package com.citrix.auth.impl;

import android.text.TextUtils;
import com.citrix.auth.AMUrl;
import com.citrix.auth.AuthRequirementsFulfiller;
import com.citrix.auth.ResourceProvider;
import com.citrix.auth.exceptions.AuthManException;
import com.citrix.auth.exceptions.FormatException;
import com.citrix.auth.exceptions.PrimaryAuthException;
import com.citrix.auth.impl.VpnSupport;
import com.citrix.client.authmanager.accessgateway.AgEntEdition;
import com.citrix.client.deliveryservices.accountservices.AccountServicesUtility;
import io.fabric.sdk.android.services.network.HttpRequest;
import java.io.UnsupportedEncodingException;
import java.net.HttpCookie;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import org.apache.http.Header;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;

/* loaded from: classes.dex */
public class AgeeLogon {
    public static final String ClientTypeAndr = "andr";
    public static final String ClientTypeCvpn = "cvpn";
    public static final String ClientTypeWica = "wica";
    public static final String SelfDeclaredAuthTypeHeader = "X-Citrix-AM-GatewayAuthType";
    private Header[] m_extraHeaders;
    private ResourceProvider m_formStrings;
    private boolean m_fullVpn;
    private AMUrl m_gatewayUrl;
    private HttpTransaction m_http;

    /* loaded from: classes.dex */
    public static class AuthenticationResult {
        public boolean invalidCredentialsSupplied = false;
        public String sessionCookies;
    }

    /* loaded from: classes.dex */
    public static class PreLogonData {
        public String m_clientCertUsername = "";
        public int m_passwordCount = 0;
        public String m_SelfDeclaredAuthtype = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SessionInfo {
        public String id;
        public String ipAddress;

        private SessionInfo() {
        }
    }

    /* loaded from: classes.dex */
    public interface SessionModeUpdater {
        void setCurrentProxyMode(GatewayProxyMode gatewayProxyMode);

        void setVpnCapable(boolean z);

        void setVpnConfigFileLocation(String str);
    }

    public AgeeLogon(HttpTransaction httpTransaction, Header[] headerArr, AMUrl aMUrl, ResourceProvider resourceProvider) {
        this.m_http = httpTransaction;
        this.m_extraHeaders = headerArr;
        this.m_gatewayUrl = aMUrl;
        this.m_formStrings = resourceProvider;
    }

    private void checkFinalResponse() throws AuthManException {
        int responseStatusCode = this.m_http.getResponseStatusCode();
        if (302 == responseStatusCode || 200 == responseStatusCode) {
            return;
        }
        throwUnexpectedStatus(responseStatusCode);
    }

    private boolean checkSessionInfo(List<SessionInfo> list) {
        Utils.block("AgeeLogon.checkSessionInfo");
        if (list.size() == 1) {
            if (!TextUtils.isEmpty(list.get(0).id)) {
                return true;
            }
            Utils.msg("Found empty session id");
            return false;
        }
        HashSet hashSet = new HashSet();
        for (SessionInfo sessionInfo : list) {
            if (TextUtils.isEmpty(sessionInfo.id) || TextUtils.isEmpty(sessionInfo.ipAddress)) {
                Utils.msg("Found empty session id or IP address");
                return false;
            }
            if (!hashSet.add(sessionInfo.id)) {
                Utils.msg("Found duplicate session id");
                return false;
            }
        }
        return true;
    }

    private int doHttpGet(AMUrl aMUrl) throws AuthManException {
        return doHttpGet(aMUrl, false);
    }

    private int doHttpGet(AMUrl aMUrl, boolean z) throws AuthManException {
        this.m_http.resetButRetainCookieJar();
        this.m_http.setRequest(new HttpGet(aMUrl.toURI()));
        this.m_http.addHeaders(this.m_extraHeaders);
        this.m_http.sendAndReceive(z);
        return this.m_http.getResponseStatusCode();
    }

    private int doHttpGetRelative(String str) throws AuthManException {
        return doHttpGet(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, str));
    }

