package app.openconnect.core;

import android.content.Context;
import android.content.SharedPreferences;
import android.net.VpnService;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import android.preference.PreferenceManager;
import android.util.Base64;
import app.openconnect.AuthFormHandler;
import app.openconnect.VpnProfile;
import com.azacodes.dubaikingvpn.R;
import com.stericson.RootTools.execution.CommandCapture;
import com.stericson.RootTools.execution.Shell;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.MessageDigest;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Formatter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.infradead.libopenconnect.LibOpenConnect;

/* loaded from: classes.dex */
public class OpenConnectManagementThread implements Runnable, OpenVPNManagement {
    public static final int STATE_AUTHENTICATED = 3;
    public static final int STATE_AUTHENTICATING = 1;
    public static final int STATE_CONNECTED = 5;
    public static final int STATE_CONNECTING = 4;
    public static final int STATE_DISCONNECTED = 6;
    public static final int STATE_USER_PROMPT = 2;
    public static final String TAG = "OpenConnect";
    private SharedPreferences mAppPrefs;
    private String mCacheDir;
    private Context mContext;
    private String mFilesDir;
    private String mLastFormDigest;
    private LibOpenConnect mOC;
    private OpenVpnService mOpenVPNService;
    private SharedPreferences mPrefs;
    private VpnProfile mProfile;
    private boolean mRequestDisconnect;
    private boolean mRequestPause;
    private String mServerAddr;
    private boolean mAuthgroupSet = false;
    private HashMap<String, Boolean> mAcceptedCerts = new HashMap<>();
    private HashMap<String, Boolean> mRejectedCerts = new HashMap<>();
    private boolean mAuthDone = false;
    private Object mMainloopLock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class AndroidOC extends LibOpenConnect {
        private AndroidOC() {
        }

        private String getPeerCertSHA1() {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.reset();
                messageDigest.update(getPeerCertDER());
                Formatter formatter = new Formatter();
                for (byte b : messageDigest.digest()) {
                    formatter.format("%02X", Byte.valueOf(b));
                }
                String formatter2 = formatter.toString();
                formatter.close();
                return formatter2;
            } catch (Exception unused) {
                OpenConnectManagementThread.this.log("getPeerCertSHA1: could not initialize MessageDigest");
                return null;
            }
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public int onProcessAuthForm(LibOpenConnect.AuthForm authForm) {
            OpenConnectManagementThread.this.log("CALLBACK: onProcessAuthForm");
            if (authForm.error != null) {
                OpenConnectManagementThread.this.log("AUTH: error '" + authForm.error + "'");
            }
            if (authForm.message != null) {
                OpenConnectManagementThread.this.log("AUTH: message '" + authForm.message + "'");
            }
            OpenConnectManagementThread.this.setState(2);
            AuthFormHandler authFormHandler = new AuthFormHandler(OpenConnectManagementThread.this.mPrefs, authForm, OpenConnectManagementThread.this.mAuthgroupSet, OpenConnectManagementThread.this.mLastFormDigest);
            Integer num = (Integer) OpenConnectManagementThread.this.mOpenVPNService.promptUser(authFormHandler);
            if (num.intValue() == 0) {
                OpenConnectManagementThread.this.setState(1);
                OpenConnectManagementThread.this.mLastFormDigest = authFormHandler.getFormDigest();
            } else if (num.intValue() == 2) {
                OpenConnectManagementThread openConnectManagementThread = OpenConnectManagementThread.this;
                StringBuilder sb = new StringBuilder();
                sb.append("AUTH: requesting authgroup change ");
                sb.append(OpenConnectManagementThread.this.mAuthgroupSet ? "(interactive)" : "(non-interactive)");
                openConnectManagementThread.log(sb.toString());
                OpenConnectManagementThread.this.mAuthgroupSet = true;
            } else {
                OpenConnectManagementThread.this.log("AUTH: form result is " + num);
            }
            return num.intValue();
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public void onProgress(int i, String str) {
            OpenConnectManagementThread.this.mOpenVPNService.log(i, "LIB: " + str.trim());
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public void onProtectSocket(int i) {
            if (!OpenConnectManagementThread.this.mOpenVPNService.protect(i)) {
                OpenConnectManagementThread.this.log("Error protecting fd " + i);
            }
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public void onStatsUpdate(LibOpenConnect.VPNStats vPNStats) {
            OpenConnectManagementThread.this.mOpenVPNService.setStats(vPNStats);
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public int onValidatePeerCert(String str) {
            OpenConnectManagementThread.this.log("CALLBACK: onValidatePeerCert");
            String lowerCase = getPeerCertSHA1().toLowerCase(Locale.US);
            if (OpenConnectManagementThread.this.isCertAccepted(lowerCase)) {
                return 0;
            }
            if (OpenConnectManagementThread.this.mRejectedCerts.containsKey(lowerCase)) {
                return -1;
            }
            if (OpenConnectManagementThread.this.mAuthDone) {
                OpenConnectManagementThread.this.log("AUTH: certificate mismatch on existing connection");
                return -1;
            }
            OpenConnectManagementThread.this.acceptCert(lowerCase, true);
            return 0;
        }

