package de.blinkt.openvpn;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Build;
import android.support.v4.os.EnvironmentCompat;
import android.text.TextUtils;
import android.util.Base64;
import de.blinkt.openvpn.core.Connection;
import de.blinkt.openvpn.core.NativeUtils;
import de.blinkt.openvpn.core.OpenVPNService;
import de.blinkt.openvpn.core.VPNLaunchHelper;
import de.blinkt.openvpn.core.VpnStatus;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.HashSet;
import java.util.Locale;
import java.util.UUID;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class VpnProfile implements Serializable, Cloneable {
    public static final int CURRENT_PROFILE_VERSION = 5;
    public static String DEFAULT_DNS1 = "8.8.8.8";
    public static String DEFAULT_DNS2 = "8.8.4.4";
    public static final int DEFAULT_MSSFIX_SIZE = 1450;
    public static final String DISPLAYNAME_TAG = "[[NAME]]";
    public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID";
    public static final String INLINE_TAG = "[[INLINE]]";
    public static final int MAXLOGLEVEL = 4;
    public static final transient long MAX_EMBED_FILE_SIZE = 2097152;
    public static final int TYPE_CERTIFICATES = 0;
    public static final int TYPE_KEYSTORE = 2;
    public static final int TYPE_PKCS12 = 1;
    public static final int TYPE_STATICKEYS = 4;
    public static final int TYPE_USERPASS = 3;
    public static final int TYPE_USERPASS_CERTIFICATES = 5;
    public static final int TYPE_USERPASS_KEYSTORE = 7;
    public static final int TYPE_USERPASS_PKCS12 = 6;
    public static final int X509_VERIFY_TLSREMOTE = 0;
    public static final int X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING = 1;
    public static final int X509_VERIFY_TLSREMOTE_DN = 2;
    public static final int X509_VERIFY_TLSREMOTE_RDN = 3;
    public static final int X509_VERIFY_TLSREMOTE_RDN_PREFIX = 4;
    private static final long serialVersionUID = 7085688938959334563L;
    public String mAlias;
    public boolean mAllowLocalLAN;
    public String mCaFilename;
    public String mClientCertFilename;
    public String mClientKeyFilename;
    public Connection[] mConnections;
    public String mCustomRoutes;
    public String mExcludedRoutes;
    public String mExcludedRoutesv6;
    public String mIPv4Address;
    public String mIPv6Address;
    public String mName;
    public String mPKCS12Filename;
    public String mPKCS12Password;
    private transient PrivateKey mPrivateKey;
    public String mProfileCreator;
    public String mTLSAuthFilename;
    public transient String mTransientPW = null;
    public transient String mTransientPCKS12PW = null;
    public transient boolean profileDeleted = false;
    public int mAuthenticationType = 2;
    public String mTLSAuthDirection = "";
    public boolean mUseLzo = true;
    public boolean mUseTLSAuth = false;
    public String mDNS1 = DEFAULT_DNS1;
    public String mDNS2 = DEFAULT_DNS2;
    public boolean mOverrideDNS = false;
    public String mSearchDomain = "blinkt.de";
    public boolean mUseDefaultRoute = true;
    public boolean mUsePull = true;
    public boolean mCheckRemoteCN = true;
    public boolean mExpectTLSCert = false;
    public String mRemoteCN = "";
    public String mPassword = "";
    public String mUsername = "";
    public boolean mRoutenopull = false;
    public boolean mUseRandomHostname = false;
    public boolean mUseFloat = false;
    public boolean mUseCustomConfig = false;
    public String mCustomConfigOptions = "";
    public String mVerb = "1";
    public String mCipher = "";
    public boolean mNobind = false;
    public boolean mUseDefaultRoutev6 = true;
    public String mCustomRoutesv6 = "";
    public String mKeyPassword = "";
    public boolean mPersistTun = false;
    public String mConnectRetryMax = "5";
    public String mConnectRetry = "5";
    public boolean mUserEditable = true;
    public String mAuth = "";
    public int mX509AuthType = 3;
    public int mMssFix = 0;
    public boolean mRemoteRandom = false;
    public HashSet<String> mAllowedAppsVpn = new HashSet<>();
    public boolean mAllowedAppsVpnAreDisallowed = true;
    public String mServerName = "openvpn.blinkt.de";
    public String mServerPort = "1194";
    public boolean mUseUdp = true;
    private UUID mUuid = UUID.randomUUID();
    private int mProfileVersion = 5;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class NoCertReturnedException extends Exception {
        public NoCertReturnedException(String str) {
            super(str);
        }
    }

