package net.juniper.junos.pulse.android.a;

import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.net.http.CustomHostnameVerifier;
import android.net.http.SSLUtilities;
import android.os.Build;
import android.security.KeyChainException;
import android.text.TextUtils;
import androidx.core.app.g;
import com.google.gson.Gson;
import com.google.gson.e;
import java.io.IOException;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpCookie;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import k.f;
import k.t;
import k.u;
import k.z.b.k;
import net.juniper.junos.pulse.android.JunosApplication;
import net.juniper.junos.pulse.android.sql.VpnProfile;
import net.juniper.junos.pulse.android.util.CertUtil;
import net.juniper.junos.pulse.android.util.ClientCertificate;
import net.juniper.junos.pulse.android.util.DeviceInfo;
import net.juniper.junos.pulse.android.util.Log;
import net.juniper.junos.pulse.android.util.NotificationUtil;
import net.juniper.junos.pulse.android.util.PulseUtil;
import net.juniper.junos.pulse.android.util.SMUtility;
import net.juniper.junos.pulse.android.vpn.UILessConnection;
import net.juniper.junos.pulse.android.vpnservice.VpnSamsungKnoxService;
import net.pulsesecure.modules.vpn.VpnProfileManager;
import net.pulsesecure.pulsesecure.R;
import net.pulsesecure.pulsesecure.work.VpnRestrictions;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.JavaNetCookieJar;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

/* compiled from: ClientAuthentication.java */
/* loaded from: classes2.dex */
public class a implements net.juniper.junos.pulse.android.a.c {

    /* renamed from: a, reason: collision with root package name */
    private final Context f15250a;

    /* renamed from: b, reason: collision with root package name */
    private net.juniper.junos.pulse.android.a.b f15251b;

    /* renamed from: c, reason: collision with root package name */
    private net.juniper.junos.pulse.android.a.d f15252c;

    /* renamed from: i, reason: collision with root package name */
    private SharedPreferences f15258i;

    /* renamed from: k, reason: collision with root package name */
    private VpnProfile f15260k;

    /* renamed from: d, reason: collision with root package name */
    private boolean f15253d = false;

    /* renamed from: e, reason: collision with root package name */
    private String f15254e = null;

    /* renamed from: f, reason: collision with root package name */
    private SSLContext f15255f = null;

    /* renamed from: g, reason: collision with root package name */
    private X509TrustManager f15256g = null;

    /* renamed from: h, reason: collision with root package name */
    private String f15257h = null;

    /* renamed from: l, reason: collision with root package name */
    private boolean f15261l = false;

    /* renamed from: j, reason: collision with root package name */
    private CookieManager f15259j = new CookieManager();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ClientAuthentication.java */
    /* renamed from: net.juniper.junos.pulse.android.a.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public class C0275a implements X509TrustManager {
        C0275a(a aVar) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ClientAuthentication.java */
    /* loaded from: classes2.dex */
    public class b implements Interceptor {
        b() {
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) {
            Log.d("RedirectInterceptor - intercept URL :" + chain.request().url());
            Request request = chain.request();
            Request.Builder newBuilder = request.newBuilder();
            HttpUrl url = chain.request().url();
            if (!a.this.f15260k.isMdmProfile() && !a.this.f15260k.isThirdParty() && url.toString().contains("login.cgi") && !TextUtils.isEmpty(a.this.f15257h)) {
                HashSet hashSet = new HashSet();
                hashSet.addAll(Arrays.asList(a.this.f15257h.split(";")));
                a.this.f15258i.edit().putStringSet("cookie", hashSet).commit();
                newBuilder = newBuilder.addHeader("Cookie", a.this.f15257h);
            }
            Response proceed = chain.proceed(newBuilder.url(request.url()).get().build());
            Log.d("Calling intercept response code :" + proceed.code());
            if (!proceed.headers("Set-Cookie").isEmpty()) {
                List<String> headers = proceed.headers("Set-Cookie");
                Iterator<String> it = headers.iterator();
                while (it.hasNext()) {
                    JunosApplication.getApplication().setUilessHCCookies(it.next());
                }
                if (proceed.code() == 200) {
                    a.this.f15258i.edit().putStringSet("cookie", JunosApplication.getApplication().getCookiesUiLessHc()).commit();
                    return proceed;
                }
                Iterator<String> it2 = headers.iterator();
                while (it2.hasNext()) {
                    if (it2.next().contains(VpnProfileManager.INTENT_KEY_DSID)) {
                        Log.i("received DSID cookie");
                        a.this.f15258i.edit().putStringSet("cookie", JunosApplication.getApplication().getCookiesUiLessHc()).commit();
                    }
                }
            }
            return proceed;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ClientAuthentication.java */
    /* loaded from: classes2.dex */
    public class c implements f<String> {
        c() {
        }