        @Override // org.infradead.libopenconnect.LibOpenConnect
        public int onWriteNewConfig(byte[] bArr) {
            OpenConnectManagementThread.this.log("CALLBACK: onWriteNewConfig");
            return 0;
        }
    }

    public OpenConnectManagementThread(Context context, VpnProfile vpnProfile, OpenVpnService openVpnService) {
        this.mContext = context;
        this.mProfile = vpnProfile;
        this.mOpenVPNService = openVpnService;
        this.mPrefs = vpnProfile.mPrefs;
        this.mAppPrefs = PreferenceManager.getDefaultSharedPreferences(this.mContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void acceptCert(String str, boolean z) {
        this.mAcceptedCerts.put(str, true);
        if (z) {
            putStringPref("ACCEPTED-CERT-" + str, "true");
        }
    }

    private void addDefaultRoutes(VpnService.Builder builder, LibOpenConnect.IPInfo iPInfo, ArrayList<String> arrayList) {
        Iterator<String> it = arrayList.iterator();
        boolean z = true;
        boolean z2 = true;
        while (it.hasNext()) {
            if (it.next().contains(":")) {
                z2 = false;
            } else {
                z = false;
            }
        }
        if (z && iPInfo.addr != null) {
            builder.addRoute("0.0.0.0", 0);
            log("ROUTE: 0.0.0.0/0");
        }
        if (!z2 || iPInfo.netmask6 == null) {
            return;
        }
        builder.addRoute("::", 0);
        log("ROUTE: ::/0");
    }

    private void addSubnetRoutes(VpnService.Builder builder, LibOpenConnect.IPInfo iPInfo, ArrayList<String> arrayList) {
        CIDRIP cidrip;
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            try {
                if (trim.contains(":")) {
                    String[] split = trim.split("/");
                    if (split.length == 1) {
                        builder.addRoute(split[0], 128);
                    } else {
                        builder.addRoute(split[0], Integer.parseInt(split[1]));
                    }
                    log("ROUTE: " + trim);
                } else {
                    if (trim.contains("/")) {
                        cidrip = new CIDRIP(trim);
                    } else {
                        cidrip = new CIDRIP(trim + "/32");
                    }
                    builder.addRoute(cidrip.mIp, cidrip.len);
                    log("ROUTE: " + cidrip.mIp + "/" + cidrip.len);
                }
            } catch (Exception unused) {
                log("ROUTE: skipping invalid route '" + trim + "'");
            }
        }
    }

    private byte[] decodeBase64(String str) throws IllegalArgumentException {
        if (str.matches("^[A-Za-z0-9+/=\\n]+$")) {
            return Base64.decode(str, 0);
        }
        throw new IllegalArgumentException("invalid chars");
    }

    private void errorAlert() {
        errorAlert(this.mContext.getString(R.string.error_cant_connect, this.mOC.getHostname()));
    }

    private void errorAlert(String str) {
        this.mOpenVPNService.promptUser(new ErrorDialog(this.mPrefs, this.mContext.getString(R.string.error_connection_failed), str));
    }

    private void extractBinaries() {
        if (!AssetExtractor.extractAll(this.mContext)) {
            log("Error extracting assets");
        }
        try {
            String str = this.mFilesDir + "/curl-bin";
            String str2 = this.mFilesDir + "/run_pie ";
            if (Build.VERSION.SDK_INT >= 16) {
                str2 = "";
            }
            writeCertOrScript(this.mFilesDir + "/curl", "#!/system/bin/sh\nexec " + str2 + str + " \"$@\"\n", true);
        } catch (IOException unused) {
            log("Error writing curl wrapper scripts");
        }
    }

