package com.lookout.networksecurity;

import com.lookout.androidcommons.util.Immutable;
import com.lookout.bluffdale.enums.AnomalousProperties;
import com.lookout.bluffdale.enums.NetworkType;
import com.lookout.bluffdale.enums.ProbingTrigger;
import com.lookout.bluffdale.messages.security.HostCertificate;
import com.lookout.bluffdale.messages.security.NetworkContext;
import com.lookout.bluffdale.messages.security.ProbingResult;
import com.lookout.shaded.slf4j.Logger;
import com.lookout.shaded.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes6.dex */
public class NetworkSecurityStatus {
    public static final int DEFAULT_NETWORK_ID = -1;
    public static final int DEFAULT_NETWORK_TYPE = 0;
    static final List<AnomalousProperties> a = Immutable.newList(AnomalousProperties.HOST_CERTIFICATE, AnomalousProperties.PROTOCOL_PARAMETERS, AnomalousProperties.ROOT_OF_TRUST);
    final ProbingTrigger b;
    final List<ProbingResult> c;
    final List<AnomalousProperties> d;
    final NetworkContext e;
    final int f;
    final int g;
    private final Logger h = LoggerFactory.getLogger(NetworkSecurityStatus.class);

    public NetworkSecurityStatus(ProbingTrigger probingTrigger, List<ProbingResult> list, List<AnomalousProperties> list2, NetworkContext networkContext, int i, int i2) {
        this.b = probingTrigger;
        this.c = Collections.unmodifiableList(list);
        this.d = Collections.unmodifiableList(list2);
        this.e = networkContext;
        this.f = i;
        this.g = i2;
    }

    private static X509Certificate a(Collection<? extends X509Certificate> collection, X509Certificate x509Certificate) {
        for (X509Certificate x509Certificate2 : collection) {
            if (x509Certificate == null) {
                x509Certificate = x509Certificate2;
            }
            if (x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                return x509Certificate2;
            }
        }
        return null;
    }

    public String getAccessPointHostName() {
        NetworkContext networkContext = this.e;
        if (networkContext != null) {
            return networkContext.access_point_hostname;
        }
        return null;
    }

    public List<AnomalousProperties> getAnomalousProperties() {
        return this.d;
    }

    public String getCertificateHashes() {
        StringBuilder sb = new StringBuilder();
        Iterator<ProbingResult> it = this.c.iterator();
        while (it.hasNext()) {
            Iterator<HostCertificate> it2 = it.next().certificate_chain.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next().spki_hash.utf8());
            }
        }
        return sb.toString();
    }

    public List<String> getDnsIpAddresses() {
        NetworkContext networkContext = this.e;
        return networkContext != null ? networkContext.dns_ip_address : new ArrayList();
    }

    public NetworkContext getNetworkContext() {
        return this.e;
    }

    public int getNetworkId() {
        return this.f;
    }

    public NetworkType getNetworkType() {
        switch (this.g) {
            case 1:
                return NetworkType.NETWORK_TYPE_GPRS;
            case 2:
                return NetworkType.NETWORK_TYPE_EDGE;
            case 3:
                return NetworkType.NETWORK_TYPE_UMTS;
            case 4:
                return NetworkType.NETWORK_TYPE_CDMA;
            case 5:
                return NetworkType.NETWORK_TYPE_EVDO_0;
            case 6:
                return NetworkType.NETWORK_TYPE_EVDO_A;
            case 7:
                return NetworkType.NETWORK_TYPE_1xRTT;
            case 8:
                return NetworkType.NETWORK_TYPE_HSDPA;
            case 9:
                return NetworkType.NETWORK_TYPE_HSUPA;
            case 10:
                return NetworkType.NETWORK_TYPE_HSPA;
            case 11:
                return NetworkType.NETWORK_TYPE_IDEN;
            case 12:
                return NetworkType.NETWORK_TYPE_EVDO_B;
            case 13:
                return NetworkType.NETWORK_TYPE_LTE;
            case 14:
                return NetworkType.NETWORK_TYPE_EHRPD;
            case 15:
                return NetworkType.NETWORK_TYPE_HSPAP;
            case 16:
                return NetworkType.NETWORK_TYPE_GSM;
            default:
                return NetworkType.NETWORK_TYPE_UNKNOWN;
        }
    }

    public List<ProbingResult> getProbingResults() {
        return this.c;
    }

    public ProbingTrigger getProbingTrigger() {
        return this.b;
    }

    public String getProxyAddress() {
        NetworkContext networkContext = this.e;
        if (networkContext == null || networkContext.proxy_config == null) {
            return null;
        }
        return this.e.proxy_config.address;
    }

    public Integer getProxyPort() {
        NetworkContext networkContext = this.e;
        if (networkContext == null || networkContext.proxy_config == null) {
            return null;
        }
        return this.e.proxy_config.port;
    }

    public String getProxyProtocol() {
        NetworkContext networkContext = this.e;
        if (networkContext == null || networkContext.proxy_config == null) {
            return null;
        }
        return this.e.proxy_config.protocol;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Iterator] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.Iterator] */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5 */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.String] */
    public String getRootCertificateHash() {
        ?? it = this.c.iterator();
        while (it.hasNext()) {
            ProbingResult probingResult = (ProbingResult) it.next();
            try {
                if ("https".equals(new URL(probingResult.endpoint).getProtocol())) {
                    if (!probingResult.certificate_chain.isEmpty()) {
                        it = this.c.get(1).certificate_chain.get(this.c.get(1).certificate_chain.size() - 1).spki_hash.utf8();
                        return it;
                    }
                    this.h.warn("Network Security HostCertificates in https probingResults is empty..continuing");
                }
            } catch (Exception e) {
                this.h.warn("Network Security Probing result Endpoint '{" + probingResult.endpoint + "}' is invalid...continuing", (Throwable) e);
            }
        }
        return "";
    }

    public String getVpnLocalAddress() {
        NetworkContext networkContext = this.e;
        if (networkContext == null || networkContext.vpn_configuration == null) {
            return null;
        }
        return this.e.vpn_configuration.local_address;
    }

    public boolean isConnected() {
        NetworkContext networkContext = this.e;
        return networkContext != null && networkContext.connected.booleanValue();
    }

    public boolean isProxyConfigured() {
        List<AnomalousProperties> list = this.d;
        return list != null && list.contains(AnomalousProperties.PROXY_PRESENT);
    }

    public boolean isValidCertChain() {
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = null;
        for (ProbingResult probingResult : this.c) {
            if (!probingResult.certificate_chain.isEmpty()) {
                Iterator<HostCertificate> it = probingResult.certificate_chain.iterator();
                while (it.hasNext()) {
                    try {
                        X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(it.next().encoded_certificate.toByteArray()));
                        arrayList.add(x509Certificate2);
                        if (x509Certificate2.getBasicConstraints() == -1) {
                            x509Certificate = x509Certificate2;
                        }
                    } catch (CertificateException unused) {
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            try {
                X509Certificate a2 = a(arrayList, x509Certificate);
                new StringBuilder("Network Security Is certificate chain verified: ").append(a2 != null);
                return a2 != null;
            } catch (NullPointerException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                this.h.warn("Network Security Can't verify issuer of the leaf certificate: ", e);
            }
        }
        return false;
    }

    public boolean isVpnPresent() {
        List<AnomalousProperties> list = this.d;
        return list != null && list.contains(AnomalousProperties.VPN_PRESENT);
    }

    public boolean shouldBackChannel() {
        return !Collections.disjoint(a, this.d);
    }
}
