package com.citrix.client.authmanager.accessgateway;

import android.text.TextUtils;
import android.util.Log;
import com.citrix.client.CtxIoUtils;
import com.citrix.client.UrlRewriter.UrlRewriter;
import com.citrix.client.authmanager.accessgateway.AccessGateway;
import com.citrix.client.authmanager.accessgateway.authentication.AgAuthResult;
import com.citrix.client.authmanager.accessgateway.authentication.AgAuthResultEntEdition;
import com.citrix.client.authmanager.accessgateway.authentication.AgAuthnData;
import com.citrix.client.authmanager.accessgateway.callbacks.GatewayUserInputCallbackHandler;
import com.citrix.client.authmanager.accessgateway.networking.HttpCtxSSLHelper;
import com.citrix.client.authmanager.accessgateway.networking.HttpHelper;
import com.citrix.client.certificatehandling.CertificateRejectedByUserException;
import com.citrix.client.deliveryservices.accountservices.parser.AccountRecordParser;
import com.citrix.client.deliveryservices.devicemanagement.DeviceManagementUtility;
import com.citrix.client.deliveryservices.utilities.DeliveryServicesException;
import com.citrix.client.deliveryservices.utilities.HttpHelpers;
import com.citrix.client.deliveryservices.utilities.HttpRequestParameters;
import com.citrix.client.httputilities.CookieKeyValuePair;
import com.citrix.client.httputilities.HttpClientHelper;
import com.citrix.client.httputilities.HttpConstants;
import com.citrix.client.pnagent.enums.AsyncTaskStatus;
import com.citrix.client.smartcard.ui.SmartcardCertificateSelector;
import com.citrix.vpn.http.Headers;
import io.fabric.sdk.android.services.network.HttpRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.htmlparser.Parser;
import org.htmlparser.filters.NodeClassFilter;
import org.htmlparser.tags.Div;
import org.htmlparser.tags.FormTag;
import org.htmlparser.tags.MetaTag;
import org.htmlparser.util.NodeList;
import org.htmlparser.util.ParserException;

/* loaded from: classes.dex */
public class AgEntEdition extends AccessGateway {
    private static final String Agee10HardwiredPath = "/cgi/dlge";
    private static final String EE_NFUSE_LOGOUT = "/Citrix/PNAgent/logout.aspx?NFuse_Token=b58df682464f30c85881134ca1d176";
    private static final String EE_VPN_LOGIN = "/vpn/index.html";
    private static final String EE_VPN_LOGOUT = "/cgi/logout";
    private static final String EPASKIP_PATH = "/epaskip";
    private static final int LICENSE_EXCEEDED_HTTP_CODE = 480;
    private static final String LOGIN_PATH = "/cgi/login";
    public static final String NSC_AAAC_COOKIE = "NSC_AAAC";
    public static final String NSC_CERT_COOKIE = "NSC_CERT";
    public static final String NSC_DLGE_COOKIE = "NSC_DLGE";
    public static final String NSC_EPAC_COOKIE = "NSC_EPAC";
    public static final String NSC_NAME_COOKIE = "NSC_NAME";
    public static final String NSC_VPNERROR_COOKIE = "NSC_VPNERR";
    HttpClient m_httpClient = null;

    private static char[] buildPostStringForAgee(String str) throws UnsupportedEncodingException {
        return ("response=" + URLEncoder.encode(str, HttpRequest.CHARSET_UTF8)).toCharArray();
    }

