package com.android.managedprovisioning.task.wifi;

import android.net.IpConfiguration;
import android.net.ProxyInfo;
import android.net.Uri;
import android.net.wifi.WifiConfiguration;
import android.net.wifi.WifiEnterpriseConfig;
import android.text.TextUtils;
import com.android.internal.annotations.VisibleForTesting;
import com.android.managedprovisioning.common.ProvisionLogger;
import com.android.managedprovisioning.model.WifiInfo;
import com.android.net.module.util.ProxyUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import java.util.function.IntFunction;
import java.util.function.Predicate;

/* loaded from: classes.dex */
public class WifiConfigurationProvider {

    @VisibleForTesting
    static final String EAP = "EAP";

    @VisibleForTesting
    static final String NONE = "NONE";

    @VisibleForTesting
    static final String WEP = "WEP";

    @VisibleForTesting
    static final String WPA = "WPA";

    @VisibleForTesting
    static final char[] PASSWORD = new char[0];
    private static Map<String, Integer> EAP_METHODS = buildEapMethodsMap();
    private static Map<String, Integer> PHASE2_AUTH = buildPhase2AuthMap();

    private X509Certificate buildCACertificate(String str) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)));
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static Map<String, Integer> buildEapMethodsMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("PEAP", 0);
        hashMap.put("TLS", 1);
        hashMap.put("TTLS", 2);
        hashMap.put("PWD", 3);
        hashMap.put("SIM", 4);
        hashMap.put("AKA", 5);
        hashMap.put("AKA_PRIME", 6);
        return hashMap;
    }

    private static Map<String, Integer> buildPhase2AuthMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(null, 0);
        hashMap.put("", 0);
        hashMap.put(NONE, 0);
        hashMap.put("PAP", 1);
        hashMap.put("MSCHAP", 2);
        hashMap.put("MSCHAPV2", 3);
        hashMap.put("GTC", 4);
        hashMap.put("SIM", 5);
        hashMap.put("AKA", 6);
        hashMap.put("AKA_PRIME", 7);
        return hashMap;
    }

    private static X509Certificate[] castX509Certificates(Certificate[] certificateArr) {
        return (X509Certificate[]) Arrays.stream(certificateArr).map(new Function() { // from class: com.android.managedprovisioning.task.wifi.WifiConfigurationProvider$$ExternalSyntheticLambda1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                X509Certificate lambda$castX509Certificates$1;
                lambda$castX509Certificates$1 = WifiConfigurationProvider.lambda$castX509Certificates$1((Certificate) obj);
                return lambda$castX509Certificates$1;
            }
        }).toArray(new IntFunction() { // from class: com.android.managedprovisioning.task.wifi.WifiConfigurationProvider$$ExternalSyntheticLambda2
            @Override // java.util.function.IntFunction
            public final Object apply(int i) {
                X509Certificate[] lambda$castX509Certificates$2;
                lambda$castX509Certificates$2 = WifiConfigurationProvider.lambda$castX509Certificates$2(i);
                return lambda$castX509Certificates$2;
            }
        });
    }

    private static String findAliasFromKeystore(KeyStore keyStore) throws KeyStoreException, CertificateException {
        ArrayList list = Collections.list(keyStore.aliases());
        if (list.isEmpty()) {
            return null;
        }
        if (list.size() == 1) {
            return (String) list.get(0);
        }
        throw new CertificateException("Configuration must contain only one certificate");
    }

    private int getEAPMethodFromString(String str) {
        if (EAP_METHODS.containsKey(str)) {
            return EAP_METHODS.get(str).intValue();
        }
        throw new IllegalArgumentException("Unknown EAP method: " + str);
    }

    private int getPhase2AuthFromString(String str) {
        if (PHASE2_AUTH.containsKey(str)) {
            return PHASE2_AUTH.get(str).intValue();
        }
        throw new IllegalArgumentException("Unknown Phase 2 authentication method: " + str);
    }

    private boolean isCertificateChainValidType(Certificate[] certificateArr) {
        return !Arrays.stream(certificateArr).anyMatch(new Predicate() { // from class: com.android.managedprovisioning.task.wifi.WifiConfigurationProvider$$ExternalSyntheticLambda0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$isCertificateChainValidType$0;
                lambda$isCertificateChainValidType$0 = WifiConfigurationProvider.lambda$isCertificateChainValidType$0((Certificate) obj);
                return lambda$isCertificateChainValidType$0;
            }
        });
    }

    private boolean isEAPWifiInfoValid(String str) {
        return EAP_METHODS.containsKey(str);
    }

    private boolean isKeyValidType(Key key) {
        return key instanceof PrivateKey;
    }

