package net.pulsesecure.modules.proto;

import android.annotation.TargetApi;
import android.content.Context;
import android.net.Uri;
import android.os.Build;
import android.os.Environment;
import android.os.SystemClock;
import android.support.annotation.NonNull;
import android.text.TextUtils;
import com.cellsec.api.JsonWrapper;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.google.common.net.HttpHeaders;
import com.wealdtech.hawk.HawkClient;
import com.wealdtech.hawk.HawkCredentials;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.Callable;
import net.pulsesecure.infra.BaseModuleImpl;
import net.pulsesecure.infra.PSLog;
import net.pulsesecure.infra.PSUtils;
import net.pulsesecure.modules.proto.IWorkspaceRestProtocol;
import net.pulsesecure.modules.proto.RegisterRespMsg;
import net.pulsesecure.modules.proto.impl.RetryComplete;
import net.pulsesecure.modules.proto.impl.RetryEntry;
import net.pulsesecure.modules.system.IAndroidWrapper;
import net.pulsesecure.modules.system.Prefs;
import net.pulsesecure.modules.system.Throttler;
import net.pulsesecure.pulsesecure.R;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;

/* loaded from: classes.dex */
public class ProtoImpl extends BaseModuleImpl<IWorkspaceRestProtocol.Client> implements IWorkspaceRestProtocol {
    private static final String AUTH_TYPE_ENDPOINT = "/workspaces/auth-type";
    private static final String AUTH_TYPE_QUERY = "realm";
    private static final String BEARER_AUTHORIZATION = "Bearer ";
    private static final int CONNECTION_TIMEOUT = 10000;
    public static final String ENTERPRISE_TYPE = "enterpriseType";
    public static final String GOOGLE_SENDER_ID = "googleSenderId";
    private static final int HTTP_STATUS_CODE_FORBIDDEN = 403;
    private static final int HTTP_STATUS_CODE_UNAUTHORIZED = 401;
    private static final String METHOD_GET = "GET";
    private static final String METHOD_POST = "POST";
    private static final String METHOD_PUT = "PUT";
    private static final String PROD_CERTIFICATE = "xA8Cvd2gcs4QtICXLuY+VpVDNxA=";
    static final String PROTO_PREFIX = "/api/v1";
    private static final int READ_TIMEOUT = 30000;
    private static final int RETRY_TIMEOUT_SEND_DEVICE_INFO = 3000;
    private static final String SAML_REGISTER_ENDPOINT = "/afw/register";
    private static final int THROTTLING_INTERVAL = 10;
    private static final int THROTTLING_REQUESTS = 5;
    private static final int WAKELOCK_TIMEOUT = 30000;
    public static final String WORKSPACE_ID = "workspaceId";
    public static final String WORKSPACE_KEY = "workspaceKey";
    public static final String WORKSPACE_URL = "workspaceURL";
    private HawkClient hawkClient;
    String mBaseUrl;
    private String mCertVersion;
    private RegisterRespMsg.AccountType mEnterpriseType;
    private String mGoogleSenderId;
    public long mHawkExpires;
    public String mHawkId;
    public long mHawkRenew;
    public String mHawkSecret;
    private String mLastDebugHawkProp;
    private IWorkspaceRestProtocol.DeviceInfoMsg mSavedDeviceInfo;
    private boolean mSentDeviceInfo;
    private String mWorkspaceId;
    private String mWorkspaceKey;
    private PersistentSender persistentSender;
    private IWorkspaceRestProtocol.AppsStateMsg savedAppsStateMessage;
    static String REGISTER_JSON_S3_URL = "https://s3.amazonaws.com/assets-pulseworkspace/register.json";
    private static Logger logger = PSUtils.getClassLogger();
    static File DEBUG_SDCARD_REGISTER_JSON = new File(Environment.getExternalStorageDirectory(), "csdebug/register.json");
    private IWorkspaceRestProtocol.State mState = IWorkspaceRestProtocol.State.unset;
    private long mHawkRenewDebug = 2147483647L;
    private long mHawkExpiresDebug = 2147483647L;
    Throttler mThrottler = new Throttler(10, 5);

    /* renamed from: android, reason: collision with root package name */
    private IAndroidWrapper f5android = (IAndroidWrapper) getProxy(IAndroidWrapper.class, null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum AuthMode {
        NoAuth,
        Hawk,
        HawkNoRenew,
        BearerToken
    }

    public ProtoImpl(Context context) {
        HttpURLConnection.setFollowRedirects(true);
        genHawkCreds();
        if (context == null) {
            this.persistentSender = PersistentSender.createDebug();
        } else {
            saveDeviceInfo(context);
            this.persistentSender = PersistentSender.create();
        }
    }

    static IWorkspaceRestProtocol.AppsStateMsg calculateAppsStateDelta(IWorkspaceRestProtocol.AppsStateMsg appsStateMsg, IWorkspaceRestProtocol.AppsStateMsg appsStateMsg2) {
        if (appsStateMsg == null || appsStateMsg.app_states == null) {
            return appsStateMsg2;
        }
        HashSet hashSet = new HashSet(PSUtils.asList(appsStateMsg.app_states));
        HashSet hashSet2 = new HashSet(hashSet);
        LinkedHashSet linkedHashSet = new LinkedHashSet(PSUtils.asList(appsStateMsg2.app_states));
        hashSet2.removeAll(linkedHashSet);
        linkedHashSet.removeAll(hashSet);
        IWorkspaceRestProtocol.AppsStateMsg appsStateMsg3 = new IWorkspaceRestProtocol.AppsStateMsg();
        appsStateMsg3.delta = true;
        appsStateMsg3.workspace_state = appsStateMsg2.workspace_state;
        if (linkedHashSet.size() == 1 && hashSet2.size() == 1) {
            AppStateItem appStateItem = (AppStateItem) linkedHashSet.iterator().next();
            Iterator it = hashSet2.iterator();
            if (appStateItem.package_name.equals(((AppStateItem) it.next()).package_name)) {
                it.remove();
            }
        }
        if (linkedHashSet.size() == 0 || hashSet2.size() != 0) {
            return appsStateMsg2;
        }
        appsStateMsg3.app_states = (AppStateItem[]) linkedHashSet.toArray(new AppStateItem[linkedHashSet.size()]);
        return appsStateMsg3;
    }