    private static void consumeContent(HttpResponse httpResponse) {
        HttpEntity entity;
        if (httpResponse == null || (entity = httpResponse.getEntity()) == null) {
            return;
        }
        try {
            entity.consumeContent();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private AgAuthResultEntEdition coreAuthenticate(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, URL url, AgAuthnData agAuthnData, AccessGateway.AuthenticationTarget authenticationTarget) throws DeliveryServicesException {
        AgAuthResultEntEdition agAuthResultEntEdition = new AgAuthResultEntEdition();
        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
        try {
            try {
                try {
                    try {
                        HttpResponse httpsGet = HttpCtxSSLHelper.httpsGet(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), "/vpn/index.html"), this.m_basicHeaders, null, false);
                        ArrayList<CookieKeyValuePair> allCookiesFromHeaders = HttpCtxSSLHelper.getAllCookiesFromHeaders(httpsGet.getHeaders(HttpConstants.SetCookieHeaderName));
                        int statusCode = httpsGet.getStatusLine().getStatusCode();
                        SmartcardCertificateSelector smartcardCertificateSelector = (SmartcardCertificateSelector) HttpClientHelper.GetSmartcardCertificateSelector(httpClient);
                        if (smartcardCertificateSelector != null) {
                            smartcardCertificateSelector.cachePINAndCertificateData();
                        }
                        if (302 == statusCode) {
                            agAuthResultEntEdition.addCookies(allCookiesFromHeaders);
                            if (agAuthResultEntEdition.get_NSC_CERT_Cookie() != null) {
                                statusCode = 200;
                            }
                        } else if (480 == statusCode) {
                            Log.w("coreAuthenticateWithAuthn", "Number of license in AG has been exceeded");
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGLicenseExceeded);
                        }
                        if (302 == statusCode) {
                            handleAGEE302Response(iHttpRequestFactory, this.m_httpClient, url, this.m_authnData, agAuthResultEntEdition, httpsGet, authenticationTarget);
                        } else if (200 == statusCode) {
                            consumeContent(httpsGet);
                            ArrayList arrayList = new ArrayList(this.m_basicHeaders);
                            arrayList.add(new BasicNameValuePair("Content-Type", "application/x-www-form-urlencoded"));
                            httpsGet = HttpCtxSSLHelper.httpsPost(iHttpRequestFactory, httpClient, new URL(url + LOGIN_PATH), arrayList, allCookiesFromHeaders, false, new String(agAuthnData.getHttpLoginString(2)));
                            int statusCode2 = httpsGet.getStatusLine().getStatusCode();
                            Log.d("coreAuthenticateWithAuthn", "HTTP operation returned response code " + statusCode2);
                            if (302 == statusCode2) {
                                handleAGEE302Response(iHttpRequestFactory, this.m_httpClient, url, this.m_authnData, agAuthResultEntEdition, httpsGet, authenticationTarget);
                            } else if (200 == statusCode2) {
                                agAuthResultEntEdition.addCookies(HttpCtxSSLHelper.getAllCookiesFromHeaders(httpsGet.getHeaders(HttpConstants.SetCookieHeaderName)));
                                if (agAuthResultEntEdition.getCookie(NSC_AAAC_COOKIE) != null) {
                                    Log.d("coreAuthenticateWithAuthn", "Response code == 200 with nsc_aaac cookie which indicates 8.1 gateway");
                                    coreCommonAuth81Gateway(httpsGet, agAuthResultEntEdition);
                                } else if (agAuthResultEntEdition.getCookie(NSC_DLGE_COOKIE) != null) {
                                    Log.d("coreAuthenticateWithAuthn", "Received nsc_dlge_cookie - need to present user input dialog");
                                    String ctxIoUtils = httpsGet.getEntity() != null ? CtxIoUtils.toString(httpsGet.getEntity().getContent()) : "";
                                    consumeContent(httpsGet);
                                    httpsGet = null;
                                    handleAgeeFormInput(iHttpRequestFactory, httpClient, url, ctxIoUtils, agAuthResultEntEdition, agAuthnData, authenticationTarget);
                                } else {
                                    Log.d("coreAuthenticateWithAuthn", "Did not receive nsc_aaac cookie from gateway - invalid credentials");
                                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGAuthenticationFailed);
                                }
                            } else if (403 == statusCode2) {
                                Log.d("coreAuthenticateWithAuthn", "Received 403 response from gateway with authentication - indicates pre-auth is enabled");
                                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGPreAuthEnabled);
                            } else if (500 == statusCode2) {
                                Log.d("coreAuthenticateWithAuthn", "Received 500 response - indicates likely incorrectly configured NetScaler");
                                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusErrorInternalServerError);
                            }
                        }
                        consumeContent(httpsGet);
                    } catch (SSLException e) {
                        Log.d("coreAuthenticateWithAuthn", "Caught SSLException");
                        e.printStackTrace();
                        if (e.getCause() instanceof CertificateRejectedByUserException) {
                            Log.d("coreAuthenticateWithAuthn", "Certificate rejected by user");
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSSLCertificateRejected);
                        } else {
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSSLException);
                        }
                        consumeContent(null);
                    }
                } catch (IOException e2) {
                    Log.d("coreAuthenticateWithAuthn", "Caught IOException");
                    e2.printStackTrace();
                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                    consumeContent(null);
                } catch (URISyntaxException e3) {
                    Log.d("coreAuthenticateWithAuthn", "Caught URISyntaxException");
                    e3.printStackTrace();
                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                    consumeContent(null);
                }
            } catch (MalformedURLException e4) {
                Log.d("coreAuthenticateWithAuthn", "Caught MalformedURLException");
                e4.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusInvalidAddress);
                consumeContent(null);
            } catch (UnknownHostException e5) {
                Log.d("coreAuthenticateWithAuthn", "Caught UnknownHostException");
                e5.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusInvalidAddress);
                consumeContent(null);
            }
            return agAuthResultEntEdition;
        } catch (Throwable th) {
            consumeContent(null);
            throw th;
        }
    }