    private String formatTime(long j) {
        return j <= 0 ? "NEVER" : DateFormat.getDateTimeInstance(3, 3, Locale.US).format(Long.valueOf(j));
    }

    private boolean getBoolPref(String str) {
        return this.mPrefs.getBoolean(str, false);
    }

    private String getStringPref(String str) {
        return this.mPrefs.getString(str, "");
    }

    private boolean getSubnetPref(ArrayList<String> arrayList) {
        for (String str : getStringPref("split_tunnel_networks").split("[,\\s]+")) {
            if (!str.equals("")) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            return true;
        }
        log("ROUTE: split tunnel list is empty; check your VPN settings");
        return false;
    }

    private int inlineToTempFile(String str, String str2, boolean z) throws IOException {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            byte[] decodeBase64 = decodeBase64(str2);
            int length = decodeBase64.length;
            if (z) {
                try {
                    if (rewriteShell(new String(decodeBase64))) {
                        fileOutputStream.write("#!/system/bin/sh\n".getBytes());
                    }
                } catch (Exception unused) {
                }
            }
            fileOutputStream.write(decodeBase64);
            fileOutputStream.close();
            if (!z) {
                return length;
            }
            setExecutable(str);
            return length;
        } catch (IOException unused2) {
            return -1;
        } catch (IllegalArgumentException unused3) {
            return writeCertOrScript(str, str2, z);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isCertAccepted(String str) {
        if (this.mAcceptedCerts.containsKey(str)) {
            return true;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("ACCEPTED-CERT-");
        sb.append(str);
        return getStringPref(sb.toString()).equals("true");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void log(String str) {
        this.mOpenVPNService.log(1, str);
    }

    private void logOneStat(String str) {
        log("STAT: " + str + "=" + this.mPrefs.getLong(str, 0L) + "; first=" + formatTime(this.mPrefs.getLong(str + "_first", 0L)) + "; prev=" + formatTime(this.mPrefs.getLong(str + "_prev", 0L)));
    }

    private void logStats() {
        logOneStat("attempt");
        logOneStat("connect");
        logOneStat("cancel");
    }

    private String prefToTempFile(String str, boolean z) throws IOException {
        String stringPref = getStringPref(str);
        String str2 = this.mCacheDir + File.separator + str + ".tmp";
        if (stringPref.equals("")) {
            return null;
        }
        if (stringPref.startsWith(VpnProfile.INLINE_TAG)) {
            int inlineToTempFile = inlineToTempFile(str2, stringPref.substring(10), z);
            if (inlineToTempFile < 0) {
                log("PREF: I/O exception writing " + str);
                return null;
            }
            log("PREF: wrote out " + str2 + " (" + inlineToTempFile + ")");
            return str2;
        }
        log("PREF: using existing file " + stringPref);
        if (!stringPref.startsWith("/")) {
            stringPref = ProfileManager.getCertPath() + stringPref;
        }
        if (!z) {
            return stringPref;
        }
        String readStringFromFile = AssetExtractor.readStringFromFile(stringPref);
        if (readStringFromFile == null) {
            return null;
        }
        int writeCertOrScript = writeCertOrScript(str2, readStringFromFile, true);
        if (writeCertOrScript < 0) {
            log("PREF: I/O exception writing " + str);
            return null;
        }
        log("PREF: wrote out " + str2 + " (" + writeCertOrScript + ")");
        return str2;
    }

    private void putStringPref(String str, String str2) {
        this.mPrefs.edit().putString(str, str2).commit();
    }

    private boolean rewriteShell(String str) {
        Matcher matcher = Pattern.compile("^#![ \\t]*(/\\S+)[ \\t\\n]").matcher(str);
        return matcher.find() && !new File(matcher.group(1)).exists();
    }