    private boolean isPhase2AuthWifiInfoValid(String str) {
        return PHASE2_AUTH.containsKey(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate lambda$castX509Certificates$1(Certificate certificate) {
        return (X509Certificate) certificate;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate[] lambda$castX509Certificates$2(int i) {
        return new X509Certificate[i];
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$isCertificateChainValidType$0(Certificate certificate) {
        return !(certificate instanceof X509Certificate);
    }

    private static KeyStore loadKeystoreFromCertificate(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)));
        try {
            keyStore.load(byteArrayInputStream, PASSWORD);
            byteArrayInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void maybeUpdateClientKeyForEAPConfiguration(WifiEnterpriseConfig wifiEnterpriseConfig, String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        Key key;
        if (TextUtils.isEmpty(str)) {
            return;
        }
        KeyStore loadKeystoreFromCertificate = loadKeystoreFromCertificate(str);
        String findAliasFromKeystore = findAliasFromKeystore(loadKeystoreFromCertificate);
        if (TextUtils.isEmpty(findAliasFromKeystore) || !loadKeystoreFromCertificate.isKeyEntry(findAliasFromKeystore) || (key = loadKeystoreFromCertificate.getKey(findAliasFromKeystore, PASSWORD)) == null) {
            return;
        }
        if (!isKeyValidType(key)) {
            ProvisionLogger.loge("Key in user certificate must be non-null and PrivateKey type");
            return;
        }
        Certificate[] certificateChain = loadKeystoreFromCertificate.getCertificateChain(findAliasFromKeystore);
        if (certificateChain == null) {
            return;
        }
        if (isCertificateChainValidType(certificateChain)) {
            wifiEnterpriseConfig.setClientKeyEntryWithCertificateChain((PrivateKey) key, castX509Certificates(certificateChain));
        } else {
            ProvisionLogger.loge("All certificates in chain in user certificate must be non-null X509Certificate type");
        }
    }

    private void maybeUpdateForEAPConfiguration(WifiConfiguration wifiConfiguration, WifiInfo wifiInfo) {
        try {
            maybeUpdateForEAPConfigurationOrThrow(wifiConfiguration, wifiInfo);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            ProvisionLogger.loge("Error while reading certificate", e);
        }
    }

    private void maybeUpdateForEAPConfigurationOrThrow(WifiConfiguration wifiConfiguration, WifiInfo wifiInfo) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, IOException {
        if (!isEAPWifiInfoValid(wifiInfo.eapMethod)) {
            ProvisionLogger.loge("Unknown EAP method: " + wifiInfo.eapMethod);
            return;
        }
        if (!isPhase2AuthWifiInfoValid(wifiInfo.phase2Auth)) {
            ProvisionLogger.loge("Unknown phase 2 authentication method: " + wifiInfo.phase2Auth);
            return;
        }
        wifiConfiguration.allowedKeyManagement.set(3);
        wifiConfiguration.allowedKeyManagement.set(2);
        WifiEnterpriseConfig wifiEnterpriseConfig = new WifiEnterpriseConfig();
        updateWifiEnterpriseConfigFromWifiInfo(wifiEnterpriseConfig, wifiInfo);
        maybeUpdateClientKeyForEAPConfiguration(wifiEnterpriseConfig, wifiInfo.userCertificate);
        wifiConfiguration.enterpriseConfig = wifiEnterpriseConfig;
    }

    private void updateForProxy(WifiConfiguration wifiConfiguration, String str, int i, String str2, String str3) {
        if (TextUtils.isEmpty(str) && TextUtils.isEmpty(str3)) {
            return;
        }
        IpConfiguration ipConfiguration = wifiConfiguration.getIpConfiguration();
        if (TextUtils.isEmpty(str)) {
            ipConfiguration.setProxySettings(IpConfiguration.ProxySettings.PAC);
            ipConfiguration.setHttpProxy(ProxyInfo.buildPacProxy(Uri.parse(str3)));
        } else {
            ipConfiguration.setProxySettings(IpConfiguration.ProxySettings.STATIC);
            ipConfiguration.setHttpProxy(ProxyInfo.buildDirectProxy(str, i, ProxyUtils.exclusionStringAsList(str2)));
        }
        wifiConfiguration.setIpConfiguration(ipConfiguration);
    }

    private void updateForWEPConfiguration(WifiConfiguration wifiConfiguration, String str) {
        wifiConfiguration.allowedKeyManagement.set(0);
        wifiConfiguration.allowedAuthAlgorithms.set(0);
        wifiConfiguration.allowedAuthAlgorithms.set(1);
        wifiConfiguration.allowedGroupCiphers.set(0);
        wifiConfiguration.allowedGroupCiphers.set(1);
        wifiConfiguration.allowedGroupCiphers.set(2);
        wifiConfiguration.allowedGroupCiphers.set(3);
        int length = str.length();
        if ((length == 10 || length == 26 || length == 58) && str.matches("[0-9A-Fa-f]*")) {
            wifiConfiguration.wepKeys[0] = str;
        } else {
            wifiConfiguration.wepKeys[0] = '\"' + str + '\"';
        }
        wifiConfiguration.wepTxKeyIndex = 0;
    }

