package com.citrix.mdx.plugins;

import android.annotation.TargetApi;
import android.app.Activity;
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Pair;
import android.webkit.ClientCertRequest;
import android.webkit.WebView;
import com.citrix.MAM.Android.AuthSSO.csreq.ClientCertKeyManager;
import com.citrix.MAM.Android.AuthSSO.pkop.ClientCert;
import com.citrix.MAM.Android.AuthSSO.proxy.Helper;
import com.citrix.MAM.Android.ManagedApp.AppStateContentProvider;
import com.citrix.MAM.Android.ManagedApp.C;
import com.citrix.MAM.Android.ManagedAppHelper.Interface.MAMAppInfo;
import com.citrix.mdx.MDXPluginAnnotation;
import com.citrix.mdx.agent.IntuneAgent;
import com.citrix.mdx.common.MDXDiscovery;
import com.citrix.mdx.f.D;
import com.citrix.mdx.f.P;
import com.citrix.mdx.f.S;
import com.citrix.mdx.f.ba;
import com.citrix.mdx.lib.AdalUtils;
import com.citrix.mdx.lib.MAMProviderClient;
import com.citrix.mdx.lib.MDXNetwork;
import com.citrix.mdx.lib.MDXProviderClient;
import com.citrix.mdx.lib.TunnelWhitelistResolver;
import com.citrix.mdx.managers.PolicyManager;
import com.citrix.mdx.networking.CtxMITMContentProvider;
import com.citrix.mdx.plugins.Networking;
import com.citrix.nsg.GatewayConnectionHandler;
import com.citrix.nsg.a.g;
import com.citrix.nsg.a.h;
import java.io.ByteArrayInputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@MDXPluginAnnotation(name = Networking.PLUGIN_NAME)
/* loaded from: classes.dex */
public class NetworkingPlugin extends Networking implements g.a {
    public static final String ACTION_FORCED_TIME_OUT = "com.citrix.MAM.intent.action.ForcedTimeOut";
    public static final String INTENT_EXTRA_GET_SF_CLIENT_CERTIFICATES = "GetSFClientCertificate";
    public static final String INTENT_EXTRA_GET_SHAREFILE_CONNECTOR = "GetShareFileConnector";
    public static final String INTENT_EXTRA_GET_STA_TICKET = "GetSTATicket";
    public static final String REWRITE_SERVICE = "/AGServices/rewriteMode";
    private static Pattern i = Pattern.compile("['\"<>&]");
    private static Method j;
    public static P networkPolicies;
    public static ba secureBrowsePolicies;
    private AsyncTask<?, ?, ?> k;
    private boolean l;

    /* loaded from: classes.dex */
    public static class ForcedTimeOutBroadcastReceiver extends BroadcastReceiver {
        public static PendingIntent getTargetIntent(Context context) {
            Intent intent = new Intent(context, (Class<?>) ForcedTimeOutBroadcastReceiver.class);
            intent.setAction(NetworkingPlugin.ACTION_FORCED_TIME_OUT);
            return PendingIntent.getBroadcast(context, 0, intent, (Build.VERSION.SDK_INT >= 23 ? 67108864 : 0) | 268435456);
        }

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (intent == null || !NetworkingPlugin.ACTION_FORCED_TIME_OUT.equals(intent.getAction())) {
                return;
            }
            Logging.getPlugin().Debug("MDX-NetworkPlugin", "NSG has forced timeout. Locking the app to refresh the cookie.");
            com.citrix.mdx.managers.b.c(D.y);
            Networking.getPlugin().cookieExpired(context, true);
        }
    }

    private void a(int i2, Context context) {
        try {
            AlarmManager alarmManager = (AlarmManager) context.getSystemService("alarm");
            if (i2 > 0) {
                Logging.getPlugin().Debug("MDX-NetworkPlugin", "NSG forced timeout value: " + i2 + " minutes.");
                alarmManager.set(0, System.currentTimeMillis() + TimeUnit.MINUTES.toMillis((long) i2), ForcedTimeOutBroadcastReceiver.getTargetIntent(context));
            } else {
                alarmManager.cancel(ForcedTimeOutBroadcastReceiver.getTargetIntent(context));
            }
        } catch (Exception e) {
            Logging.getPlugin().Error("MDX-NetworkPlugin", e.getMessage(), e);
        }
    }

