package com.blackberry.security.ldap;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.content.Context;
import android.os.Bundle;
import android.os.Handler;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.util.Log;
import com.blackberry.i.h;
import com.blackberry.security.krb5.j;
import com.blackberry.security.ldap.e;
import com.d.b.d.ad;
import com.d.b.d.aw;
import com.d.b.d.bb;
import com.d.b.d.bc;
import com.d.b.d.bd;
import com.d.b.d.bk;
import com.d.b.d.bm;
import com.d.b.d.bv;
import com.d.b.d.cd;
import com.d.b.d.d.i;
import com.d.b.d.df;
import com.d.b.d.dw;
import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/* compiled from: LdapFetcher.java */
/* loaded from: classes3.dex */
class f {
    private static final String LOG_TAG = "LDAPFETCHER";
    private static final String dBX = "com.blackberry.security.krb5.svc";
    private Context context;
    private j dBZ = null;
    private final List<e> dBY = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(Context context, List<e> list) {
        this.context = context;
        this.dBY.addAll(list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(Context context, e... eVarArr) {
        this.context = context;
        Collections.addAll(this.dBY, eVarArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(List<e> list) {
        this.dBY.addAll(list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(e... eVarArr) {
        Collections.addAll(this.dBY, eVarArr);
    }

    private static SSLSocketFactory OU() {
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    private static g a(@NonNull bk bkVar, @NonNull String str, @NonNull dw dwVar, @NonNull bb bbVar, @NonNull List<String> list) {
        g gVar = new g();
        try {
            gVar.a(bkVar.search(str, dwVar, bbVar, (String[]) list.toArray(new String[list.size()])));
        } catch (cd e) {
            Log.e(LOG_TAG, "LDAP search on " + bkVar + " failed: " + e.toString());
            gVar.a(e);
        }
        return gVar;
    }

    @Nullable
    private static Map<bb, g> a(@NonNull e eVar, @NonNull bk bkVar, @NonNull List<bb> list, @Nullable List<String> list2) {
        String OR = eVar.OR();
        Log.d(LOG_TAG, "LDAP Configuration: baseDN = " + OR);
        dw OS = eVar.OS();
        Log.d(LOG_TAG, "LDAP Configuration: search scope = " + OS);
        HashMap hashMap = new HashMap(list.size());
        for (bb bbVar : list) {
            Log.d(LOG_TAG, "Searching by filter: " + bbVar);
            g a2 = a(bkVar, OR, OS, bbVar, list2);
            Log.d(LOG_TAG, String.format("Got result: %s, exception: %s.", a2.OV(), a2.OW()));
            hashMap.put(bbVar, a2);
        }
        return hashMap;
    }

    private static Map<bb, String> a(@NonNull Map<String, List<g>> map, @NonNull List<String> list) {
        HashSet<String> hashSet = new HashSet(list);
        HashMap hashMap = new HashMap(hashSet.size());
        for (String str : hashSet) {
            try {
                hashMap.put(bb.pg(str), str);
            } catch (bv e) {
                Log.e(LOG_TAG, String.format("Failed to create LDAP Filter from string %s: %s.", str, e.toString()));
                a(map, str, new g(null, e));
            }
        }
        return hashMap;
    }