        @Override // k.f
        public void a(k.d<String> dVar, Throwable th) {
            String message = NotificationUtil.getMessage(th);
            Log.e("RetryCallHelper::onFailure() message " + message);
            a.this.f15251b.onClientAuthenticationFailed(message, null);
            a.this.b();
        }

        @Override // k.f
        public void a(k.d<String> dVar, t<String> tVar) {
            Log.d("onResponse() of retrofit, HTTP response = " + tVar.b() + ", Is successful =  " + tVar.d());
            HashMap hashMap = new HashMap();
            List<HttpCookie> cookies = a.this.f15259j.getCookieStore().getCookies();
            for (HttpCookie httpCookie : cookies) {
                hashMap.put(httpCookie.getName(), httpCookie.getValue());
            }
            if (hashMap.containsKey(VpnProfileManager.INTENT_KEY_DSID)) {
                Log.d("Got DSID / Authentication success");
                a.this.f15251b.onClientAuthenticationSuccess(cookies);
                if (JunosApplication.sIsHCUilessEnable) {
                    a.this.b();
                    return;
                }
                return;
            }
            URL url = null;
            String httpUrl = tVar.f().request().url().toString();
            try {
                url = new URL(httpUrl);
            } catch (MalformedURLException e2) {
                Log.e("MalformedURLException during creating url from response, url = " + httpUrl + "::" + e2.getMessage());
            }
            if (tVar.d() && !TextUtils.isEmpty(tVar.a())) {
                Log.d("Response = " + tVar.a());
                Log.d("redirectedUrlStr = " + httpUrl);
            }
            Log.d("ClientAuthentication", "Stealth Mode Authentication: Final Url(redirected) - " + url);
            String a2 = a.this.a(url);
            boolean z = JunosApplication.sIsHCUilessEnable;
            if (!z) {
                a.this.f15251b.onClientAuthenticationFailed(a2, httpUrl);
                a.this.b();
                return;
            }
            if (a2 != VpnSamsungKnoxService.AUTH_NO_ERROR) {
                Log.d("Auth error" + a2);
                a.this.f15251b.onClientAuthenticationFailed(a2, httpUrl);
                if (JunosApplication.getApplication().getTls12ForCertAuth() && a.this.f15260k.isCert()) {
                    return;
                }
                a.this.b();
                return;
            }
            if (z && tVar.d() && !TextUtils.isEmpty(tVar.a())) {
                String a3 = tVar.a();
                if (a3.contains("HTMLOUT.showHTML(\"my APP\")") && !a.this.f15253d) {
                    Log.d("Receive HC request");
                    a.this.f15254e = tVar.f().request().url().toString();
                    a.this.f15252c.onReceiveHoscheckerUrl(a.this.f15250a, a.this.f15254e, a3, a.this);
                    a.this.f15253d = true;
                    return;
                }
                if (url.toString().contains("remediate.cgi?")) {
                    Log.d(" Remediation message received from hostChecker, redirectedUrl = " + httpUrl);
                    try {
                        a.this.f15252c.onReceiveRemediationMessage(a.this.f15250a, url, a3);
                        if (a.this.f15260k.isOnDemandProfile() || a.this.f15260k.isAlwaysOnProfile()) {
                            Log.d("Profile is onDemand or isAlwaysOnProfile");
                            a.this.f15252c.onRemediationgotoMonitoring();
                        }
                        if (JunosApplication.getApplication().getTls12ForCertAuth() && a.this.f15260k.isCert()) {
                            return;
                        }
                        a.this.b();
                        return;
                    } catch (IOException e3) {
                        Log.e("IOException = " + e3.getMessage());
                        return;
                    }
                }
                String str = "";
                if (!a3.contains("Please sign in to begin your secure session") || !a3.contains("hcRunning = 1") || !a3.contains("<title>Login</title>")) {
                    if (!url.toString().contains("hideremed=1") || !a3.contains("IVANTI Connect Secure - SSL") || !a3.contains("You do not have permission to login.  Please contact your administrator")) {