    private static void a(Context context, boolean z) {
        com.citrix.mdx.hooks.i.b().a(MAMAppInfo.KEY_BLOCK_DNS_FROM_UNMANAGED_APPS_IN_FULL_VPN, z);
        Logging plugin = Logging.getPlugin();
        StringBuilder sb = new StringBuilder();
        sb.append(z ? "Blocking" : "Allowing");
        sb.append(" DNS from un-managed apps in full VPN.");
        plugin.Info("MDX-NetworkPlugin", sb.toString());
    }

    private static boolean a(Context context, String str) {
        if (j == null) {
            try {
                j = Class.forName("com.citrix.mvpn.MAM.Android.AuthSSO.proxy.Helper").getMethod("willHostnameTunnel", Context.class, String.class);
            } catch (ClassNotFoundException unused) {
                Logging.getPlugin().Error("MDX-NetworkPlugin", "failed to find Helper class from SDK.");
            } catch (NoSuchMethodException unused2) {
                Logging.getPlugin().Error("MDX-NetworkPlugin", "failed to find willHostnameTunnel method from SDK.");
            }
        }
        Method method = j;
        if (method != null) {
            try {
                return ((Boolean) method.invoke(null, context, str)).booleanValue();
            } catch (IllegalAccessException unused3) {
                Logging.getPlugin().Error("MDX-NetworkPlugin", "have no permission to invoke willHostnameTunnel method from SDK.");
            } catch (InvocationTargetException unused4) {
                Logging.getPlugin().Error("MDX-NetworkPlugin", "failed to invoke willHostnameTunnel method from SDK.");
            }
        }
        return false;
    }

    public static TrustManager[] getUserAcceptedTrustManagers() {
        TrustManagerFactory trustManagerFactory;
        X509TrustManager[] x509TrustManagerArr;
        byte[] e = com.citrix.mdx.managers.n.b().e("_secure_USER_ACCEPTED_CERTS_KEY_STORE");
        char[] f = com.citrix.mdx.managers.n.b().f("_secure_USER_ACCEPTED_CERTS_KEY_STORE_PASSWORD");
        X509TrustManager[] x509TrustManagerArr2 = null;
        if (e == null || f == null) {
            if (Agent.isManagedByIntune()) {
                return com.citrix.MAM.Android.AuthSSO.MITM.r.a();
            }
            return null;
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(e);
            KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", null, new KeyStore.PasswordProtection(f)).getKeyStore();
            keyStore.load(byteArrayInputStream, f);
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            x509TrustManagerArr = new X509TrustManager[1];
        } catch (Exception unused) {
        }
        try {
            x509TrustManagerArr[0] = new com.citrix.MAM.Android.AuthSSO.csreq.b(trustManagerFactory.getTrustManagers(), null);
            return x509TrustManagerArr;
        } catch (Exception unused2) {
            x509TrustManagerArr2 = x509TrustManagerArr;
            Logging.getPlugin().Warning("MDX-NetworkPlugin", "Failed to obtain User Accepted Keystore from data storage");
            return x509TrustManagerArr2;
        }
    }