    private void commonRegistrationTasks(RegisterRespMsg registerRespMsg) {
        saveParams(registerRespMsg);
        genHawkCreds();
        sendDeviceInfo(null);
        setState(IWorkspaceRestProtocol.State.registered);
        getClient().onRegistered(registerRespMsg);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleProtoDebugPolicy(PolicyMsg policyMsg) {
        if (policyMsg == null || policyMsg.properties == null || policyMsg.properties.debug == null) {
            return;
        }
        Properties properties = new Properties();
        try {
            properties.load(new StringReader(policyMsg.properties.debug.replaceAll(" +", IOUtils.LINE_SEPARATOR_UNIX)));
            String property = properties.getProperty("hawk");
            this.mHawkRenewDebug = 2147483647L;
            this.mHawkExpiresDebug = 2147483647L;
            if (property != null && !property.equals(this.mLastDebugHawkProp)) {
                try {
                    String[] split = property.split(",", 2);
                    long currentTimeMillis = System.currentTimeMillis() / 1000;
                    this.mHawkRenewDebug = Integer.parseInt(split[0]) + currentTimeMillis;
                    if (split.length > 1) {
                        this.mHawkExpiresDebug = Integer.parseInt(split[1]) + currentTimeMillis;
                    }
                    this.mLastDebugHawkProp = property;
                    logger.debug("debug hawk renew:{} expires:{}", Long.valueOf(this.mHawkRenewDebug - currentTimeMillis), Long.valueOf(this.mHawkExpiresDebug - currentTimeMillis));
                } catch (Exception e) {
                    logger.warn("failed to parse debug prop: {}: {}", property, e);
                }
            }
            String property2 = properties.getProperty("refresh_sec");
            if (property2 != null) {
                policyMsg.properties.policy_expiration_days = (Double.parseDouble(property2) / 3600.0d) / 24.0d;
                logger.debug("debug refresh_sec={} (override policy_refresh_time_hours)", Double.valueOf(policyMsg.properties.policy_refresh_time_hours));
            }
        } catch (IOException e2) {
            logger.debug("failed to read debug prop: {}", policyMsg.properties.debug);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String readContent(InputStream inputStream) throws IOException {
        StringWriter stringWriter;
        InputStreamReader inputStreamReader;
        if (inputStream == null) {
            return null;
        }
        InputStreamReader inputStreamReader2 = null;
        try {
            stringWriter = new StringWriter();
            inputStreamReader = new InputStreamReader(inputStream);
        } catch (Throwable th) {
            th = th;
        }
        try {
            char[] cArr = new char[1024];
            while (true) {
                int read = inputStreamReader.read(cArr);
                if (read <= 0) {
                    break;
                }
                stringWriter.write(cArr, 0, read);
            }
            String stringWriter2 = stringWriter.toString();
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e) {
                    logger.error(e.getMessage());
                    return stringWriter2;
                }
            }
            inputStream.close();
            return stringWriter2;
        } catch (Throwable th2) {
            th = th2;
            inputStreamReader2 = inputStreamReader;
            if (inputStreamReader2 != null) {
                try {
                    inputStreamReader2.close();
                } catch (IOException e2) {
                    logger.error(e2.getMessage());
                    throw th;
                }
            }
            inputStream.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void requestCertificateIfNeeded(PolicyMsg policyMsg) {
        PolicyProperties policyProperties = policyMsg.properties;
        if (policyProperties.vpn_certificate_auth && policyProperties.vpn_enabled) {
            if (Build.VERSION.SDK_INT > 23) {
                try {
                    VpnCertificateResponseMsg vpnCertificateResponseMsg = (VpnCertificateResponseMsg) JsonWrapper.fromJson(sendHttpRequest("/afw/spaces/%s/vpn-certificate", METHOD_POST, JsonWrapper.toJson(new IWorkspaceRestProtocol.VpnCertificateRequestMsg(""))), VpnCertificateResponseMsg.class);
                    if (vpnCertificateResponseMsg != null) {
                        policyMsg.cert_msg = vpnCertificateResponseMsg;
                        if (TextUtils.isEmpty(policyProperties.vpn_cert_version)) {
                            return;
                        }
                        setSavedVpnCertificate(new IWorkspaceRestProtocol.SavedVpnCertificateMsg(policyProperties.vpn_cert_version));
                        return;
                    }
                    return;
                } catch (IOException e) {
                    logger.warn("failed to retrieve vpn certificate", (Throwable) e);
                    return;
                }
            }
            if (this.mCertVersion == null || !this.mCertVersion.equals(policyProperties.vpn_cert_version)) {
                try {
                    VpnCertificateResponseMsg vpnCertificateResponseMsg2 = (VpnCertificateResponseMsg) JsonWrapper.fromJson(sendHttpRequest("/afw/spaces/%s/vpn-certificate", METHOD_POST, JsonWrapper.toJson(new IWorkspaceRestProtocol.VpnCertificateRequestMsg(this.mCertVersion))), VpnCertificateResponseMsg.class);
                    if (vpnCertificateResponseMsg2 != null) {
                        policyMsg.cert_msg = vpnCertificateResponseMsg2;
                        if (TextUtils.isEmpty(policyProperties.vpn_cert_version)) {
                            return;
                        }
                        setSavedVpnCertificate(new IWorkspaceRestProtocol.SavedVpnCertificateMsg(policyProperties.vpn_cert_version));
                    }
                } catch (IOException e2) {
                    logger.warn("failed to retrieve vpn certificate", (Throwable) e2);
                }
            }
        }
    }