                        Log.d("No Specific case to handle, check response body");
                        a.this.f15251b.onClientAuthenticationFailed(VpnSamsungKnoxService.AUTH_FAIL_CREDENTIALS, httpUrl);
                        if (JunosApplication.getApplication().getTls12ForCertAuth() && a.this.f15260k.isCert()) {
                            return;
                        }
                        a.this.b();
                        return;
                    }
                    if (a.this.f15260k.isOnDemandProfile() || a.this.f15260k.isAlwaysOnProfile()) {
                        Log.d("Profile is onDemand or isAlwaysOnProfile");
                        a.this.f15252c.onRemediationgotoMonitoring();
                    }
                    if (a.this.f15260k.isOnDemandProfile()) {
                        str = JunosApplication.getContext().getString(R.string.restrictionValueOnDemand);
                    } else if (a.this.f15260k.isAlwaysOnProfile()) {
                        str = JunosApplication.getContext().getString(R.string.restrictionTitleAlwaysOnVpn);
                    }
                    a.this.b(JunosApplication.getContext().getString(R.string.hide_remediation_server_response), str + " " + JunosApplication.getContext().getString(R.string.status));
                    a.this.b();
                    return;
                }
                Log.d("Response HTML has secondary login request");
                if (a.this.f15260k.isCert() && JunosApplication.getApplication().getTls12ForCertAuth()) {
                    a.this.f15251b.onClientAuthenticationFailed("", httpUrl);
                    return;
                }
                if (a.this.f15260k.isOnDemandProfile()) {
                    str = JunosApplication.getContext().getString(R.string.restrictionValueOnDemand);
                } else if (a.this.f15260k.isAlwaysOnProfile()) {
                    str = JunosApplication.getContext().getString(R.string.restrictionTitleAlwaysOnVpn);
                }
                Log.d(str + " won't support password based configuration..Please configure cert based profile on server");
                if (a.this.f15260k.isOnDemandProfile() || a.this.f15260k.isAlwaysOnProfile()) {
                    Log.d("Profile is onDemand or isAlwaysOnProfile");
                    a.this.f15252c.onRemediationgotoMonitoring();
                }
                String str2 = JunosApplication.getContext().getString(R.string.errorUnsupportedAuthScheme) + ", " + JunosApplication.getContext().getString(R.string.enterprise_onboard_dialog_finish_message_retry_not_possible);
                a.this.b(str2, str + " " + JunosApplication.getContext().getString(R.string.status));
                a.this.b();
            }
        }
    }

    /* compiled from: ClientAuthentication.java */
    /* loaded from: classes2.dex */
    public class d implements Interceptor {
        public d() {
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) {
            Request.Builder newBuilder = chain.request().newBuilder();
            if (a.this.f15257h != null) {
                HashSet hashSet = (HashSet) a.this.f15250a.getSharedPreferences("cookieData", 0).getStringSet("cookie", null);
                if (hashSet == null) {
                    return chain.proceed(newBuilder.build());
                }
                StringBuilder sb = new StringBuilder();
                newBuilder.removeHeader("Cookie");
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    if (!a.this.f15260k.isMdmProfile() && !a.this.f15260k.isThirdParty()) {
                        if (str.contains("lastRealm")) {
                            sb.append(a.this.f15257h + "; ");
                        } else {
                            sb.append(str + "; ");
                        }
                    }
                    if (str.contains("DSPREAUTH=")) {
                        sb.append(a.this.f15257h + "; ");
                    } else {
                        sb.append(str + "; ");
                    }
                }
                newBuilder.addHeader("Cookie", sb.toString());
            }
            return chain.proceed(newBuilder.build());
        }
    }

