package se.leap.bitmaskclient.eip;

import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.VpnStatus;
import de.blinkt.openvpn.core.connection.Connection;
import java.io.IOException;
import java.io.StringReader;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import se.leap.bitmaskclient.base.models.Constants;
import se.leap.bitmaskclient.base.models.Provider;
import se.leap.bitmaskclient.base.models.Transport;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;

/* loaded from: classes2.dex */
public class VpnConfigGenerator {
    public static final String TAG = "VpnConfigGenerator";
    private final int apiVersion;
    private final Set<String> excludedApps;
    private final boolean experimentalTransports;
    private final JSONObject gateway;
    private final JSONObject generalConfiguration;
    private final String obfuscationPinningCert;
    private final String obfuscationPinningIP;
    private final boolean obfuscationPinningKCP;
    private final String obfuscationPinningPort;
    private final boolean preferUDP;
    private final String profileName;
    private final String remoteGatewayIP;
    private final JSONObject secrets;
    private final boolean useObfuscationPinning;
    HashMap<Connection.TransportType, Transport> transports = new HashMap<>();
    private final String newLine = System.getProperty("line.separator");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: se.leap.bitmaskclient.eip.VpnConfigGenerator$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType;

        static {
            int[] iArr = new int[Connection.TransportType.values().length];
            $SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType = iArr;
            try {
                iArr[Connection.TransportType.OPENVPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType[Connection.TransportType.OBFS4_HOP.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType[Connection.TransportType.OBFS4.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class Configuration {
        int apiVersion;
        boolean experimentalTransports;
        boolean obfuscationProxyKCP;
        boolean preferUDP;
        boolean useObfuscationPinning;
        String remoteGatewayIP = "";
        String profileName = "";
        Set<String> excludedApps = null;
        String obfuscationProxyIP = "";
        String obfuscationProxyPort = "";
        String obfuscationProxyCert = "";
    }

    public VpnConfigGenerator(JSONObject jSONObject, JSONObject jSONObject2, JSONObject jSONObject3, Configuration configuration) throws ConfigParser.ConfigParseError {
        this.generalConfiguration = jSONObject;
        this.gateway = jSONObject3;
        this.secrets = jSONObject2;
        this.apiVersion = configuration.apiVersion;
        this.preferUDP = configuration.preferUDP;
        this.experimentalTransports = configuration.experimentalTransports;
        this.useObfuscationPinning = configuration.useObfuscationPinning;
        this.obfuscationPinningIP = configuration.obfuscationProxyIP;
        this.obfuscationPinningPort = configuration.obfuscationProxyPort;
        this.obfuscationPinningCert = configuration.obfuscationProxyCert;
        this.obfuscationPinningKCP = configuration.obfuscationProxyKCP;
        this.remoteGatewayIP = configuration.remoteGatewayIP;
        this.profileName = configuration.profileName;
        this.excludedApps = configuration.excludedApps;
        checkCapabilities();
    }

    private String androidCustomizations() {
        return "remote-cert-tls server" + this.newLine + "persist-tun" + this.newLine + "auth-retry nointeract";
    }

    private void gatewayConfigApiv1(StringBuilder sb, String str, JSONObject jSONObject) throws JSONException {
        JSONArray jSONArray = jSONObject.getJSONArray(Constants.PORTS);
        JSONArray jSONArray2 = jSONObject.getJSONArray(Constants.PROTOCOLS);
        for (int i = 0; i < jSONArray.length(); i++) {
            int i2 = jSONArray.getInt(i);
            for (int i3 = 0; i3 < jSONArray2.length(); i3++) {
                sb.append("remote " + str + " " + i2 + " " + jSONArray2.optString(i3) + this.newLine);
            }
        }
    }

    private void gatewayConfigMinApiv3(Connection.TransportType transportType, StringBuilder sb, String[] strArr) throws JSONException {
        if (transportType.isPluggableTransport()) {
            ptGatewayConfigMinApiv3(sb, strArr, this.transports.get(transportType));
        } else {
            ovpnGatewayConfigMinApi3(sb, strArr, this.transports.get(Connection.TransportType.OPENVPN));
        }
    }

