package com.samsung.android.knox.net.vpn.serviceprovider;

import android.app.AppGlobals;
import android.app.PendingIntent;
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.net.IVpnManager;
import android.net.IpPrefix;
import android.net.LinkAddress;
import android.net.RouteInfo;
import android.os.Binder;
import android.os.IBinder;
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.system.OsConstants;
import android.util.Log;
import com.android.internal.net.NetworkUtilsInternal;
import com.android.internal.net.VpnConfig;
import com.samsung.android.knox.ContextInfo;
import com.samsung.android.knox.ContextInfo$$ExternalSyntheticOutline0;
import com.samsung.android.knox.license.EnterpriseLicenseManager;
import com.samsung.android.knox.net.vpn.KnoxVpnPolicyConstants;
import java.net.DatagramSocket;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes4.dex */
public final class GenericVpnService extends Service {
    public static final String SERVICE_INTERFACE = "android.net.VpnService";
    public static final boolean SYSTEM_VPN = true;
    public static final String TAG = "GenericVpnService";
    public static String mVpnProfileName;

    /* loaded from: classes4.dex */
    public class Builder {
        public final List<LinkAddress> mAddresses;
        public final VpnConfig mConfig;
        public final List<RouteInfo> mRoutes;

        public Builder() {
            VpnConfig vpnConfig = new VpnConfig();
            this.mConfig = vpnConfig;
            this.mAddresses = new ArrayList();
            this.mRoutes = new ArrayList();
            vpnConfig.user = GenericVpnService.this.getClass().getName();
        }

        public final Builder addAddress(String str, int i10) {
            return addAddress(InetAddress.parseNumericAddress(str), i10);
        }

        public final Builder addAddress(InetAddress inetAddress, int i10) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.addAddress");
            GenericVpnService.check(inetAddress, i10);
            if (inetAddress.isAnyLocalAddress()) {
                throw new IllegalArgumentException("Bad address");
            }
            this.mAddresses.add(new LinkAddress(inetAddress, i10));
            return this;
        }

        public final Builder addAllowedApplication(String str) throws PackageManager.NameNotFoundException {
            return this;
        }

        public final Builder addDisallowedApplication(String str) throws PackageManager.NameNotFoundException {
            return this;
        }

        public final Builder addDnsServer(String str) {
            return addDnsServer(InetAddress.parseNumericAddress(str));
        }

        public final Builder addDnsServer(InetAddress inetAddress) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.addDnsServer");
            if (inetAddress.isLoopbackAddress() || inetAddress.isAnyLocalAddress()) {
                throw new IllegalArgumentException("Bad address");
            }
            VpnConfig vpnConfig = this.mConfig;
            if (vpnConfig.dnsServers == null) {
                vpnConfig.dnsServers = new ArrayList();
            }
            this.mConfig.dnsServers.add(inetAddress.getHostAddress());
            return this;
        }

        public final Builder addRoute(String str, int i10) {
            return addRoute(InetAddress.parseNumericAddress(str), i10);
        }

        public final Builder addRoute(InetAddress inetAddress, int i10) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.addRoute");
            GenericVpnService.check(inetAddress, i10);
            int i11 = i10 / 8;
            byte[] address = inetAddress.getAddress();
            if (i11 < address.length) {
                address[i11] = (byte) (address[i11] << (i10 % 8));
                while (i11 < address.length) {
                    if (address[i11] != 0) {
                        throw new IllegalArgumentException("Bad address");
                    }
                    i11++;
                }
            }
            this.mRoutes.add(new RouteInfo(new IpPrefix(inetAddress, i10), null, null, 1));
            return this;
        }

        public final Builder addSearchDomain(String str) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.addSearchDomain");
            VpnConfig vpnConfig = this.mConfig;
            if (vpnConfig.searchDomains == null) {
                vpnConfig.searchDomains = new ArrayList();
            }
            this.mConfig.searchDomains.add(str);
            return this;
        }

        public final Builder allowBypass() {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.allowBypass");
            this.mConfig.allowBypass = true;
            return this;
        }

        public final Builder allowFamily(int i10) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.allowFamily");
            if (i10 == OsConstants.AF_INET) {
                this.mConfig.allowIPv4 = true;
            } else {
                if (i10 != OsConstants.AF_INET6) {
                    throw new IllegalArgumentException(i10 + " is neither " + OsConstants.AF_INET + " nor " + OsConstants.AF_INET6);
                }
                this.mConfig.allowIPv6 = true;
            }
            return this;
        }

        public final ParcelFileDescriptor establish() {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.establish");
            Log.d(GenericVpnService.TAG, "establish is getting called : mVpnProfileName value is " + GenericVpnService.mVpnProfileName + "config session value is " + this.mConfig.session);
            VpnConfig vpnConfig = this.mConfig;
            vpnConfig.addresses = this.mAddresses;
            vpnConfig.routes = this.mRoutes;
            try {
                if (GenericVpnService.getService() != null) {
                    return GenericVpnService.getService().establishVpn(this.mConfig);
                }
                return null;
            } catch (Exception unused) {
                throw new IllegalArgumentException("VPN establish failed");
            }
        }

        public final Builder setBlocking(boolean z7) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.setBlocking");
            this.mConfig.blocking = z7;
            return this;
        }

        public final Builder setConfigureIntent(PendingIntent pendingIntent) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.setConfigureIntent");
            this.mConfig.configureIntent = pendingIntent;
            return this;
        }

        public final Builder setMtu(int i10) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.setMtu");
            if (i10 <= 0) {
                throw new IllegalArgumentException("Bad mtu");
            }
            this.mConfig.mtu = i10;
            return this;
        }

        public final Builder setSession(String str) {
            GenericVpnService.checkIfAdminHasVpnPermission();
            EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.setSession");
            this.mConfig.session = str;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    public class Callback extends Binder {
        public Callback() {
        }

