package com.android.server.wifi.hotspot2;

import android.annotation.Nullable;
import android.net.wifi.ScanResult;
import android.net.wifi.SecurityParams;
import android.net.wifi.WifiConfiguration;
import android.net.wifi.WifiEnterpriseConfig;
import android.net.wifi.WifiSsid;
import android.net.wifi.hotspot2.PasspointConfiguration;
import android.net.wifi.hotspot2.pps.Credential;
import android.net.wifi.hotspot2.pps.HomeSp;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.android.server.wifi.Clock;
import com.android.server.wifi.IMSIParameter;
import com.android.server.wifi.MboOceConstants;
import com.android.server.wifi.WifiCarrierInfoManager;
import com.android.server.wifi.WifiKeyStore;
import com.android.server.wifi.hotspot2.anqp.ANQPElement;
import com.android.server.wifi.hotspot2.anqp.Constants;
import com.android.server.wifi.hotspot2.anqp.DomainNameElement;
import com.android.server.wifi.hotspot2.anqp.NAIRealmData;
import com.android.server.wifi.hotspot2.anqp.NAIRealmElement;
import com.android.server.wifi.hotspot2.anqp.RoamingConsortiumElement;
import com.android.server.wifi.hotspot2.anqp.ThreeGPPNetworkElement;
import com.android.server.wifi.hotspot2.anqp.eap.AuthParam;
import com.android.server.wifi.hotspot2.anqp.eap.NonEAPInnerAuth;
import com.android.server.wifi.util.ArrayUtils;
import com.android.server.wifi.util.InformationElementUtil;
import com.android.wifi.x.com.android.modules.utils.build.SdkLevel;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/android/server/wifi/hotspot2/PasspointProvider.class */
public class PasspointProvider {
    private static final String TAG = "PasspointProvider";
    private static final String ALIAS_HS_TYPE = "HS2_";
    private static final String ALIAS_ALIAS_REMEDIATION_TYPE = "REMEDIATION_";
    private static final String SYSTEM_CA_STORE_PATH = "/system/etc/security/cacerts";
    private static final long MAX_RCOI_ENTRY_LIFETIME_MS = 600000;
    private final PasspointConfiguration mConfig;
    private final WifiKeyStore mKeyStore;
    private List<String> mCaCertificateAliases;
    private String mClientPrivateKeyAndCertificateAlias;
    private String mRemediationCaCertificateAlias;
    private final long mProviderId;
    private final int mCreatorUid;
    private final String mPackageName;
    private final IMSIParameter mImsiParameter;
    private final int mEAPMethodID;
    private final AuthParam mAuthParam;
    private final WifiCarrierInfoManager mWifiCarrierInfoManager;
    private int mBestGuessCarrierId;
    private boolean mHasEverConnected;
    private boolean mIsShared;
    private boolean mIsFromSuggestion;
    private boolean mIsTrusted;
    private boolean mIsRestricted;
    private boolean mVerboseLoggingEnabled;
    private final Clock mClock;
    private long mReauthDelay;
    private List<String> mBlockedBssids;
    private String mAnonymousIdentity;
    private String mConnectChoice;
    private int mConnectChoiceRssi;
    private String mMostRecentSsid;
    private long mMostRecentConnectionTime;
    private final Map<String, Pair<Long, Long>> mRcoiMatchForNetwork;

    /* loaded from: input_file:com/android/server/wifi/hotspot2/PasspointProvider$ConnectionTimeComparator.class */
    public static class ConnectionTimeComparator implements Comparator<PasspointProvider> {
        @Override // java.util.Comparator
        public int compare(PasspointProvider passpointProvider, PasspointProvider passpointProvider2) {
            return passpointProvider.getMostRecentConnectionTime() - passpointProvider2.getMostRecentConnectionTime() < 0 ? -1 : 1;
        }
    }

    public PasspointProvider(PasspointConfiguration passpointConfiguration, WifiKeyStore wifiKeyStore, WifiCarrierInfoManager wifiCarrierInfoManager, long j, int i, String str, boolean z, Clock clock) {
        this(passpointConfiguration, wifiKeyStore, wifiCarrierInfoManager, j, i, str, z, null, null, null, false, false, clock);
    }