    private void coreCommonAuth(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, URL url, Header header, AgAuthResultEntEdition agAuthResultEntEdition, AgAuthnData agAuthnData, AccessGateway.AuthenticationTarget authenticationTarget) throws DeliveryServicesException {
        boolean z = false;
        String value = header != null ? header.getValue() : null;
        Log.d("coreCommonAuthn", "redirectLocation = " + value + " performing GET on this URL");
        if (value == null) {
            Log.e("coreCommonAuthn", "Redirection location is null");
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGAuthenticationFailed);
            return;
        }
        try {
            try {
                try {
                    try {
                        ArrayList<CookieKeyValuePair> cookiesArrayList = agAuthResultEntEdition.getCookiesArrayList();
                        if ("/vpns/postepa.html".equalsIgnoreCase(value)) {
                            Log.d("coreCommonAuthn", "Post EPA scans are enabled - will get URL rewrite mode on second pass");
                            z = true;
                        } else if ("/cgi/setclient?wica".equalsIgnoreCase(value)) {
                            Log.d("coreCommonAuthn", "POST EPA scans are not enabled, wica mode is used for url rewriting");
                            agAuthResultEntEdition.setUrlRewriteMode(UrlRewriter.UrlRewriteMode.SG);
                        } else if ("/cgi/setclient?cvpn".equalsIgnoreCase(value)) {
                            Log.d("coreCommonAuthn", "Post EPA scans are NOT enabled, cvpn mode is used for url rewriting");
                            agAuthResultEntEdition.setUrlRewriteMode(UrlRewriter.UrlRewriteMode.EntCvpn);
                        } else {
                            if ("/cgi/setclient?andr".equalsIgnoreCase(value)) {
                                setClientForFullVPN(iHttpRequestFactory, httpClient, url, agAuthResultEntEdition, agAuthnData);
                                if (0 != 0) {
                                    consumeContent(null);
                                    return;
                                }
                                return;
                            }
                            Log.d("coreCommonAuthn", "received unexpected redirect URL of " + value + " attempting to continue - no rewrite rule found");
                        }
                        HttpResponse httpsGet = HttpCtxSSLHelper.httpsGet(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), value), new ArrayList(this.m_basicHeaders), cookiesArrayList, false);
                        int statusCode = httpsGet.getStatusLine().getStatusCode();
                        Log.d("coreCommonAuthn", "GET on " + value + " returned HTTP response code " + statusCode);
                        if (!isValidResponse(authenticationTarget, statusCode, agAuthResultEntEdition.getUrlRewriter().getUrlRewriteMode()) && !z) {
                            Log.d("coreCommonAuthn", "Received unexpected response code");
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                        } else if (authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXml || authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXmlOrCookiesAndUrlRewriteMode || z) {
                            if (z) {
                                Log.d("coreCommonAuthn", "performing POST to /epaskip");
                                consumeContent(httpsGet);
                                httpsGet = HttpCtxSSLHelper.httpsPost(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), EPASKIP_PATH), new ArrayList(this.m_basicHeaders), cookiesArrayList, false, null);
                                int statusCode2 = httpsGet.getStatusLine().getStatusCode();
                                Log.d("coreCommonAuthn", "HTTP operation returned response code " + statusCode2);
                                Log.d("coreCommonAuthn", "POST to /epaskip returned response code " + statusCode2);
                                if (statusCode2 == 302) {
                                    Header firstHeader = httpsGet.getFirstHeader("location");
                                    String value2 = firstHeader != null ? firstHeader.getValue() : null;
                                    if (value2 != null) {
                                        if ("/cgi/setclient?wica".equalsIgnoreCase(value2)) {
                                            Log.d("coreCommonAuthn", "wica mode is used for url rewriting");
                                            agAuthResultEntEdition.setUrlRewriteMode(UrlRewriter.UrlRewriteMode.SG);
                                        } else if ("/cgi/setclient?cvpn".equalsIgnoreCase(value2)) {
                                            Log.d("coreCommonAuthn", "cvpn mode is used for url rewriting");
                                            agAuthResultEntEdition.setUrlRewriteMode(UrlRewriter.UrlRewriteMode.EntCvpn);
                                        } else {
                                            if ("/cgi/setclient?andr".equalsIgnoreCase(value2)) {
                                                setClientForFullVPN(iHttpRequestFactory, httpClient, url, agAuthResultEntEdition, agAuthnData);
                                                if (httpsGet != null) {
                                                    consumeContent(httpsGet);
                                                    return;
                                                }
                                                return;
                                            }
                                            Log.d("coreCommonAuthn", "unknown url rewrite mode attempting to continue");
                                        }
                                        Log.d("coreCommonAuthn", "Performing GET on " + value2);
                                        httpsGet = HttpCtxSSLHelper.httpsGet(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), value2), new ArrayList(this.m_basicHeaders), cookiesArrayList, false);
                                        int statusCode3 = httpsGet.getStatusLine().getStatusCode();
                                        Log.d("coreCommonAuthn", "GET returned response code " + statusCode3);
                                        if (!isValidResponse(authenticationTarget, statusCode3, agAuthResultEntEdition.getUrlRewriter().getUrlRewriteMode())) {
                                            Log.d("coreCommonAuthn", "Received unexpected response code of " + statusCode3);
                                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                                        } else if (authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXml || authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXmlOrCookiesAndUrlRewriteMode) {
                                            processFinalRedirectionResult(agAuthResultEntEdition, httpsGet, authenticationTarget);
                                        } else if (agAuthResultEntEdition.getUrlRewriter().getUrlRewriteMode() != UrlRewriter.UrlRewriteMode.NoRewrite) {
                                            Log.d("coreCommonAuthn", "URL rewrite mode found and cookies found - returning StatusSuccess");
                                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSuccess);
                                        }
                                    } else {
                                        Log.d("coreCommonAuthn", "Could not extract redirect location from 302 response");
                                        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                                    }
                                } else {
                                    Log.d("coreCommonAuthn", "https post to  /epaskip returned unexpected response");
                                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                                }
                            } else {
                                processFinalRedirectionResult(agAuthResultEntEdition, httpsGet, authenticationTarget);
                            }
                        } else if (agAuthResultEntEdition.getUrlRewriter().getUrlRewriteMode() != UrlRewriter.UrlRewriteMode.NoRewrite) {
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSuccess);
                            Log.d("coreCommonAuthn", "URL rewrite mode found and cookies found - returning StatusSuccess");
                        } else {
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                        }
                        if (httpsGet != null) {
                            consumeContent(httpsGet);
                        }
                    } catch (IOException e) {
                        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                        if (0 != 0) {
                            consumeContent(null);
                        }
                    }
                } catch (ClientProtocolException e2) {
                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSSLException);
                    if (0 != 0) {
                        consumeContent(null);
                    }
                }
            } catch (MalformedURLException e3) {
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusMalformedUrlException);
                if (0 != 0) {
                    consumeContent(null);
                }
            } catch (URISyntaxException e4) {
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                if (0 != 0) {
                    consumeContent(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                consumeContent(null);
            }
            throw th;
        }
    }

