package com.citrix.nsg.a;

import android.content.Context;
import android.os.AsyncTask;
import android.text.TextUtils;
import android.util.Log;
import androidx.browser.trusted.sharing.ShareTarget;
import com.citrix.nsg.a.h;
import com.google.common.net.HttpHeaders;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.net.CookieHandler;
import java.net.HttpCookie;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: classes.dex */
public class g extends AsyncTask<Void, Void, h> {

    /* renamed from: a, reason: collision with root package name */
    private static final TrustManager[] f2926a = {new e()};
    private Context b;
    private a c;
    private d d;
    private boolean g;
    private HttpsURLConnection h;
    private com.citrix.nsg.a.a.c i;
    private CookieHandler j;
    private int e = -1;
    private boolean f = false;
    private HashSet<c> k = new HashSet<>();
    private HostnameVerifier l = new f(this);

    /* loaded from: classes.dex */
    public interface a {
        void onComplete(Context context, d dVar, h hVar);
    }

    public g(Context context, d dVar, a aVar) {
        this.b = null;
        this.c = null;
        this.b = context;
        this.d = dVar;
        this.c = aVar;
    }

    public static TrustManager[] a() {
        return f2926a;
    }

    private void c() {
        List<String> list = (List) this.h.getHeaderFields().get(HttpHeaders.SET_COOKIE);
        if (list == null) {
            return;
        }
        for (String str : list) {
            try {
                List<HttpCookie> parse = HttpCookie.parse(str);
                if (parse != null && !parse.isEmpty()) {
                    for (HttpCookie httpCookie : parse) {
                        if (!httpCookie.hasExpired()) {
                            this.k.add(new c(httpCookie.getName(), httpCookie.getValue()));
                        }
                    }
                }
            } catch (NullPointerException unused) {
                Log.d("MDX-NSGAuthAsyncTask", MessageFormat.format("{0} -- Null header for the cookie : {1}", this.h.getURL(), str));
            }
        }
    }

    private h d() throws IOException {
        try {
            if (isCancelled()) {
                h hVar = new h(h.a.ERROR_USER_CANCELLED, "User cancelled operation");
                HttpsURLConnection httpsURLConnection = this.h;
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                return hVar;
            }
            this.h = a(this.d.f2924a + "/cfg");
            i();
            this.h.setRequestProperty(HttpHeaders.COOKIE, b("NSC_AAAC").toString());
            this.h.connect();
            Log.d("MDX-NSGAuthAsyncTask", "Get /Cfg Response Code " + this.h.getResponseCode());
            int responseCode = this.h.getResponseCode();
            if (responseCode != 200) {
                if (responseCode == 403) {
                    h hVar2 = new h(h.a.ERROR_ACCESS_DENIED, "Login failed - Access denied");
                    HttpsURLConnection httpsURLConnection2 = this.h;
                    if (httpsURLConnection2 != null) {
                        httpsURLConnection2.disconnect();
                    }
                    return hVar2;
                }
                Log.e("MDX-NSGAuthAsyncTask", "Error fetching /cfg");
                h hVar3 = new h(h.a.ERROR_GENERIC, "Login failed - /cfg failed, response code = " + this.h.getResponseCode());
                HttpsURLConnection httpsURLConnection3 = this.h;
                if (httpsURLConnection3 != null) {
                    httpsURLConnection3.disconnect();
                }
                return hVar3;
            }
            InputStream inputStream = this.h.getInputStream();
            byte[] bArr = new byte[8192];
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            try {
                this.i = new com.citrix.nsg.a.a.e(byteArrayOutputStream.toByteArray(), this.d.f2924a).v();
                if (this.i == null) {
                    h hVar4 = new h(h.a.ERROR_BAD_VPN_CONFIG, "Login failed - bad config received");
                    HttpsURLConnection httpsURLConnection4 = this.h;
                    if (httpsURLConnection4 != null) {
                        httpsURLConnection4.disconnect();
                    }
                    return hVar4;
                }
                this.i.c(i.a());
                int port = URI.create(this.d.f2924a).getPort();
                com.citrix.nsg.a.a.c cVar = this.i;
                if (port == -1) {
                    port = 443;
                }
                cVar.b(port);
                h hVar5 = new h();
                HttpsURLConnection httpsURLConnection5 = this.h;
                if (httpsURLConnection5 != null) {
                    httpsURLConnection5.disconnect();
                }
                return hVar5;
            } catch (Exception e) {
                Log.e("MDX-NSGAuthAsyncTask", "Received bad vpn config from server");
                h hVar6 = new h(h.a.ERROR_BAD_VPN_CONFIG, "Login failed - bad config received", e);
                HttpsURLConnection httpsURLConnection6 = this.h;
                if (httpsURLConnection6 != null) {
                    httpsURLConnection6.disconnect();
                }
                return hVar6;
            }
        } catch (Throwable th) {
            HttpsURLConnection httpsURLConnection7 = this.h;
            if (httpsURLConnection7 != null) {
                httpsURLConnection7.disconnect();
            }
            throw th;
        }
    }