    private void setState(IWorkspaceRestProtocol.State state) {
        IWorkspaceRestProtocol.State state2 = this.mState;
        this.mState = state;
        getClient().onStateChange(new IWorkspaceRestProtocol.StateChangeMsg(state2, state));
    }

    private void storeWorkspaceParams(RegisterRespMsg registerRespMsg) {
        this.mWorkspaceId = registerRespMsg.id;
        this.mWorkspaceKey = registerRespMsg.key;
        this.mEnterpriseType = registerRespMsg.afw_enterprise_type;
        this.mGoogleSenderId = registerRespMsg.google_sender_id;
        storeRenewedHawkCreds(registerRespMsg.credentials);
        String str = registerRespMsg.acc;
        if (TextUtils.isEmpty(str)) {
            str = "nonnull";
        }
        if (registerRespMsg.api_url != null) {
            this.mBaseUrl = registerRespMsg.api_url + PROTO_PREFIX;
        }
        Prefs prefs = this.f5android.getPrefs();
        if (this.mEnterpriseType == null) {
            this.mEnterpriseType = RegisterRespMsg.AccountType.google;
        }
        prefs.putString(WORKSPACE_ID, this.mWorkspaceId);
        prefs.putString(WORKSPACE_KEY, this.mWorkspaceKey);
        prefs.putString(ENTERPRISE_TYPE, this.mEnterpriseType.toString());
        prefs.putString(GOOGLE_SENDER_ID, this.mGoogleSenderId);
        prefs.putString("proto.acc", str);
    }

    public boolean checkHawkCredsValidity() {
        boolean z;
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        long min = Math.min(this.mHawkExpiresDebug, this.mHawkExpires);
        long min2 = Math.min(this.mHawkRenewDebug, this.mHawkRenew);
        logger.debug("checkHawkCredsValidity renew:{} expires:{}", Long.valueOf(min2 - currentTimeMillis), Long.valueOf(min - currentTimeMillis));
        if (currentTimeMillis >= min) {
            if (this.mHawkExpiresDebug != 2147483647L) {
                this.mHawkSecret = "EXPIRED";
                genHawkCreds();
            }
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.AuthExpired, "auth expired"));
            z = false;
        } else {
            z = currentTimeMillis < min2 || currentTimeMillis >= min;
        }
        logger.debug("ProtocolImpl::checkHawkCredsValidity - {}", Boolean.valueOf(z));
        return z;
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void createGoogleAccount(IWorkspaceRestProtocol.CreateGoogleAccountMsg createGoogleAccountMsg) {
        try {
            String sendHttpRequest = sendHttpRequest("/afw/spaces/%s/google-account", METHOD_POST, JsonWrapper.toJson(createGoogleAccountMsg));
            if (sendHttpRequest != null) {
                logger.debug("create google-account: unexpectedly returned {}", sendHttpRequest);
            }
            logger.debug("delay account creation, to prevent gms/gsf crash");
            SystemClock.sleep(15000L);
            getClient().onCreatedGoogleAccount(new IWorkspaceRestProtocol.CreatedGoogleAccountMsg(IWorkspaceRestProtocol.CreatedGoogleAccountMsg.Reason.Created, 0, null));
        } catch (SendHttpException e) {
            getClient().onCreatedGoogleAccount(new IWorkspaceRestProtocol.CreatedGoogleAccountMsg(e.getStatus() == 409 ? IWorkspaceRestProtocol.CreatedGoogleAccountMsg.Reason.AlreadyExists : IWorkspaceRestProtocol.CreatedGoogleAccountMsg.Reason.Failed, e.getStatus(), e.getErrorMessage()));
        } catch (Exception e2) {
            getClient().onCreatedGoogleAccount(new IWorkspaceRestProtocol.CreatedGoogleAccountMsg(IWorkspaceRestProtocol.CreatedGoogleAccountMsg.Reason.Failed, 0, e2.getMessage()));
            logger.error("createGoogleAccount failed", (Throwable) e2);
        }
    }

    public void debugSaveDeviceInfo() {
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void disable() {
        logger.info("disable");
        setState(IWorkspaceRestProtocol.State.disabled);
    }

    void fillDeviceInfo(IWorkspaceRestProtocol.DeviceInfoMsg deviceInfoMsg) {
        if (this.mSavedDeviceInfo == null) {
            throw new IllegalStateException("saveDeviceInfo not called. no saved device info");
        }
        for (Field field : IWorkspaceRestProtocol.DeviceInfoMsg.class.getFields()) {
            try {
                Object obj = field.get(deviceInfoMsg);
                if (obj == null || ((obj instanceof Number) && ((Number) obj).intValue() == 0)) {
                    field.set(deviceInfoMsg, field.get(this.mSavedDeviceInfo));
                }
            } catch (IllegalAccessException e) {
                throw new RuntimeException("failed to set field: " + field.getName(), e);
            }
        }
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void forceRenewCredentials() {
        this.mHawkRenew = -1L;
    }

