package org.strongswan.android.logic;

import android.annotation.TargetApi;
import android.content.ComponentName;
import android.content.Intent;
import android.content.ServiceConnection;
import android.net.VpnService;
import android.os.Build;
import android.os.Handler;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.system.OsConstants;
import com.gentlebreeze.log.TimberBreeze;
import com.gentlebreeze.vpn.http.api.GeoInfoKt;
import com.gentlebreeze.vpn.module.common.api.VpnDataTransferred;
import com.gentlebreeze.vpn.module.common.api.configuration.notification.INotificationConfiguration;
import com.gentlebreeze.vpn.module.strongswan.api.model.VpnProfile;
import com.gentlebreeze.vpn.module.strongswan.api.state.ErrorState;
import com.gentlebreeze.vpn.module.strongswan.api.state.State;
import com.google.android.exoplayer2.SimpleExoPlayer;
import java.io.File;
import java.io.IOException;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import org.apache.commons.io.FileUtils;
import org.strongswan.android.logic.ConnectionType;
import org.strongswan.android.logic.VpnStateService;
import org.strongswan.android.logic.imc.ImcState;
import org.strongswan.android.logic.imc.ImcStateKt;
import org.strongswan.android.logic.imc.RemediationInstruction;

/* loaded from: classes5.dex */
public class CharonVpnService extends VpnService implements Runnable {
    public static final String ACTION_DISCONNECT = "CHARON_SERVICE_DISCONNECT";
    public static final String EXTRA_VPN_NOTIFICATION = "EXTRA_VPN_NOTIFICATION";
    public static final String EXTRA_VPN_PROFILE = "EXTRA_VPN_PROFILE";
    public static final String LOG_FILE = "charon.log";
    static final int STATE_AUTH_ERROR = 3;
    static final int STATE_CHILD_SA_DOWN = 2;
    static final int STATE_CHILD_SA_UP = 1;
    static final int STATE_GENERIC_ERROR = 7;
    static final int STATE_LOOKUP_ERROR = 5;
    static final int STATE_PEER_AUTH_ERROR = 4;
    static final int STATE_UNREACHABLE_ERROR = 6;
    private String appDir;
    private volatile String currentCertificateAlias;
    private VpnProfile currentProfile;
    private volatile String currentUserCertificateAlias;
    private Handler handler;
    private volatile boolean isDisconnecting;
    private String logFile;
    private VpnProfile nextProfile;
    private INotificationConfiguration notificationConfiguration;
    private volatile boolean profileUpdated;
    private VpnStateService service;
    private final ServiceConnection serviceConnection;
    private volatile boolean terminate;
    private long transferDown;
    private long transferUp;
    private final Runnable updateTransferRunner;
    private final Object serviceLock = new Object();
    private final Thread connectionHandler = new Thread(this);

    /* loaded from: classes5.dex */
    public class BuilderAdapter {
        private VpnService.Builder builder = createBuilder();
        private BuilderCache cache;
        private BuilderCache establishedCache;
        private final String name;
        private final Integer splitTunneling;

        public BuilderAdapter(String str, Integer num) {
            this.name = str;
            this.splitTunneling = num;
            this.cache = new BuilderCache(num);
        }

        private VpnService.Builder createBuilder() {
            VpnService.Builder builder = new VpnService.Builder(CharonVpnService.this);
            builder.setSession(this.name);
            return builder;
        }

        public synchronized boolean addAddress(String str, int i) {
            try {
                this.cache.addAddress(str, i);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addDnsServer(String str) {
            try {
                this.builder.addDnsServer(str);
                this.cache.recordAddressFamily(str);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addRoute(String str, int i) {
            try {
                this.cache.addRoute(str, i);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addSearchDomain(String str) {
            try {
                this.builder.addSearchDomain(str);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized int establish() {
            try {
                this.cache.applyData(this.builder);
                ParcelFileDescriptor establish = this.builder.establish();
                if (establish == null) {
                    return -1;
                }
                this.builder = createBuilder();
                this.establishedCache = this.cache;
                this.cache = new BuilderCache(this.splitTunneling);
                return establish.detachFd();
            } catch (Exception e) {
                e.printStackTrace();
                return -1;
            }
        }