    public PasspointProvider(PasspointConfiguration passpointConfiguration, WifiKeyStore wifiKeyStore, WifiCarrierInfoManager wifiCarrierInfoManager, long j, int i, String str, boolean z, List<String> list, String str2, String str3, boolean z2, boolean z3, Clock clock) {
        this.mBestGuessCarrierId = -1;
        this.mReauthDelay = 0L;
        this.mBlockedBssids = new ArrayList();
        this.mAnonymousIdentity = null;
        this.mConnectChoice = null;
        this.mConnectChoiceRssi = 0;
        this.mMostRecentSsid = null;
        this.mRcoiMatchForNetwork = new HashMap();
        this.mConfig = new PasspointConfiguration(passpointConfiguration);
        this.mKeyStore = wifiKeyStore;
        this.mProviderId = j;
        this.mCreatorUid = i;
        this.mPackageName = str;
        this.mCaCertificateAliases = list;
        this.mClientPrivateKeyAndCertificateAlias = str2;
        this.mRemediationCaCertificateAlias = str3;
        this.mHasEverConnected = z2;
        this.mIsShared = z3;
        this.mIsFromSuggestion = z;
        this.mWifiCarrierInfoManager = wifiCarrierInfoManager;
        this.mIsTrusted = true;
        this.mIsRestricted = false;
        this.mClock = clock;
        if (this.mConfig.getCredential().getUserCredential() != null) {
            this.mEAPMethodID = 21;
            this.mAuthParam = new NonEAPInnerAuth(NonEAPInnerAuth.getAuthTypeID(this.mConfig.getCredential().getUserCredential().getNonEapInnerMethod()));
            this.mImsiParameter = null;
        } else if (this.mConfig.getCredential().getCertCredential() != null) {
            this.mEAPMethodID = 13;
            this.mAuthParam = null;
            this.mImsiParameter = null;
        } else {
            this.mEAPMethodID = this.mConfig.getCredential().getSimCredential().getEapType();
            this.mAuthParam = null;
            this.mImsiParameter = IMSIParameter.build(this.mConfig.getCredential().getSimCredential().getImsi());
        }
    }

    public void setTrusted(boolean z) {
        if (this.mIsFromSuggestion) {
            this.mIsTrusted = z;
        } else {
            Log.e(TAG, "setTrusted can only be called for suggestion passpoint network");
        }
    }

    public boolean isTrusted() {
        return this.mIsTrusted;
    }

    public void setRestricted(boolean z) {
        if (this.mIsFromSuggestion) {
            this.mIsRestricted = z;
        } else {
            Log.e(TAG, "setRestricted can only be called for suggestion passpoint network");
        }
    }

    public boolean isRestricted() {
        return this.mIsRestricted;
    }

    public void setAnonymousIdentity(String str) {
        this.mAnonymousIdentity = str;
    }

    public String getAnonymousIdentity() {
        return this.mAnonymousIdentity;
    }

    public PasspointConfiguration getConfig() {
        return new PasspointConfiguration(this.mConfig);
    }

    public List<String> getCaCertificateAliases() {
        return this.mCaCertificateAliases;
    }

    public String getClientPrivateKeyAndCertificateAlias() {
        return this.mClientPrivateKeyAndCertificateAlias;
    }

    public String getRemediationCaCertificateAlias() {
        return this.mRemediationCaCertificateAlias;
    }

    public long getProviderId() {
        return this.mProviderId;
    }

    public int getCreatorUid() {
        return this.mCreatorUid;
    }

    @Nullable
    public String getPackageName() {
        return this.mPackageName;
    }

    public boolean getHasEverConnected() {
        return this.mHasEverConnected;
    }

    public void setHasEverConnected(boolean z) {
        this.mHasEverConnected = z;
    }

    public boolean isFromSuggestion() {
        return this.mIsFromSuggestion;
    }

    public boolean setAutojoinEnabled(boolean z) {
        boolean z2 = this.mConfig.isAutojoinEnabled() != z;
        this.mConfig.setAutojoinEnabled(z);
        return z2;
    }

    public boolean isAutojoinEnabled() {
        return this.mConfig.isAutojoinEnabled();
    }

    public boolean setMacRandomizationEnabled(boolean z) {
        boolean z2 = this.mConfig.isMacRandomizationEnabled() != z;
        this.mConfig.setMacRandomizationEnabled(z);
        return z2;
    }

    public boolean isMacRandomizationEnabled() {
        return this.mConfig.isMacRandomizationEnabled();
    }

    public boolean setMeteredOverride(int i) {
        boolean z = this.mConfig.getMeteredOverride() != i;
        this.mConfig.setMeteredOverride(i);
        return z;
    }

