package com.privateinternetaccess.android.pia.vpn;

import android.content.Context;
import android.text.TextUtils;
import com.privateinternetaccess.android.R;
import com.privateinternetaccess.android.pia.PIAFactory;
import com.privateinternetaccess.android.pia.handlers.PIAServerHandler;
import com.privateinternetaccess.android.pia.handlers.PiaPrefHandler;
import com.privateinternetaccess.android.pia.providers.DnsProvider;
import com.privateinternetaccess.android.pia.providers.VPNFallbackEndpointProvider;
import com.privateinternetaccess.android.pia.utils.DLog;
import com.privateinternetaccess.android.pia.utils.Prefs;
import com.privateinternetaccess.android.ui.drawer.settings.DeveloperActivity;
import com.privateinternetaccess.android.utils.DedicatedIpUtils;
import com.privateinternetaccess.core.model.PIAServer;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.Connection;
import de.blinkt.openvpn.core.ProfileManager;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Vector;
import kotlin.Pair;

/* loaded from: classes3.dex */
public class PiaOvpnConfig {
    public static final String DEFAULT_AUTH = "SHA256";
    public static final String DEFAULT_CIPHER = "AES-128-GCM";
    public static final String OVPN_HANDSHAKE = "rsa4096";

    public static String generateOpenVPNAppDefaultConfiguration(Context context, String str, String str2, VPNFallbackEndpointProvider.VPNEndpoint vPNEndpoint) throws IOException {
        Prefs prefs = new Prefs(context);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(context.getAssets().open("vpn.conf")));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            sb.append(readLine);
            sb.append("\n");
        }
        sb.append("proto udp\n");
        sb.append(getInlineCa(context, OVPN_HANDSHAKE));
        sb.append("cipher AES-128-GCM\n");
        sb.append("auth SHA256\n");
        PIAServerHandler pIAServerHandler = PIAServerHandler.getInstance(context);
        String endpoint = vPNEndpoint.getEndpoint();
        if (endpoint.contains(":")) {
            endpoint = endpoint.split(":")[0];
        }
        if (useSignalSettings(vPNEndpoint)) {
            sb.append("pia-signal-settings\n");
            sb.append("ncp-disable\n");
        }
        Vector<Integer> udpPorts = pIAServerHandler.getInfo().getUdpPorts();
        String num = udpPorts.firstElement().toString();
        sb.append(String.format(Locale.ENGLISH, "remote %s %s\n", endpoint, num));
        Iterator<Integer> it = udpPorts.iterator();
        while (it.hasNext()) {
            Integer next = it.next();
            if (!next.toString().equals(num)) {
                sb.append(String.format(Locale.ENGLISH, "remote %s %s\n", endpoint, next));
            }
        }
        sb.append("connect-timeout 5\n");
        sb.append("connect-retry-max 1\n");
        if (PiaPrefHandler.isConnectViaProxyEnabled(context)) {
            sb.append(String.format(Locale.ENGLISH, "socks-proxy 127.0.0.1 %s\n", prefs.get(PiaPrefHandler.PROXY_PORT, "8080")));
        }
        sb.append("nobind\n");
        sb.append(String.format("<auth-user-pass>\n%s\n%s\n</auth-user-pass>\n", str, str2));
        if (PiaPrefHandler.getOvpnSmallPacketSizeEnabled(context)) {
            sb.append("mssfix 1250\n");
        }
        if (PiaPrefHandler.isBlockIpv6Enabled(context)) {
            sb.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
            sb.append("route-ipv6 ::/0 ::1\n");
            sb.append("block-ipv6\n");
        }
        String string = prefs.getString(DeveloperActivity.PREF_DEVELOPER_CONFIGURATION);
        if (!TextUtils.isEmpty(string)) {
            sb.append("\n");
            sb.append(string);
            sb.append("\n");
        }
        return sb.toString();
    }

    public static String generateOpenVPNUserConfiguration(Context context, String str, String str2, VPNFallbackEndpointProvider.VPNEndpoint vPNEndpoint) throws IOException {
        Prefs prefs = new Prefs(context);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(context.getAssets().open("vpn.conf")));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            sb.append(readLine);
            sb.append("\n");
        }
        PIAServerHandler pIAServerHandler = PIAServerHandler.getInstance(context);
        PIAServer selectedRegion = pIAServerHandler.getSelectedRegion(context, false);
        String endpoint = vPNEndpoint.getEndpoint();
        boolean equals = PiaPrefHandler.getProtocolTransport(context).equals(context.getResources().getStringArray(R.array.protocol_transport)[1]);
        if (selectedRegion.isDedicatedIp()) {
            endpoint = selectedRegion.getDedicatedIp();
        }
        if (equals) {
            sb.append("proto tcp\n");
        } else {
            sb.append("proto udp\n");
        }
        sb.append(getInlineCa(context, OVPN_HANDSHAKE));
        sb.append("cipher ");
        sb.append(prefs.get(PiaPrefHandler.CIPHER, DEFAULT_CIPHER));
        sb.append("\n");
        sb.append("auth ");
        sb.append(prefs.get(PiaPrefHandler.AUTH, "SHA256"));
        sb.append("\n");
        if (endpoint.contains(":")) {
            endpoint = endpoint.split(":")[0];
        }
        if (useSignalSettings(vPNEndpoint)) {
            sb.append("pia-signal-settings\n");
            sb.append("ncp-disable\n");
        }
        String remotePort = PiaPrefHandler.getRemotePort(context);
        if (remotePort.equals("") || remotePort.equals("auto")) {
            Vector<Integer> tcpPorts = equals ? pIAServerHandler.getInfo().getTcpPorts() : pIAServerHandler.getInfo().getUdpPorts();
            String num = tcpPorts.firstElement().toString();
            sb.append(String.format(Locale.ENGLISH, "remote %s %s\n", endpoint, num));
            Iterator<Integer> it = tcpPorts.iterator();
            while (it.hasNext()) {
                Integer next = it.next();
                if (!next.toString().equals(num)) {
                    sb.append(String.format(Locale.ENGLISH, "remote %s %s\n", endpoint, next));
                }
            }
            sb.append("connect-timeout 5\n");
            sb.append("connect-retry-max 1\n");
        } else {
            sb.append(String.format(Locale.ENGLISH, "remote %s %s\n", endpoint, remotePort));
        }
        if (PiaPrefHandler.isConnectViaProxyEnabled(context)) {
            sb.append(String.format(Locale.ENGLISH, "socks-proxy 127.0.0.1 %s\n", prefs.get(PiaPrefHandler.PROXY_PORT, "8080")));
        }
        String localPort = PiaPrefHandler.getLocalPort(context);
        if (localPort.equals("") || localPort.equals("auto")) {
            sb.append("nobind\n");
        } else {
            sb.append(String.format("lport %s\nbind\n", localPort));
        }
        sb.append(String.format("<auth-user-pass>\n%s\n%s\n</auth-user-pass>\n", str, str2));
        if (PiaPrefHandler.getOvpnSmallPacketSizeEnabled(context)) {
            sb.append("mssfix 1250\n");
        }
        if (PiaPrefHandler.isBlockIpv6Enabled(context)) {
            sb.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
            sb.append("route-ipv6 ::/0 ::1\n");
            sb.append("block-ipv6\n");
        }
        String string = prefs.getString(DeveloperActivity.PREF_DEVELOPER_CONFIGURATION);
        DLog.d("PIAOVPNConfig", "dev = " + string);
        if (!TextUtils.isEmpty(string)) {
            sb.append("\n");
            sb.append(string);
            sb.append("\n");
        }
        return sb.toString();
    }

