2;
            try {
                iArr2[AuthenticationMethod.AUTH_METHOD_UNKNOWN.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_USER_SELECT.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_USERNAME_ONLY.ordinal()] = 3;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_SMS.ordinal()] = 4;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_SECURE_ID.ordinal()] = 5;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_PASSWORD.ordinal()] = 6;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                f10387a[AuthenticationMethod.AUTH_METHOD_CERTIFICATE.ordinal()] = 7;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    public a(NemoFacade nemoFacade) {
        this.f10372a = nemoFacade;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a() {
        Credentials credentials = this.f10384m;
        if (credentials == null) {
            throw new IllegalStateException("credentials must not be null");
        }
        int i10 = C0216a.f10388b[credentials.getType().ordinal()];
        if (i10 == 1) {
            this.f10379h = NemoConfiguration.LegacyAuthMethod.CertificateToken;
        } else if (i10 == 2) {
            this.f10379h = NemoConfiguration.LegacyAuthMethod.CertificateFile;
        } else {
            if (i10 != 3) {
                return;
            }
            this.f10379h = NemoConfiguration.LegacyAuthMethod.UserPassword;
        }
    }

    private boolean c(InetAddress inetAddress, VerifyResult verifyResult) {
        boolean z10;
        if (this.f10385n != null) {
            NemoFacade nemoFacade = this.f10372a;
            int i10 = this.f10374c;
            if (i10 == 0) {
                i10 = 443;
            }
            RealmResult realms = nemoFacade.getRealms(inetAddress, i10, this.f10376e, this.f10375d, verifyResult.getCaCert());
            if (realms != null && realms.isSuccess()) {
                if (realms.getRealmsHash().equals(this.f10385n.hash)) {
                    z10 = true;
                } else {
                    UrlReputationSdk.LogW("VPN", "realms hashes not match");
                    z10 = false;
                }
                AuthRealm selectedRealm = this.f10385n.getSelectedRealm();
                ArrayList<AuthRealm> realms2 = realms.getRealms();
                Iterator<AuthRealm> it = realms2.iterator();
                boolean z11 = false;
                while (it.hasNext()) {
                    if (it.next().equals(selectedRealm)) {
                        z11 = true;
                    }
                }
                if (!z11) {
                    ArrayList arrayList = new ArrayList();
                    Iterator<AuthRealm> it2 = realms2.iterator();
                    while (it2.hasNext()) {
                        arrayList.add(it2.next().f11594id);
                    }
                    UrlReputationSdk.LogE("VPN", "failed to find selected realm (" + selectedRealm.f11594id + ") in:" + arrayList);
                    return false;
                }
                if (this.f10384m != null && !d(this.f10385n.getSelectedRealm())) {
                    UrlReputationSdk.LogE("VPN", "supplied credentials do not match selected realm");
                    return false;
                }
                if (!z10) {
                    HashMap hashMap = new HashMap();
                    Iterator<AuthRealm> it3 = realms2.iterator();
                    while (it3.hasNext()) {
                        AuthRealm next = it3.next();
                        hashMap.put(next.f11594id, next);
                    }
                    this.f10385n = new AuthRealmsConfiguration(hashMap, realms.getRealmsHash(), this.f10385n.getSelectedRealm().f11594id);
                    return true;
                }
            }
            UrlReputationSdk.LogE("VPN", "getRealms() failed");
            return false;
        }
        return true;
    }

    private boolean d(AuthRealm authRealm) {
        boolean z10 = false;
        switch (C0216a.f10387a[authRealm.authSchemes[0].type.ordinal()]) {
            case 2:
                return true;
            case 3:
            case 4:
            case 5:
            case h.STRING_SET_FIELD_NUMBER /* 6 */:
                return this.f10384m instanceof UserFilledSecretCredentials;
            case h.DOUBLE_FIELD_NUMBER /* 7 */:
                Credentials credentials = this.f10384m;
                if (!(credentials instanceof PKCS12FileCredentials)) {
                    if (credentials instanceof CertificateTokenCredentials) {
                    }
                    return z10;
                }
                z10 = true;
                return z10;
            default:
                return false;
        }
    }

    private boolean f(InetAddress inetAddress, VerifyResult verifyResult) {
        AuthRealm authRealm;
        boolean z10;
        NemoFacade nemoFacade = this.f10372a;
        int i10 = this.f10374c;
        if (i10 == 0) {
            i10 = 443;
        }
        RealmResult realms = nemoFacade.getRealms(inetAddress, i10, this.f10376e, this.f10375d, verifyResult.getCaCert());
        if (realms != null && realms.isSuccess()) {
            if (this.f10386o == null) {
                return false;
            }
            Iterator<AuthRealm> it = realms.getRealms().iterator();
            while (true) {
                if (!it.hasNext()) {
                    authRealm = null;
                    z10 = false;
                    break;
                }
                authRealm = it.next();
                if (authRealm.f11594id.equals(this.f10386o)) {
                    z10 = true;
                    break;
                }
            }
            if (z10 && d(authRealm)) {
                HashMap hashMap = new HashMap();
                Iterator<AuthRealm> it2 = realms.getRealms().iterator();
                while (it2.hasNext()) {
                    AuthRealm next = it2.next();
                    hashMap.put(next.f11594id, next);
                }
                this.f10385n = new AuthRealmsConfiguration(hashMap, realms.getRealmsHash(), this.f10386o);
                return true;
            }
            return false;
        }
        UrlReputationSdk.LogE("VPN", "getRealms() failed");
        return false;
    }

