package dev.rx.app2proxy;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Log;
import androidx.constraintlayout.widget.ConstraintLayout;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.io.TextStreamsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import kotlin.text.StringsKt;

/* compiled from: IptablesService.kt */
@Metadata(d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\r\n\u0002\u0010\u000b\n\u0002\b\u0005\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u0004J\u000e\u0010\u000e\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fJ \u0010\u000f\u001a\u00020\u00042\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u00062\u0006\u0010\u0011\u001a\u00020\u0006H\u0002J \u0010\u0012\u001a\u00020\u00042\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u00062\u0006\u0010\u0011\u001a\u00020\u0006H\u0002J\u0010\u0010\u0013\u001a\u00020\u00042\u0006\u0010\r\u001a\u00020\u0004H\u0002J\u000e\u0010\u0014\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u0004J\u0016\u0010\u0015\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u0004J\u001e\u0010\u0016\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0017\u001a\u00020\u00062\u0006\u0010\u0018\u001a\u00020\u0006J\u0010\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u0006H\u0002J\u0010\u0010\u001c\u001a\u00020\u00042\u0006\u0010\u001d\u001a\u00020\u0004H\u0002J\u0010\u0010\u001e\u001a\u00020\u001a2\u0006\u0010\u000b\u001a\u00020\fH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u001f"}, d2 = {"Ldev/rx/app2proxy/IptablesService;", "", "()V", "APP_SIGNATURE", "", "DEFAULT_XRAY_DNS_PORT", "", "DEFAULT_XRAY_PORT", "TAG", "applyRules", "", "context", "Landroid/content/Context;", "uids", "applyRulesFromPrefs", "buildClearScript", "proxyPort", "dnsPort", "buildSecureScript", "buildUniversalClearScript", "clearAllRulesForUids", "clearRules", "clearRulesWithOldPorts", "oldProxyPort", "oldDnsPort", "isValidPort", "", "port", "runAsRoot", "script", "validateSecurityContext", "app_release"}, k = 1, mv = {1, 9, 0}, xi = ConstraintLayout.LayoutParams.Table.LAYOUT_CONSTRAINT_VERTICAL_CHAINSTYLE)
/* loaded from: classes.dex */
public final class IptablesService {
    private static final String APP_SIGNATURE = "app2proxy_legitimate_traffic_redirector";
    private static final int DEFAULT_XRAY_DNS_PORT = 10853;
    private static final int DEFAULT_XRAY_PORT = 12345;
    public static final IptablesService INSTANCE = new IptablesService();
    private static final String TAG = "IptablesService";

    private IptablesService() {
    }

    private final String buildClearScript(String uids, int proxyPort, int dnsPort) {
        return StringsKt.trimIndent("\n            #!/system/bin/sh\n            \n            # app2proxy_legitimate_traffic_redirector\n\n            UIDS=\"" + new Regex("[^0-9 ]").replace(uids, "") + "\"\n            PORT=" + proxyPort + "\n            DNS_PORT=" + dnsPort + "\n                        \n            echo \"[app2proxy_legitimate_traffic_redirector] Clearing iptables rules for UID: $UIDS\"\n            echo \"[app2proxy_legitimate_traffic_redirector] Using ports: proxy=$PORT, DNS=$DNS_PORT\"\n\n            for UID in $UIDS; do\n              if ! echo \"$UID\" | grep -qE '^[0-9]+$'; then\n                echo \"[app2proxy_legitimate_traffic_redirector] WARNING: Skipping invalid UID: $UID\"\n                continue\n              fi\n              \n              echo \"[app2proxy_legitimate_traffic_redirector] Clearing rules for UID: $UID\"\n              while iptables -t nat -C OUTPUT -p tcp -m owner --uid-owner $UID -j REDIRECT --to-ports $PORT 2>/dev/null; do\n                iptables -t nat -D OUTPUT -p tcp -m owner --uid-owner $UID -j REDIRECT --to-ports $PORT\n              done\n              while iptables -t nat -C OUTPUT -p udp --dport 53 -m owner --uid-owner $UID -j REDIRECT --to-ports $DNS_PORT 2>/dev/null; do\n                iptables -t nat -D OUTPUT -p udp --dport 53 -m owner --uid-owner $UID -j REDIRECT --to-ports $DNS_PORT\n              done\n            done\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Rules cleared for UID: $UIDS (ports: proxy=$PORT, DNS=$DNS_PORT)\"\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Remaining NAT OUTPUT rules:\"\n            iptables -t nat -L OUTPUT -n --line-numbers | grep -E \"(REDIRECT|$PORT|$DNS_PORT)\" || echo \"Rules not found\"\n        ");
    }