        public synchronized int establishNoDns() {
            if (this.establishedCache == null) {
                return -1;
            }
            try {
                VpnService.Builder createBuilder = createBuilder();
                this.establishedCache.applyData(createBuilder);
                ParcelFileDescriptor establish = createBuilder.establish();
                if (establish == null) {
                    return -1;
                }
                return establish.detachFd();
            } catch (Exception e) {
                e.printStackTrace();
                return -1;
            }
        }

        public synchronized boolean setMtu(int i) {
            try {
                this.cache.setMtu(i);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }
    }

    /* loaded from: classes5.dex */
    public class BuilderCache {
        private boolean ipv4Seen;
        private boolean ipv6Seen;
        private int mtu;
        private final int splitTunneling;
        private final List<PrefixedAddress> addresses = new LinkedList();
        private final List<PrefixedAddress> routesIPv4 = new LinkedList();
        private final List<PrefixedAddress> routesIPv6 = new LinkedList();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes5.dex */
        public class PrefixedAddress {
            public String address;
            public int prefix;

            public PrefixedAddress(String str, int i) {
                this.address = str;
                this.prefix = i;
            }
        }

        public BuilderCache(Integer num) {
            this.splitTunneling = num != null ? num.intValue() : 0;
        }

        private boolean isIPv6(String str) throws UnknownHostException {
            return InetAddress.getByName(str) instanceof Inet6Address;
        }

        public void addAddress(String str, int i) {
            this.addresses.add(new PrefixedAddress(str, i));
            recordAddressFamily(str);
        }

        public void addRoute(String str, int i) {
            try {
                if (isIPv6(str)) {
                    this.routesIPv6.add(new PrefixedAddress(str, i));
                } else {
                    this.routesIPv4.add(new PrefixedAddress(str, i));
                }
            } catch (UnknownHostException e) {
                TimberBreeze.INSTANCE.e(e);
            }
        }

        @TargetApi(21)
        public void applyData(VpnService.Builder builder) {
            for (PrefixedAddress prefixedAddress : this.addresses) {
                builder.addAddress(prefixedAddress.address, prefixedAddress.prefix);
            }
            if ((this.splitTunneling & 1) == 0) {
                if (this.ipv4Seen) {
                    for (PrefixedAddress prefixedAddress2 : this.routesIPv4) {
                        builder.addRoute(prefixedAddress2.address, prefixedAddress2.prefix);
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET);
                }
            } else if (this.ipv4Seen) {
                builder.addRoute(GeoInfoKt.GEO_IP_FALLBACK, 0);
            }
            if ((this.splitTunneling & 2) == 0) {
                if (this.ipv6Seen) {
                    for (PrefixedAddress prefixedAddress3 : this.routesIPv6) {
                        builder.addRoute(prefixedAddress3.address, prefixedAddress3.prefix);
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET6);
                }
            } else if (this.ipv6Seen) {
                builder.addRoute("::", 0);
            }
            builder.setMtu(this.mtu);
        }

        public void recordAddressFamily(String str) {
            try {
                if (isIPv6(str)) {
                    this.ipv6Seen = true;
                } else {
                    this.ipv4Seen = true;
                }
            } catch (UnknownHostException e) {
                TimberBreeze.INSTANCE.e(e);
            }
        }

        public void setMtu(int i) {
            this.mtu = i;
        }
    }

    /* loaded from: classes5.dex */
    private class DataTransferRunnable implements Runnable {
        private DataTransferRunnable() {
        }