    private void coreCommonAuth81Gateway(HttpResponse httpResponse, AgAuthResult agAuthResult) {
        String extractRedirectFromHtml = httpResponse != null ? extractRedirectFromHtml(httpResponse.getEntity()) : null;
        if (extractRedirectFromHtml == null) {
            Log.d("coreCommonAuth81GatewayWithAuthentication", "Failed to extract config.xml from HTML");
            agAuthResult.setTaskResult(AsyncTaskStatus.StatusConfigXmlPathNotDetermined);
        } else {
            Log.d("coreCommonAuth81GatewayWithAuthentication", "Authentication successful: config.xml path:" + extractRedirectFromHtml);
            agAuthResult.setConfigXmlPath(this.m_address + extractRedirectFromHtml);
            agAuthResult.setTaskResult(AsyncTaskStatus.StatusSuccess);
        }
    }

    private static String getFormCaption(NodeList nodeList) {
        String str = "";
        int size = nodeList.size();
        for (int i = 0; i < size; i++) {
            Div div = (Div) nodeList.elementAt(i);
            String attribute = div.getAttribute(AccountRecordParser.ID_EXP);
            if (attribute != null && attribute.equals("dialogueStr")) {
                str = div.getStringText().replaceAll("\n", "").replaceAll("\r", "").trim();
                if (str.endsWith(DeviceManagementUtility.DEVICE_TOKEN_DELIMETER)) {
                    str = str.substring(0, str.length() - 1);
                }
                if (!str.endsWith(".")) {
                    str = str + ".";
                }
            }
        }
        return str;
    }

    private static String getFormPostTarget(FormTag formTag) {
        String attribute = formTag.getAttribute("action");
        try {
            attribute = new URL(attribute).getPath();
        } catch (MalformedURLException e) {
        }
        return attribute.charAt(0) != '/' ? "/" + attribute : attribute;
    }

    private static URL getSecureURL(String str) throws MalformedURLException {
        URL url;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
        }
        try {
            if (HttpConstants.ProtocolNameHttps.equals(url.getProtocol())) {
                return url;
            }
            return new URL(HttpConstants.ProtocolNameHttps, url.getHost(), url.getPort(), url.getFile());
        } catch (MalformedURLException e2) {
            return new URL("https://" + str);
        }
    }

    private static String getTransferLoginString(InputStream inputStream) {
        String readLine;
        int indexOf;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
            do {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return null;
                }
                indexOf = readLine.indexOf("name=\"adr\"value=\"");
            } while (indexOf == -1);
            StringBuilder sb = new StringBuilder();
            sb.append("adr=").append(readLine.substring(indexOf + 17, indexOf + 25)).append("&cm=Transfer");
            return sb.toString();
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    private void handleAGEE302Response(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, URL url, AgAuthnData agAuthnData, AgAuthResultEntEdition agAuthResultEntEdition, HttpResponse httpResponse, AccessGateway.AuthenticationTarget authenticationTarget) throws DeliveryServicesException {
        ArrayList<CookieKeyValuePair> allCookiesFromHeaders = HttpCtxSSLHelper.getAllCookiesFromHeaders(httpResponse.getHeaders(HttpConstants.SetCookieHeaderName));
        Header firstHeader = httpResponse.getFirstHeader("location");
        consumeContent(httpResponse);
        agAuthResultEntEdition.addCookies(allCookiesFromHeaders);
        if (agAuthResultEntEdition.getCookie(NSC_VPNERROR_COOKIE) != null) {
            Log.e("coreAuthenticateWithAuthn", "Got NSC_VPNERROR_COOKIE : " + agAuthResultEntEdition.getCookie(NSC_VPNERROR_COOKIE).getValue());
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGAuthenticationFailed);
            return;
        }
        if (agAuthResultEntEdition.getCookie(NSC_EPAC_COOKIE) != null) {
            Log.e("coreAuthenticateWithAuthn", "pre-auth endpoint analysis enabled on this host - failing");
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusEpaEnabled);
            return;
        }
        if (agAuthResultEntEdition.getCookie(NSC_AAAC_COOKIE) != null) {
            coreCommonAuth(iHttpRequestFactory, httpClient, url, firstHeader, agAuthResultEntEdition, agAuthnData, authenticationTarget);
            return;
        }
        if (agAuthResultEntEdition.getCookie(NSC_CERT_COOKIE) != null) {
            Log.d("coreAuthenticateWithAuthn", "User certificate + Domain Auth configured on AG");
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGClientCertAndDomainAuthConfigured);
            return;
        }
        Log.d("coreAuthenticateWithAuthn", "No cookies received from gateway");
        String str = null;
        if (firstHeader != null) {
            str = firstHeader.getValue();
            Log.d("coreAuthenticateWithAuthn", str);
        }
        if (str == null || !str.startsWith("https://") || str.contains(url.getHost())) {
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGAuthenticationFailed);
            return;
        }
        try {
            coreAuthenticate(iHttpRequestFactory, httpClient, getSecureURL(str), agAuthnData, authenticationTarget);
        } catch (MalformedURLException e) {
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusMalformedUrlException);
        }
    }