    public static void saveUserAcceptedKeystore(Bundle bundle) {
        com.citrix.mdx.managers.n b = com.citrix.mdx.managers.n.b();
        b.a("_secure_USER_ACCEPTED_CERTS_KEY_STORE", bundle.getByteArray("USER_ACCEPTED_CERTS_KEY_STORE"));
        b.a("_secure_USER_ACCEPTED_CERTS_KEY_STORE_PASSWORD", bundle.getCharArray("USER_ACCEPTED_CERTS_KEY_STORE_PASSWORD"));
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void agCertRevoked(Context context) {
        Logging.getPlugin().Detail("MDX-NetworkPlugin", "AG cert revoked");
        new Thread(new q(this, context.getApplicationContext())).start();
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void cancelNSGAuthAsyncTask() {
        AsyncTask<?, ?, ?> asyncTask = this.k;
        if (asyncTask != null) {
            asyncTask.cancel(true);
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void checkSecureBrowse(Context context) {
        if (Networking.getSecureBrowseStarted()) {
            if (!CtxMITMContentProvider.isSocketClosed(context)) {
                Logging.getPlugin().Info("MDX-NetworkPlugin", "SecureBrowse socket is still listening");
                return;
            }
            Logging.getPlugin().Info("MDX-NetworkPlugin", "SecureBrowse socket is no longer listening");
            Networking.setSecureBrowseStarted(false);
            com.citrix.mdx.networking.k.b();
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean clearCertCache(Context context, boolean z, boolean z2) {
        ClientCert a2 = ClientCert.a(context);
        if (a2 != null) {
            return a2.a(context, z, z2);
        }
        return false;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void cookieExpired(Context context, boolean z) {
        Logging.getPlugin().Detail("MDX-NetworkPlugin", "Cookie expired");
        if (Networking.getCookieExpired()) {
            Logging.getPlugin().Detail("MDX-NetworkPlugin", "Login already in progress");
            return;
        }
        if (PolicyManager.w()) {
            com.citrix.mdx.networking.k.b();
            com.citrix.mdx.managers.b.c(Management.ERROR_CODE_LOGON_SECUREBROWSE);
        }
        Networking.setCookieExpired(true);
        Networking.putNSGCookie("");
        Networking.setTunnelFailedAck(false);
        if (com.citrix.mdx.hooks.i.w && z) {
            Management.getPlugin().lockApp(context);
            return;
        }
        if (Agent.isManagedByIntune()) {
            Logging.getPlugin().Detail("MDX-NetworkPlugin", "App in background");
            if (!IntuneAgent.hasNSGAuthToken()) {
                com.citrix.mdx.managers.b.c(D.x);
                com.citrix.mdx.managers.b.c(D.y);
                return;
            }
            try {
                getNSGAuthAsyncTask(context, new D.b()).executeOnExecutor(AsyncTask.SERIAL_EXECUTOR, null);
            } catch (IllegalStateException e) {
                com.citrix.mdx.managers.b.c(D.y);
                Logging.getPlugin().Error("MDX-NetworkPlugin", e.getMessage());
            }
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean getBlockDNSFromUnmanagedAppsInFullVPN() {
        return com.citrix.mdx.hooks.i.b().a(MAMAppInfo.KEY_BLOCK_DNS_FROM_UNMANAGED_APPS_IN_FULL_VPN);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean getClientCertForeground(Activity activity, int i2) {
        Intent onlineIntent = MDXDiscovery.getOnlineIntent();
        onlineIntent.putExtra("GetSFClientCertificate", true);
        activity.startActivityForResult(onlineIntent, i2);
        return true;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public AsyncTask<?, ?, ?> getNSGAuthAsyncTask(Context context, Networking.OnAsyncTaskComplete onAsyncTaskComplete) {
        String str;
        com.citrix.nsg.a.d a2 = com.citrix.nsg.a.d.a();
        String nSGCookie = Networking.getNSGCookie();
        AdalUtils.AdalInfo nSGAdalInfo = IntuneAgent.getNSGAdalInfo();
        if (nSGAdalInfo != null && (str = nSGAdalInfo.accessToken) != null) {
            a2.d = str.getBytes();
        }
        if (nSGCookie != null) {
            a2.c = nSGCookie.getBytes();
        }
        a2.f2924a = Networking.getGatewayFQDN();
        a2.g = onAsyncTaskComplete;
        a2.i = getUserAcceptedTrustManagers();
        a2.h = Agent.agentID == 2;
        Logging.getPlugin().Info("MDX-NetworkPlugin", "NSGAuthArgs = " + a2);
        this.k = new com.citrix.nsg.a.g(context, a2, this);
        return this.k;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public AsyncTask<?, ?, ?> getSecureBrowseAsyncTask(Context context, Networking.OnAsyncTaskComplete onAsyncTaskComplete) {
        return new com.citrix.mdx.networking.k(context, onAsyncTaskComplete);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean getShareFileConnectorForeground(Activity activity, int i2) {
        Intent onlineIntent = MDXDiscovery.getOnlineIntent();
        onlineIntent.putExtra("GetShareFileConnector", true);
        activity.startActivityForResult(onlineIntent, i2);
        return true;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public String getStaTicketBackground(Context context) {
        return MDXProviderClient.getStaTicket(context);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean getStaTicketForeground(Activity activity, int i2) {
        Intent onlineIntent = MDXDiscovery.getOnlineIntent();
        onlineIntent.putExtra("GetSTATicket", true);
        activity.startActivityForResult(onlineIntent, i2);
        return true;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public Bundle getTranslatedUrl(Context context) {
        return com.citrix.MAM.Android.AuthSSO.pkop.b.a(context, REWRITE_SERVICE, false, true);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void initialize(Context context) {
        Bundle userAcceptedKeystore = MAMProviderClient.getUserAcceptedKeystore(context);
        if (userAcceptedKeystore != null) {
            saveUserAcceptedKeystore(userAcceptedKeystore);
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean installNetworkHooks(boolean z) {
        this.l = MDXNetwork.installAllNetworkHooks(z);
        return this.l;
    }

