package com.citrix.citrixvpn.mdm;

import a.l;
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.content.pm.Signature;
import android.content.res.Resources;
import android.os.Binder;
import android.os.IBinder;
import android.text.TextUtils;
import android.util.Xml;
import com.citrix.citrixvpn.x1;
import com.citrix.worx.sdk.CtxLog;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import mf.javax.xml.XMLConstants;
import mf.javax.xml.transform.stream.StreamSource;
import mf.org.apache.xerces.impl.xs.SchemaSymbols;
import mf.org.apache.xerces.jaxp.validation.XMLSchemaFactory;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.koin.android.R;
import org.xml.sax.SAXException;
import org.xmlpull.v1.XmlSerializer;
import x5.e;
import x5.f;

/* loaded from: classes.dex */
public class VPNService extends Service {
    private static final String C = "VPNService";
    private static final String[] D = {"e4151e382b51078caa2e3e0c719a95df1772e4caf19496264833ab661d861265", "4e6cdc4362b2a6164ad28aa0b4bfe3ae0d3db27c80988e79181c18fc8c55f723", "aa7ee8654b617aedc90408a7cd946bae3090bfa2ce3ba2e5d4e8dcc53dfec8a3"};
    Context A;

    /* renamed from: w, reason: collision with root package name */
    private String f7121w;

    /* renamed from: z, reason: collision with root package name */
    x5.a f7124z;

    /* renamed from: x, reason: collision with root package name */
    private String f7122x = "Allow";

    /* renamed from: y, reason: collision with root package name */
    private String f7123y = "Disallow";
    private final x1.a B = new a();

    /* loaded from: classes.dex */
    class a extends x1.a {
        a() {
        }

        private void F0() {
            VPNService.this.A.getSharedPreferences("VPN_METADATA", 0).edit().remove("DefaultProfileName").apply();
        }

        private String H0() {
            return VPNService.this.A.getSharedPreferences("VPN_METADATA", 0).getString("DefaultProfileName", "");
        }

        private void L0(String str) {
            if (TextUtils.isEmpty(str)) {
                return;
            }
            VPNService.this.A.getSharedPreferences("VPN_METADATA", 0).edit().putString("DefaultProfileName", str).apply();
        }

        @Override // com.citrix.citrixvpn.x1
        public String A0(String str) {
            CtxLog.g(VPNService.C, "getProfile aidl called ");
            if (J0()) {
                CtxLog.b(VPNService.C, "Calling app not trusted");
                return "";
            }
            ArrayList arrayList = new ArrayList();
            e d10 = VPNService.this.f7124z.d(str);
            if (d10 == null) {
                return "";
            }
            arrayList.add(d10);
            return G0(arrayList);
        }