    public boolean installCertsAndKeys() {
        X509Certificate[] caCertificates = this.mConfig.getCredential().getCaCertificates();
        if (caCertificates != null) {
            this.mCaCertificateAliases = new ArrayList();
            for (int i = 0; i < caCertificates.length; i++) {
                String format = String.format("%s%s_%d", ALIAS_HS_TYPE, Long.valueOf(this.mProviderId), Integer.valueOf(i));
                if (!this.mKeyStore.putCaCertInKeyStore(format, caCertificates[i])) {
                    Log.e(TAG, "Failed to install CA Certificate " + format);
                    uninstallCertsAndKeys();
                    return false;
                }
                this.mCaCertificateAliases.add(format);
            }
        }
        if (this.mConfig.getCredential().getClientPrivateKey() != null && this.mConfig.getCredential().getClientCertificateChain() != null && this.mConfig.getCredential().getCertCredential() != null) {
            String str = ALIAS_HS_TYPE + this.mProviderId;
            PrivateKey clientPrivateKey = this.mConfig.getCredential().getClientPrivateKey();
            X509Certificate clientCertificate = getClientCertificate(this.mConfig.getCredential().getClientCertificateChain(), this.mConfig.getCredential().getCertCredential().getCertSha256Fingerprint());
            if (clientCertificate == null) {
                Log.e(TAG, "Failed to locate client certificate");
                uninstallCertsAndKeys();
                return false;
            }
            if (!this.mKeyStore.putUserPrivKeyAndCertsInKeyStore(str, clientPrivateKey, new Certificate[]{clientCertificate})) {
                Log.e(TAG, "Failed to install client private key or certificate");
                uninstallCertsAndKeys();
                return false;
            }
            this.mClientPrivateKeyAndCertificateAlias = str;
        }
        if (this.mConfig.getSubscriptionUpdate() != null) {
            X509Certificate caCertificate = this.mConfig.getSubscriptionUpdate().getCaCertificate();
            if (caCertificate == null) {
                Log.e(TAG, "Failed to locate CA certificate for remediation");
                uninstallCertsAndKeys();
                return false;
            }
            String str2 = "HS2_REMEDIATION_" + this.mProviderId;
            if (!this.mKeyStore.putCaCertInKeyStore(str2, caCertificate)) {
                Log.e(TAG, "Failed to install CA certificate for remediation");
                uninstallCertsAndKeys();
                return false;
            }
            this.mRemediationCaCertificateAlias = str2;
        }
        this.mConfig.getCredential().setCaCertificates(null);
        this.mConfig.getCredential().setClientPrivateKey(null);
        this.mConfig.getCredential().setClientCertificateChain(null);
        if (this.mConfig.getSubscriptionUpdate() == null) {
            return true;
        }
        this.mConfig.getSubscriptionUpdate().setCaCertificate((X509Certificate) null);
        return true;
    }

    public void uninstallCertsAndKeys() {
        if (this.mCaCertificateAliases != null) {
            for (String str : this.mCaCertificateAliases) {
                if (!this.mKeyStore.removeEntryFromKeyStore(str)) {
                    Log.e(TAG, "Failed to remove entry: " + str);
                }
            }
            this.mCaCertificateAliases = null;
        }
        if (this.mClientPrivateKeyAndCertificateAlias != null) {
            if (!this.mKeyStore.removeEntryFromKeyStore(this.mClientPrivateKeyAndCertificateAlias)) {
                Log.e(TAG, "Failed to remove entry: " + this.mClientPrivateKeyAndCertificateAlias);
            }
            this.mClientPrivateKeyAndCertificateAlias = null;
        }
        if (this.mRemediationCaCertificateAlias != null) {
            if (!this.mKeyStore.removeEntryFromKeyStore(this.mRemediationCaCertificateAlias)) {
                Log.e(TAG, "Failed to remove entry: " + this.mRemediationCaCertificateAlias);
            }
            this.mRemediationCaCertificateAlias = null;
        }
    }

    public boolean tryUpdateCarrierId() {
        return this.mWifiCarrierInfoManager.tryUpdateCarrierIdForPasspoint(this.mConfig);
    }

    @Nullable
    private String getMatchingSimImsi() {
        String str = null;
        if (this.mConfig.getSubscriptionId() != -1) {
            str = this.mWifiCarrierInfoManager.getMatchingImsiBySubId(this.mConfig.getSubscriptionId());
        } else if (this.mConfig.getCarrierId() != -1) {
            str = this.mWifiCarrierInfoManager.getMatchingImsiBySubId(this.mWifiCarrierInfoManager.getMatchingSubId(this.mConfig.getCarrierId()));
        } else {
            Pair<String, Integer> matchingImsiCarrierId = this.mWifiCarrierInfoManager.getMatchingImsiCarrierId(this.mConfig.getCredential().getSimCredential().getImsi());
            if (matchingImsiCarrierId != null) {
                str = (String) matchingImsiCarrierId.first;
                this.mBestGuessCarrierId = ((Integer) matchingImsiCarrierId.second).intValue();
            }
        }
        return str;
    }