    private void a(@NonNull e eVar, @NonNull bk bkVar) {
        String bf;
        e.a OP = eVar.OP();
        Log.d(LOG_TAG, "LDAP Configuration: auth method is " + OP);
        switch (OP) {
            case SIMPLE:
                bkVar.bz(eVar.OQ(), eVar.getPassword());
                Log.d(LOG_TAG, "Simple bind request succeeded on " + bkVar);
                return;
            case KERBEROS:
                if (Security.getProvider("BlackBerrySASL") == null) {
                    Log.d(LOG_TAG, "Adding BlackBerrySASL security provider.");
                    Security.addProvider(new com.blackberry.com.sun.security.sasl.a());
                }
                try {
                    if (this.dBZ == null) {
                        Log.d(LOG_TAG, "Creating instance of Krb5Lib.");
                        this.dBZ = new j(this.context);
                    }
                    if (eVar.OQ() == null && eVar.getPassword() == null) {
                        bf = fX(this.context);
                    } else {
                        Log.d(LOG_TAG, "Calling kinit.");
                        bf = this.dBZ.bf(eVar.OQ(), eVar.getPassword());
                    }
                    if (bf == null) {
                        throw new bv(df.fhm, "kinit returned null token string.");
                    }
                    Log.d(LOG_TAG, "Getting new GSSManager.");
                    com.blackberry.i.e Ot = this.dBZ.Ot();
                    Log.d(LOG_TAG, "GSSManager: creating nameOid.");
                    try {
                        h hE = Ot.hE(com.blackberry.i.f.cmM);
                        Log.d(LOG_TAG, "GSSManager: creating mechOid.");
                        try {
                            h hE2 = Ot.hE("1.2.840.113554.1.2.2");
                            Log.d(LOG_TAG, "GSSManager: creating GSSName.");
                            try {
                                com.blackberry.i.f a2 = Ot.a(bf, hE, hE2);
                                Log.d(LOG_TAG, "GSSManager: creating GSSCredential.");
                                try {
                                    com.blackberry.i.c a3 = Ot.a(a2, 0, hE2, 1);
                                    Log.d(LOG_TAG, "Creating new GSSAPI bind request properties.");
                                    bd bdVar = new bd((String) null, (String) null);
                                    bdVar.I(Ot);
                                    bdVar.J(a3);
                                    Log.d(LOG_TAG, "Creating new GSSAPI bind request.");
                                    bkVar.a(new bc(bdVar, new ad[0]));
                                    Log.d(LOG_TAG, "Kerberos bind request succeeded on " + bkVar);
                                    return;
                                } catch (com.blackberry.i.d e) {
                                    throw new bv(df.fhm, "GSSManager: failed to create GSSCredential.", e);
                                }
                            } catch (com.blackberry.i.d e2) {
                                throw new bv(df.fhm, "GSSManager: failed to create GSSName.", e2);
                            }
                        } catch (com.blackberry.i.d e3) {
                            throw new bv(df.fhm, "GSSManager: failed to create mechOid.", e3);
                        }
                    } catch (com.blackberry.i.d e4) {
                        throw new bv(df.fhm, "GSSManager: failed to create nameOid.", e4);
                    }
                } catch (Exception e5) {
                    throw new bv(df.fhm, "Unexpected exception on kinit.", e5);
                }
            default:
                return;
        }
    }

    private static void a(bk bkVar) {
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        try {
            aw a2 = bkVar.a(new i(new com.d.d.d.i(trustManagerFactory.getTrustManagers()).azo()));
            if (a2.eRV != df.ffE) {
                throw new bv(a2);
            }
        } catch (bv e) {
            throw new bv(e.eRV, "StartTLS request failed: " + e);
        }
    }

    private static void a(Map<String, List<g>> map, String str, g gVar) {
        List<g> list = map.get(str);
        if (list == null) {
            list = new ArrayList<>();
        }
        list.add(gVar);
        map.put(str, list);
    }

    private static void a(Map<String, List<g>> map, List<bb> list, Map<bb, String> map2, bv bvVar) {
        g gVar = new g(null, bvVar);
        Iterator<bb> it = list.iterator();
        while (it.hasNext()) {
            a(map, map2.get(it.next()), gVar);
        }
    }

    private static bk b(e eVar) {
        String OM = eVar.OM();
        int port = eVar.getPort();
        long OT = eVar.OT();
        e.EnumC0135e OO = eVar.OO();
        Log.d(LOG_TAG, String.format("LDAP Configuration: server %s:%d.", OM, Integer.valueOf(port)));
        Log.d(LOG_TAG, String.format("LDAP Configuration: response timeout = %d ms.", Long.valueOf(OT)));
        Log.d(LOG_TAG, String.format("LDAP Configuration: SSL option is %s.", OO));
        bm bmVar = new bm();
        bmVar.cz(OT);
        if (OO == e.EnumC0135e.LDAPS) {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            bk bkVar = new bk(sSLContext.getSocketFactory(), bmVar);
            bkVar.connect(OM, port);
            return bkVar;
        }
        if (OO != e.EnumC0135e.STARTTLS) {
            bk bkVar2 = new bk(bmVar);
            bkVar2.connect(OM, port);
            return bkVar2;
        }
        bk bkVar3 = new bk(bmVar);
        bkVar3.connect(OM, port);
        KeyStore keyStore2 = KeyStore.getInstance("AndroidCAStore");
        keyStore2.load(null);
        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory2.init(keyStore2);
        try {
            aw a2 = bkVar3.a(new i(new com.d.d.d.i(trustManagerFactory2.getTrustManagers()).azo()));
            if (a2.eRV != df.ffE) {
                throw new bv(a2);
            }
            return bkVar3;
        } catch (bv e) {
            throw new bv(e.eRV, "StartTLS request failed: " + e);
        }
    }

    private static void b(@NonNull e eVar, @NonNull bk bkVar) {
        bkVar.bz(eVar.OQ(), eVar.getPassword());
    }