        String G0(List list) {
            Iterator it;
            String str;
            String str2;
            a aVar = this;
            String str3 = "Type";
            String str4 = "Password";
            String str5 = "Username";
            XmlSerializer newSerializer = Xml.newSerializer();
            StringWriter stringWriter = new StringWriter();
            try {
                newSerializer.setOutput(stringWriter);
                newSerializer.startTag("", "VPNProfiles");
                newSerializer.attribute("", XMLConstants.XMLNS_ATTRIBUTE, "http://www.citrix.com/CitrixVPN/VpnProfile");
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    e eVar = (e) it2.next();
                    newSerializer.startTag("", "VPNProfile");
                    if (eVar.k() != null) {
                        newSerializer.startTag("", "ProfileName");
                        it = it2;
                        newSerializer.text(eVar.k());
                        newSerializer.endTag("", "ProfileName");
                    } else {
                        it = it2;
                    }
                    if (eVar.n() != null) {
                        newSerializer.startTag("", "ServerAddress");
                        newSerializer.text(eVar.n());
                        newSerializer.endTag("", "ServerAddress");
                    }
                    if (eVar.p() != null) {
                        newSerializer.startTag("", str5);
                        newSerializer.text(eVar.p());
                        newSerializer.endTag("", str5);
                    }
                    if (eVar.h() != null) {
                        newSerializer.startTag("", str4);
                        newSerializer.text(eVar.h());
                        newSerializer.endTag("", str4);
                    }
                    String str6 = str4;
                    if (eVar.a() != null) {
                        newSerializer.startTag("", "ClientCert");
                        str = str5;
                        newSerializer.attribute("", "type", "alias");
                        newSerializer.startTag("", "Value");
                        newSerializer.text(eVar.a());
                        newSerializer.endTag("", "Value");
                        newSerializer.endTag("", "ClientCert");
                    } else {
                        str = str5;
                    }
                    if (eVar.f()) {
                        newSerializer.startTag("", "PerAppVPN");
                        newSerializer.startTag("", str3);
                        newSerializer.text(eVar.g() ? VPNService.this.f7122x : VPNService.this.f7123y);
                        newSerializer.endTag("", str3);
                        newSerializer.startTag("", "AppList");
                        String[] split = eVar.i().split("[,;]");
                        int length = split.length;
                        int i10 = 0;
                        while (i10 < length) {
                            String str7 = split[i10];
                            newSerializer.startTag("", "App");
                            newSerializer.text(str7.trim());
                            newSerializer.endTag("", "App");
                            i10++;
                            str3 = str3;
                        }
                        str2 = str3;
                        newSerializer.endTag("", "AppList");
                        newSerializer.endTag("", "PerAppVPN");
                    } else {
                        str2 = str3;
                    }
                    if (eVar.e()) {
                        newSerializer.startTag("", "CustomParameters");
                        if (eVar.c() != null) {
                            newSerializer.startTag("", "Parameter");
                            newSerializer.startTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.text("disableUserProfiles");
                            newSerializer.endTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.startTag("", "Value");
                            newSerializer.text(eVar.c());
                            newSerializer.endTag("", "Value");
                            newSerializer.endTag("", "Parameter");
                        }
                        if (eVar.o() != null) {
                            newSerializer.startTag("", "Parameter");
                            newSerializer.startTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.text("userAgent");
                            newSerializer.endTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.startTag("", "Value");
                            newSerializer.text(eVar.o());
                            newSerializer.endTag("", "Value");
                            newSerializer.endTag("", "Parameter");
                        }
                        if (eVar.m() != null) {
                            newSerializer.startTag("", "Parameter");
                            newSerializer.startTag("", SchemaSymbols.ATTVAL_NAME);
                            String b10 = eVar.b();
                            if ("udid".equalsIgnoreCase(b10)) {
                                newSerializer.text("XenMobileDeviceId");
                            } else if ("signeddevice".equalsIgnoreCase(b10)) {
                                newSerializer.text("IntuneDeviceID");
                            }
                            newSerializer.endTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.startTag("", "Value");
                            newSerializer.text(eVar.m());
                            newSerializer.endTag("", "Value");
                            newSerializer.endTag("", "Parameter");
                        }
                        if (!TextUtils.isEmpty(eVar.j())) {
                            newSerializer.startTag("", "Parameter");
                            newSerializer.startTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.text("ServerCertificatePins");
                            newSerializer.endTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.startTag("", "Value");
                            newSerializer.text(eVar.j());
                            newSerializer.endTag("", "Value");
                            newSerializer.endTag("", "Parameter");
                        }
                        if (eVar.q()) {
                            newSerializer.startTag("", "Parameter");
                            newSerializer.startTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.text("IsAlwaysOnVpn");
                            newSerializer.endTag("", SchemaSymbols.ATTVAL_NAME);
                            newSerializer.startTag("", "Value");
                            newSerializer.text("Yes");
                            newSerializer.endTag("", "Value");
                            newSerializer.endTag("", "Parameter");
                        }
                        newSerializer.endTag("", "CustomParameters");
                    }
                    newSerializer.endTag("", "VPNProfile");
                    aVar = this;
                    it2 = it;
                    str4 = str6;
                    str5 = str;
                    str3 = str2;
                }
                newSerializer.endTag("", "VPNProfiles");
                newSerializer.endDocument();
                return "<?xml version=\"1.0\"?>" + stringWriter;
            } catch (Exception e10) {
                throw new IllegalStateException(e10);
            }
        }

        boolean I0(String str) {
            boolean z10;
            try {
                new XMLSchemaFactory().newSchema(new StreamSource(VPNService.this.getAssets().open("vpnprofile.xsd"))).newValidator().validate(new StreamSource(new StringReader(str)));
                z10 = true;
            } catch (IOException e10) {
                CtxLog.h(VPNService.C, "IO Exception while validating xml", e10);
                z10 = false;
                return !z10;
            } catch (SAXException e11) {
                CtxLog.h(VPNService.C, "SAXException while validating xml", e11);
                z10 = false;
                return !z10;
            } catch (Exception e12) {
                CtxLog.h(VPNService.C, "Exception while validating xml", e12);
                z10 = false;
                return !z10;
            }
            return !z10;
        }