    private final String buildSecureScript(String uids, int proxyPort, int dnsPort) {
        return StringsKt.trimIndent("\n            #!/system/bin/sh\n            \n            # app2proxy_legitimate_traffic_redirector\n\n            UIDS=\"" + new Regex("[^0-9 ]").replace(uids, "") + "\"\n            PORT=" + proxyPort + "\n            DNS_PORT=" + dnsPort + "\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Apllying iptables rules for UID: $UIDS\"\n            echo \"[app2proxy_legitimate_traffic_redirector] Using ports: proxy=$PORT, DNS=$DNS_PORT\"\n            \n            if ! command -v iptables > /dev/null 2>&1; then\n                echo \"[app2proxy_legitimate_traffic_redirector] ERROR: iptables is not available\"\n                exit 1\n            fi\n            \n            for UID in $UIDS; do\n              if ! echo \"$UID\" | grep -qE '^[0-9]+$'; then\n                echo \"[app2proxy_legitimate_traffic_redirector] Warning: Skipping invalid UID: $UID\"\n                continue\n              fi\n              \n              echo \"[app2proxy_legitimate_traffic_redirector] Universal clearing all rules for UID: $UID\"\n\n              while iptables -t nat -L OUTPUT -n | grep -q \"owner UID match $UID.*tcp.*REDIRECT\"; do\n                LINE_NUM=$(iptables -t nat -L OUTPUT -n --line-numbers | grep \"owner UID match $UID.*tcp.*REDIRECT\" | head -1 | awk '{print $1}')\n                if [ ! -z \"$LINE_NUM\" ]; then\n                  iptables -t nat -D OUTPUT $LINE_NUM\n                  echo \"[app2proxy_legitimate_traffic_redirector] Deleting TCP rule #$LINE_NUM for UID $UID\"\n                else\n                  break\n                fi\n              done\n              \n              while iptables -t nat -L OUTPUT -n | grep -q \"owner UID match $UID.*udp.*dpt:53.*REDIRECT\"; do\n                LINE_NUM=$(iptables -t nat -L OUTPUT -n --line-numbers | grep \"owner UID match $UID.*udp.*dpt:53.*REDIRECT\" | head -1 | awk '{print $1}')\n                if [ ! -z \"$LINE_NUM\" ]; then\n                  iptables -t nat -D OUTPUT $LINE_NUM\n                  echo \"[app2proxy_legitimate_traffic_redirector] Deleting DNS rule #$LINE_NUM for UID $UID\"\n                else\n                  break\n                fi\n              done\n            done\n\n            for UID in $UIDS; do\n              if ! echo \"$UID\" | grep -qE '^[0-9]+$'; then\n                continue\n              fi\n              \n              echo \"[app2proxy_legitimate_traffic_redirector] Addding rules for UID: $UID\"\n              \n              if ! iptables -t nat -C OUTPUT -p tcp -m owner --uid-owner $UID -j REDIRECT --to-ports $PORT 2>/dev/null; then\n                iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner $UID -j REDIRECT --to-ports $PORT\n                echo \"[app2proxy_legitimate_traffic_redirector] ✅ TCP rule added for UID $UID\"\n              else\n                echo \"[app2proxy_legitimate_traffic_redirector] ℹ️ TCP rule already exists for UID $UID\"\n              fi\n              \n              if ! iptables -t nat -C OUTPUT -p udp --dport 53 -m owner --uid-owner $UID -j REDIRECT --to-ports $DNS_PORT 2>/dev/null; then\n                iptables -t nat -A OUTPUT -p udp --dport 53 -m owner --uid-owner $UID -j REDIRECT --to-ports $DNS_PORT\n                echo \"[app2proxy_legitimate_traffic_redirector] ✅ DNS rule added for UID $UID\"\n              else\n                echo \"[app2proxy_legitimate_traffic_redirector] ℹ️ DNS rule already exists for UID $UID\"\n              fi\n            done\n\n            echo \"[app2proxy_legitimate_traffic_redirector] Rules applied for UID: $UIDS\"\n            echo \"[app2proxy_legitimate_traffic_redirector] Using ports: proxy=$PORT, DNS=$DNS_PORT\"\n\n            echo \"[app2proxy_legitimate_traffic_redirector] Remaining NAT OUTPUT rules:\"\n            iptables -t nat -L OUTPUT -n --line-numbers | grep -E \"(REDIRECT|$PORT|$DNS_PORT)\"\n        ");
    }