    private void c(@NonNull e eVar, @NonNull bk bkVar) {
        String bf;
        if (Security.getProvider("BlackBerrySASL") == null) {
            Log.d(LOG_TAG, "Adding BlackBerrySASL security provider.");
            Security.addProvider(new com.blackberry.com.sun.security.sasl.a());
        }
        try {
            if (this.dBZ == null) {
                Log.d(LOG_TAG, "Creating instance of Krb5Lib.");
                this.dBZ = new j(this.context);
            }
            if (eVar.OQ() == null && eVar.getPassword() == null) {
                bf = fX(this.context);
            } else {
                Log.d(LOG_TAG, "Calling kinit.");
                bf = this.dBZ.bf(eVar.OQ(), eVar.getPassword());
            }
            if (bf == null) {
                throw new bv(df.fhm, "kinit returned null token string.");
            }
            Log.d(LOG_TAG, "Getting new GSSManager.");
            com.blackberry.i.e Ot = this.dBZ.Ot();
            Log.d(LOG_TAG, "GSSManager: creating nameOid.");
            try {
                h hE = Ot.hE(com.blackberry.i.f.cmM);
                Log.d(LOG_TAG, "GSSManager: creating mechOid.");
                try {
                    h hE2 = Ot.hE("1.2.840.113554.1.2.2");
                    Log.d(LOG_TAG, "GSSManager: creating GSSName.");
                    try {
                        com.blackberry.i.f a2 = Ot.a(bf, hE, hE2);
                        Log.d(LOG_TAG, "GSSManager: creating GSSCredential.");
                        try {
                            com.blackberry.i.c a3 = Ot.a(a2, 0, hE2, 1);
                            Log.d(LOG_TAG, "Creating new GSSAPI bind request properties.");
                            bd bdVar = new bd((String) null, (String) null);
                            bdVar.I(Ot);
                            bdVar.J(a3);
                            Log.d(LOG_TAG, "Creating new GSSAPI bind request.");
                            bkVar.a(new bc(bdVar, new ad[0]));
                        } catch (com.blackberry.i.d e) {
                            throw new bv(df.fhm, "GSSManager: failed to create GSSCredential.", e);
                        }
                    } catch (com.blackberry.i.d e2) {
                        throw new bv(df.fhm, "GSSManager: failed to create GSSName.", e2);
                    }
                } catch (com.blackberry.i.d e3) {
                    throw new bv(df.fhm, "GSSManager: failed to create mechOid.", e3);
                }
            } catch (com.blackberry.i.d e4) {
                throw new bv(df.fhm, "GSSManager: failed to create nameOid.", e4);
            }
        } catch (Exception e5) {
            throw new bv(df.fhm, "Unexpected exception on kinit.", e5);
        }
    }

    private static String fX(Context context) {
        AccountManager accountManager = AccountManager.get(context);
        if (accountManager == null) {
            throw new bv(df.fhm, "Unable to access account manager");
        }
        try {
            Account[] accountsByType = accountManager.getAccountsByType("com.blackberry.security.krb5.svc");
            if (accountsByType == null || accountsByType.length < 1) {
                throw new bv(df.fhm, "No Kerberos account exists");
            }
            AccountManagerFuture<Bundle> authToken = accountManager.getAuthToken(accountsByType[0], "com.blackberry.security.krb5.svc", (Bundle) null, false, (AccountManagerCallback<Bundle>) null, (Handler) null);
            if (authToken == null) {
                Log.e(LOG_TAG, "getAuthToken() returned null bundle");
                throw new bv(df.fhm, "getAuthToken() returned null bundle");
            }
            try {
                return authToken.getResult().getString("authtoken");
            } catch (AuthenticatorException | OperationCanceledException | IOException e) {
                Log.e(LOG_TAG, "getAuthToken failed unexpectedly", e);
                throw new bv(df.fhm, "getAuthToken() failed unexpectedly");
            }
        } catch (SecurityException e2) {
            Log.e(LOG_TAG, "No permission to look up Kerberos account", e2);
            throw new bv(df.fhm, "Failed to look up Kerberos account");
        }
    }

    public void OC() {
        this.dBY.clear();
    }

    public void a(e eVar) {
        this.dBY.add(eVar);
    }

    public void a(String str, Boolean bool, e.a aVar, String str2, String str3, String str4, e.d dVar, long j, TimeUnit timeUnit) {
        a(new e(str, bool.booleanValue(), aVar, str2, str3, str4, dVar, j, timeUnit));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x0126. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:55:0x0158 A[LOOP:1: B:53:0x0152->B:55:0x0158, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:91:0x01d4  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Map<java.lang.String, java.util.List<com.blackberry.security.ldap.g>> e(java.util.List<java.lang.String> r19, java.util.List<java.lang.String> r20) {
        /*
            Method dump skipped, instructions count: 944
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.blackberry.security.ldap.f.e(java.util.List, java.util.List):java.util.Map");
    }

    public void fV(Context context) {
        Collection<? extends e> arrayList = new ArrayList<>();
        try {
            arrayList = e.fW(context);
        } catch (bv e) {
            Log.e(LOG_TAG, "Failed to get LDAP managed configuration(s)", e);
        }
        this.dBY.addAll(arrayList);
    }
}