    public a(Context context, net.juniper.junos.pulse.android.a.b bVar, net.juniper.junos.pulse.android.a.d dVar) {
        this.f15250a = context;
        this.f15251b = bVar;
        this.f15252c = dVar;
        this.f15258i = this.f15250a.getSharedPreferences("cookieData", 0);
        this.f15259j.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
        JunosApplication.sIsHCUilessEnable = JunosApplication.getApplication().getHostCheckerVOD() || JunosApplication.getApplication().getTls12ForCertAuth();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String a(URL url) {
        String str = JunosApplication.sIsHCUilessEnable ? VpnSamsungKnoxService.AUTH_NO_ERROR : VpnSamsungKnoxService.AUTH_FAIL_CREDENTIALS;
        if (url.toString().contains("welcome.cgi?p=")) {
            String query = url.getQuery();
            if (query.contains("p=failed")) {
                return VpnSamsungKnoxService.AUTH_FAIL_CREDENTIALS;
            }
            if (query.contains("p=not-allowed") || query.contains("p=admins-only")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ACCESS_DENIED;
            }
            if (query.contains("p=ip-denied")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ADDRESS_DENIED;
            }
            if (query.contains("p=ua-denied")) {
                return VpnSamsungKnoxService.AUTH_FAIL_BROWSER_DENIED;
            }
            if (query.contains("p=no-auth")) {
                return VpnSamsungKnoxService.AUTH_FAIL_AUTH_SERVER;
            }
            if (query.contains("p=ip-blocked")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ADDRESS_BLOCKED;
            }
            if (query.contains("p=short-passwd")) {
                return VpnSamsungKnoxService.AUTH_FAIL_SHORT_PASSWORD;
            }
            if (query.contains("p=ssl-v3")) {
                return VpnSamsungKnoxService.AUTH_FAIL_SSL_V3_REQUIRED;
            }
            if (query.contains("p=ssl-weak")) {
                return VpnSamsungKnoxService.AUTH_FAIL_SSL_STRONG_REQUIRED;
            }
            if (query.contains("p=admin-recovery")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ADMIN_DISABLED;
            }
            if (query.contains("p=changed-password")) {
                return VpnSamsungKnoxService.AUTH_FAIL_CHANGE_PASSWORD;
            }
            if (query.contains("p=account-locked-out")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ACCOUNT_DISABLED;
            }
            if (query.contains("p=account-expired")) {
                return VpnSamsungKnoxService.AUTH_FAIL_ACCOUNT_EXPIRED;
            }
            if (query.contains("p=no-access")) {
                return VpnSamsungKnoxService.AUTH_FAIL_AUTH_DENIED;
            }
            if (!query.contains("p=max-sessions")) {
                if (query.contains("p=feature-unlicensed")) {
                    return VpnSamsungKnoxService.AUTH_FAIL_UNLICENSED;
                }
                if (query.contains("p=denied-checkhostname")) {
                    return VpnSamsungKnoxService.AUTH_FAIL_HOSTNAME;
                }
                if (query.contains("p=no-roles")) {
                    return VpnSamsungKnoxService.AUTH_FAIL_NO_ROLE;
                }
                if (!query.contains("p=too-many")) {
                    if (query.contains("p=installfail")) {
                        return VpnSamsungKnoxService.AUTH_FAIL_CCFAIL;
                    }
                    if (query.contains("p=revoked-cert")) {
                        return VpnSamsungKnoxService.AUTH_FAIL_REVOKED_CERT;
                    }
                    if (query.contains("p=wrong-cert")) {
                        return VpnSamsungKnoxService.AUTH_FAIL_WRONG_CERT;
                    }
                    if (query.contains("p=passwordExpiration")) {
                        return VpnSamsungKnoxService.AUTH_FAIL_PASSWORDEXPIRATION;
                    }
                    if (query.contains("p=device%2Ddenied")) {
                        return VpnSamsungKnoxService.AUTH_FAIL_DEVICE_VALIDATION_FAILED;
                    }
                }
            }
            return "Too Many Sessions";
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b() {
        Log.d("ClientAuthentication: Clearing the Data");
        this.f15257h = null;
        if (this.f15259j.getCookieStore().getCookies() != null) {
            this.f15259j.getCookieStore().removeAll();
            this.f15259j = null;
        }
        SharedPreferences sharedPreferences = this.f15258i;
        if (sharedPreferences != null && !sharedPreferences.getAll().isEmpty()) {
            this.f15258i.edit().clear().commit();
            this.f15258i = null;
        }
        JunosApplication.getApplication().clearCookies();
        this.f15253d = false;
        this.f15255f = null;
        this.f15256g = null;
        this.f15252c = null;
        this.f15251b = null;
    }