    public static AuthenticationResult extractAuthenticationResult(HttpTransaction httpTransaction) throws AuthManException {
        Utils.block("AgeeLogon.extractAuthenticationResult");
        AuthenticationResult authenticationResult = new AuthenticationResult();
        HttpCookie tryExtractCookieFromResponseHeaders = AuthHttpUtils.tryExtractCookieFromResponseHeaders(AgEntEdition.NSC_AAAC_COOKIE, httpTransaction.getAllResponseHeaders());
        if (tryExtractCookieFromResponseHeaders == null || TextUtils.isEmpty(tryExtractCookieFromResponseHeaders.getValue()) || !AuthHttpUtils.isSessionCookie(tryExtractCookieFromResponseHeaders)) {
            HttpCookie tryExtractCookieFromResponseHeaders2 = AuthHttpUtils.tryExtractCookieFromResponseHeaders(AgEntEdition.NSC_VPNERROR_COOKIE, httpTransaction.getAllResponseHeaders());
            if (tryExtractCookieFromResponseHeaders2 == null || !AuthHttpUtils.isSessionCookie(tryExtractCookieFromResponseHeaders2)) {
                throw AuthManException.protocolError("The gateway response did not contain an expected cookie (%s or %s)", AgEntEdition.NSC_AAAC_COOKIE, AgEntEdition.NSC_VPNERROR_COOKIE);
            }
            PrimaryAuthException.VpnErrorCookieCode vpnErrorCode = PrimaryAuthException.VpnErrorCookieCode.toVpnErrorCode(tryExtractCookieFromResponseHeaders2.getValue());
            Utils.amLog("NSC_VPNERR cookie received '%s' (%s)", tryExtractCookieFromResponseHeaders2, vpnErrorCode);
            if (vpnErrorCode != PrimaryAuthException.VpnErrorCookieCode.InvalidCredentials) {
                throw AuthManException.gatewayErrorFromVpnCookie(tryExtractCookieFromResponseHeaders2.getValue());
            }
            authenticationResult.invalidCredentialsSupplied = true;
        } else {
            authenticationResult.sessionCookies = AuthHttpUtils.cookieToHeaderValue(tryExtractCookieFromResponseHeaders);
        }
        return authenticationResult;
    }

    private void finalizeSession(AuthRequirementsFulfiller authRequirementsFulfiller, String str, SessionModeUpdater sessionModeUpdater, String str2, String str3, VpnSupport vpnSupport) throws AuthManException {
        Utils.block("AgeeLogon.finalizeSession gatewayUrl='%s' clientType=%s", this.m_gatewayUrl, str);
        sessionModeUpdater.setCurrentProxyMode(GatewayProxyMode.ENTCVPN);
        GatewayProxyMode determineSessionType = determineSessionType(str);
        doHttpGetRelative("/cgi/setclient?" + str);
        sessionModeUpdater.setCurrentProxyMode(determineSessionType);
        throwIfNoLicenses();
        performSessionTransfer(authRequirementsFulfiller, str);
        checkFinalResponse();
        if (this.m_fullVpn) {
            VpnSupport.VpnInfo vpnInfo = vpnSupport.getVpnInfo(this.m_gatewayUrl, str2, str3);
            sessionModeUpdater.setVpnCapable(vpnInfo.m_vpnCapable);
            sessionModeUpdater.setVpnConfigFileLocation(vpnInfo.m_vpnConfigFileLocation);
        }
    }

    private String performLegacyPostAuthEpaScan() throws AuthManException {
        Utils.block("AgeeLogon.performLegacyPostAuthEpaScan");
        this.m_http.resetButRetainCookieJar();
        this.m_http.setRequest(new HttpGet(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, AgeeUrl.PostAuthEpa).toURI()));
        this.m_http.addHeaders(this.m_extraHeaders);
        this.m_http.sendAndReceive();
        int responseStatusCode = this.m_http.getResponseStatusCode();
        if (200 != responseStatusCode) {
            throw AuthManException.protocolError("Received unexpected HTTP status %s while downloading the post-auth EPA scan requirements", Integer.valueOf(responseStatusCode));
        }
        Utils.msg("Skipping EPA");
        this.m_http.resetButRetainCookieJar();
        this.m_http.setRequest(new HttpPost(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, AgeeUrl.PostAuthEpaSkip).toURI()));
        this.m_http.addHeaders(this.m_extraHeaders);
        this.m_http.sendAndReceive();
        int responseStatusCode2 = this.m_http.getResponseStatusCode();
        if (302 != responseStatusCode2) {
            throw AuthManException.protocolError("Received unexpected HTTP status %s after skipping the post-auth EPA scan", Integer.valueOf(responseStatusCode2));
        }
        String responseHeaderValue = this.m_http.getResponseHeaderValue("Location");
        Utils.msg("redirectLocation=%s", responseHeaderValue);
        return responseHeaderValue;
    }