        @Override // java.lang.Runnable
        public void run() {
            long bytesDown = CharonVpnService.this.getBytesDown();
            long bytesUp = CharonVpnService.this.getBytesUp();
            long j = bytesDown - CharonVpnService.this.transferDown;
            long j2 = bytesUp - CharonVpnService.this.transferUp;
            CharonVpnService.this.transferDown = bytesDown;
            CharonVpnService.this.transferUp = bytesUp;
            VpnStateService vpnStateService = CharonVpnService.this.service;
            if (vpnStateService != null) {
                vpnStateService.notifyDataTransfer(VpnDataTransferred.builder().down(CharonVpnService.this.transferDown).downDiff(j).up(CharonVpnService.this.transferUp).upDiff(j2).build());
                CharonVpnService.this.scheduleTransferRunner();
            }
        }
    }

    /* loaded from: classes5.dex */
    private class VpnStateServiceConnection implements ServiceConnection {
        private VpnStateServiceConnection() {
        }

        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            synchronized (CharonVpnService.this.serviceLock) {
                CharonVpnService.this.service = ((VpnStateService.LocalBinder) iBinder).getService();
            }
            CharonVpnService.this.connectionHandler.start();
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            synchronized (CharonVpnService.this.serviceLock) {
                CharonVpnService.this.service = null;
            }
        }
    }

    static {
        if (Build.VERSION.SDK_INT < 18) {
            System.loadLibrary("strongswan");
            System.loadLibrary("tpmtss");
            System.loadLibrary("tncif");
            System.loadLibrary("tnccs");
            System.loadLibrary("imcv");
            System.loadLibrary("charon");
            System.loadLibrary("ipsec");
        }
        System.loadLibrary("androidbridge");
    }

    public CharonVpnService() {
        this.serviceConnection = new VpnStateServiceConnection();
        this.updateTransferRunner = new DataTransferRunnable();
    }

    private byte[][] certsToByteArrays(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        byte[][] bArr = new byte[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            bArr[i] = x509CertificateArr[i].getEncoded();
        }
        return bArr;
    }

    private static String getAndroidVersion() {
        String str = "Android " + Build.VERSION.RELEASE + " - " + Build.DISPLAY;
        if (Build.VERSION.SDK_INT < 23) {
            return str;
        }
        return str + "/" + Build.VERSION.SECURITY_PATCH;
    }

    private CharonSettings getConfiguration() {
        CharonSettings charonSettings = new CharonSettings();
        charonSettings.setValue("global.language", Locale.getDefault().getLanguage());
        charonSettings.setValue("global.mtu", this.currentProfile.getMtu());
        charonSettings.setValue("connection.type", this.currentProfile.getVpnType().getIdentifier());
        charonSettings.setValue("connection.server", this.currentProfile.getGateway());
        charonSettings.setValue("connection.port", this.currentProfile.getPort());
        charonSettings.setValue("connection.username", this.currentProfile.getUsername());
        charonSettings.setValue("connection.password", this.currentProfile.getPassword());
        charonSettings.setValue("connection.remote_id", this.currentProfile.getRemoteId());
        charonSettings.setValue("connection.local_id", this.currentProfile.getLocalId());
        return charonSettings;
    }

    private static String getDeviceString() {
        return Build.MODEL + " - " + Build.BRAND + "/" + Build.PRODUCT + "/" + Build.MANUFACTURER;
    }

    private byte[][] getTrustedCertificates() {
        TrustedCertificateManager load = TrustedCertificateManager.INSTANCE.getInstance().load();
        try {
            String str = this.currentCertificateAlias;
            if (str == null) {
                Collection<X509Certificate> values = load.getAllCACertificates().values();
                return certsToByteArrays((X509Certificate[]) values.toArray(new X509Certificate[values.size()]));
            }
            X509Certificate cACertificateFromAlias = load.getCACertificateFromAlias(str);
            if (cACertificateFromAlias != null) {
                return new byte[][]{cACertificateFromAlias.getEncoded()};
            }
            return null;
        } catch (CertificateEncodingException e) {
            TimberBreeze.INSTANCE.e(e, "Failed to get trusted certificates.", new Object[0]);
            return null;
        }
    }