    private String gatewayConfiguration(Connection.TransportType transportType) {
        StringBuilder sb = new StringBuilder();
        try {
            JSONObject jSONObject = this.gateway.getJSONObject(Constants.CAPABILITIES);
            int i = this.apiVersion;
            if (i == 3 || i == 4) {
                String optString = this.gateway.optString(Constants.IP_ADDRESS);
                String optString2 = this.gateway.optString(Constants.IP_ADDRESS6);
                gatewayConfigMinApiv3(transportType, sb, optString2.isEmpty() ? new String[]{optString} : new String[]{optString2, optString});
            } else {
                gatewayConfigApiv1(sb, this.gateway.getString(Constants.IP_ADDRESS), jSONObject);
            }
        } catch (JSONException e) {
            e.printStackTrace();
        }
        String sb2 = sb.toString();
        return sb2.endsWith(this.newLine) ? sb2.substring(0, sb2.lastIndexOf(this.newLine)) : sb2;
    }

    private String generalConfiguration() {
        String str = "";
        try {
            Iterator<String> keys = this.generalConfiguration.keys();
            while (keys.hasNext()) {
                String obj = keys.next().toString();
                String str2 = str + obj + " ";
                for (String str3 : String.valueOf(this.generalConfiguration.get(obj)).split(" ")) {
                    str2 = str2 + str3 + " ";
                }
                str = str2 + this.newLine;
            }
        } catch (JSONException e) {
            e.printStackTrace();
        }
        return str + "client";
    }

    private String getConfigurationString(Connection.TransportType transportType) {
        return generalConfiguration() + this.newLine + gatewayConfiguration(transportType) + this.newLine + androidCustomizations() + this.newLine + secretsConfiguration();
    }

    private Obfs4Options getObfs4Options(Connection.TransportType transportType) throws JSONException {
        Transport transport;
        String string = this.gateway.getString(Constants.IP_ADDRESS);
        if (this.useObfuscationPinning) {
            String transportType2 = Connection.TransportType.OBFS4.toString();
            String[] strArr = new String[1];
            strArr[0] = this.obfuscationPinningKCP ? Constants.KCP : Constants.TCP;
            transport = new Transport(transportType2, strArr, new String[]{this.obfuscationPinningPort}, this.obfuscationPinningCert);
            string = this.obfuscationPinningIP;
        } else {
            transport = this.transports.get(transportType);
        }
        return new Obfs4Options(string, transport);
    }

    private boolean hasPTAllowedProtocol(Transport transport, String str) {
        for (String str2 : transport.getProtocols()) {
            if (isAllowedProtocol(transport.getTransportType(), str2)) {
                return true;
            }
        }
        VpnStatus.logError("Misconfigured provider: wrong protocol defined in  " + transport.getType() + " transport JSON for gateway " + str);
        return false;
    }

    private boolean isAllowedProtocol(Connection.TransportType transportType, String str) {
        int i = AnonymousClass1.$SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType[transportType.ordinal()];
        if (i == 1) {
            return Constants.TCP.equals(str) || Constants.UDP.equals(str);
        }
        if (i == 2 || i == 3) {
            return Constants.TCP.equals(str) || Constants.KCP.equals(str);
        }
        return false;
    }

    private boolean openvpnModeSupportsPt(Transport transport, String str) {
        Transport transport2;
        if (this.useObfuscationPinning || (transport2 = this.transports.get(Connection.TransportType.OPENVPN)) == null) {
            return true;
        }
        String[] protocols = transport2.getProtocols();
        if (protocols == null) {
            VpnStatus.logError("Misconfigured provider: Protocol array is missing for openvpn gateway " + str);
            return false;
        }
        String str2 = transport.getTransportType() == Connection.TransportType.OBFS4_HOP ? Constants.UDP : Constants.TCP;
        for (String str3 : protocols) {
            if (str3.equals(str2)) {
                return true;
            }
        }
        VpnStatus.logError("Misconfigured provider: " + transport.getTransportType().toString() + " currently only allows openvpn in " + str2 + " mode! Skipping config for ip " + str);
        return false;
    }