        boolean J0() {
            String[] packagesForUid = VPNService.this.getPackageManager().getPackagesForUid(Binder.getCallingUid());
            if (packagesForUid == null) {
                CtxLog.Error(VPNService.C, "Could not determine calling app id");
                return true;
            }
            String str = "com.microsoft.windowsintune.companyportal";
            if (!Arrays.asList(packagesForUid).contains("com.microsoft.windowsintune.companyportal")) {
                str = "com.zenprise";
                if (!Arrays.asList(packagesForUid).contains("com.zenprise")) {
                    str = "com.citrix.mdmclient";
                    if (!Arrays.asList(packagesForUid).contains("com.citrix.mdmclient")) {
                        str = null;
                    }
                }
            }
            if (str == null) {
                return true;
            }
            CtxLog.b(VPNService.C, "calling app package name: " + str);
            if (VPNService.this.f7121w == null) {
                VPNService.this.f7121w = str;
            } else if (!VPNService.this.f7121w.equals(str)) {
                return true;
            }
            try {
                Signature signature = VPNService.this.getPackageManager().getPackageInfo(str, 64).signatures[0];
                MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
                messageDigest.update(signature.toByteArray());
                byte[] digest = messageDigest.digest();
                StringBuilder sb2 = new StringBuilder(digest.length * 2);
                for (byte b10 : digest) {
                    sb2.append(String.format("%02x", Integer.valueOf(b10 & 255)));
                }
                if (Arrays.asList(VPNService.D).contains(sb2.toString())) {
                    CtxLog.b(VPNService.C, "Permission check passed");
                    return false;
                }
                CtxLog.Error(VPNService.C, "Unauthorized caller");
                return true;
            } catch (Exception e10) {
                CtxLog.k(VPNService.C, "Permission check failed", e10);
                return true;
            }
        }

        @Override // com.citrix.citrixvpn.x1
        public int K(String str) {
            CtxLog.g(VPNService.C, "replaceAllProfiles aidl called ");
            if (J0()) {
                return 4;
            }
            if (I0(str)) {
                return 1;
            }
            VPNService.this.f7124z.h(null);
            List K0 = K0(str);
            try {
                try {
                    int size = K0.size();
                    String str2 = "";
                    for (int i10 = 0; i10 < size; i10++) {
                        if (VPNService.this.f7124z.f((e) K0.get(i10), false) == -1) {
                            throw new IllegalStateException("PROFILEEXISTS");
                        }
                        if (i10 == 0) {
                            str2 = ((e) K0.get(0)).k();
                        }
                    }
                    L0(str2);
                    f.j().x(VPNService.this.f7124z.b());
                    return 0;
                } catch (Exception e10) {
                    if (!"PROFILEEXISTS".equals(e10.getMessage())) {
                        f.j().x(VPNService.this.f7124z.b());
                        return 4;
                    }
                    VPNService.this.f7124z.h(null);
                    f.j().x(VPNService.this.f7124z.b());
                    return 2;
                }
            } catch (Throwable th) {
                f.j().x(VPNService.this.f7124z.b());
                throw th;
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:98:0x01ba A[Catch: IOException -> 0x005b, XmlPullParserException -> 0x005e, TryCatch #2 {IOException -> 0x005b, XmlPullParserException -> 0x005e, blocks: (B:3:0x0017, B:5:0x0034, B:14:0x020e, B:16:0x0051, B:18:0x0061, B:20:0x0067, B:21:0x0074, B:23:0x007c, B:24:0x0080, B:26:0x0088, B:27:0x008c, B:29:0x0094, B:30:0x0098, B:32:0x00a0, B:33:0x00a4, B:36:0x00ae, B:39:0x00b6, B:41:0x00be, B:43:0x00c4, B:44:0x00dc, B:47:0x00e6, B:50:0x0102, B:51:0x00ee, B:52:0x0107, B:55:0x0116, B:58:0x0123, B:60:0x0129, B:62:0x012f, B:64:0x0137, B:68:0x0143, B:70:0x014d, B:72:0x0158, B:74:0x0160, B:76:0x0166, B:78:0x016e, B:79:0x0177, B:81:0x017f, B:82:0x0188, B:84:0x0190, B:85:0x0194, B:90:0x01a3, B:91:0x01b1, B:95:0x01b2, B:98:0x01ba, B:100:0x01bf, B:104:0x01cf, B:106:0x01d9, B:107:0x01e0, B:110:0x01eb, B:112:0x01f3, B:113:0x01f9, B:115:0x01ff, B:116:0x0205), top: B:2:0x0017 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        java.util.List K0(java.lang.String r21) {
            /*
                Method dump skipped, instructions count: 548
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: com.citrix.citrixvpn.mdm.VPNService.a.K0(java.lang.String):java.util.List");
        }