    public PasspointMatch match(Map<Constants.ANQPElementType, ANQPElement> map, InformationElementUtil.RoamingConsortium roamingConsortium, ScanResult scanResult) {
        sweepMatchedRcoiMap();
        if (isProviderBlocked(scanResult)) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "Provider " + this.mConfig.getServiceFriendlyName() + " is blocked because reauthentication delay duration is still in progess");
            }
            return PasspointMatch.None;
        }
        String str = null;
        if (this.mConfig.getCredential().getSimCredential() != null) {
            str = getMatchingSimImsi();
            if (TextUtils.isEmpty(str)) {
                if (this.mVerboseLoggingEnabled) {
                    Log.d(TAG, "No SIM card with IMSI " + this.mConfig.getCredential().getSimCredential().getImsi() + " is installed, final match: " + PasspointMatch.None);
                }
                return PasspointMatch.None;
            }
        }
        PasspointMatch matchFqdnAndRcoi = matchFqdnAndRcoi(map, roamingConsortium, str, scanResult);
        if (matchFqdnAndRcoi == PasspointMatch.None && ANQPMatcher.matchThreeGPPNetwork((ThreeGPPNetworkElement) map.get(Constants.ANQPElementType.ANQP3GPPNetwork), this.mImsiParameter, str)) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "Final RoamingProvider match with " + map.get(Constants.ANQPElementType.ANQP3GPPNetwork));
            }
            return PasspointMatch.RoamingProvider;
        }
        if (!ANQPMatcher.matchNAIRealm((NAIRealmElement) map.get(Constants.ANQPElementType.ANQPNAIRealm), this.mConfig.getCredential().getRealm())) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "No NAI realm match, final match: " + matchFqdnAndRcoi);
            }
            return matchFqdnAndRcoi;
        }
        if (this.mVerboseLoggingEnabled) {
            Log.d(TAG, "NAI realm match with " + this.mConfig.getCredential().getRealm());
        }
        if (matchFqdnAndRcoi == PasspointMatch.None) {
            matchFqdnAndRcoi = PasspointMatch.RoamingProvider;
        }
        if (this.mVerboseLoggingEnabled) {
            Log.d(TAG, "Final match: " + matchFqdnAndRcoi);
        }
        return matchFqdnAndRcoi;
    }

    public WifiConfiguration getWifiConfig() {
        WifiConfiguration wifiConfiguration = new WifiConfiguration();
        wifiConfiguration.setSecurityParams(Arrays.asList(SecurityParams.createSecurityParamsBySecurityType(11), SecurityParams.createSecurityParamsBySecurityType(12)));
        wifiConfiguration.FQDN = this.mConfig.getHomeSp().getFqdn();
        wifiConfiguration.setPasspointUniqueId(this.mConfig.getUniqueId());
        if (this.mConfig.getHomeSp().getRoamingConsortiumOis() != null) {
            wifiConfiguration.roamingConsortiumIds = Arrays.copyOf(this.mConfig.getHomeSp().getRoamingConsortiumOis(), this.mConfig.getHomeSp().getRoamingConsortiumOis().length);
        }
        if (this.mConfig.getUpdateIdentifier() != Integer.MIN_VALUE) {
            wifiConfiguration.updateIdentifier = Integer.toString(this.mConfig.getUpdateIdentifier());
            if (isMeteredNetwork(this.mConfig)) {
                wifiConfiguration.meteredOverride = 1;
            }
        }
        wifiConfiguration.providerFriendlyName = this.mConfig.getHomeSp().getFriendlyName();
        int carrierId = this.mConfig.getCarrierId();
        if (carrierId == -1) {
            carrierId = this.mBestGuessCarrierId;
        }
        wifiConfiguration.carrierId = carrierId;
        if (this.mConfig.getSubscriptionGroup() != null) {
            wifiConfiguration.setSubscriptionGroup(this.mConfig.getSubscriptionGroup());
            wifiConfiguration.subscriptionId = this.mWifiCarrierInfoManager.getActiveSubscriptionIdInGroup(wifiConfiguration.getSubscriptionGroup());
        } else {
            wifiConfiguration.subscriptionId = this.mConfig.getSubscriptionId() == -1 ? this.mWifiCarrierInfoManager.getMatchingSubId(carrierId) : this.mConfig.getSubscriptionId();
        }
        wifiConfiguration.carrierMerged = this.mConfig.isCarrierMerged();
        wifiConfiguration.oemPaid = this.mConfig.isOemPaid();
        wifiConfiguration.oemPrivate = this.mConfig.isOemPrivate();
        WifiEnterpriseConfig wifiEnterpriseConfig = new WifiEnterpriseConfig();
        wifiEnterpriseConfig.setRealm(this.mConfig.getCredential().getRealm());
        wifiEnterpriseConfig.setDomainSuffixMatch(this.mConfig.getHomeSp().getFqdn());
        wifiEnterpriseConfig.setMinimumTlsVersion(this.mConfig.getCredential().getMinimumTlsVersion());
        if (this.mConfig.getCredential().getUserCredential() != null) {
            buildEnterpriseConfigForUserCredential(wifiEnterpriseConfig, this.mConfig.getCredential().getUserCredential());
            setAnonymousIdentityToNaiRealm(wifiEnterpriseConfig, this.mConfig.getCredential().getRealm());
        } else if (this.mConfig.getCredential().getCertCredential() != null) {
            buildEnterpriseConfigForCertCredential(wifiEnterpriseConfig);
            setAnonymousIdentityToNaiRealm(wifiEnterpriseConfig, this.mConfig.getCredential().getRealm());
        } else {
            buildEnterpriseConfigForSimCredential(wifiEnterpriseConfig, this.mConfig.getCredential().getSimCredential());
            wifiEnterpriseConfig.setAnonymousIdentity(this.mAnonymousIdentity);
        }
        if (!ArrayUtils.isEmpty(this.mConfig.getAaaServerTrustedNames())) {
            wifiEnterpriseConfig.setDomainSuffixMatch(String.join(NAIRealmData.NAI_REALM_STRING_SEPARATOR, this.mConfig.getAaaServerTrustedNames()));
            wifiEnterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
        }
        if (SdkLevel.isAtLeastS()) {
            wifiEnterpriseConfig.setDecoratedIdentityPrefix(this.mConfig.getDecoratedIdentityPrefix());
        }
        wifiConfiguration.enterpriseConfig = wifiEnterpriseConfig;
        if (this.mConfig.getCredential().getCheckAaaServerCertStatus()) {
            wifiConfiguration.enterpriseConfig.setOcsp(2);
        }
        wifiConfiguration.allowAutojoin = isAutojoinEnabled();
        wifiConfiguration.shared = this.mIsShared;
        wifiConfiguration.fromWifiNetworkSuggestion = this.mIsFromSuggestion;
        wifiConfiguration.ephemeral = this.mIsFromSuggestion;
        wifiConfiguration.creatorName = this.mPackageName;
        wifiConfiguration.creatorUid = this.mCreatorUid;
        wifiConfiguration.trusted = this.mIsTrusted;
        wifiConfiguration.restricted = this.mIsRestricted;
        if (!this.mConfig.isMacRandomizationEnabled()) {
            wifiConfiguration.macRandomizationSetting = 0;
        } else if (this.mConfig.isNonPersistentMacRandomizationEnabled()) {
            wifiConfiguration.macRandomizationSetting = 2;
        } else {
            wifiConfiguration.macRandomizationSetting = 1;
        }
        wifiConfiguration.meteredOverride = this.mConfig.getMeteredOverride();
        wifiConfiguration.getNetworkSelectionStatus().setConnectChoice(this.mConnectChoice);
        wifiConfiguration.getNetworkSelectionStatus().setConnectChoiceRssi(this.mConnectChoiceRssi);
        return wifiConfiguration;
    }