    private void b(String str) {
        Log.d("ClientAuthentication", "startAuthentication() VPN with url " + str);
        if (TextUtils.isEmpty(this.f15257h)) {
            Log.d("Clearing Cookies");
            JunosApplication.getApplication().clearCookies();
            this.f15258i.edit().clear().commit();
        }
        if (JunosApplication.getApplication().getUDIDStatus()) {
            String deviceUdid = VpnRestrictions.getDeviceUdid();
            String str2 = "X-client-udid=" + deviceUdid + "; path=/";
            Log.d("ClientAuthentication", "Sending UDID cookie for validation: " + PulseUtil.opaquify(deviceUdid));
            if (!TextUtils.isEmpty(deviceUdid)) {
                android.webkit.CookieManager.getInstance().setCookie(str, str2);
                android.webkit.CookieManager.getInstance().flush();
            }
        }
        OkHttpClient build = JunosApplication.sIsHCUilessEnable ? JunosApplication.getsBaseOkHttpClient().newBuilder().cookieJar(new JavaNetCookieJar(this.f15259j)).sslSocketFactory(this.f15255f.getSocketFactory(), this.f15256g).connectTimeout(30L, TimeUnit.SECONDS).readTimeout(30L, TimeUnit.SECONDS).writeTimeout(30L, TimeUnit.SECONDS).addInterceptor(new net.juniper.junos.pulse.android.h.d.b("User-Agent")).addInterceptor(new net.juniper.junos.pulse.android.h.d.a()).addNetworkInterceptor(a()).addNetworkInterceptor(new d()).hostnameVerifier(CustomHostnameVerifier.Companion.getCustomHostnameVerifier()).followRedirects(true).build() : JunosApplication.getsBaseOkHttpClient().newBuilder().cookieJar(new JavaNetCookieJar(this.f15259j)).sslSocketFactory(this.f15255f.getSocketFactory(), this.f15256g).readTimeout(30L, TimeUnit.SECONDS).writeTimeout(30L, TimeUnit.SECONDS).connectTimeout(30L, TimeUnit.SECONDS).addInterceptor(new net.juniper.junos.pulse.android.h.d.b("User-Agent")).addInterceptor(new net.juniper.junos.pulse.android.h.d.a()).hostnameVerifier(CustomHostnameVerifier.Companion.getCustomHostnameVerifier()).build();
        e eVar = new e();
        eVar.d();
        Gson a2 = eVar.a();
        String a3 = net.juniper.junos.pulse.android.h.b.a(str);
        if (TextUtils.isEmpty(a3)) {
            Log.e("Failed to extract baseUrl from url, url = " + str);
        }
        u.b bVar = new u.b();
        bVar.a(a3);
        bVar.a(build);
        bVar.a(k.a());
        bVar.a(k.z.a.a.a(a2));
        net.juniper.junos.pulse.android.h.a aVar = (net.juniper.junos.pulse.android.h.a) bVar.a().a(net.juniper.junos.pulse.android.h.a.class);
        Map<String, String> b2 = net.juniper.junos.pulse.android.h.b.b(str);
        net.juniper.junos.pulse.android.h.b.a(b2 != null ? aVar.b(str, b2) : aVar.a(str), 5, this.f15260k, new c());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(String str, String str2) {
        NotificationUtil.showHCErrorNotification(JunosApplication.getApplication(), str, str2);
    }

