package com.wireguard.android.util;

import android.content.Context;
import android.system.OsConstants;
import android.util.Base64;
import androidx.annotation.Nullable;
import com.wireguard.android.util.RootShell;
import com.wireguard.crypto.Ed25519;
import com.wireguard.util.NonNullForAll;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import unified.vpn.sdk.EventsSerializer;

@NonNullForAll
/* loaded from: classes8.dex */
public class ModuleLoader {
    private static final String MODULE_LIST_URL = "https://download.wireguard.com/android-module/modules.txt.sig";
    private static final String MODULE_NAME = "wireguard-%s.ko";
    private static final String MODULE_PUBLIC_KEY_BASE64 = "RWRmHuT9PSqtwfsLtEx+QS06BJtLgFYteL9WCNjH7yuyu5Y1DieSN7If";
    private static final String MODULE_URL = "https://download.wireguard.com/android-module/%s";
    private final File moduleDir;
    private final RootShell rootShell;
    private final File tmpDir;
    private final String userAgent;

    /* loaded from: classes8.dex */
    public static final class Sha256Digest {
        private final byte[] bytes;

        private Sha256Digest(String str) {
            if (str.length() != 64) {
                throw new InvalidParameterException("SHA256 hashes must be 32 bytes long");
            }
            this.bytes = new byte[32];
            for (int i = 0; i < 32; i++) {
                int i2 = i * 2;
                this.bytes[i] = (byte) Integer.parseInt(str.substring(i2, i2 + 2), 16);
            }
        }
    }

    public ModuleLoader(Context context, RootShell rootShell, String str) {
        this.moduleDir = new File(context.getCacheDir(), "kmod");
        this.tmpDir = new File(context.getCacheDir(), "tmp");
        this.rootShell = rootShell;
        this.userAgent = str;
    }

    public static boolean isModuleLoaded() {
        return new File("/sys/module/wireguard").exists();
    }

    @Nullable
    private Map<String, Sha256Digest> verifySignedHashes(String str) {
        byte[] decode;
        byte[] decode2 = Base64.decode(MODULE_PUBLIC_KEY_BASE64, 0);
        if (decode2 != null && decode2.length == 42 && decode2[0] == 69 && decode2[1] == 100) {
            String[] split = str.split("\n", 3);
            if (split.length == 3 && split[0].startsWith("untrusted comment: ") && (decode = Base64.decode(split[1], 0)) != null && decode.length == 74) {
                for (int i = 0; i < 10; i++) {
                    if (decode[i] != decode2[i]) {
                        return null;
                    }
                }
                if (!Ed25519.verify(split[2].getBytes(StandardCharsets.UTF_8), Arrays.copyOfRange(decode, 10, 74), Arrays.copyOfRange(decode2, 10, 42))) {
                    return null;
                }
                HashMap hashMap = new HashMap();
                for (String str2 : split[2].split("\n")) {
                    String[] split2 = str2.split(" {2}", 2);
                    if (split2.length != 2) {
                        return null;
                    }
                    try {
                        hashMap.put(split2[1], new Sha256Digest(split2[0]));
                    } catch (Exception unused) {
                        return null;
                    }
                }
                return hashMap;
            }
        }
        return null;
    }

    public Integer download() throws IOException, RootShell.RootShellException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        this.rootShell.run(arrayList, "sha256sum /proc/version|cut -d ' ' -f 1");
        if (arrayList.size() != 1 || ((String) arrayList.get(0)).length() != 64) {
            throw new InvalidParameterException("Invalid sha256 of /proc/version");
        }
        String format = String.format(MODULE_NAME, arrayList.get(0));
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(MODULE_LIST_URL).openConnection();
        httpURLConnection.setRequestProperty("User-Agent", this.userAgent);
        httpURLConnection.connect();
        if (httpURLConnection.getResponseCode() != 200) {
            throw new IOException("Hash list could not be found");
        }
        byte[] bArr = new byte[EventsSerializer.MAX_UPLOAD_LENGTH];
        InputStream inputStream = httpURLConnection.getInputStream();
        int i = 0;
        while (true) {
            int i2 = EventsSerializer.MAX_UPLOAD_LENGTH - i;
            if (i2 <= 0) {
                break;
            }
            try {
                int read = inputStream.read(bArr, i, i2);
                if (read <= 0) {
                    break;
                }
                i += read;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (inputStream != null) {
            inputStream.close();
        }
        if (i <= 0) {
            throw new IOException("Hash list was empty");
        }
        Map<String, Sha256Digest> verifySignedHashes = verifySignedHashes(new String(bArr, 0, i, StandardCharsets.UTF_8));
        if (verifySignedHashes == null) {
            throw new InvalidParameterException("The signature did not verify or invalid hash list format");
        }
        if (!verifySignedHashes.containsKey(format)) {
            return Integer.valueOf(OsConstants.ENOENT);
        }
        HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(String.format(MODULE_URL, format)).openConnection();
        httpURLConnection2.setRequestProperty("User-Agent", this.userAgent);
        httpURLConnection2.connect();
        if (httpURLConnection2.getResponseCode() != 200) {
            throw new IOException("Module file could not be found, despite being on hash list");
        }
        this.tmpDir.mkdirs();
        this.moduleDir.mkdir();
        File file = null;
        try {
            file = File.createTempFile("UNVERIFIED-", null, this.tmpDir);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            InputStream inputStream2 = httpURLConnection2.getInputStream();
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                int i3 = 0;
                while (true) {
                    try {
                        int read2 = inputStream2.read(bArr);
                        if (read2 <= 0) {
                            fileOutputStream.getFD().sync();
                            fileOutputStream.close();
                            inputStream2.close();
                            if (!Arrays.equals(messageDigest.digest(), verifySignedHashes.get(format).bytes)) {
                                throw new IOException("Incorrect file hash");
                            }
                            if (!file.renameTo(new File(this.moduleDir, format))) {
                                throw new IOException("Unable to rename to final destination");
                            }
                            file.delete();
                            return Integer.valueOf(OsConstants.EXIT_SUCCESS);
                        }
                        i3 += read2;
                        if (i3 > 15728640) {
                            throw new IOException("File too big");
                        }
                        fileOutputStream.write(bArr, 0, read2);
                        messageDigest.update(bArr, 0, read2);
                    } finally {
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (file != null) {
                file.delete();
            }
            throw th3;
        }
    }

    public void loadModule() throws IOException, RootShell.RootShellException {
        this.rootShell.run(null, String.format("insmod \"%s/wireguard-$(sha256sum /proc/version|cut -d ' ' -f 1).ko\"", this.moduleDir.getAbsolutePath()));
    }

    public boolean moduleMightExist() {
        return this.moduleDir.exists() && this.moduleDir.isDirectory();
    }
}