    public boolean isSimCredential() {
        return this.mConfig.getCredential().getSimCredential() != null;
    }

    public static PasspointConfiguration convertFromWifiConfig(WifiConfiguration wifiConfiguration) {
        PasspointConfiguration passpointConfiguration = new PasspointConfiguration();
        HomeSp homeSp = new HomeSp();
        if (TextUtils.isEmpty(wifiConfiguration.FQDN)) {
            Log.e(TAG, "Missing FQDN");
            return null;
        }
        homeSp.setFqdn(wifiConfiguration.FQDN);
        homeSp.setFriendlyName(wifiConfiguration.providerFriendlyName);
        if (wifiConfiguration.roamingConsortiumIds != null) {
            homeSp.setRoamingConsortiumOis(Arrays.copyOf(wifiConfiguration.roamingConsortiumIds, wifiConfiguration.roamingConsortiumIds.length));
        }
        passpointConfiguration.setHomeSp(homeSp);
        passpointConfiguration.setCarrierId(wifiConfiguration.carrierId);
        Credential credential = new Credential();
        credential.setRealm(wifiConfiguration.enterpriseConfig.getRealm());
        switch (wifiConfiguration.enterpriseConfig.getEapMethod()) {
            case 1:
                Credential.CertificateCredential certificateCredential = new Credential.CertificateCredential();
                certificateCredential.setCertType("x509v3");
                credential.setCertCredential(certificateCredential);
                break;
            case 2:
                credential.setUserCredential(buildUserCredentialFromEnterpriseConfig(wifiConfiguration.enterpriseConfig));
                break;
            case 3:
            default:
                Log.e(TAG, "Unsupported EAP method: " + wifiConfiguration.enterpriseConfig.getEapMethod());
                return null;
            case 4:
                credential.setSimCredential(buildSimCredentialFromEnterpriseConfig(18, wifiConfiguration.enterpriseConfig));
                break;
            case 5:
                credential.setSimCredential(buildSimCredentialFromEnterpriseConfig(23, wifiConfiguration.enterpriseConfig));
                break;
            case 6:
                credential.setSimCredential(buildSimCredentialFromEnterpriseConfig(50, wifiConfiguration.enterpriseConfig));
                break;
        }
        if (credential.getUserCredential() == null && credential.getCertCredential() == null && credential.getSimCredential() == null) {
            Log.e(TAG, "Missing credential");
            return null;
        }
        passpointConfiguration.setCredential(credential);
        return passpointConfiguration;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof PasspointProvider)) {
            return false;
        }
        PasspointProvider passpointProvider = (PasspointProvider) obj;
        return this.mProviderId == passpointProvider.mProviderId && (this.mCaCertificateAliases != null ? this.mCaCertificateAliases.equals(passpointProvider.mCaCertificateAliases) : passpointProvider.mCaCertificateAliases == null) && TextUtils.equals(this.mClientPrivateKeyAndCertificateAlias, passpointProvider.mClientPrivateKeyAndCertificateAlias) && (this.mConfig != null ? this.mConfig.equals(passpointProvider.mConfig) : passpointProvider.mConfig == null) && TextUtils.equals(this.mRemediationCaCertificateAlias, passpointProvider.mRemediationCaCertificateAlias);
    }