    private void performSessionTransfer(AuthRequirementsFulfiller authRequirementsFulfiller, String str) throws AuthManException {
        Utils.block("AgeeLogon.performSessionTransfer");
        if (200 != this.m_http.getResponseStatusCode()) {
            Utils.msg("Not needed (not a 200 response)");
            return;
        }
        if (ClientTypeWica.equalsIgnoreCase(str)) {
            Utils.msg("Not needed (wica/sg mode session)");
            return;
        }
        SessionInfo[] tryExtractSessionInfo = tryExtractSessionInfo(this.m_http.getUtf8Response());
        if (tryExtractSessionInfo.length != 0) {
            String str2 = tryExtractSessionInfo[0].id;
            if (TextUtils.isEmpty(str2)) {
                throw AuthManException.cancelledByUser("The user cancelled NSG session transfer");
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("adr", str2));
            arrayList.add(new BasicNameValuePair("cm", "Transfer"));
            this.m_http.resetButRetainCookieJar();
            this.m_http.setRequest(new HttpPost(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, AgeeUrl.TransferSession).toURI()));
            this.m_http.addHeaders(this.m_extraHeaders);
            this.m_http.setContentType("application/x-www-form-urlencoded");
            try {
                this.m_http.setPostData(new UrlEncodedFormEntity(arrayList, HttpRequest.CHARSET_UTF8));
                this.m_http.sendAndReceive();
                if (this.m_http.getResponseStatusCode() != 302) {
                    Utils.msg("Transfer logon response HTTP status was not a 302! (status=%s)", Integer.valueOf(this.m_http.getResponseStatusCode()));
                }
                Utils.msg("Done");
            } catch (UnsupportedEncodingException e) {
                throw AuthManException.systemError("Failed to URL encode a session transfer post data");
            }
        }
    }

    private void throwIfClientChoices() throws AuthManException {
        if (302 == this.m_http.getResponseStatusCode() && AgeeUrl.ClientChoices.equals(this.m_http.getResponseHeaderValue("Location"))) {
            throw AuthManException.protocolError("The gateway is configured for client choices; this is not supported");
        }
    }

    private void throwIfNoLicenses() throws AuthManException {
        if (480 == this.m_http.getResponseStatusCode()) {
            throw AuthManException.outOfLicenses();
        }
    }

    private void throwMissingCookie(String str) throws AuthManException {
        throw AuthManException.protocolError("The gateway response did not contain the expected cookie (%s)", str);
    }

    private void throwUnexpectedRedirectLocation(String str) throws AuthManException {
        throw AuthManException.protocolError("Received an unexpected redirect location from the gateway: location=%s", str);
    }

    private void throwUnexpectedStatus(int i) throws AuthManException {
        throw AuthManException.protocolError("Received an unexpected HTTP status %s from the gateway", Integer.valueOf(i));
    }

    public void destroySession(GatewayProxyMode gatewayProxyMode, FancyCookieStore fancyCookieStore) throws AuthManException {
        Utils.block("AgeeLogon.destroySession gatewayUrl='%s' proxyMode=%s", this.m_gatewayUrl, gatewayProxyMode);
        try {
            try {
                switch (gatewayProxyMode) {
                    case SG:
                        doHttpGetRelative(AgeeUrl.WebInterfaceLogout);
                        doHttpGetRelative("/vpn/index.html");
                        break;
                    case ENTCVPN:
                        doHttpGetRelative(AgeeUrl.CvpnLogout);
                        break;
                    default:
                        throw AuthManException.systemError("AgeeLogon.destroySession called with an unexpected proxy mode: %d", gatewayProxyMode);
                }
                Utils.msg("Done");
            } catch (AuthManException e) {
                e.addInfo("During AgeeLogon.destroySession gateway='%s'", this.m_gatewayUrl);
                Utils.logException(e);
                throw e;
            }
        } finally {
            fancyCookieStore.clearForHost(this.m_gatewayUrl.getHostName());
        }
    }