    @Override // com.citrix.mdx.plugins.Plugin
    public void installPlugin(Context context) {
        super.installPlugin(context);
        com.citrix.mdx.hooks.i.b().a("_secure_invocationHandlerSecureBrowse", com.citrix.mdx.networking.m.class.getCanonicalName());
        com.citrix.mdx.hooks.i.b().a("_secure_invocationHandlerNetwork", com.citrix.mdx.networking.g.class.getCanonicalName());
        secureBrowsePolicies = new ba();
        networkPolicies = new P();
        S.a(S.a.SecureBrowsePolicies, (S) secureBrowsePolicies);
        S.a(S.a.NetworkPolicies, (S) networkPolicies);
        GatewayConnectionHandler.initializeWhitelistDomainResolver(context);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean isAppCertAvailable(Context context) {
        return ClientCertKeyManager.isCertificatePresent(context, false);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean isSecureBrowseEnabled(Context context, String str) {
        return com.citrix.mdx.hooks.i.z ? a(context, str) : Helper.c(str);
    }

    @Override // com.citrix.nsg.a.g.a
    public void onComplete(Context context, com.citrix.nsg.a.d dVar, com.citrix.nsg.a.h hVar) {
        Logging.getPlugin().Info("MDX-NetworkPlugin", "NSGAuthTask onComplete = " + hVar);
        if (hVar != null) {
            com.citrix.mdx.managers.n.b().a(Networking.KEY_NSG_AUTH_RESULT, hVar.f2927a.name());
            if (hVar.f2927a == h.a.SUCCESS) {
                if (hVar.d != null) {
                    boolean z = false;
                    if (PolicyManager.w() && (!hVar.d.equals(Networking.getNSGCookie()))) {
                        com.citrix.mdx.managers.b.c(Management.ERROR_CODE_LOGON_SECUREBROWSE);
                    }
                    Networking.putNSGCookie(hVar.d);
                    Networking.setCookieExpired(z);
                }
                com.citrix.nsg.a.a.c cVar = hVar.f;
                if (cVar != null) {
                    Networking.putNSGConfig(cVar);
                    a(hVar.f.a(), (Context) com.citrix.mdx.hooks.i.e);
                }
                if (hVar.e != null) {
                    Logging.getPlugin().Warning("MDX-NetworkPlugin", "NSGAuthLib changing gateway URL to " + hVar.e);
                    Networking.putGatewayFQDN(hVar.e);
                }
            } else {
                Networking.putNSGCookie("");
            }
            AppStateContentProvider.saveGlobalState(context);
            Object obj = dVar.g;
            if (obj != null) {
                ((Networking.OnAsyncTaskComplete) obj).onAsyncTaskComplete();
            }
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    @TargetApi(21)
    public void onReceivedClientCertRequest(WebView webView, ClientCertRequest clientCertRequest) {
        String host = clientCertRequest.getHost();
        clientCertRequest.proceed(com.citrix.mdx.networking.b.b(host), com.citrix.mdx.networking.b.a(host));
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void onReceivedClientCertRequest(WebView webView, Object obj, String str) {
        String substring = str.substring(0, str.indexOf(":"));
        try {
            obj.getClass().getDeclaredMethod("proceed", PrivateKey.class, X509Certificate[].class).invoke(obj, com.citrix.mdx.networking.b.b(substring), com.citrix.mdx.networking.b.a(substring));
        } catch (IllegalAccessException unused) {
            Logging.getPlugin().Critical("MDX-NetworkPlugin", "IllegalAccessException invoking 'proceed' in " + obj.getClass().getCanonicalName());
        } catch (NoSuchMethodException unused2) {
            Logging.getPlugin().Critical("MDX-NetworkPlugin", "Failed to find method 'proceed' in " + obj.getClass().getCanonicalName());
        } catch (InvocationTargetException unused3) {
            Logging.getPlugin().Critical("MDX-NetworkPlugin", "InvocationTargetException invoking 'proceed' in " + obj.getClass().getCanonicalName());
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void setNetworkAccess(boolean z) {
        Management.getPlugin().setNetworkAccess(z);
        Networking.setNetworkingBlocked(!z);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean setUserAgent(String str, String str2) {
        if (str2 == null || i.matcher(str2).find()) {
            Logging.getPlugin().Error("MDX-NetworkPlugin", "Attempting to set null or illegal User Agent");
            return false;
        }
        Logging plugin = Logging.getPlugin();
        StringBuilder sb = new StringBuilder();
        sb.append("Setting replacement User Agent, orig: ");
        sb.append(TextUtils.isEmpty(str) ? "" : str);
        sb.append(" new: ");
        sb.append(str2);
        plugin.Detail("MDX-NetworkPlugin", sb.toString());
        Helper.d = new Pair<>(str, str2);
        return true;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void startVpnSilently(Context context) {
        new s(this, context).executeOnExecutor(MdxSerialTaskExecutor.getInstance(), null);
    }