    public int hashCode() {
        return Objects.hash(Long.valueOf(this.mProviderId), this.mCaCertificateAliases, this.mClientPrivateKeyAndCertificateAlias, this.mConfig, this.mRemediationCaCertificateAlias);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("ProviderId: ").append(this.mProviderId).append("\n");
        sb.append("CreatorUID: ").append(this.mCreatorUid).append("\n");
        sb.append("Best guess Carrier ID: ").append(this.mBestGuessCarrierId).append("\n");
        sb.append("Ever connected: ").append(this.mHasEverConnected).append("\n");
        sb.append("Shared: ").append(this.mIsShared).append("\n");
        sb.append("Suggestion: ").append(this.mIsFromSuggestion).append("\n");
        sb.append("Trusted: ").append(this.mIsTrusted).append("\n");
        sb.append("Restricted: ").append(this.mIsRestricted).append("\n");
        sb.append("UserConnectChoice: ").append(this.mConnectChoice).append("\n");
        if (this.mReauthDelay == 0 || this.mClock.getElapsedSinceBootMillis() >= this.mReauthDelay) {
            sb.append("Provider is not blocked").append("\n");
        } else {
            sb.append("Reauth delay remaining (seconds): ").append((this.mReauthDelay - this.mClock.getElapsedSinceBootMillis()) / 1000).append("\n");
            if (this.mBlockedBssids.isEmpty()) {
                sb.append("ESS is blocked").append("\n");
            } else {
                sb.append("List of blocked BSSIDs:").append("\n");
                Iterator<String> it = this.mBlockedBssids.iterator();
                while (it.hasNext()) {
                    sb.append(it.next()).append("\n");
                }
            }
        }
        if (this.mPackageName != null) {
            sb.append("PackageName: ").append(this.mPackageName).append("\n");
        }
        sb.append("Configuration Begin ---\n");
        sb.append(this.mConfig);
        sb.append("Configuration End ---\n");
        sb.append("WifiConfiguration Begin ---\n");
        sb.append(getWifiConfig());
        sb.append("WifiConfiguration End ---\n");
        return sb.toString();
    }

    private static X509Certificate getClientCertificate(X509Certificate[] x509CertificateArr, byte[] bArr) {
        if (x509CertificateArr == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                messageDigest.reset();
                if (Arrays.equals(bArr, messageDigest.digest(x509Certificate.getEncoded()))) {
                    return x509Certificate;
                }
            }
            return null;
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            return null;
        }
    }

    private boolean isMeteredNetwork(PasspointConfiguration passpointConfiguration) {
        if (passpointConfiguration == null) {
            return false;
        }
        return passpointConfiguration.getUsageLimitDataLimit() > 0 || passpointConfiguration.getUsageLimitTimeLimitInMinutes() > 0;
    }

    private long matchOis(long[] jArr, RoamingConsortiumElement roamingConsortiumElement, InformationElementUtil.RoamingConsortium roamingConsortium, boolean z) {
        long matchRoamingConsortium = ANQPMatcher.matchRoamingConsortium(roamingConsortiumElement, jArr, z);
        if (matchRoamingConsortium != 0) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, String.format("ANQP RCOI match: 0x%x", Long.valueOf(matchRoamingConsortium)));
            }
            return matchRoamingConsortium;
        }
        long[] roamingConsortiums = roamingConsortium.getRoamingConsortiums();
        if (roamingConsortiums == null || jArr == null) {
            return 0L;
        }
        for (long j : roamingConsortiums) {
            boolean z2 = false;
            int length = jArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (j == jArr[i]) {
                    if (this.mVerboseLoggingEnabled) {
                        Log.d(TAG, String.format("AP RCOI match: 0x%x", Long.valueOf(j)));
                    }
                    if (!z) {
                        return j;
                    }
                    z2 = true;
                    if (matchRoamingConsortium == 0) {
                        matchRoamingConsortium = j;
                    }
                } else {
                    i++;
                }
            }
            if (z && !z2) {
                return 0L;
            }
        }
        return matchRoamingConsortium;
    }