    private h e() throws IOException {
        try {
            if (isCancelled()) {
                return new h(h.a.ERROR_USER_CANCELLED, "User cancelled operation");
            }
            this.h = a(this.d.f2924a + "/vpn/index.html");
            i();
            this.h.connect();
            int responseCode = this.h.getResponseCode();
            c();
            if (responseCode != 200) {
                if (responseCode != 302) {
                    if (responseCode == 403) {
                        h hVar = new h(h.a.ERROR_ACCESS_DENIED, "Login failed - Access denied");
                        HttpsURLConnection httpsURLConnection = this.h;
                        if (httpsURLConnection != null) {
                            httpsURLConnection.disconnect();
                        }
                        return hVar;
                    }
                    Log.e("MDX-NSGAuthAsyncTask", "Error while creating NSG session " + responseCode);
                    h hVar2 = new h(h.a.ERROR_GENERIC, "Login failed - /vpn/index.html failed, response code = " + responseCode);
                    HttpsURLConnection httpsURLConnection2 = this.h;
                    if (httpsURLConnection2 != null) {
                        httpsURLConnection2.disconnect();
                    }
                    return hVar2;
                }
                String headerField = this.h.getHeaderField("Location");
                if (headerField != null && !TextUtils.isEmpty(headerField)) {
                    if (headerField.equalsIgnoreCase("/epa/epa.html")) {
                        h hVar3 = new h(h.a.ERROR_END_POINT_ANALYSIS_NOT_SUPPORTED, "Login failed - Pre-auth EPA enabled on server, failing");
                        HttpsURLConnection httpsURLConnection3 = this.h;
                        if (httpsURLConnection3 != null) {
                            httpsURLConnection3.disconnect();
                        }
                        return hVar3;
                    }
                    c b = b("NSC_AAAC");
                    if (b == null || TextUtils.isEmpty(b.b())) {
                        Log.e("MDX-NSGAuthAsyncTask", "Auth not Supported");
                        h hVar4 = new h(h.a.ERROR_AUTH_METHOD_NOT_SUPPORTED, "Login failed - Gateway not configured with supported Authentication type");
                        HttpsURLConnection httpsURLConnection4 = this.h;
                        if (httpsURLConnection4 != null) {
                            httpsURLConnection4.disconnect();
                        }
                        return hVar4;
                    }
                    Log.i("MDX-NSGAuthAsyncTask", "Session cookie obtained, skipping explicit login call");
                    this.g = true;
                }
                h hVar5 = new h(h.a.ERROR_GENERIC, "Login failed - null/empty redirect location");
                HttpsURLConnection httpsURLConnection5 = this.h;
                if (httpsURLConnection5 != null) {
                    httpsURLConnection5.disconnect();
                }
                return hVar5;
            }
            this.e = h();
            this.f = j();
            h hVar6 = new h();
            HttpsURLConnection httpsURLConnection6 = this.h;
            if (httpsURLConnection6 != null) {
                httpsURLConnection6.disconnect();
            }
            return hVar6;
        } finally {
            HttpsURLConnection httpsURLConnection7 = this.h;
            if (httpsURLConnection7 != null) {
                httpsURLConnection7.disconnect();
            }
        }
    }

