package com.android.server.wifi.configparse;

import android.content.Context;
import android.net.Uri;
import android.net.wifi.WifiConfiguration;
import android.net.wifi.WifiEnterpriseConfig;
import android.util.Base64;
import android.util.Log;
import com.android.server.wifi.IMSIParameter;
import com.android.server.wifi.anqp.eap.AuthParam;
import com.android.server.wifi.anqp.eap.EAP;
import com.android.server.wifi.anqp.eap.NonEAPInnerAuth;
import com.android.server.wifi.hotspot2.omadm.MOManager;
import com.android.server.wifi.hotspot2.pps.Credential;
import com.android.server.wifi.hotspot2.pps.HomeSP;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.xml.sax.SAXException;

/* loaded from: classes.dex */
public class ConfigBuilder {

    /* renamed from: -com_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues, reason: not valid java name */
    private static /* synthetic */ int[] f11com_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues = null;

    /* renamed from: -com_android_server_wifi_anqp_eap_NonEAPInnerAuth$NonEAPTypeSwitchesValues, reason: not valid java name */
    private static /* synthetic */ int[] f12x45b3cfe7 = null;
    private static final String CATag = "application/x-x509-ca-cert";
    private static final String KeyTag = "application/x-pkcs12";
    private static final String ProfileTag = "application/x-passpoint-profile";
    private static final String TAG = "WCFG";
    public static final String WifiConfigType = "application/x-wifi-config";
    private static final String X509 = "X.509";

    /* renamed from: -getcom_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues, reason: not valid java name */
    private static /* synthetic */ int[] m598x309d6f4b() {
        if (f11com_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues != null) {
            return f11com_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues;
        }
        int[] iArr = new int[EAP.EAPMethodID.valuesCustom().length];
        try {
            iArr[EAP.EAPMethodID.EAP_3Com.ordinal()] = 10;
        } catch (NoSuchFieldError e) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_AKA.ordinal()] = 1;
        } catch (NoSuchFieldError e2) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_AKAPrim.ordinal()] = 2;
        } catch (NoSuchFieldError e3) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_ActiontecWireless.ordinal()] = 11;
        } catch (NoSuchFieldError e4) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_EKE.ordinal()] = 12;
        } catch (NoSuchFieldError e5) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_FAST.ordinal()] = 13;
        } catch (NoSuchFieldError e6) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_GPSK.ordinal()] = 14;
        } catch (NoSuchFieldError e7) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_HTTPDigest.ordinal()] = 15;
        } catch (NoSuchFieldError e8) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_IKEv2.ordinal()] = 16;
        } catch (NoSuchFieldError e9) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_KEA.ordinal()] = 17;
        } catch (NoSuchFieldError e10) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_KEA_VALIDATE.ordinal()] = 18;
        } catch (NoSuchFieldError e11) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_LEAP.ordinal()] = 19;
        } catch (NoSuchFieldError e12) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_Link.ordinal()] = 20;
        } catch (NoSuchFieldError e13) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_MD5.ordinal()] = 21;
        } catch (NoSuchFieldError e14) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_MOBAC.ordinal()] = 22;
        } catch (NoSuchFieldError e15) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_MSCHAPv2.ordinal()] = 23;
        } catch (NoSuchFieldError e16) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_OTP.ordinal()] = 24;
        } catch (NoSuchFieldError e17) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_PAX.ordinal()] = 25;
        } catch (NoSuchFieldError e18) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_PEAP.ordinal()] = 26;
        } catch (NoSuchFieldError e19) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_POTP.ordinal()] = 27;
        } catch (NoSuchFieldError e20) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_PSK.ordinal()] = 28;
        } catch (NoSuchFieldError e21) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_PWD.ordinal()] = 29;
        } catch (NoSuchFieldError e22) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_RSA.ordinal()] = 30;
        } catch (NoSuchFieldError e23) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_SAKE.ordinal()] = 31;
        } catch (NoSuchFieldError e24) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_SIM.ordinal()] = 3;
        } catch (NoSuchFieldError e25) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_SPEKE.ordinal()] = 32;
        } catch (NoSuchFieldError e26) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_TEAP.ordinal()] = 33;
        } catch (NoSuchFieldError e27) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_TLS.ordinal()] = 4;
        } catch (NoSuchFieldError e28) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_TTLS.ordinal()] = 5;
        } catch (NoSuchFieldError e29) {
        }
        try {
            iArr[EAP.EAPMethodID.EAP_ZLXEAP.ordinal()] = 34;
        } catch (NoSuchFieldError e30) {
        }
        f11com_android_server_wifi_anqp_eap_EAP$EAPMethodIDSwitchesValues = iArr;
        return iArr;
    }