    public VpnProfile(String str) {
        this.mConnections = new Connection[0];
        this.mName = str;
        this.mConnections = new Connection[1];
        this.mConnections[0] = new Connection();
    }

    private String cidrToIPAndNetmask(String str) {
        String[] split = str.split("/");
        if (split.length == 1) {
            split = (str + "/32").split("/");
        }
        if (split.length != 2) {
            return null;
        }
        try {
            int parseInt = Integer.parseInt(split[1]);
            if (parseInt < 0 || parseInt > 32) {
                return null;
            }
            long j = (4294967295 << (32 - parseInt)) & 4294967295L;
            return split[0] + "  " + String.format(Locale.ENGLISH, "%d.%d.%d.%d", Long.valueOf(((-16777216) & j) >> 24), Long.valueOf((16711680 & j) >> 16), Long.valueOf((65280 & j) >> 8), Long.valueOf(255 & j));
        } catch (NumberFormatException e) {
            return null;
        }
    }

    private Collection<String> getCustomRoutes(String str) {
        Vector vector = new Vector();
        if (str == null) {
            return vector;
        }
        for (String str2 : str.split("[\n \t]")) {
            if (!str2.equals("")) {
                String cidrToIPAndNetmask = cidrToIPAndNetmask(str2);
                if (cidrToIPAndNetmask == null) {
                    return null;
                }
                vector.add(cidrToIPAndNetmask);
            }
        }
        return vector;
    }

    private Collection<String> getCustomRoutesv6(String str) {
        Vector vector = new Vector();
        if (str != null) {
            for (String str2 : str.split("[\n \t]")) {
                if (!str2.equals("")) {
                    vector.add(str2);
                }
            }
        }
        return vector;
    }

    public static String getDisplayName(String str) {
        return str.substring(DISPLAYNAME_TAG.length(), str.indexOf(INLINE_TAG));
    }

    public static String getEmbeddedContent(String str) {
        return !str.contains(INLINE_TAG) ? str : str.substring(str.indexOf(INLINE_TAG) + INLINE_TAG.length());
    }

    public static String insertFileData(String str, String str2) {
        if (str2 == null) {
            return String.format("%s %s\n", str, "missing");
        }
        if (!isEmbedded(str2)) {
            return String.format(Locale.ENGLISH, "%s %s\n", str, openVpnEscape(str2));
        }
        return String.format(Locale.ENGLISH, "<%s>\n%s\n</%s>\n", str, getEmbeddedContent(str2), str);
    }

    public static boolean isEmbedded(String str) {
        if (str == null) {
            return false;
        }
        return str.startsWith(INLINE_TAG) || str.startsWith(DISPLAYNAME_TAG);
    }

    private void moveOptionsToConnection() {
        this.mConnections = new Connection[1];
        Connection connection = new Connection();
        connection.mServerName = this.mServerName;
        connection.mServerPort = this.mServerPort;
        connection.mUseUdp = this.mUseUdp;
        connection.mCustomConfiguration = "";
        this.mConnections[0] = connection;
    }

    public static String openVpnEscape(String str) {
        if (str == null) {
            return null;
        }
        String replace = str.replace("\\", "\\\\").replace("\"", "\\\"").replace("\n", "\\n");
        return (!replace.equals(str) || replace.contains(" ") || replace.contains("#") || replace.contains(";") || replace.equals("")) ? '\"' + replace + '\"' : str;
    }