    private void handleAgeeFormInput(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, URL url, String str, AgAuthResultEntEdition agAuthResultEntEdition, AgAuthnData agAuthnData, AccessGateway.AuthenticationTarget authenticationTarget) {
        boolean z;
        String str2;
        CookieKeyValuePair[] cookies = agAuthResultEntEdition.getCookies();
        HttpResponse httpResponse = null;
        do {
            z = false;
            try {
                Parser createParser = Parser.createParser(str, HttpRequest.CHARSET_UTF8);
                NodeList parse = createParser.parse(new NodeClassFilter(Div.class));
                createParser.reset();
                NodeList parse2 = createParser.parse(new NodeClassFilter(FormTag.class));
                int size = parse2.size();
                int size2 = parse.size();
                Log.d("handleAgeeFormInput", "Found " + size + " forms and " + size2 + " DIV elements in web page");
                if ((size == 1 || size == 0) && size2 >= 1) {
                    if (size == 1) {
                        str2 = getFormPostTarget((FormTag) parse2.elementAt(0));
                    } else {
                        Log.d("handleAgeeFormInput", "Zero form found using builtin path");
                        str2 = Agee10HardwiredPath;
                    }
                    Log.d("handleAgeeFormInput", "postTarget for this form is: " + str2);
                    String formCaption = getFormCaption(parse);
                    Log.d("handleAgeeFormInput", "Caption for this form is " + formCaption);
                    if (TextUtils.isEmpty(formCaption)) {
                        Log.e("handleAgeeFormInput", "Found no caption in form - aborting");
                        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                    } else if (formCaption.toLowerCase(Locale.getDefault()).contains("access denied")) {
                        Log.d("handleAgeeFormInput", "ACCESS DENIED ERROR RECEIVED");
                        String valueOf = String.valueOf(buildPostStringForAgee("12345678"));
                        HttpRequestParameters httpRequestParameters = new HttpRequestParameters();
                        httpRequestParameters.addHeaders(this.m_basicHeaders);
                        httpRequestParameters.addHeader(HttpConstants.CookieHeaderName, HttpHelper.getCookieHeader(cookies));
                        httpRequestParameters.setRedirection(false);
                        httpResponse = HttpHelpers.post(httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), str2), httpRequestParameters, valueOf);
                        int statusCode = httpResponse.getStatusLine().getStatusCode();
                        if (200 == statusCode) {
                            str = httpResponse.getEntity() != null ? CtxIoUtils.toString(httpResponse.getEntity().getContent()) : "";
                            consumeContent(httpResponse);
                            httpResponse = null;
                            z = true;
                        } else {
                            Log.d("handleAgeeFormInput", "Received invalid response code of " + statusCode);
                        }
                    } else if (this.m_userInputCallback == null) {
                        Log.d("handleAgeeFormInput", "Received challenge but unable to respond in Silent Auth mode");
                        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusErrorSilentAuthFailed);
                    } else if (this.m_userInputCallback.displaySingleUserInputDialog(formCaption)) {
                        Log.d("handleAgeeFormInput", "Got response from user, preparing to POST");
                        String valueOf2 = String.valueOf(buildPostStringForAgee(this.m_userInputCallback.getSingleLineUserInput()));
                        HttpRequestParameters httpRequestParameters2 = new HttpRequestParameters();
                        httpRequestParameters2.addHeaders(this.m_basicHeaders);
                        httpRequestParameters2.addHeader(HttpConstants.CookieHeaderName, HttpHelper.getCookieHeader(cookies));
                        httpRequestParameters2.setRedirection(false);
                        try {
                            httpResponse = HttpHelpers.post(httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), str2), httpRequestParameters2, valueOf2);
                        } catch (URISyntaxException e) {
                            e.printStackTrace();
                        }
                        int statusCode2 = httpResponse.getStatusLine().getStatusCode();
                        if (200 == statusCode2) {
                            agAuthResultEntEdition.addCookies(HttpCtxSSLHelper.getAllCookiesFromHeaders(httpResponse.getHeaders(HttpConstants.SetCookieHeaderName)));
                            if (agAuthResultEntEdition.getCookie(NSC_AAAC_COOKIE) != null) {
                                Log.d("coreAuthenticateWithAuthn", "Response code == 200 with nsc_aaac cookie which indicates 8.1 gateway");
                            } else {
                                Log.d("handleAgeeFormInput", "Server has sent another form to process");
                                str = httpResponse.getEntity() != null ? CtxIoUtils.toString(httpResponse.getEntity().getContent()) : "";
                                consumeContent(httpResponse);
                                httpResponse = null;
                                z = true;
                            }
                        } else if (302 == statusCode2) {
                            Log.d("handleAgeeFormInput", "Received 302 response code - looking for cookies");
                            agAuthResultEntEdition.addCookies(HttpCtxSSLHelper.getAllCookiesFromHeaders(httpResponse.getHeaders(HttpConstants.SetCookieHeaderName)));
                            Header firstHeader = httpResponse.getFirstHeader("location");
                            consumeContent(httpResponse);
                            httpResponse = null;
                            if (agAuthResultEntEdition.getCookie(NSC_AAAC_COOKIE) == null || agAuthResultEntEdition.getCookie(NSC_EPAC_COOKIE) != null) {
                                Log.d("handleAgeeFormInput", "Received 302 response but no cookies");
                            } else {
                                Log.d("handleAgeeFormInput", "All cookies detected - moving to final auth");
                                coreCommonAuth(iHttpRequestFactory, httpClient, url, firstHeader, agAuthResultEntEdition, agAuthnData, authenticationTarget);
                            }
                        } else {
                            Log.d("handleAgeeFormInput", "Received invalid response code " + statusCode2);
                        }
                    } else {
                        Log.d("handleAgeeFormInput", "User cancelled form");
                        agAuthResultEntEdition.setTaskResult(this.m_userInputCallback.getAuthTaskResult());
                    }
                } else {
                    Log.e("handleAgeeFormInput", "Unexpected number of form elements found - aborting");
                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                }
            } catch (URISyntaxException e2) {
                e2.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                return;
            } catch (DeliveryServicesException e3) {
                e3.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusDeliveryServicesUnexpectedResponse);
                return;
            } catch (UnsupportedEncodingException e4) {
                e4.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                return;
            } catch (IOException e5) {
                e5.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                return;
            } catch (MalformedURLException e6) {
                e6.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusInvalidAddress);
                return;
            } catch (ParserException e7) {
                e7.printStackTrace();
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                return;
            } finally {
                consumeContent(httpResponse);
            }
        } while (z);
    }