    /* renamed from: -getcom_android_server_wifi_anqp_eap_NonEAPInnerAuth$NonEAPTypeSwitchesValues, reason: not valid java name */
    private static /* synthetic */ int[] m599xba5f438b() {
        if (f12x45b3cfe7 != null) {
            return f12x45b3cfe7;
        }
        int[] iArr = new int[NonEAPInnerAuth.NonEAPType.valuesCustom().length];
        try {
            iArr[NonEAPInnerAuth.NonEAPType.CHAP.ordinal()] = 1;
        } catch (NoSuchFieldError e) {
        }
        try {
            iArr[NonEAPInnerAuth.NonEAPType.MSCHAP.ordinal()] = 2;
        } catch (NoSuchFieldError e2) {
        }
        try {
            iArr[NonEAPInnerAuth.NonEAPType.MSCHAPv2.ordinal()] = 3;
        } catch (NoSuchFieldError e3) {
        }
        try {
            iArr[NonEAPInnerAuth.NonEAPType.PAP.ordinal()] = 4;
        } catch (NoSuchFieldError e4) {
        }
        try {
            iArr[NonEAPInnerAuth.NonEAPType.Reserved.ordinal()] = 10;
        } catch (NoSuchFieldError e5) {
        }
        f12x45b3cfe7 = iArr;
        return iArr;
    }

    private static WifiConfiguration buildBaseConfiguration(HomeSP homeSP) throws IOException {
        EAP.EAPMethodID eAPMethodID = homeSP.getCredential().getEAPMethod().getEAPMethodID();
        WifiConfiguration wifiConfiguration = new WifiConfiguration();
        wifiConfiguration.FQDN = homeSP.getFQDN();
        HashSet<Long> roamingConsortiums = homeSP.getRoamingConsortiums();
        wifiConfiguration.roamingConsortiumIds = new long[roamingConsortiums.size()];
        int i = 0;
        Iterator<T> it = roamingConsortiums.iterator();
        while (it.hasNext()) {
            wifiConfiguration.roamingConsortiumIds[i] = ((Long) it.next()).longValue();
            i++;
        }
        wifiConfiguration.providerFriendlyName = homeSP.getFriendlyName();
        wifiConfiguration.allowedKeyManagement.set(2);
        wifiConfiguration.allowedKeyManagement.set(3);
        WifiEnterpriseConfig wifiEnterpriseConfig = new WifiEnterpriseConfig();
        wifiEnterpriseConfig.setEapMethod(remapEAPMethod(eAPMethodID));
        wifiEnterpriseConfig.setRealm(homeSP.getCredential().getRealm());
        wifiConfiguration.enterpriseConfig = wifiEnterpriseConfig;
        return wifiConfiguration;
    }

    private static WifiConfiguration buildConfig(String str, X509Certificate x509Certificate, List<X509Certificate> list, PrivateKey privateKey, Context context) throws IOException, SAXException, GeneralSecurityException {
        WifiConfiguration buildSIMConfig;
        HomeSP buildSP = MOManager.buildSP(str);
        Credential credential = buildSP.getCredential();
        EAP.EAPMethodID eAPMethodID = credential.getEAPMethod().getEAPMethodID();
        switch (m598x309d6f4b()[eAPMethodID.ordinal()]) {
            case 1:
            case 2:
            case 3:
                if (privateKey != null || list != null || x509Certificate != null) {
                    Log.i(TAG, "Client/CA cert and/or key included with " + eAPMethodID + " profile");
                }
                buildSIMConfig = buildSIMConfig(buildSP, context);
                break;
            case 4:
                buildSIMConfig = buildTLSConfig(buildSP, list, privateKey);
                break;
            case 5:
                if (privateKey != null || list != null) {
                    Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
                }
                buildSIMConfig = buildTTLSConfig(buildSP);
                break;
            default:
                throw new IOException("Unsupported EAP Method: " + eAPMethodID);
        }
        WifiEnterpriseConfig wifiEnterpriseConfig = buildSIMConfig.enterpriseConfig;
        wifiEnterpriseConfig.setCaCertificate(x509Certificate);
        wifiEnterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
        wifiEnterpriseConfig.setRealm(credential.getRealm());
        return buildSIMConfig;
    }