    private final String buildUniversalClearScript(String uids) {
        return StringsKt.trimIndent("\n            #!/system/bin/sh\n            \n            # app2proxy_legitimate_traffic_redirector\n\n            UIDS=\"" + new Regex("[^0-9 ]").replace(uids, "") + "\"\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Universal clearing of all iptables rules for UID: $UIDS\"\n\n            for UID in $UIDS; do\n              if ! echo \"$UID\" | grep -qE '^[0-9]+$'; then\n                echo \"[app2proxy_legitimate_traffic_redirector] WARNING: Skipping invalid UID: $UID\"\n                continue\n              fi\n              \n              echo \"[app2proxy_legitimate_traffic_redirector] Deleting ALL rules for UID: $UID\"\n\n              while iptables -t nat -L OUTPUT -n | grep -q \"owner UID match $UID.*tcp.*REDIRECT\"; do\n                LINE_NUM=$(iptables -t nat -L OUTPUT -n --line-numbers | grep \"owner UID match $UID.*tcp.*REDIRECT\" | head -1 | awk '{print $1}')\n                if [ ! -z \"$LINE_NUM\" ]; then\n                  iptables -t nat -D OUTPUT $LINE_NUM\n                  echo \"[app2proxy_legitimate_traffic_redirector] Deleted TCP rule #$LINE_NUM for UID $UID\"\n                else\n                  break\n                fi\n              done\n              \n              while iptables -t nat -L OUTPUT -n | grep -q \"owner UID match $UID.*udp.*dpt:53.*REDIRECT\"; do\n                LINE_NUM=$(iptables -t nat -L OUTPUT -n --line-numbers | grep \"owner UID match $UID.*udp.*dpt:53.*REDIRECT\" | head -1 | awk '{print $1}')\n                if [ ! -z \"$LINE_NUM\" ]; then\n                  iptables -t nat -D OUTPUT $LINE_NUM\n                  echo \"[app2proxy_legitimate_traffic_redirector] Deleted DNS rule #$LINE_NUM for UID $UID\"\n                else\n                  break\n                fi\n              done\n            done\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Universal clearing completed for UID: $UIDS\"\n            \n            echo \"[app2proxy_legitimate_traffic_redirector] Checking remaining rules:\"\n            for UID in $UIDS; do\n              REMAINING=$(iptables -t nat -L OUTPUT -n | grep \"owner UID match $UID\" | wc -l)\n              echo \"[app2proxy_legitimate_traffic_redirector] UID $UID: remaining rules = $REMAINING\"\n            done\n        ");
    }

    private final boolean isValidPort(int port) {
        return (1024 > port || port >= 65536 || port == 22 || port == 80 || port == 443) ? false : true;
    }

    private final String runAsRoot(String script) {
        try {
            Log.d(TAG, "[app2proxy_legitimate_traffic_redirector] Executing script with root privileges");
            Process exec = Runtime.getRuntime().exec("su");
            DataOutputStream dataOutputStream = new DataOutputStream(exec.getOutputStream());
            dataOutputStream.writeBytes(script);
            dataOutputStream.writeBytes("\nexit\n");
            dataOutputStream.flush();
            int waitFor = exec.waitFor();
            InputStream inputStream = exec.getInputStream();
            Intrinsics.checkNotNullExpressionValue(inputStream, "getInputStream(...)");
            Reader inputStreamReader = new InputStreamReader(inputStream, Charsets.UTF_8);
            String readText = TextStreamsKt.readText(inputStreamReader instanceof BufferedReader ? (BufferedReader) inputStreamReader : new BufferedReader(inputStreamReader, 8192));
            InputStream errorStream = exec.getErrorStream();
            Intrinsics.checkNotNullExpressionValue(errorStream, "getErrorStream(...)");
            Reader inputStreamReader2 = new InputStreamReader(errorStream, Charsets.UTF_8);
            String readText2 = TextStreamsKt.readText(inputStreamReader2 instanceof BufferedReader ? (BufferedReader) inputStreamReader2 : new BufferedReader(inputStreamReader2, 8192));
            Log.d(TAG, "[app2proxy_legitimate_traffic_redirector] Code exit: " + waitFor);
            Log.d(TAG, "[app2proxy_legitimate_traffic_redirector] Output: " + readText);
            if (readText2.length() > 0) {
                Log.w(TAG, "[app2proxy_legitimate_traffic_redirector] Errors: " + readText2);
            }
            return waitFor == 0 ? readText : "Error executing script (code: " + waitFor + "): " + readText2;
        } catch (Exception e) {
            String str = "[app2proxy_legitimate_traffic_redirector] Error executing command: " + e.getLocalizedMessage();
            Log.e(TAG, str, e);
            return str;
        }
    }

    private final boolean validateSecurityContext(Context context) {
        try {
            String packageName = context.getPackageName();
            if (Intrinsics.areEqual(packageName, "dev.rx.app2proxy")) {
                return true;
            }
            Log.w(TAG, "[app2proxy_legitimate_traffic_redirector] Неверный пакет: " + packageName);
            return false;
        } catch (Exception e) {
            Log.e(TAG, "Error validating security", e);
            return false;
        }
    }