    private static boolean isValidResponse(AccessGateway.AuthenticationTarget authenticationTarget, int i, UrlRewriter.UrlRewriteMode urlRewriteMode) {
        switch (authenticationTarget) {
            case GetConfigXml:
                return i == 200;
            case GetCookiesAndUrlRewriteMode:
                return i == 200 ? urlRewriteMode != UrlRewriter.UrlRewriteMode.NoRewrite : i == 302 && urlRewriteMode == UrlRewriter.UrlRewriteMode.EntCvpn;
            case GetConfigXmlOrCookiesAndUrlRewriteMode:
                return isValidResponse(AccessGateway.AuthenticationTarget.GetConfigXml, i, urlRewriteMode) || isValidResponse(AccessGateway.AuthenticationTarget.GetCookiesAndUrlRewriteMode, i, urlRewriteMode);
            default:
                return false;
        }
    }

    private void processFinalRedirectionResult(AgAuthResult agAuthResult, HttpResponse httpResponse, AccessGateway.AuthenticationTarget authenticationTarget) {
        HttpEntity entity = httpResponse != null ? httpResponse.getEntity() : null;
        if (agAuthResult.getUrlRewriter().getUrlRewriteMode() == UrlRewriter.UrlRewriteMode.EntCvpn) {
            if (agAuthResult.getUrlRewriter().getUrlRewriteMode() != UrlRewriter.UrlRewriteMode.NoRewrite) {
                Log.d("coreCommonAuthn", "URL rewrite mode found and cookies found - returning StatusSuccess");
                agAuthResult.setTaskResult(AsyncTaskStatus.StatusSuccess);
                return;
            }
            return;
        }
        String extractRedirectFromHtml = extractRedirectFromHtml(entity);
        if (extractRedirectFromHtml == null) {
            if (authenticationTarget != AccessGateway.AuthenticationTarget.GetConfigXmlOrCookiesAndUrlRewriteMode) {
                Log.e("coreCommonAuthn", "Config.xml path not parsed out - error");
                return;
            } else {
                Log.d("coreCommonAuthn", "Config.xml path not parsed out. The AG might not be in SG mode");
                agAuthResult.setTaskResult(AsyncTaskStatus.StatusSuccess);
                return;
            }
        }
        if (extractRedirectFromHtml.equals("/")) {
            Log.d("coreCommonAuthn", "Auth succeeded, got back / as config.xml path - setting to default");
            agAuthResult.setConfigXmlPath(this.m_address + AccessGatewaySupport.DefaultConfigXmlPath);
            agAuthResult.setTaskResult(AsyncTaskStatus.StatusSuccess);
        } else {
            Log.d("coreCommonAuthn", "Authentication successful. Config.xml path is:" + extractRedirectFromHtml);
            agAuthResult.setConfigXmlPath(this.m_address + extractRedirectFromHtml);
            agAuthResult.setTaskResult(AsyncTaskStatus.StatusSuccess);
        }
    }