    void genHawkCreds() {
        if (this.mHawkSecret == null || this.mHawkId == null) {
            return;
        }
        logger.debug("generating HAWK creds with id {}", this.mHawkId);
        this.hawkClient = new HawkClient.Builder().credentials(new HawkCredentials.Builder().keyId(this.mHawkId).key(this.mHawkSecret).algorithm(HawkCredentials.Algorithm.SHA256).build()).build();
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void getAuthType(AuthTypeMsg authTypeMsg) {
        if (authTypeMsg == null) {
            logger.error("register failed: invalid input");
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.RegErr, this.f5android.getString(R.string.invalid_provisioning_input)));
            return;
        }
        this.persistentSender.clearAll();
        try {
            this.mBaseUrl = authTypeMsg.url + PROTO_PREFIX;
            this.f5android.getPrefs().putString(WORKSPACE_URL, this.mBaseUrl);
            String str = this.mBaseUrl + AUTH_TYPE_ENDPOINT;
            URL url = new URL(authTypeMsg.realm);
            Uri.Builder buildUpon = Uri.parse(str).buildUpon();
            buildUpon.appendQueryParameter("realm", url.getHost());
            logger.debug("url for auth type " + buildUpon.toString());
            getClient().onGotAuthType((AuthTypeRespMsg) JsonWrapper.fromJson(sendNoAuthHttpRequest(buildUpon.toString(), METHOD_GET, null), AuthTypeRespMsg.class));
        } catch (RuntimeException e) {
            logger.error("get auth type failed", (Throwable) e);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.RegErr, e.getMessage()));
        } catch (SendHttpException e2) {
            logger.error("get auth type failed", (Throwable) e2);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, e2.getMessage()));
        } catch (IOException e3) {
            logger.error("get auth type failed", (Throwable) e3);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, e3.getMessage()));
        }
    }

    String getByLongestMatch(String str, Map<String, Object> map) {
        if (map == null || str == null) {
            throw new NullPointerException("pin,map");
        }
        String str2 = null;
        int i = -1;
        for (String str3 : map.keySet()) {
            if (str.startsWith(str3) && str3.length() > i) {
                i = str3.length();
                str2 = map.get(str3).toString();
            }
        }
        return str2;
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void getEula() {
        this.persistentSender.persistentSend("EULA", new Callable<Void>() { // from class: net.pulsesecure.modules.proto.ProtoImpl.2
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                IWorkspaceRestProtocol.EulaGetMsg eulaGetMsg;
                try {
                    String sendHttpRequest = ProtoImpl.this.sendHttpRequest("/workspaces/eula", ProtoImpl.METHOD_GET, null);
                    eulaGetMsg = (IWorkspaceRestProtocol.EulaGetMsg) JsonWrapper.fromJson(sendHttpRequest, IWorkspaceRestProtocol.EulaGetMsg.class);
                    ProtoImpl.logger.debug("received eula " + sendHttpRequest + "msg :" + eulaGetMsg);
                } catch (SendHttpException e) {
                    if (e.getStatus() != 404) {
                        throw e;
                    }
                    ProtoImpl.logger.debug("EULA url not found - assume empty");
                    eulaGetMsg = new IWorkspaceRestProtocol.EulaGetMsg("", "");
                }
                if (eulaGetMsg == null) {
                    ProtoImpl.logger.error("eula resp empty");
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, ProtoImpl.this.f5android.getString(R.string.e1008_eula_err)));
                } else {
                    ProtoImpl.this.getClient().onEulaRecieved(eulaGetMsg);
                }
                return null;
            }
        }, new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.3
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    return;
                }
                if (exc instanceof SendHttpException) {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, ((SendHttpException) exc).getErrorMessage()));
                } else {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                }
            }
        });
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void getNonce() {
        this.persistentSender.persistentSend("nonce", new Callable<Void>() { // from class: net.pulsesecure.modules.proto.ProtoImpl.4
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                String sendHttpRequest = ProtoImpl.this.sendHttpRequest("/afw/spaces/%s/device/safetynet", ProtoImpl.METHOD_GET, null);
                IWorkspaceRestProtocol.SafetyNetGetResMsg safetyNetGetResMsg = (IWorkspaceRestProtocol.SafetyNetGetResMsg) JsonWrapper.fromJson(sendHttpRequest, IWorkspaceRestProtocol.SafetyNetGetResMsg.class);
                ProtoImpl.logger.debug("received new nonce " + sendHttpRequest + "msg :" + safetyNetGetResMsg);
                if (safetyNetGetResMsg == null) {
                    ProtoImpl.logger.error("get nonce is null");
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, "nonce message is empty"));
                } else {
                    ProtoImpl.this.getClient().onNonceReceived(safetyNetGetResMsg);
                }
                return null;
            }
        }, new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.5
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    return;
                }
                if (exc instanceof SendHttpException) {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, ((SendHttpException) exc).getErrorMessage()));
                } else {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                }
            }
        });
    }

    void loadWorkspaceParams() {
        logger.debug("loadWorkspaceParams");
        Prefs prefs = this.f5android.getPrefs();
        this.mBaseUrl = prefs.getString(WORKSPACE_URL, null);
        this.mWorkspaceId = prefs.getString(WORKSPACE_ID, null);
        this.mWorkspaceKey = prefs.getString(WORKSPACE_KEY, null);
        this.mHawkId = prefs.getString("proto.hawk.id", null);
        this.mHawkSecret = prefs.getString("proto.hawk.secret", null);
        String string = prefs.getString("proto.hawk.expires", null);
        if (string != null) {
            this.mHawkExpires = Long.valueOf(string).longValue();
        }
        String string2 = prefs.getString("proto.hawk.renew", null);
        if (string2 != null) {
            this.mHawkRenew = Long.valueOf(string2).longValue();
        }
        this.mCertVersion = prefs.getString("proto.vpn.cert.version", null);
    }

    void persistentSend(String str, String str2, String str3, RetryComplete retryComplete) {
        persistentSend(str, str2, str3, retryComplete, null);
    }