    public static VpnProfile generateVpnProfile(Context context, VPNFallbackEndpointProvider.VPNEndpoint vPNEndpoint) throws IOException, ConfigParser.ConfigParseError {
        String str;
        String str2;
        PIAServer selectedRegion = PIAServerHandler.getInstance(context).getSelectedRegion(context, false);
        String vpnToken = PIAFactory.getInstance().getAccount(context).vpnToken();
        if (vpnToken == null || TextUtils.isEmpty(vpnToken)) {
            str = "";
            str2 = str;
        } else {
            str2 = vpnToken.split(":")[0];
            str = vpnToken.split(":")[1];
        }
        if (selectedRegion.isDedicatedIp()) {
            str2 = "dedicated_ip_" + selectedRegion.getDipToken() + "_" + DedicatedIpUtils.randomAlphaNumeric(8);
            str = selectedRegion.getDedicatedIp();
        }
        ConfigParser configParser = new ConfigParser();
        configParser.parseConfig(new StringReader(generateOpenVPNUserConfiguration(context, str2, str, vPNEndpoint)));
        VpnProfile convertProfile = configParser.convertProfile();
        Prefs prefs = new Prefs(context);
        if (convertProfile.checkProfile(context) != R.string.no_error_found) {
            DLog.d("PIA", context.getString(convertProfile.checkProfile(context)));
        }
        convertProfile.mName = selectedRegion.getName();
        convertProfile.mAllowedAppsVpnAreDisallowed = !prefs.getBoolean(PiaPrefHandler.VPN_PER_APP_ARE_ALLOWED);
        convertProfile.mAllowedAppsVpn = new HashSet<>(PiaPrefHandler.getVpnExcludedApps(context));
        if (!convertProfile.mAllowedAppsVpnAreDisallowed) {
            convertProfile.mAllowedAppsVpn.add(context.getPackageName());
        }
        DLog.d(PiaPrefHandler.LOGINDATA, "apps disallowed = " + convertProfile.mAllowedAppsVpnAreDisallowed);
        convertProfile.mAllowLocalLAN = PiaPrefHandler.isAllowLocalLanEnabled(context);
        if (prefs.get(PiaPrefHandler.PROXY_ORBOT, false)) {
            for (Connection connection : convertProfile.mConnections) {
                connection.mProxyType = Connection.ProxyType.ORBOT;
            }
        }
        convertProfile.mUseCustomConfig = true;
        convertProfile.mCustomConfigOptions += "\nauth-nocache\n";
        convertProfile.mConnectRetryMax = "-1";
        convertProfile.mDNS1 = "";
        convertProfile.mDNS2 = "";
        convertProfile.mOverrideDNS = true;
        Pair<String, String> targetDns = DnsProvider.INSTANCE.getTargetDns(context, null);
        convertProfile.mDNS1 = targetDns.getFirst();
        if (!TextUtils.isEmpty(targetDns.getSecond())) {
            convertProfile.mDNS2 = targetDns.getSecond();
        }
        if (PiaPrefHandler.getOvpnSmallPacketSizeEnabled(context)) {
            convertProfile.mMssFix = 1350;
        }
        ProfileManager.setTemporaryProfile(context, convertProfile);
        DLog.d("PiaOvpnConfig", "Primary: " + convertProfile.mDNS1);
        DLog.d("PiaOvpnConfig", "Secondary: " + convertProfile.mDNS2);
        return convertProfile;
    }

    private static String getInlineCa(Context context, String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(context.getAssets().open(str + ".pem")));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return String.format("<ca>\n%s\n</ca>\n", sb.toString());
            }
            sb.append(readLine);
            sb.append("\n");
        }
    }

    private static boolean useSignalSettings(VPNFallbackEndpointProvider.VPNEndpoint vPNEndpoint) {
        return !vPNEndpoint.getUsesVanillaOpenVPN();
    }
}