        @Override // android.os.Binder
        public final boolean onTransact(int i10, Parcel parcel, Parcel parcel2, int i11) throws RemoteException {
            super.onTransact(i10, parcel, parcel2, i11);
            if (i10 != 16777215) {
                return false;
            }
            GenericVpnService.this.stopSelf();
            return true;
        }
    }

    public static void check(InetAddress inetAddress, int i10) {
        if (inetAddress.isLoopbackAddress()) {
            throw new IllegalArgumentException("Bad address");
        }
        if (inetAddress instanceof Inet4Address) {
            if (i10 < 0 || i10 > 32) {
                throw new IllegalArgumentException("Bad prefixLength");
            }
        } else {
            if (!(inetAddress instanceof Inet6Address)) {
                throw new IllegalArgumentException("Unsupported family");
            }
            if (i10 < 0 || i10 > 128) {
                throw new IllegalArgumentException("Bad prefixLength");
            }
        }
    }

    public static boolean checkIfAdminHasVpnPermission() {
        try {
            if (AppGlobals.getPackageManager().checkUidPermission(KnoxVpnPolicyConstants.NETWORK_TRAFFIC_AGENT_PERMISSION, Process.myUid()) == 0) {
                return true;
            }
        } catch (RemoteException e10) {
            ContextInfo$$ExternalSyntheticOutline0.m$1(e10, ContextInfo$$ExternalSyntheticOutline0.m("Exception: checkIfAdminHasVpnPermission "), TAG);
        }
        StringBuilder m10 = ContextInfo$$ExternalSyntheticOutline0.m("No permission grants found for UID ");
        m10.append(Process.myUid());
        Log.d(TAG, m10.toString());
        throw new SecurityException(Process.myUid() + " does not have " + KnoxVpnPolicyConstants.NETWORK_TRAFFIC_AGENT_PERMISSION);
    }

    public static IVpnManager getService() {
        return IVpnManager.Stub.asInterface(ServiceManager.getService("vpn_management"));
    }

    public static Intent prepare(Context context, String str, boolean z7, boolean z9) {
        checkIfAdminHasVpnPermission();
        EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.prepare");
        Log.d(TAG, "prepare is getting called " + str + "isconnecting value is " + z9 + "type value is " + z7);
        if (context == null || str == null || !(context instanceof GenericVpnContext)) {
            Log.e(TAG, "Invalid profile name or context passed in prepare()");
            return null;
        }
        mVpnProfileName = str;
        boolean isMetaEnabled = ((GenericVpnContext) context).isMetaEnabled();
        if (z9) {
            return null;
        }
        try {
            if (getService().prepareEnterpriseVpnExt(str, isMetaEnabled)) {
                return null;
            }
        } catch (Exception e10) {
            StringBuilder m10 = ContextInfo$$ExternalSyntheticOutline0.m("Exception in prepare : ");
            m10.append(Log.getStackTraceString(e10));
            Log.e(TAG, m10.toString());
        }
        if (z7) {
            return VpnConfig.getIntentForConfirmation();
        }
        return null;
    }

    public final boolean addAddress(InetAddress inetAddress, int i10) {
        checkIfAdminHasVpnPermission();
        EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.addAddress");
        check(inetAddress, i10);
        try {
            return getService().addVpnAddress(inetAddress.getHostAddress(), i10);
        } catch (RemoteException e10) {
            throw new IllegalStateException(e10);
        }
    }

    @Override // android.app.Service
    public final IBinder onBind(Intent intent) {
        if (intent == null || !SERVICE_INTERFACE.equals(intent.getAction())) {
            return null;
        }
        return new Callback();
    }

    public final void onRevoke() {
        stopSelf();
    }

    public final boolean protect(int i10) {
        checkIfAdminHasVpnPermission();
        EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.protect");
        try {
            if (getService() != null && getService().getChainingEnabledForProfile(Binder.getCallingUid())) {
                Log.d(TAG, "protect is not going to be called for " + Binder.getCallingUid());
                return true;
            }
            return NetworkUtilsInternal.protectFromVpn(i10);
        } catch (Exception unused) {
            return false;
        }
    }

    public final boolean protect(DatagramSocket datagramSocket) {
        return protect(datagramSocket.getFileDescriptor$().getInt$());
    }

    public final boolean protect(Socket socket) {
        return protect(socket.getFileDescriptor$().getInt$());
    }

    public final boolean removeAddress(InetAddress inetAddress, int i10) {
        checkIfAdminHasVpnPermission();
        EnterpriseLicenseManager.log(new ContextInfo(Process.myUid()), "GenericVpnService.removeAddress");
        check(inetAddress, i10);
        try {
            return getService().removeVpnAddress(inetAddress.getHostAddress(), i10);
        } catch (RemoteException e10) {
            throw new IllegalStateException(e10);
        }
    }
}