    private byte[][] getUserCertificate() throws KeyChainException, InterruptedException, CertificateEncodingException {
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(getApplicationContext(), this.currentUserCertificateAlias);
        if (certificateChain == null || certificateChain.length == 0) {
            return null;
        }
        return certsToByteArrays(certificateChain);
    }

    private PrivateKey getUserKey() throws KeyChainException, InterruptedException {
        return KeyChain.getPrivateKey(getApplicationContext(), this.currentUserCertificateAlias);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleTransferRunner() {
        this.handler.postDelayed(this.updateTransferRunner, SimpleExoPlayer.DEFAULT_DETACH_SURFACE_TIMEOUT_MS);
    }

    private void setErrorDisconnect(ErrorState errorState) {
        synchronized (this.serviceLock) {
            stopCurrentConnectionWithError(errorState);
        }
    }

    private void setImcState(ImcState imcState) {
        synchronized (this.serviceLock) {
            VpnStateService vpnStateService = this.service;
            if (vpnStateService != null) {
                vpnStateService.setImcState(imcState);
            }
        }
    }

    private void setNextProfile(VpnProfile vpnProfile) {
        synchronized (this) {
            this.nextProfile = vpnProfile;
            this.profileUpdated = true;
            notifyAll();
        }
    }

    private void setState(State state, ErrorState errorState) {
        synchronized (this.serviceLock) {
            if (this.service != null) {
                if (state == State.DISABLED) {
                    try {
                        this.service.notifyLog(FileUtils.readLines(new File(this.logFile)));
                    } catch (IOException e) {
                        TimberBreeze.INSTANCE.e(e);
                    }
                }
                this.service.setState(state, errorState);
            }
        }
    }

    private void startConnection() {
        synchronized (this.serviceLock) {
            VpnStateService vpnStateService = this.service;
            if (vpnStateService != null) {
                vpnStateService.startConnection();
            }
        }
    }

    private void stopConnection(State state, ErrorState errorState) {
        synchronized (this) {
            if (this.currentProfile != null) {
                if (errorState == ErrorState.NO_ERROR) {
                    this.currentProfile = null;
                    deinitializeCharon();
                }
                setState(state, errorState);
                this.handler.removeCallbacks(this.updateTransferRunner);
                this.isDisconnecting = true;
                stopForeground(true);
                TimberBreeze.INSTANCE.i("Charon Service has been stopped", new Object[0]);
            }
        }
    }

    private void stopCurrentConnection() {
        stopConnection(State.DISCONNECTED, ErrorState.NO_ERROR);
    }

    private void stopCurrentConnectionWithError(ErrorState errorState) {
        stopConnection(State.DISABLED, errorState);
    }

    public void addRemediationInstruction(String str) {
        for (RemediationInstruction remediationInstruction : RemediationInstruction.INSTANCE.fromXml(str)) {
            synchronized (this.serviceLock) {
                VpnStateService vpnStateService = this.service;
                if (vpnStateService != null) {
                    vpnStateService.addRemediationInstruction(remediationInstruction);
                }
            }
        }
    }

    public native void deinitializeCharon();

    public native long getBytesDown();

    public native long getBytesUp();

    public native boolean initializeCharon(BuilderAdapter builderAdapter, String str, String str2, boolean z);

    public native void initiate(String str);

    @Override // android.app.Service
    public void onCreate() {
        this.handler = new Handler();
        this.logFile = getFilesDir().getAbsolutePath() + File.separator + LOG_FILE;
        this.appDir = getFilesDir().getAbsolutePath();
        bindService(new Intent(this, (Class<?>) VpnStateService.class), this.serviceConnection, 1);
    }

    @Override // android.app.Service
    public void onDestroy() {
        this.terminate = true;
        setNextProfile(null);
        try {
            this.connectionHandler.join();
        } catch (InterruptedException e) {
            TimberBreeze.INSTANCE.e(e);
        }
        if (this.service != null) {
            unbindService(this.serviceConnection);
        }
    }