    public static WifiConfiguration buildConfig(String str, byte[] bArr, Context context) throws IOException, GeneralSecurityException, SAXException {
        MIMEContainer mIMEContainer;
        Log.d(TAG, "Content: " + (bArr != null ? bArr.length : -1));
        byte[] decode = Base64.decode(new String(bArr, StandardCharsets.ISO_8859_1), 0);
        Log.d(TAG, "Decoded: " + decode.length + " bytes.");
        dropFile(Uri.parse(str), context);
        MIMEContainer mIMEContainer2 = new MIMEContainer(new LineNumberReader(new InputStreamReader(new ByteArrayInputStream(decode), StandardCharsets.ISO_8859_1)), null);
        if (!mIMEContainer2.isBase64()) {
            throw new IOException("Encoding for " + mIMEContainer2.getContentType() + " is not base64");
        }
        if (mIMEContainer2.getContentType().equals(WifiConfigType)) {
            byte[] decode2 = Base64.decode(mIMEContainer2.getText(), 0);
            Log.d(TAG, "Building container from '" + new String(decode2, StandardCharsets.ISO_8859_1) + "'");
            mIMEContainer = new MIMEContainer(new LineNumberReader(new InputStreamReader(new ByteArrayInputStream(decode2), StandardCharsets.ISO_8859_1)), null);
        } else {
            mIMEContainer = mIMEContainer2;
        }
        return parse(mIMEContainer, context);
    }

    private static WifiConfiguration buildSIMConfig(HomeSP homeSP, Context context) throws IOException {
        IMSIParameter imsi = homeSP.getCredential().getImsi();
        WifiConfiguration buildBaseConfiguration = buildBaseConfiguration(homeSP);
        buildBaseConfiguration.enterpriseConfig.setPlmn(imsi.toString());
        return buildBaseConfiguration;
    }

    private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> list, PrivateKey privateKey) throws IOException, GeneralSecurityException {
        Credential credential = homeSP.getCredential();
        X509Certificate x509Certificate = null;
        if (privateKey == null || list == null) {
            throw new IOException("No key and/or cert passed for EAP-TLS");
        }
        if (credential.getCertType() != Credential.CertType.x509v3) {
            throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
        }
        byte[] fingerPrint = credential.getFingerPrint();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        Iterator<T> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            messageDigest.reset();
            if (Arrays.equals(fingerPrint, messageDigest.digest(x509Certificate2.getEncoded()))) {
                x509Certificate = x509Certificate2;
                break;
            }
        }
        if (x509Certificate == null) {
            throw new IOException("No certificate in chain matches supplied fingerprint");
        }
        String encodeToString = Base64.encodeToString(fingerPrint, 0);
        WifiConfiguration buildBaseConfiguration = buildBaseConfiguration(homeSP);
        WifiEnterpriseConfig wifiEnterpriseConfig = buildBaseConfiguration.enterpriseConfig;
        wifiEnterpriseConfig.setClientCertificateAlias(encodeToString);
        wifiEnterpriseConfig.setClientKeyEntry(privateKey, x509Certificate);
        return buildBaseConfiguration;
    }