    void persistentSend(final String str, final String str2, final String str3, RetryComplete retryComplete, RetryEntry.RetryPolicy retryPolicy) {
        this.persistentSender.persistentSend(str, new Callable<Void>() { // from class: net.pulsesecure.modules.proto.ProtoImpl.20
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                ProtoImpl.this.sendHttpRequest(str, str2, str3);
                return null;
            }
        }, retryComplete, retryPolicy);
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void queryAfwAuthenticationToken() {
        logger.debug("queryAfwAuthenticationToken");
        try {
            final IWorkspaceRestProtocol.AfwAuthTokenRespMsg afwAuthTokenRespMsg = (IWorkspaceRestProtocol.AfwAuthTokenRespMsg) JsonWrapper.fromJson(sendHttpRequest("/afw/spaces/%s/authentication-token", METHOD_POST, null), IWorkspaceRestProtocol.AfwAuthTokenRespMsg.class);
            getClient().onAfwAuthenticationToken(new IWorkspaceRestProtocol.QueryAfwAuthToken() { // from class: net.pulsesecure.modules.proto.ProtoImpl.13
                {
                    this.token = afwAuthTokenRespMsg.authentication_token;
                }
            });
        } catch (IOException e) {
            logger.error("queryAfwAuthenticationToken failed", (Throwable) e);
            getClient().onAfwAuthenticationToken(new IWorkspaceRestProtocol.QueryAfwAuthToken() { // from class: net.pulsesecure.modules.proto.ProtoImpl.15
                {
                    this.token = null;
                }
            });
        } catch (RuntimeException e2) {
            logger.error("queryAfwAuthenticationToken failed", (Throwable) e2);
            getClient().onAfwAuthenticationToken(new IWorkspaceRestProtocol.QueryAfwAuthToken() { // from class: net.pulsesecure.modules.proto.ProtoImpl.16
                {
                    this.token = null;
                }
            });
        } catch (SendHttpException e3) {
            logger.error("queryAfwAuthenticationToken failed", (Throwable) e3);
            getClient().onAfwAuthenticationToken(new IWorkspaceRestProtocol.QueryAfwAuthToken() { // from class: net.pulsesecure.modules.proto.ProtoImpl.14
                {
                    this.token = null;
                }
            });
        }
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void queryGoogleAccount(final IWorkspaceRestProtocol.QueryGoogleAccountMsg queryGoogleAccountMsg) {
        logger.debug("queryGoogleAccount");
        try {
            getClient().onQueryGoogleAccount((IWorkspaceRestProtocol.QueryGoogleAccountMsg) JsonWrapper.fromJson(sendHttpRequest("/afw/spaces/%s/google-account", METHOD_GET, null), IWorkspaceRestProtocol.QueryGoogleAccountMsg.class));
        } catch (SendHttpException e) {
            logger.error("queryGoogleAccount failed", (Throwable) e);
            getClient().onQueryGoogleAccount(new IWorkspaceRestProtocol.QueryGoogleAccountMsg() { // from class: net.pulsesecure.modules.proto.ProtoImpl.10
                {
                    this.exists = false;
                    this.google_account = queryGoogleAccountMsg.google_account;
                }
            });
        } catch (IOException e2) {
            logger.error("queryGoogleAccount failed", (Throwable) e2);
            getClient().onQueryGoogleAccount(new IWorkspaceRestProtocol.QueryGoogleAccountMsg() { // from class: net.pulsesecure.modules.proto.ProtoImpl.11
                {
                    this.exists = false;
                    this.google_account = queryGoogleAccountMsg.google_account;
                }
            });
        } catch (Exception e3) {
            logger.error("queryGoogleAccount failed", (Throwable) e3);
            getClient().onQueryGoogleAccount(new IWorkspaceRestProtocol.QueryGoogleAccountMsg() { // from class: net.pulsesecure.modules.proto.ProtoImpl.12
                {
                    this.exists = false;
                    this.google_account = queryGoogleAccountMsg.google_account;
                }
            });
        }
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void register(RegisterMsg registerMsg) {
        logger.debug("register");
        setState(IWorkspaceRestProtocol.State.registering);
        try {
            if (this.mBaseUrl == null) {
                logger.debug("No PWS API URL in mPWSApiUrl, downloading register.json file");
                String byLongestMatch = getByLongestMatch(registerMsg.reg_key, requestRegkeyMapSync());
                if (byLongestMatch == null) {
                    logger.error("invalid regkey: {}", registerMsg.reg_key);
                    setState(IWorkspaceRestProtocol.State.regerr);
                    getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.AuthErr, "invalid regkey"));
                    return;
                }
                logger.debug("reg url={}", byLongestMatch);
                this.mBaseUrl = byLongestMatch + PROTO_PREFIX;
            }
            logger.debug("mBaseUrl = {}", this.mBaseUrl);
            commonRegistrationTasks((RegisterRespMsg) JsonWrapper.fromJson(sendNoAuthHttpRequest(SAML_REGISTER_ENDPOINT, METHOD_POST, JsonWrapper.toJson(registerMsg)), RegisterRespMsg.class));
        } catch (RuntimeException e) {
            logger.error("register failed", (Throwable) e);
            setState(IWorkspaceRestProtocol.State.regerr);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.RegErr, e.getMessage()));
        } catch (SendHttpException e2) {
            logger.error("register failed", (Throwable) e2);
            setState(IWorkspaceRestProtocol.State.regerr);
            String errorMessage = e2.getErrorMessage();
            if (e2.getStatus() == HTTP_STATUS_CODE_FORBIDDEN) {
                getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.RegErr, this.f5android.getString(R.string.e1006_reg_err)));
            } else {
                getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, errorMessage));
            }
        } catch (IOException e3) {
            logger.error("register failed", (Throwable) e3);
            setState(IWorkspaceRestProtocol.State.regerr);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, e3.getMessage()));
        }
    }