    private boolean runVPN() {
        updateStatPref("attempt");
        this.mFilesDir = this.mContext.getFilesDir().getPath();
        this.mCacheDir = this.mContext.getCacheDir().getPath();
        extractBinaries();
        setState(4);
        synchronized (this.mMainloopLock) {
            this.mOC = new AndroidOC();
        }
        if (!setPreferences()) {
            return false;
        }
        if (this.mOC.parseURL(this.mServerAddr) != 0) {
            log("Error parsing server address");
            errorAlert(this.mContext.getString(R.string.error_invalid_hostname, this.mServerAddr));
            return false;
        }
        int obtainCookie = this.mOC.obtainCookie();
        if (obtainCookie < 0) {
            if (!this.mRejectedCerts.isEmpty() || this.mRequestDisconnect) {
                updateStatPref("cancel");
            } else {
                log("Error obtaining cookie");
                errorAlert();
            }
            return false;
        }
        if (obtainCookie > 0) {
            log("User canceled auth dialog");
            updateStatPref("cancel");
            return false;
        }
        this.mAuthDone = true;
        UserDialog.writeDeferredPrefs();
        setState(3);
        if (this.mOC.makeCSTPConnection() != 0) {
            if (!this.mRequestDisconnect) {
                log("Error establishing CSTP connection");
                errorAlert();
            }
            return false;
        }
        VpnService.Builder vpnServiceBuilder = this.mOpenVPNService.getVpnServiceBuilder();
        setIPInfo(vpnServiceBuilder);
        try {
            ParcelFileDescriptor establish = vpnServiceBuilder.establish();
            if (establish == null || this.mOC.setupTunFD(establish.getFd()) != 0) {
                log("Error setting up tunnel fd");
                errorAlert();
                return false;
            }
            setState(5);
            updateStatPref("connect");
            this.mOC.setupDTLS(60);
            while (this.mOC.mainloop(300, 10) >= 0) {
                synchronized (this.mMainloopLock) {
                    if (!this.mRequestDisconnect) {
                        while (this.mRequestPause) {
                            try {
                                this.mMainloopLock.wait();
                            } catch (InterruptedException unused) {
                            }
                        }
                    }
                }
            }
            try {
                establish.close();
            } catch (IOException unused2) {
            }
            return true;
        } catch (Exception e) {
            log("Exception during establish(): " + e.getLocalizedMessage());
            return false;
        }
    }

    private boolean setExecutable(String str) throws IOException {
        File file = new File(str);
        if (!file.exists()) {
            log("PREF: file does not exist");
            return false;
        }
        if (file.setExecutable(true)) {
            return true;
        }
        throw new IOException();
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x007d  */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0084  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x00cf  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00fb  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0149  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00d3  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x009f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void setIPInfo(android.net.VpnService.Builder r8) {
        /*
            Method dump skipped, instructions count: 364
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: app.openconnect.core.OpenConnectManagementThread.setIPInfo(android.net.VpnService$Builder):void");
    }

    private boolean setPreferences() {
        try {
            String str = System.getenv("PATH");
            if (!str.startsWith(this.mFilesDir)) {
                str = this.mFilesDir + ":" + str;
            }
            String prefToTempFile = prefToTempFile("custom_csd_wrapper", true);
            LibOpenConnect libOpenConnect = this.mOC;
            if (prefToTempFile == null) {
                prefToTempFile = this.mFilesDir + File.separator + "android_csd.sh";
            }
            libOpenConnect.setCSDWrapper(prefToTempFile, this.mCacheDir, str);
            String prefToTempFile2 = prefToTempFile("ca_certificate", false);
            if (prefToTempFile2 != null) {
                this.mOC.setCAFile(prefToTempFile2);
            }
            String prefToTempFile3 = prefToTempFile("user_certificate", false);
            String prefToTempFile4 = prefToTempFile("private_key", false);
            if (prefToTempFile3 != null) {
                if (prefToTempFile4 == null) {
                    this.mOC.setClientCert(prefToTempFile3, prefToTempFile3);
                } else {
                    this.mOC.setClientCert(prefToTempFile3, prefToTempFile4);
                }
            }
            this.mServerAddr = getStringPref("server_address");
            this.mOC.setXMLPost(!getBoolPref("disable_xml_post"));
            this.mOC.setPFS(getBoolPref("require_pfs"));
            String stringPref = getStringPref("reported_os");
            this.mOC.setReportedOS(stringPref);
            if (stringPref.equals("android") || stringPref.equals("apple-ios")) {
                this.mOC.setMobileInfo("1.0", stringPref, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
            }
            if (getBoolPref("dpd_override")) {
                try {
                    int parseInt = Integer.parseInt(getStringPref("dpd_value"));
                    if (parseInt > 0) {
                        this.mOC.setDPD(parseInt);
                    }
                } catch (Exception unused) {
                    log("DPD: bad dpd_value, ignoring");
                }
            }
            String stringPref2 = getStringPref("software_token");
            String stringPref3 = getStringPref("token_string");
            int tokenMode = stringPref2.equals("securid") ? this.mOC.setTokenMode(1, stringPref3) : stringPref2.equals("totp") ? this.mOC.setTokenMode(2, stringPref3) : 0;
            if (tokenMode >= 0) {
                prefChanged();
                return true;
            }
            log("Error " + tokenMode + " setting token string");
            return false;
        } catch (IOException unused2) {
            log("Error writing temporary file");
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void setState(int i) {
        this.mOpenVPNService.setConnectionState(i);
    }