    private void b(VpnProfile vpnProfile) {
        try {
            Log.d("ClientAuthentication", "calling CertUtil.getCertificate(profile)");
            ClientCertificate certificate = CertUtil.getCertificate(vpnProfile);
            Log.d("ClientAuthentication", "CertUtil.getCertificate() success");
            if (certificate == null || certificate.getCertArray() == null || certificate.getPrivateKey() == null) {
                Log.d("ClientAuthentication", "error cert not found ");
                this.f15251b.onClientAuthenticationFailed(VpnSamsungKnoxService.AUTH_FAIL_MISSING_OR_INVALID_CERT, null);
                return;
            }
            DeviceInfo deviceInfo = new DeviceInfo();
            Log.d("ClientAuthentication", "cert found ");
            PrivateKey privateKey = certificate.getPrivateKey();
            Log.d("ClientAuthentication", "privateKey");
            X509Certificate[] certArray = certificate.getCertArray();
            Log.d("ClientAuthentication", "certs");
            try {
                String deviceUuidString = deviceInfo.getDeviceUuidString();
                Log.d("ClientAuthentication", "passwd");
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                Log.d("ClientAuthentication", "mKeyStore");
                keyStore.load(null, deviceUuidString.toCharArray());
                Log.d("ClientAuthentication", "mKeyStore load");
                keyStore.setKeyEntry("PulseSecureCertAlias", privateKey, deviceUuidString.toCharArray(), certArray);
                Log.d("ClientAuthentication", "mKeyStore setKeyEntry");
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                Log.d("ClientAuthentication", "keyManagerFactory");
                keyManagerFactory.init(keyStore, deviceUuidString.toCharArray());
                Log.d("ClientAuthentication", "keyManagerFactory init");
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                Log.d("ClientAuthentication", "keyManagerFactory getKeyManagers");
                String protocolForSslContext = JunosApplication.getApplication().getProtocolForSslContext();
                this.f15255f = SSLContext.getInstance(protocolForSslContext);
                Log.d("ClientAuthentication", "SSLContext.getInstance() Version = " + protocolForSslContext);
                SSLUtilities.setConnectionType((byte) 1);
                Log.d("ClientAuthentication", "SSLUtilities.setConnectionType");
                TrustManager[] trustManagerArr = !this.f15261l ? new TrustManager[]{SSLUtilities.getSystemX509TrustManager()} : new TrustManager[]{new C0275a(this)};
                Log.d("ClientAuthentication", "trustManagers");
                this.f15255f.init(keyManagers, trustManagerArr, new SecureRandom());
                this.f15256g = (X509TrustManager) trustManagerArr[0];
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                Log.e("Exception in prepareSSLContext(), e = " + e2.getMessage());
            }
        } catch (KeyChainException e3) {
            Log.e("ClientAuthentication", "KeyChainException : " + e3.getMessage());
            VpnSamsungKnoxService.setVpnStatus(VpnSamsungKnoxService.PulseVpnStatus.AUTH_FAILED);
            Log.e("ClientAuthentication", "executeCertClient KeyChain exception: " + e3);
            Log.d("ClientAuthentication", "Credential storage permission needs to be asked to user");
            try {
                String certAlias = vpnProfile.getCertAlias();
                String url = vpnProfile.getUrl();
                String name = vpnProfile.getName();
                if (!TextUtils.isEmpty(certAlias) && !TextUtils.isEmpty(url) && !TextUtils.isEmpty(name)) {
                    Intent intent = new Intent(this.f15250a, Class.forName("net.pulsesecure.pws.ui.TransparentPermissionActivity"));
                    intent.putExtra(UILessConnection.UI_LESS_VPN_INTENT_EXTRA, VpnSamsungKnoxService.AUTH_FAIL_CERT_STORE);
                    intent.putExtra("profileCertificateAlias", certAlias);
                    intent.putExtra("profileUrl", url);
                    intent.putExtra("profileName", name);
                    intent.addFlags(268468224);
                    if (Build.VERSION.SDK_INT < 29 || !NotificationUtil.isApplicationInTheBackground()) {
                        this.f15250a.startActivity(intent);
                        return;
                    }
                    String string = this.f15250a.getResources().getString(R.string.cert_alias_AIDL_message, this.f15250a.getResources().getString(R.string.app_name));
                    String string2 = this.f15250a.getResources().getString(R.string.cert_alias_AIDL_title);
                    g.e eVar = new g.e(this.f15250a, NotificationUtil.VPN_NOTIFICATION_CHANNEL_ID);
                    eVar.b((CharSequence) string2);
                    eVar.e(R.drawable.alert_small);
                    eVar.a(true);
                    eVar.a((CharSequence) string);
                    g.c cVar = new g.c();
                    cVar.b(string2);
                    cVar.a(string);
                    eVar.a(cVar);
                    eVar.c(true);
                    eVar.a(PendingIntent.getActivity(this.f15250a, 0, intent, 201326592));
                    ((NotificationManager) this.f15250a.getSystemService("notification")).notify(NotificationUtil.PULSE_NOTIFICATION_ID, eVar.a());
                    return;
                }
                Log.e("ClientAuthentication", "Incomplete profile :");
                Log.e("ClientAuthentication", "Alias :" + certAlias);
                Log.e("ClientAuthentication", "Url :" + url);
                Log.e("ClientAuthentication", "Profile name :" + name);
            } catch (ClassNotFoundException unused) {
                Log.e("TransparentPermissionActivity not found");
            }
        }
    }