    private h f() throws IOException {
        try {
            if (isCancelled()) {
                return new h(h.a.ERROR_USER_CANCELLED, "User cancelled operation");
            }
            this.h = a(this.d.f2924a + "/cgi/login");
            this.h.setRequestMethod(ShareTarget.METHOD_POST);
            this.h.setDoInput(true);
            this.h.setDoOutput(true);
            i();
            StringBuilder sb = new StringBuilder();
            if (this.e >= 0) {
                if (this.d.b == null || this.d.e == null) {
                    h hVar = new h(h.a.ERROR_MISSING_CREDENTIALS, "Login failed - Gateway login requires username and password");
                    HttpsURLConnection httpsURLConnection = this.h;
                    if (httpsURLConnection != null) {
                        httpsURLConnection.disconnect();
                    }
                    return hVar;
                }
                String encode = URLEncoder.encode(this.d.b, "UTF-8");
                String encode2 = URLEncoder.encode(new String(this.d.e), "UTF-8");
                sb.append("login=");
                sb.append(encode);
                sb.append("&passwd=");
                sb.append(encode2);
                if (this.e == 2) {
                    if (this.d.f == null) {
                        h hVar2 = new h(h.a.ERROR_MISSING_CREDENTIALS, "Login failed - Gateway login requires second password");
                        HttpsURLConnection httpsURLConnection2 = this.h;
                        if (httpsURLConnection2 != null) {
                            httpsURLConnection2.disconnect();
                        }
                        return hVar2;
                    }
                    String encode3 = URLEncoder.encode(new String(this.d.f), "UTF-8");
                    sb.append("&passwd1=");
                    sb.append(encode3);
                }
            }
            if (this.f) {
                if (this.d.d == null) {
                    h hVar3 = new h(h.a.ERROR_MISSING_CREDENTIALS, "Login failed - Gateway login requires OAuth token");
                    HttpsURLConnection httpsURLConnection3 = this.h;
                    if (httpsURLConnection3 != null) {
                        httpsURLConnection3.disconnect();
                    }
                    return hVar3;
                }
                this.h.setRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + new String(this.d.d));
            }
            OutputStream outputStream = this.h.getOutputStream();
            BufferedWriter a2 = a(outputStream);
            a2.write(sb.toString());
            a2.flush();
            a2.close();
            outputStream.close();
            int responseCode = this.h.getResponseCode();
            if (this.f && this.e == -1 && responseCode == 500) {
                if (this.h != null) {
                    this.h.disconnect();
                }
                this.h = b();
                responseCode = this.h.getResponseCode();
            }
            Log.d("MDX-NSGAuthAsyncTask", "/cgi/login response code " + responseCode);
            if (responseCode != 302) {
                if (responseCode == 403) {
                    h hVar4 = new h(h.a.ERROR_ACCESS_DENIED, "Login failed - Access denied");
                    HttpsURLConnection httpsURLConnection4 = this.h;
                    if (httpsURLConnection4 != null) {
                        httpsURLConnection4.disconnect();
                    }
                    return hVar4;
                }
                h hVar5 = new h(h.a.ERROR_GENERIC, "Login failed - /cgi/login failed, response code = " + responseCode);
                HttpsURLConnection httpsURLConnection5 = this.h;
                if (httpsURLConnection5 != null) {
                    httpsURLConnection5.disconnect();
                }
                return hVar5;
            }
            String headerField = this.h.getHeaderField("Location");
            if (TextUtils.isEmpty(headerField)) {
                h hVar6 = new h(h.a.ERROR_GENERIC, "Login failed - null/empty redirect location");
                HttpsURLConnection httpsURLConnection6 = this.h;
                if (httpsURLConnection6 != null) {
                    httpsURLConnection6.disconnect();
                }
                return hVar6;
            }
            c();
            if (!headerField.equalsIgnoreCase("/cgi/setclient?andr") && !headerField.equalsIgnoreCase("/vpns/choices.html")) {
                if (headerField.equalsIgnoreCase("/vpns/postepa.html")) {
                    h hVar7 = new h(h.a.ERROR_END_POINT_ANALYSIS_NOT_SUPPORTED, "Login failed - Post-auth EPA enabled on server, failing");
                    HttpsURLConnection httpsURLConnection7 = this.h;
                    if (httpsURLConnection7 != null) {
                        httpsURLConnection7.disconnect();
                    }
                    return hVar7;
                }
                c b = b("NSC_VPNERR");
                if (b == null || TextUtils.isEmpty(b.b())) {
                    h hVar8 = new h(h.a.ERROR_GENERIC, "Login failed - /cgi/login failed, response code = " + responseCode);
                    HttpsURLConnection httpsURLConnection8 = this.h;
                    if (httpsURLConnection8 != null) {
                        httpsURLConnection8.disconnect();
                    }
                    return hVar8;
                }
                String str = "Login failed - Invalid credentials, error: " + b.b();
                Log.e("MDX-NSGAuthAsyncTask", str);
                h hVar9 = new h(h.a.ERROR_INVALID_CREDENTIALS, str);
                HttpsURLConnection httpsURLConnection9 = this.h;
                if (httpsURLConnection9 != null) {
                    httpsURLConnection9.disconnect();
                }
                return hVar9;
            }
            c b2 = b("NSC_AAAC");
            if (b2 == null || TextUtils.isEmpty(b2.b())) {
                Log.e("MDX-NSGAuthAsyncTask", "Server response missing session cookie", new Throwable());
                h hVar10 = new h(h.a.ERROR_RESPONSE_MISSING_SESSION_COOKIE, "Login failed - did not receive session cookie");
                HttpsURLConnection httpsURLConnection10 = this.h;
                if (httpsURLConnection10 != null) {
                    httpsURLConnection10.disconnect();
                }
                return hVar10;
            }
            Log.d("MDX-NSGAuthAsyncTask", "Session cookie obtained");
            h hVar11 = new h();
            HttpsURLConnection httpsURLConnection11 = this.h;
            if (httpsURLConnection11 != null) {
                httpsURLConnection11.disconnect();
            }
            return hVar11;
        } finally {
            HttpsURLConnection httpsURLConnection12 = this.h;
            if (httpsURLConnection12 != null) {
                httpsURLConnection12.disconnect();
            }
        }
    }