    private void setClientForFullVPN(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, URL url, AgAuthResultEntEdition agAuthResultEntEdition, AgAuthnData agAuthnData) throws DeliveryServicesException {
        Log.d("fullvpn", "setClient?andr");
        ArrayList<CookieKeyValuePair> cookiesArrayList = agAuthResultEntEdition.getCookiesArrayList();
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                HttpResponse httpsGet = HttpCtxSSLHelper.httpsGet(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), "/cgi/setclient?andr"), new ArrayList(this.m_basicHeaders), cookiesArrayList, false);
                                int statusCode = httpsGet.getStatusLine().getStatusCode();
                                if (statusCode == 200 || statusCode == 302) {
                                    String transferLoginString = getTransferLoginString(httpsGet.getEntity().getContent());
                                    consumeContent(httpsGet);
                                    httpsGet = null;
                                    if (transferLoginString != null) {
                                        Log.d("fullvpn", "transfering login");
                                        HttpResponse httpsPost = HttpCtxSSLHelper.httpsPost(iHttpRequestFactory, httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), "/cgi/tlogin"), new ArrayList(this.m_basicHeaders), cookiesArrayList, false, null);
                                        int statusCode2 = httpsPost.getStatusLine().getStatusCode();
                                        if (480 == statusCode2) {
                                            Log.w("fullvpn", "Number of license in AG has been exceeded");
                                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGLicenseExceeded);
                                        } else if (statusCode2 != 200 && statusCode2 != 302) {
                                            Log.d("fullvpn", "transfer login failed response : " + statusCode2);
                                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                                        }
                                        consumeContent(httpsPost);
                                        httpsGet = null;
                                    }
                                    agAuthResultEntEdition.setUrlRewriteMode(UrlRewriter.UrlRewriteMode.EntCvpn);
                                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSuccess);
                                    agAuthResultEntEdition.setVpnCapable(true);
                                    Log.d("fullvpn", "success, using EntCvpn rewrite mode over fullvpn");
                                } else if (480 == statusCode) {
                                    Log.w("fullvpn", "Number of license in AG has been exceeded");
                                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGLicenseExceeded);
                                } else {
                                    Log.w("fullvpn", "Unexpected AG response " + statusCode);
                                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusAGUnexpectedResponse);
                                }
                                if (httpsGet != null) {
                                    consumeContent(httpsGet);
                                }
                            } catch (ClientProtocolException e) {
                                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusSSLException);
                                if (0 != 0) {
                                    consumeContent(null);
                                }
                            }
                        } catch (MalformedURLException e2) {
                            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusMalformedUrlException);
                            if (0 != 0) {
                                consumeContent(null);
                            }
                        }
                    } catch (IllegalStateException e3) {
                        agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                        if (0 != 0) {
                            consumeContent(null);
                        }
                    }
                } catch (IOException e4) {
                    agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                    if (0 != 0) {
                        consumeContent(null);
                    }
                }
            } catch (URISyntaxException e5) {
                agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusIOException);
                if (0 != 0) {
                    consumeContent(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                consumeContent(null);
            }
            throw th;
        }
    }

    public AgAuthResult authenticate(HttpCtxSSLHelper.IHttpRequestFactory iHttpRequestFactory, HttpClient httpClient, SSLSocketFactory sSLSocketFactory, AccessGateway.AuthenticationTarget authenticationTarget, GatewayUserInputCallbackHandler gatewayUserInputCallbackHandler) throws DeliveryServicesException {
        Log.d("authenticate", "AGEE entry auth mode is " + getAuthModeAsString());
        this.m_userInputCallback = gatewayUserInputCallbackHandler;
        this.m_sslSocketFactory = sSLSocketFactory;
        this.m_httpClient = httpClient;
        AgAuthResultEntEdition agAuthResultEntEdition = null;
        try {
            resolveAddressAndPath();
            this.m_basicHeaders = AccessGatewaySupport.getBasicHeaders(authenticationTarget, this.m_address);
            agAuthResultEntEdition = coreAuthenticate(iHttpRequestFactory, httpClient, new URL(this.m_address), this.m_authnData, authenticationTarget);
            if (agAuthResultEntEdition.getTaskResult() == AsyncTaskStatus.StatusSuccess) {
                if (authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXml && !this.m_userConfigXmlPath.equals("")) {
                    agAuthResultEntEdition.setConfigXmlPath(this.m_address + this.m_userConfigXmlPath);
                    Log.d("authenticate", "User specified config XML path specified, setting path to " + agAuthResultEntEdition.getConfigXmlPath());
                } else if (authenticationTarget == AccessGateway.AuthenticationTarget.GetCookiesAndUrlRewriteMode) {
                    Log.d("authenticate", "Successfully obtained cookies and set rewrite mode");
                    agAuthResultEntEdition.getUrlRewriter().setGatewayAddress(new URL(this.m_address));
                } else if (authenticationTarget == AccessGateway.AuthenticationTarget.GetConfigXmlOrCookiesAndUrlRewriteMode) {
                    Log.d("authenticate", "We were looking for config XML or just the cookies and URL rewrite mode");
                    if (!this.m_userConfigXmlPath.equals("")) {
                        agAuthResultEntEdition.setConfigXmlPath(this.m_address + this.m_userConfigXmlPath);
                        Log.d("authenticate", "We have got user specified config XML path specified, setting path to " + agAuthResultEntEdition.getConfigXmlPath());
                    }
                    Log.d("authenticate", "Successfully obtained cookies and set rewrite mode");
                    agAuthResultEntEdition.getUrlRewriter().setGatewayAddress(new URL(this.m_address));
                }
            }
        } catch (MalformedURLException e) {
            Log.d("authenticate", "Caught malformed URL exception");
            e.printStackTrace();
            agAuthResultEntEdition.setTaskResult(AsyncTaskStatus.StatusInvalidAddress);
        }
        return agAuthResultEntEdition;
    }