    private String processSignJellyBeans(PrivateKey privateKey, byte[] bArr) {
        Exception exc;
        try {
            Method declaredMethod = privateKey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey", new Class[0]);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(privateKey, new Object[0]);
            declaredMethod.setAccessible(false);
            Method declaredMethod2 = invoke.getClass().getDeclaredMethod("getPkeyContext", new Class[0]);
            declaredMethod2.setAccessible(true);
            int intValue = ((Integer) declaredMethod2.invoke(invoke, new Object[0])).intValue();
            declaredMethod2.setAccessible(false);
            return Base64.encodeToString(NativeUtils.rsasign(bArr, intValue), 2);
        } catch (IllegalAccessException e) {
            exc = e;
            VpnStatus.logError(R.string.error_rsa_sign, exc.getClass().toString(), exc.getLocalizedMessage());
            return null;
        } catch (IllegalArgumentException e2) {
            exc = e2;
            VpnStatus.logError(R.string.error_rsa_sign, exc.getClass().toString(), exc.getLocalizedMessage());
            return null;
        } catch (NoSuchMethodException e3) {
            exc = e3;
            VpnStatus.logError(R.string.error_rsa_sign, exc.getClass().toString(), exc.getLocalizedMessage());
            return null;
        } catch (InvocationTargetException e4) {
            exc = e4;
            VpnStatus.logError(R.string.error_rsa_sign, exc.getClass().toString(), exc.getLocalizedMessage());
            return null;
        } catch (InvalidKeyException e5) {
            exc = e5;
            VpnStatus.logError(R.string.error_rsa_sign, exc.getClass().toString(), exc.getLocalizedMessage());
            return null;
        }
    }

    public void checkForRestart(final Context context) {
        if ((this.mAuthenticationType == 2 || this.mAuthenticationType == 7) && this.mPrivateKey == null) {
            new Thread(new Runnable() { // from class: de.blinkt.openvpn.VpnProfile.1
                @Override // java.lang.Runnable
                public void run() {
                    VpnProfile.this.getKeyStoreCertificates(context);
                }
            }).start();
        }
    }

    public int checkProfile(Context context) {
        if ((this.mAuthenticationType == 2 || this.mAuthenticationType == 7) && this.mAlias == null) {
            return R.string.no_keystore_cert_selected;
        }
        if ((!this.mUsePull || this.mAuthenticationType == 4) && (this.mIPv4Address == null || cidrToIPAndNetmask(this.mIPv4Address) == null)) {
            return R.string.ipv4_format_error;
        }
        if (!this.mUseDefaultRoute && (getCustomRoutes(this.mCustomRoutes) == null || getCustomRoutes(this.mExcludedRoutes) == null)) {
            return R.string.custom_route_format_error;
        }
        boolean z = true;
        for (Connection connection : this.mConnections) {
            if (connection.mEnabled) {
                z = false;
            }
        }
        return z ? R.string.remote_no_server_selected : R.string.no_error_found;
    }

    public void clearDefaults() {
        this.mServerName = EnvironmentCompat.MEDIA_UNKNOWN;
        this.mUsePull = false;
        this.mUseLzo = false;
        this.mUseDefaultRoute = false;
        this.mUseDefaultRoutev6 = false;
        this.mExpectTLSCert = false;
        this.mCheckRemoteCN = false;
        this.mPersistTun = false;
        this.mAllowLocalLAN = true;
        this.mMssFix = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public VpnProfile m5clone() throws CloneNotSupportedException {
        VpnProfile vpnProfile = (VpnProfile) super.clone();
        vpnProfile.mUuid = UUID.randomUUID();
        vpnProfile.mConnections = new Connection[this.mConnections.length];
        Connection[] connectionArr = this.mConnections;
        int length = connectionArr.length;
        int i = 0;
        int i2 = 0;
        while (i < length) {
            vpnProfile.mConnections[i2] = connectionArr[i].m6clone();
            i++;
            i2++;
        }
        vpnProfile.mAllowedAppsVpn = (HashSet) this.mAllowedAppsVpn.clone();
        return vpnProfile;
    }

    public VpnProfile copy(String str) {
        try {
            VpnProfile m5clone = m5clone();
            m5clone.mName = str;
            return m5clone;
        } catch (CloneNotSupportedException e) {
            e.printStackTrace();
            return null;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:151:0x0744  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getConfigFile(android.content.Context r17, boolean r18) {
        /*
            Method dump skipped, instructions count: 2578
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.blinkt.openvpn.VpnProfile.getConfigFile(android.content.Context, boolean):java.lang.String");
    }

    public String[] getKeyStoreCertificates(Context context) {
        return getKeyStoreCertificates(context, 5);
    }