    private h g() throws IOException {
        try {
            if (isCancelled()) {
                return new h(h.a.ERROR_USER_CANCELLED, "User cancelled operation");
            }
            this.h = a(this.d.f2924a + "/cgi/setclient?andr");
            i();
            this.h.setRequestProperty(HttpHeaders.COOKIE, b("NSC_AAAC").toString());
            this.h.connect();
            Log.d("MDX-NSGAuthAsyncTask", "SetClient Response Code " + this.h.getResponseCode());
            int responseCode = this.h.getResponseCode();
            if (responseCode == 200) {
                h hVar = new h(h.a.ERROR_SESSION_LIMIT_REACHED, "Login failed - Session limit reached");
                HttpsURLConnection httpsURLConnection = this.h;
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                return hVar;
            }
            if (responseCode == 302) {
                h hVar2 = new h();
                HttpsURLConnection httpsURLConnection2 = this.h;
                if (httpsURLConnection2 != null) {
                    httpsURLConnection2.disconnect();
                }
                return hVar2;
            }
            if (responseCode == 403) {
                h hVar3 = new h(h.a.ERROR_ACCESS_DENIED, "Login failed - Access denied");
                HttpsURLConnection httpsURLConnection3 = this.h;
                if (httpsURLConnection3 != null) {
                    httpsURLConnection3.disconnect();
                }
                return hVar3;
            }
            if (responseCode == 480) {
                h hVar4 = new h(h.a.ERROR_LICENSE_EXCEEDED, "Login failed - License limit exceeded");
                HttpsURLConnection httpsURLConnection4 = this.h;
                if (httpsURLConnection4 != null) {
                    httpsURLConnection4.disconnect();
                }
                return hVar4;
            }
            h hVar5 = new h(h.a.ERROR_GENERIC, "Login failed - /cgi/setclient?andr failed, response code = " + responseCode);
            HttpsURLConnection httpsURLConnection5 = this.h;
            if (httpsURLConnection5 != null) {
                httpsURLConnection5.disconnect();
            }
            return hVar5;
        } finally {
            HttpsURLConnection httpsURLConnection6 = this.h;
            if (httpsURLConnection6 != null) {
                httpsURLConnection6.disconnect();
            }
        }
    }

    private int h() {
        String b;
        c b2 = b("pwcount");
        if (b2 == null || (b = b2.b()) == null) {
            return 0;
        }
        String trim = b.trim();
        if (trim.equals("0")) {
            return 0;
        }
        if (trim.equals("2")) {
            return 2;
        }
        return trim.equals("-1") ? -1 : 0;
    }

    private void i() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, this.d.h ? a() : this.d.i, null);
            this.h.setInstanceFollowRedirects(false);
            this.h.setRequestProperty(HttpHeaders.USER_AGENT, i.a());
            this.h.setSSLSocketFactory(sSLContext.getSocketFactory());
            if (this.d.h) {
                this.h.setHostnameVerifier(this.l);
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            Log.d("MDX-NSGAuthAsyncTask", "Ignoring exception in setBasicHeaders()", e);
        }
    }