    private PasspointMatch matchFqdnAndRcoi(Map<Constants.ANQPElementType, ANQPElement> map, InformationElementUtil.RoamingConsortium roamingConsortium, String str, ScanResult scanResult) {
        if (ANQPMatcher.matchDomainName((DomainNameElement) map.get(Constants.ANQPElementType.ANQPDomName), this.mConfig.getHomeSp().getFqdn(), this.mImsiParameter, str)) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "Domain name " + this.mConfig.getHomeSp().getFqdn() + " match: HomeProvider");
            }
            return PasspointMatch.HomeProvider;
        }
        if (this.mConfig.getHomeSp().getOtherHomePartners() != null) {
            for (String str2 : this.mConfig.getHomeSp().getOtherHomePartners()) {
                if (ANQPMatcher.matchDomainName((DomainNameElement) map.get(Constants.ANQPElementType.ANQPDomName), str2, null, null)) {
                    if (this.mVerboseLoggingEnabled) {
                        Log.d(TAG, "Other Home Partner " + str2 + " match: HomeProvider");
                    }
                    return PasspointMatch.HomeProvider;
                }
            }
        }
        if (this.mConfig.getHomeSp().getMatchAllOis() != null) {
            if (matchOis(this.mConfig.getHomeSp().getMatchAllOis(), (RoamingConsortiumElement) map.get(Constants.ANQPElementType.ANQPRoamingConsortium), roamingConsortium, true) != 0) {
                if (this.mVerboseLoggingEnabled) {
                    Log.d(TAG, "All HomeOI RCOI match: HomeProvider");
                }
                return PasspointMatch.HomeProvider;
            }
        } else if (this.mConfig.getHomeSp().getMatchAnyOis() != null && matchOis(this.mConfig.getHomeSp().getMatchAnyOis(), (RoamingConsortiumElement) map.get(Constants.ANQPElementType.ANQPRoamingConsortium), roamingConsortium, false) != 0) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "Any HomeOI RCOI match: HomeProvider");
            }
            return PasspointMatch.HomeProvider;
        }
        long matchOis = matchOis(this.mConfig.getHomeSp().getRoamingConsortiumOis(), (RoamingConsortiumElement) map.get(Constants.ANQPElementType.ANQPRoamingConsortium), roamingConsortium, false);
        if (matchOis == 0) {
            if (this.mVerboseLoggingEnabled) {
                Log.d(TAG, "No domain name or RCOI match");
            }
            return PasspointMatch.None;
        }
        if (this.mVerboseLoggingEnabled) {
            Log.d(TAG, String.format("RCOI match: RoamingProvider, selected RCOI = 0x%x", Long.valueOf(matchOis)));
        }
        addMatchedRcoi(scanResult, matchOis);
        return PasspointMatch.RoamingProvider;
    }

    private void buildEnterpriseConfigForUserCredential(WifiEnterpriseConfig wifiEnterpriseConfig, Credential.UserCredential userCredential) {
        String password;
        try {
            password = new String(Base64.decode(userCredential.getPassword(), 0), StandardCharsets.UTF_8);
        } catch (IllegalArgumentException e) {
            Log.w(TAG, "Failed to decode password");
            password = userCredential.getPassword();
        }
        wifiEnterpriseConfig.setEapMethod(2);
        wifiEnterpriseConfig.setIdentity(userCredential.getUsername());
        wifiEnterpriseConfig.setPassword(password);
        if (ArrayUtils.isEmpty(this.mCaCertificateAliases)) {
            wifiEnterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
        } else {
            wifiEnterpriseConfig.setCaCertificateAliases((String[]) this.mCaCertificateAliases.toArray(new String[0]));
        }
        int i = 0;
        String nonEapInnerMethod = userCredential.getNonEapInnerMethod();
        boolean z = -1;
        switch (nonEapInnerMethod.hashCode()) {
            case 78975:
                if (nonEapInnerMethod.equals("PAP")) {
                    z = false;
                    break;
                }
                break;
            case 632512142:
                if (nonEapInnerMethod.equals("MS-CHAP-V2")) {
                    z = 2;
                    break;
                }
                break;
            case 2038151963:
                if (nonEapInnerMethod.equals("MS-CHAP")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                i = 1;
                break;
            case true:
                i = 2;
                break;
            case true:
                i = 3;
                break;
            default:
                Log.wtf(TAG, "Unsupported Auth: " + userCredential.getNonEapInnerMethod());
                break;
        }
        wifiEnterpriseConfig.setPhase2Method(i);
    }

    private void buildEnterpriseConfigForCertCredential(WifiEnterpriseConfig wifiEnterpriseConfig) {
        wifiEnterpriseConfig.setEapMethod(1);
        wifiEnterpriseConfig.setClientCertificateAlias(this.mClientPrivateKeyAndCertificateAlias);
        if (ArrayUtils.isEmpty(this.mCaCertificateAliases)) {
            wifiEnterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
        } else {
            wifiEnterpriseConfig.setCaCertificateAliases((String[]) this.mCaCertificateAliases.toArray(new String[0]));
        }
    }

    private void buildEnterpriseConfigForSimCredential(WifiEnterpriseConfig wifiEnterpriseConfig, Credential.SimCredential simCredential) {
        int i = -1;
        switch (simCredential.getEapType()) {
            case 18:
                i = 4;
                break;
            case 23:
                i = 5;
                break;
            case 50:
                i = 6;
                break;
            default:
                Log.wtf(TAG, "Unsupported EAP Method: " + simCredential.getEapType());
                break;
        }
        wifiEnterpriseConfig.setEapMethod(i);
        wifiEnterpriseConfig.setPlmn(simCredential.getImsi());
    }

    private static void setAnonymousIdentityToNaiRealm(WifiEnterpriseConfig wifiEnterpriseConfig, String str) {
        wifiEnterpriseConfig.setAnonymousIdentity("anonymous@" + str);
    }