    /* JADX WARN: Removed duplicated region for block: B:43:0x0062 A[Catch: all -> 0x01d5, TryCatch #1 {, blocks: (B:4:0x0003, B:6:0x0029, B:7:0x0036, B:9:0x007a, B:11:0x0085, B:13:0x0091, B:14:0x00a3, B:27:0x00b0, B:16:0x00df, B:18:0x00ef, B:19:0x010f, B:22:0x0118, B:30:0x0169, B:31:0x0132, B:32:0x0141, B:34:0x0148, B:36:0x015f, B:41:0x0039, B:43:0x0062, B:45:0x0070, B:56:0x01a4, B:59:0x01bf, B:61:0x01c4, B:64:0x01d1), top: B:3:0x0003, inners: #3, #5, #9, #6, #5 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    synchronized java.lang.String[] getKeyStoreCertificates(android.content.Context r28, int r29) {
        /*
            Method dump skipped, instructions count: 472
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.blinkt.openvpn.VpnProfile.getKeyStoreCertificates(android.content.Context, int):java.lang.String[]");
    }

    public PrivateKey getKeystoreKey() {
        return this.mPrivateKey;
    }

    public String getName() {
        return this.mName == null ? "No profile name" : this.mName;
    }

    public String getPasswordAuth() {
        if (this.mTransientPW == null) {
            return this.mPassword;
        }
        String str = this.mTransientPW;
        this.mTransientPW = null;
        return str;
    }

    public String getPasswordPrivateKey() {
        if (this.mTransientPCKS12PW != null) {
            String str = this.mTransientPCKS12PW;
            this.mTransientPCKS12PW = null;
            return str;
        }
        switch (this.mAuthenticationType) {
            case 0:
            case 5:
                return this.mKeyPassword;
            case 1:
            case 6:
                return this.mPKCS12Password;
            case 2:
            case 3:
            case 4:
            default:
                return null;
        }
    }

    public String getSignedData(String str) {
        GeneralSecurityException generalSecurityException;
        PrivateKey keystoreKey = getKeystoreKey();
        byte[] decode = Base64.decode(str, 0);
        if (Build.VERSION.SDK_INT == 16) {
            return processSignJellyBeans(keystoreKey, decode);
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
            cipher.init(1, keystoreKey);
            return Base64.encodeToString(cipher.doFinal(decode), 2);
        } catch (InvalidKeyException e) {
            generalSecurityException = e;
            VpnStatus.logError(R.string.error_rsa_sign, generalSecurityException.getClass().toString(), generalSecurityException.getLocalizedMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            generalSecurityException = e2;
            VpnStatus.logError(R.string.error_rsa_sign, generalSecurityException.getClass().toString(), generalSecurityException.getLocalizedMessage());
            return null;
        } catch (BadPaddingException e3) {
            generalSecurityException = e3;
            VpnStatus.logError(R.string.error_rsa_sign, generalSecurityException.getClass().toString(), generalSecurityException.getLocalizedMessage());
            return null;
        } catch (IllegalBlockSizeException e4) {
            generalSecurityException = e4;
            VpnStatus.logError(R.string.error_rsa_sign, generalSecurityException.getClass().toString(), generalSecurityException.getLocalizedMessage());
            return null;
        } catch (NoSuchPaddingException e5) {
            generalSecurityException = e5;
            VpnStatus.logError(R.string.error_rsa_sign, generalSecurityException.getClass().toString(), generalSecurityException.getLocalizedMessage());
            return null;
        }
    }