    private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
        Credential credential = homeSP.getCredential();
        if (credential.getUserName() == null || credential.getPassword() == null) {
            throw new IOException("EAP-TTLS provisioned without user name or password");
        }
        AuthParam authParam = credential.getEAPMethod().getAuthParam();
        if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
            throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
        }
        WifiConfiguration buildBaseConfiguration = buildBaseConfiguration(homeSP);
        WifiEnterpriseConfig wifiEnterpriseConfig = buildBaseConfiguration.enterpriseConfig;
        wifiEnterpriseConfig.setPhase2Method(remapInnerMethod(((NonEAPInnerAuth) authParam).getType()));
        wifiEnterpriseConfig.setIdentity(credential.getUserName());
        wifiEnterpriseConfig.setPassword(credential.getPassword());
        return buildBaseConfiguration;
    }

    private static void dropFile(Uri uri, Context context) {
        context.getContentResolver().delete(uri, null, null);
    }

    private static WifiConfiguration parse(MIMEContainer mIMEContainer, Context context) throws IOException, GeneralSecurityException, SAXException {
        if (mIMEContainer.getMimeContainers() == null) {
            throw new IOException("Malformed MIME content: not multipart");
        }
        String str = null;
        X509Certificate x509Certificate = null;
        PrivateKey privateKey = null;
        ArrayList arrayList = null;
        for (MIMEContainer mIMEContainer2 : mIMEContainer.getMimeContainers()) {
            Log.d(TAG, " + Content Type: " + mIMEContainer2.getContentType());
            String contentType = mIMEContainer2.getContentType();
            if (contentType.equals(ProfileTag)) {
                str = mIMEContainer2.isBase64() ? new String(Base64.decode(mIMEContainer2.getText(), 0), StandardCharsets.UTF_8) : mIMEContainer2.getText();
                Log.d(TAG, "OMA: " + str);
            } else if (contentType.equals(CATag)) {
                if (!mIMEContainer2.isBase64()) {
                    throw new IOException("Can't read non base64 encoded cert");
                }
                x509Certificate = (X509Certificate) CertificateFactory.getInstance(X509).generateCertificate(new ByteArrayInputStream(Base64.decode(mIMEContainer2.getText(), 0)));
                Log.d(TAG, "Cert subject " + x509Certificate.getSubjectX500Principal());
                Log.d(TAG, "Full Cert: " + x509Certificate);
            } else if (!contentType.equals(KeyTag)) {
                continue;
            } else {
                if (!mIMEContainer2.isBase64()) {
                    throw new IOException("Can't read non base64 encoded key");
                }
                byte[] decode = Base64.decode(mIMEContainer2.getText(), 0);
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                keyStore.load(byteArrayInputStream, new char[0]);
                byteArrayInputStream.close();
                Log.d(TAG, "---- Start PKCS12 info " + decode.length + ", size " + keyStore.size());
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    privateKey = (PrivateKey) keyStore.getKey(nextElement, null);
                    Log.d(TAG, "Key: " + privateKey.getFormat());
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain != null) {
                        arrayList = new ArrayList();
                        for (Certificate certificate : certificateChain) {
                            if (!(certificate instanceof X509Certificate)) {
                                Log.w(TAG, "Element in cert chain is not an X509Certificate: " + certificate.getClass());
                            }
                            arrayList.add((X509Certificate) certificate);
                        }
                        Log.d(TAG, "Chain: " + arrayList.size());
                    }
                }
                Log.d(TAG, "---- End PKCS12 info.");
            }
        }
        if (str == null) {
            throw new IOException("Missing profile");
        }
        return buildConfig(str, x509Certificate, arrayList, privateKey, context);
    }

    private static int remapEAPMethod(EAP.EAPMethodID eAPMethodID) throws IOException {
        switch (m598x309d6f4b()[eAPMethodID.ordinal()]) {
            case 1:
                return 5;
            case 2:
                return 6;
            case 3:
                return 4;
            case 4:
                return 1;
            case 5:
                return 2;
            default:
                throw new IOException("Bad EAP method: " + eAPMethodID);
        }
    }

    private static int remapInnerMethod(NonEAPInnerAuth.NonEAPType nonEAPType) throws IOException {
        switch (m599xba5f438b()[nonEAPType.ordinal()]) {
            case 2:
                return 2;
            case 3:
                return 3;
            case 4:
                return 1;
            default:
                throw new IOException("Inner method " + nonEAPType + " not supported");
        }
    }
}