    public void renewHawkCred() {
        logger.debug("ProtocolImpl::renewHawkCred");
        if (this.mHawkId == null || this.mHawkSecret == null) {
            return;
        }
        try {
            String sendHttpRequest = sendHttpRequest("/auth/renew", AuthMode.HawkNoRenew, METHOD_POST, null, null);
            logger.debug("renewHawkCred response: {}", sendHttpRequest);
            RenewalRespMsg renewalRespMsg = (RenewalRespMsg) JsonWrapper.fromJson(sendHttpRequest, RenewalRespMsg.class);
            if (renewalRespMsg.result == null || renewalRespMsg.result.credentials == null) {
                throw new Exception("invalid response (no credentials) for auth/renew: " + sendHttpRequest);
            }
            storeRenewedHawkCreds(renewalRespMsg.result.credentials);
        } catch (SendHttpException e) {
            logger.error("renewHawkCred HttpException", (Throwable) e);
            if (e.getStatus() == HTTP_STATUS_CODE_FORBIDDEN || e.getStatus() == 401) {
                getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.AuthExpired, e.getMessage()));
            }
        } catch (Exception e2) {
            logger.error("renewHawkCred exception:", (Throwable) e2);
        }
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void requestPolicy() {
        this.persistentSender.persistentSend("/policy", new Callable<Void>() { // from class: net.pulsesecure.modules.proto.ProtoImpl.17
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                PolicyMsg policyMsg = (PolicyMsg) JsonWrapper.fromJson(ProtoImpl.this.sendHttpRequest("/afw/spaces/%s/policy", ProtoImpl.METHOD_GET, null), PolicyMsg.class);
                ProtoImpl.logger.debug("received new requested policy");
                if (policyMsg == null) {
                    ProtoImpl.logger.error("requestPolicy failed - policyMsg is null");
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, "Policy message is empty"));
                } else {
                    policyMsg.refresh_time = new Date();
                    ProtoImpl.logger.debug("policy refresh time is " + policyMsg.refresh_time);
                    ProtoImpl.this.requestSupportInfo(policyMsg);
                    ProtoImpl.this.requestCertificateIfNeeded(policyMsg);
                    ProtoImpl.this.handleProtoDebugPolicy(policyMsg);
                    ProtoImpl.this.getClient().onPolicy(policyMsg);
                }
                return null;
            }
        }, new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.18
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    return;
                }
                if (exc instanceof SendHttpException) {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, ((SendHttpException) exc).getErrorMessage()));
                } else {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                }
            }
        });
    }

    Map<String, Object> requestRegkeyMapSync() throws IOException {
        Map<String, Object> map = JsonWrapper.toMap(0 == 0 ? sendNoAuthHttpRequest(REGISTER_JSON_S3_URL, METHOD_GET, null) : null);
        return map.containsKey("afw") ? (Map) map.get("afw") : map;
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void requestState() {
        getClient().onStateChange(new IWorkspaceRestProtocol.StateChangeMsg(this.mState, this.mState));
    }

    public void requestSupportInfo(PolicyMsg policyMsg) {
        try {
            String sendHttpRequest = sendHttpRequest("/domains/" + policyMsg.settings.server_name + "/support-contact", METHOD_GET, null);
            logger.debug("create google-account: unexpectedly returned {}", sendHttpRequest);
            IWorkspaceRestProtocol.SupportInfoMsg supportInfoMsg = (IWorkspaceRestProtocol.SupportInfoMsg) JsonWrapper.fromJson(sendHttpRequest, IWorkspaceRestProtocol.SupportInfoMsg.class);
            if (supportInfoMsg != null) {
                policyMsg.settings.support_email = supportInfoMsg.email;
                policyMsg.settings.support_phone = supportInfoMsg.phone;
            }
        } catch (Exception e) {
            logger.error("requestSupportInfo failed", (Throwable) e);
        }
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void samlRegister(final SamlRegisterMsg samlRegisterMsg) {
        setState(IWorkspaceRestProtocol.State.registering);
        String str = samlRegisterMsg.url;
        if (str == null) {
            logger.error("invalid url");
            setState(IWorkspaceRestProtocol.State.regerr);
            return;
        }
        logger.debug("reg url={}", str);
        try {
            commonRegistrationTasks((RegisterRespMsg) JsonWrapper.fromJson(sendHttpRequestWithAuthHeader(SAML_REGISTER_ENDPOINT, METHOD_POST, null, BEARER_AUTHORIZATION + ((SamlRegisterRespMsg) JsonWrapper.fromJson(sendNoAuthHttpRequest(str, METHOD_POST, JsonWrapper.toJson(new SamlRegisterMsg() { // from class: net.pulsesecure.modules.proto.ProtoImpl.1
                {
                    this.saml_response = samlRegisterMsg.saml_response;
                }
            })), SamlRegisterRespMsg.class)).bearer_token), RegisterRespMsg.class));
        } catch (IOException e) {
            logger.error("register failed", (Throwable) e);
            setState(IWorkspaceRestProtocol.State.regerr);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, e.getMessage()));
        } catch (RuntimeException e2) {
            logger.error("register failed", (Throwable) e2);
            setState(IWorkspaceRestProtocol.State.regerr);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.RegErr, e2.getMessage()));
        } catch (SendHttpException e3) {
            logger.error("register failed", (Throwable) e3);
            setState(IWorkspaceRestProtocol.State.regerr);
            getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, e3.getErrorMessage()));
        }
    }

    public void saveDeviceInfo(Context context) {
        this.mSavedDeviceInfo = CollectDeviceInfo.collect(this.f5android, context);
    }