    @Override // com.citrix.mdx.plugins.Plugin
    public void updateFromBundle(Context context, Bundle bundle) {
        boolean z = bundle.getBoolean(MAMAppInfo.KEY_BLOCK_DNS_FROM_UNMANAGED_APPS_IN_FULL_VPN);
        Networking.setVpnRequired(bundle.getBoolean(MAMAppInfo.KEY_VPN_REQUIRED));
        Networking.putAGAddress(bundle.getString(MAMAppInfo.KEY_AG_ADDRESS));
        String e = PolicyManager.e("BackgroundServices");
        new C();
        if (!TextUtils.isEmpty(e) && PolicyManager.w()) {
            Logging.getPlugin().Debug10("MDX-NetworkPlugin", "Adding BackgroundServices to tunnel whitelist = " + e);
            if (TunnelWhitelistResolver.updateWhitelist(e)) {
                TunnelWhitelistResolver.schedule(context, false);
            }
        }
        if (z != getBlockDNSFromUnmanagedAppsInFullVPN()) {
            a(context, z);
            updateHooksFromState(context);
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public boolean updateHooksFromState(Context context) {
        if (!this.l) {
            return true;
        }
        MDXNetwork.enableDNSHooking(context, com.citrix.mdx.hooks.i.b().a(MAMAppInfo.KEY_BLOCK_DNS_FROM_UNMANAGED_APPS_IN_FULL_VPN));
        return true;
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void vpnError(Context context, String str) {
        Logging.getPlugin().Detail("MDX-NetworkPlugin", "VPN state changed = " + str);
        if (Networking.getSecureBrowseStarting()) {
            return;
        }
        if (Networking.getSecureBrowseStarted() && (MAMAppInfo.ACTION_VPN_TIMEOUT.equals(str) || MAMAppInfo.ACTION_VPN_BAD_COOKIES.equals(str))) {
            Networking.setCookieExpired(true);
            Networking.putNSGCookie("");
        }
        if (!com.citrix.mdx.hooks.i.w) {
            Logging.getPlugin().Detail("MDX-NetworkPlugin", "App in background");
            return;
        }
        com.citrix.mdx.managers.b.c(Management.ERROR_CODE_LOGON_REFRESH_POLICIES);
        Logging.getPlugin().Detail("MDX-NetworkPlugin", "VPN state changed, launching app locked to restart VPN");
        Management.getPlugin().lockApp(context);
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void vpnEstablished(Context context) {
        Logging.getPlugin().Detail("MDX-NetworkPlugin", "VPN Established");
        int vpnDnsServer = Management.getPlugin().getVpnDnsServer(context);
        Logging.getPlugin().Debug("MDX-NetworkPlugin", "VPN Dns server found : " + vpnDnsServer);
        if (this.l && Agent.isManagedByXM()) {
            MDXNetwork.enableDNSHooking(context, getBlockDNSFromUnmanagedAppsInFullVPN());
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void vpnRestarted(Context context) {
        if (Networking.getNetworkingBlocked()) {
            Logging.getPlugin().Detail("MDX-NetworkPlugin", "Enabling network access after VPN restarted");
            Networking.getPlugin().setNetworkAccess(true);
        }
        if (this.l && Agent.isManagedByXM()) {
            MDXNetwork.enableDNSHooking(context, getBlockDNSFromUnmanagedAppsInFullVPN());
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void vpnRestarting(Context context) {
        if (PolicyManager.x()) {
            setNetworkAccess(false);
            Logging.getPlugin().Detail("MDX-NetworkPlugin", "Disabling network access while VPN restarts.");
        }
    }

    @Override // com.citrix.mdx.plugins.Networking
    public void waitForSecureBrowse(Throwable th) {
        if (Management.isManaged() && PolicyManager.w()) {
            com.citrix.mdx.networking.k.c();
        }
    }
}