    @Override // android.net.VpnService
    public void onRevoke() {
        setNextProfile(null);
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        if (intent == null) {
            return 2;
        }
        if (ACTION_DISCONNECT.equals(intent.getAction())) {
            setNextProfile(null);
            return 2;
        }
        VpnProfile vpnProfile = (VpnProfile) intent.getParcelableExtra(EXTRA_VPN_PROFILE);
        this.notificationConfiguration = (INotificationConfiguration) intent.getParcelableExtra(EXTRA_VPN_NOTIFICATION);
        setNextProfile(vpnProfile);
        return 2;
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            synchronized (this) {
                while (!this.profileUpdated) {
                    try {
                        wait();
                    } catch (InterruptedException e) {
                        TimberBreeze.INSTANCE.e(e, "An error occurred during the main CharonVpnService loop", new Object[0]);
                        stopCurrentConnection();
                        setState(State.DISABLED, ErrorState.GENERIC_ERROR);
                    }
                }
                this.profileUpdated = false;
                stopCurrentConnection();
                VpnProfile vpnProfile = this.nextProfile;
                if (vpnProfile == null) {
                    setState(State.DISABLED, ErrorState.NO_ERROR);
                    if (this.terminate) {
                        return;
                    }
                } else {
                    this.currentProfile = vpnProfile;
                    this.nextProfile = null;
                    this.currentCertificateAlias = vpnProfile.getCertificateAlias();
                    this.currentUserCertificateAlias = this.currentProfile.getUserCertificateAlias();
                    startConnection();
                    this.isDisconnecting = false;
                    INotificationConfiguration iNotificationConfiguration = this.notificationConfiguration;
                    if (iNotificationConfiguration != null) {
                        startForeground(iNotificationConfiguration.getNotificationId(), this.notificationConfiguration.getNotification());
                    }
                    if (initializeCharon(new BuilderAdapter("VPNModule", this.currentProfile.getSplitTunneling()), this.logFile, this.appDir, this.currentProfile.getVpnType().has(ConnectionType.VpnTypeFeature.BYOD))) {
                        TimberBreeze timberBreeze = TimberBreeze.INSTANCE;
                        timberBreeze.i("charon started", new Object[0]);
                        String serialize = getConfiguration().serialize();
                        timberBreeze.d(serialize, new Object[0]);
                        initiate(serialize);
                        this.transferDown = 0L;
                        this.transferUp = 0L;
                        scheduleTransferRunner();
                    } else {
                        TimberBreeze.INSTANCE.e("Failed to initialize CharonVpnService using initializeCharon()", new Object[0]);
                        setState(State.DISABLED, ErrorState.GENERIC_ERROR);
                        this.currentProfile = null;
                    }
                }
            }
        }
    }

    public void updateImcState(int i) {
        ImcState fromValue = ImcStateKt.fromValue(i);
        if (fromValue != null) {
            setImcState(fromValue);
        }
    }

    public void updateStatus(int i) {
        switch (i) {
            case 1:
                setState(State.CONNECTED, ErrorState.NO_ERROR);
                return;
            case 2:
                if (this.isDisconnecting) {
                    return;
                }
                setState(State.CONNECTING, ErrorState.NO_ERROR);
                return;
            case 3:
                setErrorDisconnect(ErrorState.AUTH_FAILED);
                return;
            case 4:
                setErrorDisconnect(ErrorState.PEER_AUTH_FAILED);
                return;
            case 5:
                setErrorDisconnect(ErrorState.LOOKUP_FAILED);
                return;
            case 6:
                setErrorDisconnect(ErrorState.UNREACHABLE);
                return;
            case 7:
                setErrorDisconnect(ErrorState.GENERIC_ERROR);
                return;
            default:
                TimberBreeze.INSTANCE.e("Unknown status code received", new Object[0]);
                return;
        }
    }
}