    public GatewayProxyMode determineSessionType(String str) throws AuthManException {
        GatewayProxyMode gatewayProxyMode;
        Utils.block("AgeeLogon.determineSessionType clientType=%s", str);
        String lowerCase = str.toLowerCase(Locale.US);
        this.m_fullVpn = false;
        if (ClientTypeWica.equals(lowerCase)) {
            gatewayProxyMode = GatewayProxyMode.SG;
        } else if (ClientTypeCvpn.equals(lowerCase)) {
            gatewayProxyMode = GatewayProxyMode.ENTCVPN;
        } else {
            if (!ClientTypeAndr.equals(lowerCase)) {
                throw AuthManException.protocolError("Received an unexpected clientType from the gateway: '%s'. This may indicate the gateway is not configured correctly.", str);
            }
            gatewayProxyMode = GatewayProxyMode.ENTCVPN;
            this.m_fullVpn = true;
        }
        Utils.msg("outProxyMode=%s", gatewayProxyMode);
        return gatewayProxyMode;
    }

    public AuthenticationResult doCertOnlyLogon(InternalRequestParams internalRequestParams) throws AuthManException {
        Utils.block("AgeeLogon.doCertOnlyLogon");
        if (internalRequestParams.getKeyManager(this.m_gatewayUrl, true) == null) {
            throw AuthManException.noKeyManagerForCertificateAuth();
        }
        int doHttpGet = doHttpGet(this.m_gatewayUrl);
        if (doHttpGet == 403) {
            Utils.msg("AgeeLogon.doLegacyPreLogon Got a 403/Forbidden response. Trying again.");
            doHttpGet = doHttpGet(this.m_gatewayUrl);
        }
        if (doHttpGet != 302) {
            throwUnexpectedStatus(doHttpGet);
        }
        return extractAuthenticationResult(this.m_http);
    }

    public void doLegacyPostLogon(AuthRequirementsFulfiller authRequirementsFulfiller, SessionModeUpdater sessionModeUpdater, String str, String str2, VpnSupport vpnSupport) throws AuthManException {
        Utils.block("AgeeLogon.doLegacyPostLogon");
        sessionModeUpdater.setCurrentProxyMode(GatewayProxyMode.ENTCVPN);
        throwIfClientChoices();
        if (this.m_http.getResponseStatusCode() != 302) {
            throw AuthManException.protocolError("AgeeLogon.doLegacyPostLogon - HTTP status was %s (expected 302)", Integer.valueOf(this.m_http.getResponseStatusCode()));
        }
        String responseHeaderValue = this.m_http.getResponseHeaderValue("Location");
        Utils.msg("redirectLocation=%s", responseHeaderValue);
        if (AgeeUrl.PostAuthEpa.equals(responseHeaderValue)) {
            responseHeaderValue = performLegacyPostAuthEpaScan();
        }
        if (!responseHeaderValue.startsWith(AgeeUrl.SetClient)) {
            throwUnexpectedRedirectLocation(responseHeaderValue);
        }
        finalizeSession(authRequirementsFulfiller, AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, responseHeaderValue).getQueryString(), sessionModeUpdater, str, str2, vpnSupport);
    }