    private void updateForWPAConfiguration(WifiConfiguration wifiConfiguration, String str) {
        wifiConfiguration.allowedKeyManagement.set(1);
        wifiConfiguration.allowedAuthAlgorithms.set(0);
        wifiConfiguration.allowedProtocols.set(0);
        wifiConfiguration.allowedProtocols.set(1);
        wifiConfiguration.allowedPairwiseCiphers.set(1);
        wifiConfiguration.allowedPairwiseCiphers.set(2);
        wifiConfiguration.allowedGroupCiphers.set(2);
        wifiConfiguration.allowedGroupCiphers.set(3);
        if (TextUtils.isEmpty(str)) {
            return;
        }
        wifiConfiguration.preSharedKey = "\"" + str + "\"";
    }

    private void updateWifiEnterpriseConfigFromWifiInfo(WifiEnterpriseConfig wifiEnterpriseConfig, WifiInfo wifiInfo) throws CertificateException, IOException {
        wifiEnterpriseConfig.setEapMethod(getEAPMethodFromString(wifiInfo.eapMethod));
        wifiEnterpriseConfig.setPhase2Method(getPhase2AuthFromString(wifiInfo.phase2Auth));
        wifiEnterpriseConfig.setPassword(wifiInfo.password);
        wifiEnterpriseConfig.setIdentity(wifiInfo.identity);
        wifiEnterpriseConfig.setAnonymousIdentity(wifiInfo.anonymousIdentity);
        wifiEnterpriseConfig.setDomainSuffixMatch(wifiInfo.domain);
        if (TextUtils.isEmpty(wifiInfo.caCertificate)) {
            return;
        }
        wifiEnterpriseConfig.setCaCertificate(buildCACertificate(wifiInfo.caCertificate));
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x002b, code lost:
    
        if (r1.equals(com.android.managedprovisioning.task.wifi.WifiConfigurationProvider.WPA) == false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public android.net.wifi.WifiConfiguration generateWifiConfiguration(com.android.managedprovisioning.model.WifiInfo r8) {
        /*
            r7 = this;
            android.net.wifi.WifiConfiguration r6 = new android.net.wifi.WifiConfiguration
            r6.<init>()
            java.lang.String r0 = r8.ssid
            r6.SSID = r0
            r0 = 2
            r6.status = r0
            boolean r1 = r8.hidden
            r6.hiddenSSID = r1
            java.lang.String r1 = r8.securityType
            if (r1 == 0) goto L15
            goto L17
        L15:
            java.lang.String r1 = "NONE"
        L17:
            r1.hashCode()
            r2 = -1
            int r3 = r1.hashCode()
            r4 = 0
            switch(r3) {
                case 68404: goto L39;
                case 85826: goto L2e;
                case 86152: goto L25;
                default: goto L23;
            }
        L23:
            r0 = r2
            goto L43
        L25:
            java.lang.String r3 = "WPA"
            boolean r1 = r1.equals(r3)
            if (r1 != 0) goto L43
            goto L23
        L2e:
            java.lang.String r0 = "WEP"
            boolean r0 = r1.equals(r0)
            if (r0 != 0) goto L37
            goto L23
        L37:
            r0 = 1
            goto L43
        L39:
            java.lang.String r0 = "EAP"
            boolean r0 = r1.equals(r0)
            if (r0 != 0) goto L42
            goto L23
        L42:
            r0 = r4
        L43:
            switch(r0) {
                case 0: goto L5d;
                case 1: goto L57;
                case 2: goto L51;
                default: goto L46;
            }
        L46:
            java.util.BitSet r0 = r6.allowedKeyManagement
            r0.set(r4)
            java.util.BitSet r0 = r6.allowedAuthAlgorithms
            r0.set(r4)
            goto L60
        L51:
            java.lang.String r0 = r8.password
            r7.updateForWPAConfiguration(r6, r0)
            goto L60
        L57:
            java.lang.String r0 = r8.password
            r7.updateForWEPConfiguration(r6, r0)
            goto L60
        L5d:
            r7.maybeUpdateForEAPConfiguration(r6, r8)
        L60:
            java.lang.String r2 = r8.proxyHost
            int r3 = r8.proxyPort
            java.lang.String r4 = r8.proxyBypassHosts
            java.lang.String r5 = r8.pacUrl
            r0 = r7
            r1 = r6
            r0.updateForProxy(r1, r2, r3, r4, r5)
            return r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.android.managedprovisioning.task.wifi.WifiConfigurationProvider.generateWifiConfiguration(com.android.managedprovisioning.model.WifiInfo):android.net.wifi.WifiConfiguration");
    }
}