    private static NemoConfiguration.LegacyAuthMethod g(AuthRealmsConfiguration authRealmsConfiguration) {
        int i10 = C0216a.f10387a[authRealmsConfiguration.getSelectedRealm().authSchemes[0].type.ordinal()];
        return (i10 == 3 || i10 == 4 || i10 == 5) ? NemoConfiguration.LegacyAuthMethod.Challenge : i10 != 7 ? NemoConfiguration.LegacyAuthMethod.UserPassword : NemoConfiguration.LegacyAuthMethod.CertificateFile;
    }

    private VerifyResult p(InetAddress inetAddress) {
        NemoFacade nemoFacade = this.f10372a;
        int i10 = this.f10374c;
        if (i10 == 0) {
            i10 = 443;
        }
        VerifyResult verify = nemoFacade.verify(inetAddress, i10);
        if (!verify.isSuccess()) {
            UrlReputationSdk.LogW("VPN", "verify failed");
            return new VerifyResult(false, "", "", "");
        }
        if (!verify.getFingerprint().equalsIgnoreCase(this.f10375d)) {
            UrlReputationSdk.LogW("VPN", "fingerprint doesn't match");
            return new VerifyResult(false, "", "", "");
        }
        if (!verify.getCn().equalsIgnoreCase(this.f10376e)) {
            UrlReputationSdk.LogW("VPN", "CN does not match got = " + verify.getCn());
            String[] split = verify.getCaCert().split("\n");
            try {
                boolean z10 = !d.f(d.a(split[0]));
                if (!z10) {
                    if (!d.g(this.f10373b, d.a(split[split.length - 1]))) {
                    }
                }
                StringBuilder sb2 = new StringBuilder();
                sb2.append("need user trust: ");
                sb2.append(z10 ? "CA not in bundle" : "host doesn't match");
                UrlReputationSdk.LogI("VPN", sb2.toString());
                if (!this.f10372a.askForTrust(verify)) {
                    return new VerifyResult(false, "", "", "");
                }
            } catch (Exception unused) {
                UrlReputationSdk.LogW("VPN", "certificate verify failed");
                verify = new VerifyResult(false, "", "", "");
            }
        }
        return verify;
    }

    /* JADX WARN: Removed duplicated region for block: B:61:0x01ce  */
    /* JADX WARN: Removed duplicated region for block: B:66:0x0211  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x0209  */
    /* JADX WARN: Removed duplicated region for block: B:86:0x0180  */
    /* JADX WARN: Unreachable blocks removed: 7, instructions: 7 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.checkpoint.vpnsdk.model.NemoConfiguration b() {
        /*
            Method dump skipped, instructions count: 566
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: c5.a.b():com.checkpoint.vpnsdk.model.NemoConfiguration");
    }

    public a e(NemoParameters nemoParameters) {
        this.f10373b = nemoParameters.host;
        this.f10375d = nemoParameters.fingerprint;
        int i10 = nemoParameters.port;
        if (i10 == 0) {
            i10 = 443;
        }
        this.f10374c = i10;
        this.f10376e = nemoParameters.CN;
        this.f10378g = nemoParameters.user;
        this.f10384m = nemoParameters.credentials;
        a();
        AuthRealmsConfiguration authRealmsConfiguration = nemoParameters.authRealmsConfiguration;
        if (authRealmsConfiguration != null) {
            this.f10385n = authRealmsConfiguration;
        }
        if (!TextUtils.isEmpty(nemoParameters.selectedRealm)) {
            this.f10386o = nemoParameters.selectedRealm;
        }
        return this;
    }

    public a h(NemoConfiguration.LegacyAuthMethod legacyAuthMethod) {
        this.f10379h = legacyAuthMethod;
        return this;
    }

    public a i(AuthRealmsConfiguration authRealmsConfiguration) {
        this.f10385n = authRealmsConfiguration;
        return this;
    }

    public a j(String str) {
        this.f10383l = str;
        return this;
    }

    public a k(String str) {
        this.f10376e = str;
        return this;
    }

    public a l(Credentials credentials) {
        this.f10384m = credentials;
        return this;
    }

    public a m(String str) {
        this.f10375d = str;
        return this;
    }

    public a n(String str) {
        this.f10373b = str;
        return this;
    }

    public a o(String str) {
        this.f10378g = str;
        return this;
    }
}