    public void saveParams(@NonNull RegisterRespMsg registerRespMsg) {
        logger.debug("regmsg: {}", registerRespMsg);
        storeWorkspaceParams(registerRespMsg);
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void sendAppsState(final IWorkspaceRestProtocol.AppsStateMsg appsStateMsg) {
        if (appsStateMsg.workspace_state == IWorkspaceRestProtocol.AppsStateMsg.WorkspaceState.enabled) {
            appsStateMsg.workspace_state = IWorkspaceRestProtocol.AppsStateMsg.WorkspaceState.policy_current;
        }
        if (appsStateMsg.app_states != null) {
            for (AppStateItem appStateItem : appsStateMsg.app_states) {
                if (appStateItem.state == AppState.system_enabled) {
                    appStateItem.state = AppState.installed;
                }
                if (appStateItem.state == AppState.system_missing) {
                    appStateItem.state = AppState.missing;
                }
            }
        }
        persistentSend("/afw/spaces/%s/state", METHOD_POST, JsonWrapper.toJson(calculateAppsStateDelta(this.savedAppsStateMessage, appsStateMsg)), new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.19
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    ProtoImpl.this.savedAppsStateMessage = appsStateMsg;
                    ProtoImpl.this.getClient().onSentAppsState();
                } else {
                    ProtoImpl.logger.error("sendAppsState failed", (Throwable) exc);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                }
            }
        });
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void sendComplianceInfo(IWorkspaceRestProtocol.ComplianceInfoMsg complianceInfoMsg) {
        logger.debug("PUT compliance msg={}", complianceInfoMsg);
        persistentSend("/workspaces/%s/compliance", METHOD_PUT, JsonWrapper.toJson(complianceInfoMsg), new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.9
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    return;
                }
                if (exc instanceof SendHttpException) {
                    SendHttpException sendHttpException = (SendHttpException) exc;
                    ProtoImpl.logger.error("sendComplianceInfo failed", (Throwable) sendHttpException);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, sendHttpException.getErrorMessage()));
                } else if (!(exc instanceof IOException)) {
                    ProtoImpl.logger.error("sendComplianceInfo failed", (Throwable) exc);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                } else {
                    IOException iOException = (IOException) exc;
                    ProtoImpl.logger.error("sendComplianceInfo failed", (Throwable) iOException);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, iOException.getMessage()));
                }
            }
        });
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void sendDeviceInfo(IWorkspaceRestProtocol.DeviceInfoMsg deviceInfoMsg) {
        final RetryEntry.RetryPolicy retryPolicy;
        if (deviceInfoMsg == null) {
            deviceInfoMsg = new IWorkspaceRestProtocol.DeviceInfoMsg();
        }
        fillDeviceInfo(deviceInfoMsg);
        logger.debug("PUT device msg={}", deviceInfoMsg);
        final IWorkspaceRestProtocol.DeviceInfoMsg deviceInfoMsg2 = deviceInfoMsg;
        if (this.mSentDeviceInfo || TextUtils.isEmpty(deviceInfoMsg.google_device_id)) {
            retryPolicy = null;
        } else {
            int i = 5;
            if (!PROD_CERTIFICATE.equals(deviceInfoMsg.client_certificate)) {
                logger.warn("Non-production client certificate: limit /device retries");
                i = 3;
            }
            retryPolicy = new RetryEntry.RetryPolicy(i, 3000, 0.0d, 0);
        }
        persistentSend("/afw/spaces/%s/device", METHOD_PUT, JsonWrapper.toJson(deviceInfoMsg), new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.8
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                ProtoImpl.logger.debug("sendDeviceInfo: success={} req.pol={}", Boolean.valueOf(z), retryPolicy, exc);
                if (z || 0 != 0) {
                    if (TextUtils.isEmpty(deviceInfoMsg2.google_device_id)) {
                        return;
                    }
                    ProtoImpl.this.getClient().onSentDeviceInfo();
                    ProtoImpl.this.mSentDeviceInfo = true;
                    return;
                }
                if (exc instanceof SendHttpException) {
                    SendHttpException sendHttpException = (SendHttpException) exc;
                    ProtoImpl.logger.error("sendDeviceInfo failed", (Throwable) sendHttpException);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, sendHttpException.getErrorMessage()));
                } else if (!(exc instanceof IOException)) {
                    ProtoImpl.logger.error("sendDeviceInfo failed", (Throwable) exc);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                } else {
                    IOException iOException = (IOException) exc;
                    ProtoImpl.logger.error("sendDeviceInfo failed", (Throwable) iOException);
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, iOException.getMessage()));
                }
            }
        }, retryPolicy);
    }

    String sendHttpRequest(String str, String str2, String str3) throws IOException {
        try {
            return sendHttpRequest(str, AuthMode.Hawk, str2, str3, null);
        } catch (SendHttpException e) {
            if (e.getStatus() != 401) {
                throw e;
            }
            forceRenewCredentials();
            return sendHttpRequest(str, AuthMode.Hawk, str2, str3, null);
        }
    }

    String sendHttpRequest(String str, AuthMode authMode, String str2, String str3, String str4) throws IOException {
        return sendHttpRequest(str, authMode, str2, str3, str4, false, null);
    }