        @Override // com.citrix.citrixvpn.x1
        public String c0() {
            CtxLog.g(VPNService.C, "getAllProfiles aidl called ");
            if (J0()) {
                CtxLog.b(VPNService.C, "Calling app not trusted");
                return "";
            }
            try {
                List b10 = VPNService.this.f7124z.b();
                return !b10.isEmpty() ? G0(b10) : "";
            } catch (Exception e10) {
                CtxLog.h(VPNService.C, "Failed to serialize profile information", e10);
                return "";
            }
        }

        @Override // com.citrix.citrixvpn.x1
        public int g(String str) {
            CtxLog.g(VPNService.C, "updateProfiles aidl called ");
            if (J0()) {
                return 4;
            }
            if (I0(str)) {
                return 1;
            }
            List K0 = K0(str);
            int size = K0.size();
            for (int i10 = 0; i10 < size; i10++) {
                if (VPNService.this.f7124z.d(((e) K0.get(i10)).k()) == null) {
                    return 3;
                }
            }
            for (int i11 = 0; i11 < size; i11++) {
                VPNService.this.f7124z.f((e) K0.get(i11), true);
            }
            ArrayList arrayList = new ArrayList();
            for (int i12 = 0; i12 < size; i12++) {
                arrayList.add(VPNService.this.f7124z.d(((e) K0.get(i12)).k()));
            }
            f.j().D(arrayList);
            return 0;
        }

        @Override // com.citrix.citrixvpn.x1
        public int h() {
            CtxLog.g(VPNService.C, "removeAllProfiles aidl called ");
            if (J0()) {
                return 4;
            }
            VPNService.this.f7124z.h(null);
            VPNService.this.f7121w = null;
            F0();
            f.j().x(new ArrayList());
            return 0;
        }

        @Override // com.citrix.citrixvpn.x1
        public int k0(String str) {
            CtxLog.g(VPNService.C, "removeProfile aidl called ");
            if (J0()) {
                return 4;
            }
            try {
                if (VPNService.this.f7124z.h(str).intValue() == 0) {
                    return 3;
                }
                if (VPNService.this.f7124z.g() <= 0) {
                    VPNService.this.f7121w = null;
                    F0();
                } else if (H0().equalsIgnoreCase(str)) {
                    CtxLog.g(VPNService.C, "Default profile is deleted, marking next one as default");
                    L0(((e) VPNService.this.f7124z.b().get(0)).k());
                }
                f.j().u(str);
                return 0;
            } catch (Exception unused) {
                return 3;
            }
        }

        @Override // com.citrix.citrixvpn.x1
        public int x(String str) {
            CtxLog.g(VPNService.C, "addProfiles aidl called ");
            if (J0()) {
                return 4;
            }
            if (I0(str)) {
                return 1;
            }
            List K0 = K0(str);
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            int i10 = 0;
            try {
                int size = K0.size();
                String str2 = "";
                for (int i11 = 0; i11 < size; i11++) {
                    try {
                        e eVar = (e) K0.get(i11);
                        boolean z10 = VPNService.this.f7124z.d(eVar.k()) != null;
                        if (VPNService.this.f7124z.f(eVar, z10) == -1) {
                            throw new IllegalStateException("INTERNALERROR");
                        }
                        if (z10) {
                            arrayList2.add(eVar);
                        } else {
                            arrayList.add(eVar);
                        }
                        if (i11 == 0 && TextUtils.isEmpty(H0())) {
                            str2 = eVar.k();
                        }
                    } catch (Exception e10) {
                        e = e10;
                        i10 = i11;
                        if ("INTERNALERROR".equals(e.getMessage())) {
                            for (int i12 = i10 - 1; i12 >= 0; i12--) {
                                VPNService.this.f7124z.h(((e) K0.get(i12)).k());
                            }
                        }
                        return 4;
                    }
                }
                L0(str2);
                if (!arrayList.isEmpty()) {
                    f.j().d(arrayList);
                }
                if (!arrayList2.isEmpty()) {
                    f.j().D(arrayList);
                }
                return 0;
            } catch (Exception e11) {
                e = e11;
            }
        }
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        Resources resources = getApplicationContext().getResources();
        this.f7122x = resources.getString(R.string.entry_value_allowed_apps);
        this.f7123y = resources.getString(R.string.entry_value_disallowed_apps);
        this.f7124z = x5.a.c(this);
        if (l.O(getApplicationContext())) {
            CtxLog.Error(C, "AIDL interface for VPN profile configuration is disabled in Android Enterprise environment");
            return null;
        }
        this.f7121w = this.f7124z.a();
        this.A = getApplicationContext();
        return this.B;
    }
}