    public PreLogonData doLegacyPreLogon() throws AuthManException {
        Utils.block("AgeeLogon.doLegacyPreLogon");
        int doHttpGet = doHttpGet(this.m_gatewayUrl);
        if (doHttpGet == 403) {
            Utils.msg("AgeeLogon.doLegacyPreLogon Got a 403/Forbidden response. Trying again.");
            doHttpGet = doHttpGet(this.m_gatewayUrl);
        }
        if (doHttpGet != 302) {
            throwUnexpectedStatus(doHttpGet);
        }
        String responseHeaderValue = this.m_http.getResponseHeaderValue("Location");
        if (!"/vpn/index.html".equals(responseHeaderValue)) {
            if (responseHeaderValue.startsWith(AgeeUrl.PreAuthEpa)) {
                throw AuthManException.accessDenied("The gateway requires a pre-authentication EPA scan; this is not supported");
            }
            throwUnexpectedRedirectLocation(responseHeaderValue);
        }
        PreLogonData preLogonData = new PreLogonData();
        HttpCookie tryExtractCookieFromResponseHeaders = AuthHttpUtils.tryExtractCookieFromResponseHeaders(AgEntEdition.NSC_NAME_COOKIE, this.m_http.getAllResponseHeaders());
        if (tryExtractCookieFromResponseHeaders != null && !tryExtractCookieFromResponseHeaders.hasExpired()) {
            try {
                preLogonData.m_clientCertUsername = URLDecoder.decode(tryExtractCookieFromResponseHeaders.getValue(), HttpRequest.CHARSET_UTF8);
            } catch (UnsupportedEncodingException e) {
                throw AuthManException.protocolError("Could not decode the NSC_NAME cookie value");
            }
        }
        int doHttpGet2 = doHttpGet(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, responseHeaderValue), true);
        if (doHttpGet2 != 200) {
            throwUnexpectedStatus(doHttpGet2);
        }
        String responseHeaderValue2 = this.m_http.getResponseHeaderValue(SelfDeclaredAuthTypeHeader);
        if (responseHeaderValue2 != null && responseHeaderValue2.length() > 0) {
            preLogonData.m_SelfDeclaredAuthtype = responseHeaderValue2;
        }
        HttpCookie tryExtractCookieFromResponseHeaders2 = AuthHttpUtils.tryExtractCookieFromResponseHeaders(AccountServicesUtility.PWCOUNT_COOKIE, this.m_http.getAllResponseHeaders());
        if (tryExtractCookieFromResponseHeaders2 == null) {
            throwMissingCookie(AccountServicesUtility.PWCOUNT_COOKIE);
        }
        if (AccountServicesUtility.DomainOnlyOrSecurityTokenOnlyAuthentication.equals(tryExtractCookieFromResponseHeaders2.getValue())) {
            preLogonData.m_passwordCount = 1;
        } else {
            if (!AccountServicesUtility.DomainAndSecurityTokenAuthentication.equals(tryExtractCookieFromResponseHeaders2.getValue())) {
                throw AuthManException.protocolError("Unexpected cookie value received (pwcountCookieValue=%s)", tryExtractCookieFromResponseHeaders2.getValue());
            }
            preLogonData.m_passwordCount = 2;
        }
        return preLogonData;
    }

    public void getRedirectPageCookiesForFailedLogon() throws AuthManException {
        Utils.block("AgeeLogon.getRedirectPageCookiesForFailedLogon");
        String responseHeaderValue = this.m_http.getResponseHeaderValue("Location");
        if (TextUtils.isEmpty(responseHeaderValue)) {
            throw AuthManException.protocolError("The 302 relative URL location returned from AGEE was empty / missing.");
        }
        Utils.msg("relativeLocation=%s", responseHeaderValue);
        AMUrl constructUrlFromHostRelativePath = AuthHttpUtils.constructUrlFromHostRelativePath(this.m_gatewayUrl, responseHeaderValue);
        Utils.msg("redirectUrl=%s", constructUrlFromHostRelativePath);
        this.m_http.resetButRetainCookieJar();
        this.m_http.setRequest(new HttpGet(constructUrlFromHostRelativePath.toURI()));
        this.m_http.sendAndReceive();
        Utils.msg("The request returned status code %s", Integer.valueOf(this.m_http.getResponseStatusCode()));
    }

    SessionInfo[] tryExtractSessionInfo(String str) throws AuthManException {
        int length;
        int indexOf;
        int length2;
        int indexOf2;
        Utils.block("AgeeLogon.tryExtractSessionInfo");
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            try {
                int indexOf3 = str.indexOf("name=\"adr\"value=\"", i);
                if (-1 == indexOf3 || -1 == (indexOf = str.indexOf(34, (length = indexOf3 + "name=\"adr\"value=\"".length())))) {
                    break;
                }
                String substring = str.substring(length, indexOf);
                SessionInfo sessionInfo = new SessionInfo();
                sessionInfo.id = Utils.htmlDecode(substring);
                sessionInfo.id = sessionInfo.id.trim();
                Utils.msg("sessionId=%s", sessionInfo.id);
                i = indexOf + 1;
                int indexOf4 = str.indexOf("<td>", indexOf);
                if (-1 != indexOf4 && -1 != (indexOf2 = str.indexOf("</td>", (length2 = indexOf4 + "<td>".length())))) {
                    sessionInfo.ipAddress = Utils.htmlDecode(str.substring(length2, indexOf2));
                    sessionInfo.ipAddress = sessionInfo.ipAddress.trim();
                    i = indexOf2 + "</td>".length();
                }
                Utils.msg("ip=%s", sessionInfo.ipAddress);
                arrayList.add(sessionInfo);
            } catch (FormatException e) {
                Utils.amWarn("Caught exception: %s", e.getMessage());
                arrayList.clear();
            }
        }
        if (!checkSessionInfo(arrayList)) {
            arrayList.clear();
        }
        return (SessionInfo[]) arrayList.toArray(new SessionInfo[arrayList.size()]);
    }
}