    @Override // com.citrix.client.authmanager.accessgateway.AccessGateway
    public AgAuthResult authenticate(HttpClient httpClient, SSLSocketFactory sSLSocketFactory, AccessGateway.AuthenticationTarget authenticationTarget, GatewayUserInputCallbackHandler gatewayUserInputCallbackHandler) throws DeliveryServicesException {
        return authenticate(HttpCtxSSLHelper.s_defaultRequestFactory, httpClient, sSLSocketFactory, authenticationTarget, gatewayUserInputCallbackHandler);
    }

    @Override // com.citrix.client.authmanager.accessgateway.AccessGateway
    public void clearSessionState(AgAuthResult agAuthResult) {
        Log.d("clearSessionState", "Entry");
        try {
            if (this.m_httpClient == null) {
                CookieKeyValuePair[] cookies = agAuthResult.getCookies();
                Log.d("clearSessionState", "https get to /Citrix/PNAgent/logout.aspx?NFuse_Token=b58df682464f30c85881134ca1d176 returned response code " + httpsGet(EE_NFUSE_LOGOUT, this.m_basicHeaders, cookies).getResponseCode());
                HttpsURLConnection httpsGet = httpsGet(EE_VPN_LOGOUT, this.m_basicHeaders, cookies);
                Log.d("clearSessionState", "https get of /cgi/logout returned response code " + httpsGet.getResponseCode() + httpsGet.getHeaderField("location"));
                agAuthResult.clearCookies();
            } else {
                ArrayList<CookieKeyValuePair> cookiesArrayList = ((AgAuthResultEntEdition) agAuthResult).getCookiesArrayList();
                URL url = new URL(this.m_address);
                HttpResponse httpsGet2 = HttpCtxSSLHelper.httpsGet(HttpCtxSSLHelper.s_defaultRequestFactory, this.m_httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), EE_NFUSE_LOGOUT), this.m_basicHeaders, cookiesArrayList, false);
                Log.d("clearSessionState", "https get to /Citrix/PNAgent/logout.aspx?NFuse_Token=b58df682464f30c85881134ca1d176 returned response code " + httpsGet2.getStatusLine().getStatusCode());
                consumeContent(httpsGet2);
                HttpResponse httpsGet3 = HttpCtxSSLHelper.httpsGet(HttpCtxSSLHelper.s_defaultRequestFactory, this.m_httpClient, new URL(url.getProtocol(), url.getHost(), url.getPort(), EE_VPN_LOGOUT), this.m_basicHeaders, cookiesArrayList, false);
                Log.d("clearSessionState", "https get of /cgi/logout returned response code " + httpsGet3.getStatusLine().getStatusCode());
                consumeContent(httpsGet3);
                agAuthResult.clearCookies();
                SmartcardCertificateSelector smartcardCertificateSelector = (SmartcardCertificateSelector) HttpClientHelper.GetSmartcardCertificateSelector(this.m_httpClient);
                if (smartcardCertificateSelector != null) {
                    smartcardCertificateSelector.clearCachedData();
                }
            }
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        } catch (URISyntaxException e3) {
            e3.printStackTrace();
        }
    }

    protected String extractRedirectFromHtml(HttpEntity httpEntity) {
        String str = "";
        if (httpEntity != null) {
            try {
                InputStream content = httpEntity.getContent();
                try {
                    str = CtxIoUtils.toString(content);
                } finally {
                    content.close();
                }
            } catch (IOException e) {
                e.printStackTrace();
            } catch (IllegalStateException e2) {
                e2.printStackTrace();
            } catch (ParserException e3) {
                Log.v("extractConfigXmlPathFromHtml", "Parser generated parserexception");
                e3.printStackTrace();
            }
        }
        NodeList parse = Parser.createParser(str, HttpRequest.CHARSET_UTF8).parse(new NodeClassFilter(MetaTag.class));
        int size = parse.size();
        for (int i = 0; i < size; i++) {
            MetaTag metaTag = (MetaTag) parse.elementAt(i);
            if (Headers.REFRESH.equalsIgnoreCase(metaTag.getHttpEquiv())) {
                Matcher matcher = Pattern.compile("\\d+;.*url=(.*)", 2).matcher(metaTag.getMetaContent());
                if (matcher.find()) {
                    String group = matcher.group(1);
                    return group != null ? group.replace("&amp;", "&") : group;
                }
            }
        }
        return null;
    }
}