    private void ovpnGatewayConfigMinApi3(StringBuilder sb, String[] strArr, Transport transport) {
        if (transport.getProtocols() == null || transport.getPorts() == null) {
            VpnStatus.logError("Misconfigured provider: missing details for transport openvpn on gateway " + strArr[0]);
            return;
        }
        if (!this.preferUDP) {
            String[] protocols = transport.getProtocols();
            int length = protocols.length;
            for (int i = 0; i < length; i++) {
                String str = protocols[i];
                for (String str2 : transport.getPorts()) {
                    int length2 = strArr.length;
                    int i2 = 0;
                    while (i2 < length2) {
                        sb.append("remote " + strArr[i2] + " " + str2 + " " + str + this.newLine);
                        i2++;
                        protocols = protocols;
                    }
                }
            }
            return;
        }
        StringBuilder sb2 = new StringBuilder();
        StringBuilder sb3 = new StringBuilder();
        String[] protocols2 = transport.getProtocols();
        int length3 = protocols2.length;
        for (int i3 = 0; i3 < length3; i3++) {
            String str3 = protocols2[i3];
            String[] ports = transport.getPorts();
            int length4 = ports.length;
            int i4 = 0;
            while (i4 < length4) {
                String str4 = ports[i4];
                int length5 = strArr.length;
                String[] strArr2 = protocols2;
                int i5 = 0;
                while (i5 < length5) {
                    int i6 = length5;
                    int i7 = length3;
                    String str5 = "remote " + strArr[i5] + " " + str4 + " " + str3 + this.newLine;
                    if (Constants.UDP.equals(str3)) {
                        sb2.append(str5);
                    } else {
                        sb3.append(str5);
                    }
                    i5++;
                    length5 = i6;
                    length3 = i7;
                }
                i4++;
                protocols2 = strArr2;
            }
        }
        sb.append(sb2.toString());
        sb.append(sb3.toString());
    }

    private void ptGatewayConfigMinApiv3(StringBuilder sb, String[] strArr, Transport transport) {
        String str;
        if (strArr.length == 0) {
            return;
        }
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                str = null;
                break;
            }
            str = strArr[i];
            if (ConfigHelper.isIPv4(str)) {
                break;
            }
            VpnStatus.logWarning("Skipping IP address " + str + " while configuring obfs4.");
            i++;
        }
        if (str == null) {
            VpnStatus.logError("Misconfigured provider: No matching IPv4 address found to configure obfs4.");
            return;
        }
        if (openvpnModeSupportsPt(transport, str) && hasPTAllowedProtocol(transport, str)) {
            Connection.TransportType transportType = transport.getTransportType();
            if (transportType == Connection.TransportType.OBFS4 && (transport.getPorts() == null || transport.getPorts().length == 0)) {
                VpnStatus.logError("Misconfigured provider: no ports defined in " + transport.getType() + " transport JSON for gateway " + str);
                return;
            }
            if (transportType != Connection.TransportType.OBFS4_HOP || (transport.getOptions() != null && ((transport.getOptions().getEndpoints() != null || transport.getOptions().getCert() != null) && transport.getOptions().getPortCount() != 0))) {
                sb.append(getRouteString(str, transport));
                sb.append(getRemoteString(str, transport));
                sb.append(getExtraOptions(transport));
            } else {
                VpnStatus.logError("Misconfigured provider: missing properties for transport " + transport.getType() + " on gateway " + str);
            }
        }
    }

    private String secretsConfiguration() {
        try {
            return ("<ca>" + this.newLine + this.secrets.getString(Provider.CA_CERT) + this.newLine + "</ca>") + this.newLine + ("<cert>" + this.newLine + this.secrets.getString("cert") + this.newLine + "</cert>");
        } catch (JSONException e) {
            e.printStackTrace();
            return "";
        }
    }

    private boolean supportsOpenvpn() {
        return !this.useObfuscationPinning && ((this.apiVersion >= 3 && this.transports.containsKey(Connection.TransportType.OPENVPN)) || (this.apiVersion < 3 && !gatewayConfiguration(Connection.TransportType.OPENVPN).isEmpty()));
    }

    public void checkCapabilities() throws ConfigParser.ConfigParseError {
        try {
            if (this.apiVersion >= 3) {
                JSONArray jSONArray = this.gateway.getJSONObject(Constants.CAPABILITIES).getJSONArray("transport");
                for (int i = 0; i < jSONArray.length(); i++) {
                    Transport fromJson = Transport.fromJson(jSONArray.getJSONObject(i));
                    this.transports.put(fromJson.getTransportType(), fromJson);
                }
            }
        } catch (Exception unused) {
            throw new ConfigParser.ConfigParseError("Api version (" + this.apiVersion + ") did not match required JSON fields");
        }
    }