    protected Interceptor a() {
        return new b();
    }

    @Override // net.juniper.junos.pulse.android.a.c
    public void a(String str) {
        Log.d("Hostchecker fail, errMsg = " + str);
        if (this.f15260k.isOnDemandProfile() || this.f15260k.isAlwaysOnProfile()) {
            Log.d("Profile is onDemand or isAlwaysOnProfile");
            this.f15252c.onRemediationgotoMonitoring();
        }
        this.f15251b.onClientAuthenticationFailed(str, null);
        b();
    }

    @Override // net.juniper.junos.pulse.android.a.c
    public void a(String str, String str2) {
        Log.d("Hostchecker success");
        this.f15257h = str2 + "; path=/dana-na/; Secure";
        SSLUtilities.setHNUrl(this.f15260k.getUrl());
        SSLUtilities.setPerformSessionOperation(false);
        b(str);
    }

    public void a(VpnProfile vpnProfile) {
        Log.d("ClientAuthentication", "certAuthenticate called, profile = " + vpnProfile.getName());
        this.f15260k = vpnProfile;
        b(vpnProfile);
        if (this.f15255f == null) {
            Log.e("SSLContext is null, returning");
            return;
        }
        if (SMUtility.isConnectionAvailable() && !JunosApplication.getApplication().isVpnConnected()) {
            Log.d("ClientAuthentication", "Stealth Mode: start authentication!");
            if (TextUtils.isEmpty(vpnProfile.getUrl())) {
                return;
            }
            b(vpnProfile.getUrl());
            return;
        }
        if (JunosApplication.getApplication().isVpnConnected()) {
            Log.d("ClientAuthentication", "Stealth Mode: VPN already connected!");
            return;
        }
        Log.d("ClientAuthentication", "Stealth Mode: No network!");
        NotificationUtil.showVpnErrorNotification(JunosApplication.getApplication(), VpnSamsungKnoxService.AUTH_FAIL_NETWORK_ISSUE);
        VpnProfile vpnProfile2 = this.f15260k;
        if (vpnProfile2 != null) {
            net.juniper.junos.pulse.android.network.schedulers.a.b(vpnProfile2.getName());
        }
    }

    public void a(VpnProfile vpnProfile, String str, String str2) {
        JunosApplication.getApplication().clearCookies();
        this.f15260k = vpnProfile;
        b(vpnProfile);
        this.f15257h = str2;
        SSLUtilities.setHNUrl(vpnProfile.getUrl());
        SSLUtilities.setPerformSessionOperation(false);
        b(str);
    }

    public void a(boolean z) {
        this.f15261l = z;
    }
}