    private boolean j() {
        String headerField = this.h.getHeaderField("NSG_OAuthToken");
        Log.d("MDX-NSGAuthAsyncTask", "OAuthHeaderValue: " + headerField);
        if (headerField != null && headerField.trim().equalsIgnoreCase("true")) {
            return true;
        }
        Log.d("MDX-NSGAuthAsyncTask", "Gateway server not configured with oAuth");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    /* renamed from: a, reason: merged with bridge method [inline-methods] */
    public h doInBackground(Void... voidArr) {
        this.g = false;
        d dVar = this.d;
        if (dVar == null) {
            return new h(h.a.ERROR_NULL_ARGS, "Null auth args passed!");
        }
        if (dVar.f2924a == null) {
            return new h(h.a.ERROR_MISSING_GATEWAY_FQDN, "Login failed - server address not set");
        }
        try {
            this.k.clear();
            this.j = CookieHandler.getDefault();
            CookieHandler.setDefault(null);
            h e = e();
            if (e.f2927a != h.a.SUCCESS) {
                return e;
            }
            if (!this.g) {
                h f = f();
                if (f.f2927a != h.a.SUCCESS) {
                    return f;
                }
            }
            h g = g();
            return g.f2927a != h.a.SUCCESS ? g : d();
        } catch (IOException e2) {
            return new h(h.a.ERROR_GATEWAY_UNREACHABLE, "Login failed - exception thrown: " + e2.getMessage(), e2);
        } catch (Exception e3) {
            return new h(h.a.ERROR_GENERIC, "Login failed - exception thrown: " + e3.getMessage(), e3);
        }
    }

    protected BufferedWriter a(OutputStream outputStream) throws UnsupportedEncodingException {
        return new BufferedWriter(new OutputStreamWriter(outputStream, "UTF-8"));
    }

    protected HttpsURLConnection a(String str) throws IOException {
        return (HttpsURLConnection) new URL(str).openConnection();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    /* renamed from: a, reason: merged with bridge method [inline-methods] */
    public void onPostExecute(h hVar) {
        Log.d("MDX-NSGAuthAsyncTask", "NSG Login result = " + hVar);
        CookieHandler.setDefault(this.j);
        if (hVar.f2927a == h.a.SUCCESS) {
            if (this.j != null) {
                try {
                    Log.d("MDX-NSGAuthAsyncTask", "Setting AAAC Cookie in Cookie Handler");
                    ArrayList arrayList = new ArrayList(Arrays.asList(b("NSC_AAAC").toString()));
                    HashMap hashMap = new HashMap();
                    hashMap.put(HttpHeaders.SET_COOKIE, arrayList);
                    this.j.put(new URI(this.d.f2924a), hashMap);
                } catch (IOException unused) {
                    Log.d("MDX-NSGAuthAsyncTask", "IOException while setting cookie in the cookiehandler");
                } catch (URISyntaxException unused2) {
                    Log.d("MDX-NSGAuthAsyncTask", "URISyntaxException while setting cookie in the cookiehandler");
                }
            }
            hVar.d = b("NSC_AAAC").toString();
            hVar.e = this.d.f2924a;
            hVar.f = this.i;
        }
        a aVar = this.c;
        if (aVar != null) {
            aVar.onComplete(this.b, this.d, hVar);
        }
    }

    protected c b(String str) {
        Iterator<c> it = this.k.iterator();
        while (it.hasNext()) {
            c next = it.next();
            if (next.a().equalsIgnoreCase(str)) {
                return next;
            }
        }
        return null;
    }

    HttpsURLConnection b() throws IOException {
        this.h = a(this.d.f2924a + "/cgi/login");
        this.h.setRequestMethod(ShareTarget.METHOD_POST);
        this.h.setDoInput(true);
        this.h.setDoOutput(true);
        i();
        StringBuilder sb = new StringBuilder();
        String encode = URLEncoder.encode("dummy", "UTF-8");
        String encode2 = URLEncoder.encode("dummy", "UTF-8");
        sb.append("login=");
        sb.append(encode);
        sb.append("&passwd=");
        sb.append(encode2);
        if (this.d.d != null) {
            this.h.setRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + new String(this.d.d));
        }
        OutputStream outputStream = this.h.getOutputStream();
        BufferedWriter a2 = a(outputStream);
        a2.write(sb.toString());
        a2.flush();
        a2.close();
        outputStream.close();
        return this.h;
    }

    @Override // android.os.AsyncTask
    protected void onCancelled() {
    }
}