    public final void applyRules(Context context, String uids) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(uids, "uids");
        if (StringsKt.trim((CharSequence) uids).toString().length() == 0) {
            Log.w(TAG, "Empty UID list for applying rules");
            return;
        }
        try {
            if (!validateSecurityContext(context)) {
                Log.w(TAG, "Operation rejected: security violation");
                return;
            }
            SharedPreferences sharedPreferences = context.getSharedPreferences("proxy_prefs", 0);
            int i = sharedPreferences.getInt("proxy_port", DEFAULT_XRAY_PORT);
            int i2 = sharedPreferences.getInt("dns_port", DEFAULT_XRAY_DNS_PORT);
            if (isValidPort(i) && isValidPort(i2)) {
                Log.d(TAG, "Applying iptables rules for UID: " + uids + ", proxy port: " + i + ", DNS port: " + i2);
                Log.d(TAG, "Result of applying rules: " + runAsRoot(buildSecureScript(uids, i, i2)));
                return;
            }
            Log.w(TAG, "Invalid ports: proxy=" + i + ", DNS=" + i2);
        } catch (Exception e) {
            Log.e(TAG, "Error applying iptables rules", e);
        }
    }

    public final void applyRulesFromPrefs(Context context) {
        String str;
        Intrinsics.checkNotNullParameter(context, "context");
        try {
            if (!validateSecurityContext(context)) {
                Log.w(TAG, "Operation rejected: security violation");
                return;
            }
            Set<String> stringSet = context.getSharedPreferences("proxy_prefs", 0).getStringSet("selected_uids", SetsKt.emptySet());
            if (stringSet == null || (str = CollectionsKt.joinToString$default(stringSet, " ", null, null, 0, null, null, 62, null)) == null) {
                str = "";
            }
            if (str.length() <= 0) {
                Log.d(TAG, "No saved UIDs to apply rules");
            } else {
                Log.d(TAG, "Applying saved rules for UID: " + str);
                applyRules(context, str);
            }
        } catch (Exception e) {
            Log.e(TAG, "Error applying rules from preferences", e);
        }
    }

    public final void clearAllRulesForUids(String uids) {
        Intrinsics.checkNotNullParameter(uids, "uids");
        if (StringsKt.trim((CharSequence) uids).toString().length() == 0) {
            Log.w(TAG, "Empty UID list for universal rule clearing");
            return;
        }
        try {
            Log.d(TAG, "Universal clearing of all iptables rules for UID: " + uids);
            Log.d(TAG, "Result of universal rule clearing: " + runAsRoot(buildUniversalClearScript(uids)));
        } catch (Exception e) {
            Log.e(TAG, "Error during universal iptables rule clearing", e);
        }
    }

    public final void clearRules(Context context, String uids) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(uids, "uids");
        if (StringsKt.trim((CharSequence) uids).toString().length() == 0) {
            Log.w(TAG, "Empty UID list for clearing rules");
            return;
        }
        try {
            if (!validateSecurityContext(context)) {
                Log.w(TAG, "Operation rejected: security violation");
                return;
            }
            SharedPreferences sharedPreferences = context.getSharedPreferences("proxy_prefs", 0);
            int i = sharedPreferences.getInt("proxy_port", DEFAULT_XRAY_PORT);
            int i2 = sharedPreferences.getInt("dns_port", DEFAULT_XRAY_DNS_PORT);
            Log.d(TAG, "Clearing iptables rules for UID: " + uids + ", proxy port: " + i + ", DNS port: " + i2);
            Log.d(TAG, "Result of clearing rules: " + runAsRoot(buildClearScript(uids, i, i2)));
        } catch (Exception e) {
            Log.e(TAG, "Error clearing iptables rules", e);
        }
    }

    public final void clearRulesWithOldPorts(String uids, int oldProxyPort, int oldDnsPort) {
        Intrinsics.checkNotNullParameter(uids, "uids");
        if (StringsKt.trim((CharSequence) uids).toString().length() == 0) {
            Log.w(TAG, "Empty UID list for clearing old rules");
            return;
        }
        try {
            Log.d(TAG, "Clearing old iptables rules for UID: " + uids + " with old ports: proxy=" + oldProxyPort + ", DNS=" + oldDnsPort);
            Log.d(TAG, "Result of clearing old iptables rules: " + runAsRoot(buildClearScript(uids, oldProxyPort, oldDnsPort)));
        } catch (Exception e) {
            Log.e(TAG, "Error clearing old iptables rules", e);
        }
    }
}