    public Intent getStartServiceIntent(Context context) {
        String packageName = context.getPackageName();
        Intent intent = new Intent(context, (Class<?>) OpenVPNService.class);
        intent.putExtra(packageName + ".ARGV", VPNLaunchHelper.buildOpenvpnArgv(context));
        intent.putExtra(packageName + ".profileUUID", this.mUuid.toString());
        intent.putExtra(packageName + ".nativelib", context.getApplicationInfo().nativeLibraryDir);
        return intent;
    }

    public UUID getUUID() {
        return this.mUuid;
    }

    public String getUUIDString() {
        return this.mUuid.toString();
    }

    public String getVersionEnvString(Context context) {
        String str = EnvironmentCompat.MEDIA_UNKNOWN;
        try {
            str = context.getPackageManager().getPackageInfo(context.getPackageName(), 0).versionName;
        } catch (PackageManager.NameNotFoundException e) {
            VpnStatus.logException(e);
        }
        return String.format(Locale.US, "%s %s", context.getPackageName(), str);
    }

    public boolean isUserPWAuth() {
        switch (this.mAuthenticationType) {
            case 3:
            case 5:
            case 6:
            case 7:
                return true;
            case 4:
            default:
                return false;
        }
    }

    public int needUserPWInput(boolean z) {
        if ((this.mAuthenticationType == 1 || this.mAuthenticationType == 6) && ((this.mPKCS12Password == null || this.mPKCS12Password.equals("")) && (z || this.mTransientPCKS12PW == null))) {
            return R.string.pkcs12_file_encryption_key;
        }
        if ((this.mAuthenticationType == 0 || this.mAuthenticationType == 5) && requireTLSKeyPassword() && TextUtils.isEmpty(this.mKeyPassword) && (z || this.mTransientPCKS12PW == null)) {
            return R.string.private_key_password;
        }
        if (isUserPWAuth() && (TextUtils.isEmpty(this.mUsername) || (TextUtils.isEmpty(this.mPassword) && (this.mTransientPW == null || z)))) {
            return R.string.password;
        }
        return 0;
    }

    public Intent prepareStartService(Context context) {
        Intent startServiceIntent = getStartServiceIntent(context);
        if ((this.mAuthenticationType == 2 || this.mAuthenticationType == 7) && getKeyStoreCertificates(context) == null) {
            return null;
        }
        try {
            FileWriter fileWriter = new FileWriter(VPNLaunchHelper.getConfigFilePath(context));
            fileWriter.write(getConfigFile(context, false));
            fileWriter.flush();
            fileWriter.close();
            return startServiceIntent;
        } catch (IOException e) {
            VpnStatus.logException(e);
            return startServiceIntent;
        }
    }

    public boolean requireTLSKeyPassword() {
        if (TextUtils.isEmpty(this.mClientKeyFilename)) {
            return false;
        }
        String str = "";
        if (isEmbedded(this.mClientKeyFilename)) {
            str = this.mClientKeyFilename;
        } else {
            char[] cArr = new char[2048];
            try {
                FileReader fileReader = new FileReader(this.mClientKeyFilename);
                for (int read = fileReader.read(cArr); read > 0; read = fileReader.read(cArr)) {
                    str = str + new String(cArr, 0, read);
                }
                fileReader.close();
            } catch (FileNotFoundException e) {
                return false;
            } catch (IOException e2) {
                return false;
            }
        }
        return str.contains("Proc-Type: 4,ENCRYPTED") || str.contains("-----BEGIN ENCRYPTED PRIVATE KEY-----");
    }

    public String toString() {
        return this.mName;
    }

    public void upgradeProfile() {
        if (this.mProfileVersion < 2) {
            this.mAllowLocalLAN = Build.VERSION.SDK_INT < 19;
        }
        if (this.mProfileVersion < 4) {
            moveOptionsToConnection();
            this.mAllowedAppsVpnAreDisallowed = true;
        }
        if (this.mAllowedAppsVpn == null) {
            this.mAllowedAppsVpn = new HashSet<>();
        }
        if (this.mConnections == null) {
            this.mConnections = new Connection[0];
        }
        this.mProfileVersion = 5;
    }
}