    private static Credential.UserCredential buildUserCredentialFromEnterpriseConfig(WifiEnterpriseConfig wifiEnterpriseConfig) {
        Credential.UserCredential userCredential = new Credential.UserCredential();
        userCredential.setEapType(21);
        if (TextUtils.isEmpty(wifiEnterpriseConfig.getIdentity())) {
            Log.e(TAG, "Missing username for user credential");
            return null;
        }
        userCredential.setUsername(wifiEnterpriseConfig.getIdentity());
        if (TextUtils.isEmpty(wifiEnterpriseConfig.getPassword())) {
            Log.e(TAG, "Missing password for user credential");
            return null;
        }
        userCredential.setPassword(new String(Base64.encode(wifiEnterpriseConfig.getPassword().getBytes(StandardCharsets.UTF_8), 0), StandardCharsets.UTF_8));
        switch (wifiEnterpriseConfig.getPhase2Method()) {
            case 1:
                userCredential.setNonEapInnerMethod("PAP");
                break;
            case 2:
                userCredential.setNonEapInnerMethod("MS-CHAP");
                break;
            case 3:
                userCredential.setNonEapInnerMethod("MS-CHAP-V2");
                break;
            default:
                Log.e(TAG, "Unsupported phase2 method for TTLS: " + wifiEnterpriseConfig.getPhase2Method());
                return null;
        }
        return userCredential;
    }

    private static Credential.SimCredential buildSimCredentialFromEnterpriseConfig(int i, WifiEnterpriseConfig wifiEnterpriseConfig) {
        Credential.SimCredential simCredential = new Credential.SimCredential();
        if (TextUtils.isEmpty(wifiEnterpriseConfig.getPlmn())) {
            Log.e(TAG, "Missing IMSI for SIM credential");
            return null;
        }
        simCredential.setImsi(wifiEnterpriseConfig.getPlmn());
        simCredential.setEapType(i);
        return simCredential;
    }

    public void enableVerboseLogging(boolean z) {
        this.mVerboseLoggingEnabled = z;
    }

    public void blockBssOrEss(long j, boolean z, int i) {
        if (i < 0 || j == 0) {
            return;
        }
        this.mReauthDelay = this.mClock.getElapsedSinceBootMillis();
        if (i == 0) {
            this.mReauthDelay += MboOceConstants.DEFAULT_BLOCKLIST_DURATION_MS;
        } else {
            this.mReauthDelay += i * 1000;
        }
        if (z) {
            this.mBlockedBssids.clear();
        } else {
            this.mBlockedBssids.add(Utils.macToString(j));
        }
    }

    public void clearProviderBlock() {
        this.mReauthDelay = 0L;
        this.mBlockedBssids.clear();
    }

    private boolean isProviderBlocked(ScanResult scanResult) {
        if (this.mReauthDelay == 0) {
            return false;
        }
        if (this.mClock.getElapsedSinceBootMillis() < this.mReauthDelay) {
            return this.mBlockedBssids.isEmpty() || this.mBlockedBssids.contains(scanResult.BSSID);
        }
        this.mReauthDelay = 0L;
        this.mBlockedBssids.clear();
        return false;
    }

    public void setUserConnectChoice(String str, int i) {
        this.mConnectChoice = str;
        this.mConnectChoiceRssi = i;
    }

    public String getConnectChoice() {
        return this.mConnectChoice;
    }

    public int getConnectChoiceRssi() {
        return this.mConnectChoiceRssi;
    }

    public void setMostRecentSsid(@Nullable String str) {
        if (str == null) {
            return;
        }
        this.mMostRecentSsid = str;
    }

    @Nullable
    public String getMostRecentSsid() {
        return this.mMostRecentSsid;
    }

    public void updateMostRecentConnectionTime() {
        this.mMostRecentConnectionTime = this.mClock.getWallClockMillis();
    }

    public long getMostRecentConnectionTime() {
        return this.mMostRecentConnectionTime;
    }

    private void addMatchedRcoi(ScanResult scanResult, long j) {
        WifiSsid wifiSsid = scanResult.getWifiSsid();
        if (wifiSsid == null || wifiSsid.getUtf8Text() == null) {
            return;
        }
        this.mRcoiMatchForNetwork.put(wifiSsid.toString(), new Pair<>(Long.valueOf(j), Long.valueOf(this.mClock.getElapsedSinceBootMillis())));
    }

    public long getAndRemoveMatchedRcoi(String str) {
        Pair<Long, Long> pair;
        if (str == null || this.mRcoiMatchForNetwork.isEmpty() || (pair = this.mRcoiMatchForNetwork.get(str)) == null) {
            return 0L;
        }
        this.mRcoiMatchForNetwork.remove(str);
        return ((Long) pair.first).longValue();
    }

    private void sweepMatchedRcoiMap() {
        if (this.mRcoiMatchForNetwork.isEmpty()) {
            return;
        }
        this.mRcoiMatchForNetwork.entrySet().removeIf(entry -> {
            return ((Long) ((Pair) entry.getValue()).second).longValue() + 600000 < this.mClock.getElapsedSinceBootMillis();
        });
    }
}