    private void updateLogLevel() {
        if (this.mAppPrefs.getBoolean("trace_log", false)) {
            this.mOC.setLogLevel(3);
        } else {
            this.mOC.setLogLevel(2);
        }
    }

    private void updateStatPref(String str) {
        long j = this.mPrefs.getLong(str, 0L) + 1;
        long currentTimeMillis = System.currentTimeMillis();
        long j2 = this.mPrefs.getLong(str + "_first", currentTimeMillis);
        SharedPreferences.Editor edit = this.mPrefs.edit();
        edit.putLong(str, j);
        edit.putLong(str + "_first", j2);
        edit.putLong(str + "_prev", currentTimeMillis);
        edit.apply();
    }

    private int writeCertOrScript(String str, String str2, boolean z) throws IOException {
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(str), "utf-8"));
        if (z && rewriteShell(str2)) {
            bufferedWriter.write("#!/system/bin/sh\n");
        }
        bufferedWriter.write(str2);
        bufferedWriter.close();
        if (z) {
            setExecutable(str);
        }
        return str2.length();
    }

    @Override // app.openconnect.core.OpenVPNManagement
    public void pause() {
        log("PAUSE");
        synchronized (this.mMainloopLock) {
            if (!this.mRequestPause && !this.mRequestDisconnect && this.mOC != null) {
                this.mRequestPause = true;
                this.mOC.pause();
            }
        }
    }

    @Override // app.openconnect.core.OpenVPNManagement
    public void prefChanged() {
        updateLogLevel();
    }

    @Override // app.openconnect.core.OpenVPNManagement
    public void reconnect() {
        log("RECONNECT");
        synchronized (this.mMainloopLock) {
            if (this.mOC != null) {
                this.mOC.pause();
            }
        }
    }

    public void requestStats() {
        boolean z;
        synchronized (this.mMainloopLock) {
            if (!this.mRequestPause && !this.mRequestDisconnect && this.mOC != null) {
                this.mOC.requestStats();
                z = false;
            }
            z = true;
        }
        if (z) {
            this.mOpenVPNService.setStats(null);
        }
    }

    @Override // app.openconnect.core.OpenVPNManagement
    public void resume() {
        log("RESUME");
        synchronized (this.mMainloopLock) {
            if (this.mRequestPause) {
                this.mRequestPause = false;
                this.mMainloopLock.notify();
            }
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        logStats();
        try {
            if (this.mAppPrefs.getBoolean("loadTunModule", false)) {
                Shell.runRootCommand(new CommandCapture(0, "insmod /system/lib/modules/tun.ko"));
            }
            if (this.mAppPrefs.getBoolean("useCM9Fix", false)) {
                Shell.runRootCommand(new CommandCapture(0, "chown 1000 /dev/tun"));
            }
        } catch (Exception e) {
            log("error running root commands: " + e.getLocalizedMessage());
        }
        if (!runVPN()) {
            log("VPN terminated with errors");
        }
        setState(6);
        synchronized (this.mMainloopLock) {
            this.mOC.destroy();
            this.mOC = null;
        }
        UserDialog.clearDeferredPrefs();
        this.mOpenVPNService.threadDone();
    }

    @Override // app.openconnect.core.OpenVPNManagement
    public boolean stopVPN() {
        log("STOP");
        synchronized (this.mMainloopLock) {
            if (!this.mRequestDisconnect && this.mOC != null) {
                this.mRequestDisconnect = true;
                this.mRequestPause = false;
                this.mOC.cancel();
                this.mMainloopLock.notify();
                return true;
            }
            return true;
        }
    }
}