    String sendHttpRequest(String str, AuthMode authMode, String str2, String str3, String str4, boolean z, List<Uri> list) throws IOException {
        if (this.mState == IWorkspaceRestProtocol.State.disabled) {
            logger.info("not sending message due to disabled - " + str2);
            return null;
        }
        IAndroidWrapper.Wakelock acquireLock = this.f5android.acquireLock(30000);
        try {
            if (this.mBaseUrl == null) {
                loadWorkspaceParams();
                genHawkCreds();
            }
            URL url = new URL((str.startsWith("http") ? "" : this.mBaseUrl) + String.format(str, this.mWorkspaceId));
            logger.debug("sendHttpRequest: url={}", url);
            this.mThrottler.throttle();
            HttpURLConnection httpURLConnection = null;
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) url.openConnection();
                httpURLConnection2.setRequestMethod(str2);
                httpURLConnection2.setConnectTimeout(10000);
                httpURLConnection2.setReadTimeout(30000);
                if (authMode == AuthMode.BearerToken) {
                    httpURLConnection2.setRequestProperty(HttpHeaders.AUTHORIZATION, str4);
                } else if (authMode != AuthMode.NoAuth) {
                    if (authMode == AuthMode.Hawk && !checkHawkCredsValidity()) {
                        renewHawkCred();
                        genHawkCreds();
                    }
                    if (this.hawkClient == null) {
                        logger.error("auth required but hawkClient==null. expect HTTP auth error...");
                    } else {
                        httpURLConnection2.setRequestProperty(HttpHeaders.AUTHORIZATION, this.hawkClient.generateAuthorizationHeader(url.toURI(), str2, null, null, null, null));
                    }
                }
                if (list != null) {
                    httpURLConnection2.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/zip");
                    OutputStream outputStream = httpURLConnection2.getOutputStream();
                    logger.debug("streamMergedLogsZip return count {}", Long.valueOf(PSLog.mergeZipsToStream(outputStream, this.mWorkspaceId, list, false)));
                    outputStream.close();
                } else if (str3 != null) {
                    httpURLConnection2.setDoOutput(true);
                    httpURLConnection2.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/json");
                    OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection2.getOutputStream());
                    outputStreamWriter.write(str3);
                    outputStreamWriter.close();
                }
                httpURLConnection2.connect();
                logger.debug("sendHttpRequest: {} {} - {} {}", httpURLConnection2.getRequestMethod(), httpURLConnection2.getURL(), Integer.valueOf(httpURLConnection2.getResponseCode()), httpURLConnection2.getResponseMessage());
                int responseCode = httpURLConnection2.getResponseCode();
                if (this.hawkClient != null && httpURLConnection2.getDate() != 0) {
                    this.hawkClient.setServerDate(httpURLConnection2.getDate());
                    if (responseCode == HTTP_STATUS_CODE_FORBIDDEN && !z) {
                        logger.debug("fixed time skew, retrying");
                        return sendHttpRequest(str, authMode, str2, str3, str4, true, list);
                    }
                }
                if (responseCode == 304) {
                    return null;
                }
                if (responseCode < 200 || responseCode >= 300) {
                    throw new SendHttpException(httpURLConnection2.getURL(), responseCode, httpURLConnection2.getResponseMessage(), readContent(httpURLConnection2.getErrorStream()));
                }
                return readContent(httpURLConnection2.getInputStream());
            } catch (IOException e) {
                logger.error("sendHttpRequest: failed status={}", 0 == 0 ? null : httpURLConnection.getResponseCode() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + httpURLConnection.getResponseMessage(), e);
                throw e;
            } catch (URISyntaxException e2) {
                logger.error("sendHttpRequest: Error generating HAWK auth header request {} space {}", str, this.mWorkspaceId, e2);
                throw new RuntimeException(e2);
            }
        } finally {
            acquireLock.release();
        }
    }

    String sendHttpRequestWithAuthHeader(String str, String str2, String str3, String str4) throws IOException {
        return sendHttpRequest(str, AuthMode.BearerToken, str2, str3, str4);
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void sendJWS(final IWorkspaceRestProtocol.SafetyNetPostReqMsg safetyNetPostReqMsg) {
        this.persistentSender.persistentSend("jws", new Callable<Void>() { // from class: net.pulsesecure.modules.proto.ProtoImpl.6
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                IWorkspaceRestProtocol.SafetyNetPostResMsg safetyNetPostResMsg = (IWorkspaceRestProtocol.SafetyNetPostResMsg) JsonWrapper.fromJson(ProtoImpl.this.sendHttpRequest("/afw/spaces/%s/device/safetynet", ProtoImpl.METHOD_POST, JsonWrapper.toJson(safetyNetPostReqMsg)), IWorkspaceRestProtocol.SafetyNetPostResMsg.class);
                ProtoImpl.logger.debug("received attestation resp");
                if (safetyNetPostReqMsg == null) {
                    ProtoImpl.logger.error("get nonce is null");
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, "nonce message is empty"));
                } else {
                    ProtoImpl.this.getClient().onAttestationReceived(safetyNetPostResMsg);
                }
                return null;
            }
        }, new RetryComplete() { // from class: net.pulsesecure.modules.proto.ProtoImpl.7
            @Override // net.pulsesecure.modules.proto.impl.RetryComplete
            public void onComplete(String str, boolean z, Exception exc) {
                if (z) {
                    return;
                }
                if (exc instanceof SendHttpException) {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.ServerErr, ((SendHttpException) exc).getErrorMessage()));
                } else {
                    ProtoImpl.this.getClient().onError(new IWorkspaceRestProtocol.Client.ErrorMsg(IWorkspaceRestProtocol.Client.ErrorMsg.ErrorCode.NetworkErr, exc == null ? null : exc.getMessage()));
                }
            }
        });
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    public void sendLogs(List<Uri> list) {
        logger.debug("start sendlogs");
        try {
            sendHttpRequest("/afw/spaces/%s/debug-data", AuthMode.Hawk, METHOD_POST, null, null, true, list);
        } catch (IOException e) {
            logger.error("error sending logs to server", (Throwable) e);
        } catch (Exception e2) {
            logger.error("error sending logs", (Throwable) e2);
        }
    }

    String sendNoAuthHttpRequest(String str, String str2, String str3) throws IOException {
        return sendHttpRequest(str, AuthMode.NoAuth, str2, str3, null);
    }

    @Override // net.pulsesecure.modules.proto.IWorkspaceRestProtocol
    @TargetApi(19)
    public void setSavedVpnCertificate(IWorkspaceRestProtocol.SavedVpnCertificateMsg savedVpnCertificateMsg) {
        this.mCertVersion = savedVpnCertificateMsg.version;
        this.f5android.getPrefs().putString("proto.vpn.cert.version", this.mCertVersion);
    }

    public void storeRenewedHawkCreds(CredentialsInfo credentialsInfo) {
        logger.debug("storeRenewedHawkCreds {}", credentialsInfo);
        this.mHawkId = credentialsInfo.id;
        this.mHawkSecret = credentialsInfo.secret;
        this.mHawkExpires = credentialsInfo.expires;
        this.mHawkRenew = credentialsInfo.renew;
        genHawkCreds();
        Prefs prefs = this.f5android.getPrefs();
        prefs.putString("proto.hawk.id", this.mHawkId);
        prefs.putString("proto.hawk.secret", this.mHawkSecret);
        prefs.putString("proto.hawk.expires", String.valueOf(this.mHawkExpires));
        prefs.putString("proto.hawk.renew", String.valueOf(this.mHawkRenew));
    }
}