    protected VpnProfile createProfile(Connection.TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException {
        String configurationString = getConfigurationString(transportType);
        ConfigParser configParser = new ConfigParser();
        configParser.parseConfig(new StringReader(configurationString));
        if (transportType == Connection.TransportType.OBFS4 || transportType == Connection.TransportType.OBFS4_HOP) {
            configParser.setObfs4Options(getObfs4Options(transportType));
        }
        VpnProfile convertProfile = configParser.convertProfile(transportType);
        convertProfile.mName = this.profileName;
        convertProfile.mGatewayIp = this.remoteGatewayIP;
        if (this.excludedApps != null) {
            convertProfile.mAllowedAppsVpn = new HashSet<>(this.excludedApps);
        }
        return convertProfile;
    }

    public HashMap<Connection.TransportType, VpnProfile> generateVpnProfiles() throws ConfigParser.ConfigParseError, NumberFormatException {
        HashMap<Connection.TransportType, VpnProfile> hashMap = new HashMap<>();
        if (supportsOpenvpn()) {
            try {
                hashMap.put(Connection.TransportType.OPENVPN, createProfile(Connection.TransportType.OPENVPN));
            } catch (ConfigParser.ConfigParseError | IOException | NumberFormatException | JSONException e) {
                e.printStackTrace();
            }
        }
        if (this.apiVersion >= 3) {
            for (Connection.TransportType transportType : this.transports.keySet()) {
                Transport transport = this.transports.get(transportType);
                if (transportType.isPluggableTransport()) {
                    Transport.Options options = transport.getOptions();
                    if (this.experimentalTransports || options == null || !options.isExperimental()) {
                        try {
                            hashMap.put(transportType, createProfile(transportType));
                        } catch (ConfigParser.ConfigParseError | IOException | NumberFormatException | JSONException e2) {
                            e2.printStackTrace();
                        }
                    }
                }
            }
        }
        if (hashMap.isEmpty()) {
            throw new ConfigParser.ConfigParseError("No supported transports detected.");
        }
        return hashMap;
    }

    public String getExtraOptions(Transport transport) {
        if (transport.getTransportType() != Connection.TransportType.OBFS4_HOP) {
            return "";
        }
        return "replay-window 65535" + this.newLine + "ping-restart 300" + this.newLine + "tun-mtu 48000" + this.newLine;
    }

    public String getRemoteString(String str, Transport transport) {
        if (!ConfigHelper.ObfsVpnHelper.useObfsVpn()) {
            return "remote 127.0.0.1 4430 tcp" + this.newLine;
        }
        if (this.useObfuscationPinning) {
            return "remote " + this.obfuscationPinningIP + " " + this.obfuscationPinningPort + " tcp" + this.newLine;
        }
        int i = AnonymousClass1.$SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType[transport.getTransportType().ordinal()];
        if (i == 2) {
            return "remote 127.0.0.1 8080 udp" + this.newLine;
        }
        if (i != 3) {
            VpnStatus.logError("Unexpected pluggable transport type " + transport.getType() + " for gateway " + str);
            return "";
        }
        return "remote " + str + " " + transport.getPorts()[0] + " tcp" + this.newLine;
    }

    public String getRouteString(String str, Transport transport) {
        if (this.useObfuscationPinning) {
            return "route " + this.obfuscationPinningIP + " 255.255.255.255 net_gateway" + this.newLine;
        }
        int i = AnonymousClass1.$SwitchMap$de$blinkt$openvpn$core$connection$Connection$TransportType[transport.getTransportType().ordinal()];
        if (i != 2) {
            if (i != 3) {
                return "";
            }
            return "route " + str + " 255.255.255.255 net_gateway" + this.newLine;
        }
        if (transport.getOptions().getEndpoints() == null) {
            return "route " + str + " 255.255.255.255 net_gateway" + this.newLine;
        }
        StringBuilder sb = new StringBuilder();
        for (Transport.Endpoint endpoint : transport.getOptions().getEndpoints()) {
            sb.append("route " + endpoint.getIp() + " 255.255.255.255 net_gateway" + this.newLine);
        }
        return sb.toString();
    }
}
