package app.intra;

import android.net.VpnService;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import android.util.Log;
import androidx.annotation.NonNull;
import app.intra.util.DnsTransaction;
import app.intra.util.DnsUdpQuery;
import app.intra.util.IpPacket;
import app.intra.util.Ipv4Packet;
import app.intra.util.Ipv6Packet;
import app.intra.util.UdpPacket;
import com.google.firebase.crash.FirebaseCrash;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.nio.ByteBuffer;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;

/* loaded from: classes.dex */
public class DnsVpnAdapter extends VpnAdapter implements DnsResponseWriter {
    private static final byte ICMP_IPV6_PROTOCOL = 58;
    private static final byte ICMP_PROTOCOL = 1;
    private static final byte IPV4_VERSION = 4;
    private static final String IPV6_SUBNET = "fd66:f83a:c650::%s";
    private static final int IP_MIN_HEADER_LENGTH = 20;
    private static final String LOG_TAG = "DnsVpnAdapter";
    private static final int SLEEP_MILLIS = 1500;
    private static final byte TCP_PROTOCOL = 6;
    private static final int UDP_MAX_DATAGRAM_LEN = 32767;
    private static final byte UDP_PROTOCOL = 17;
    private final FileInputStream in;
    private final FileOutputStream out;

    @NonNull
    private final ParcelFileDescriptor tunFd;

    @NonNull
    private final DnsVpnService vpnService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class PrivateAddress {
        final String address;
        final int prefix;
        final String router;
        final String subnet;

        PrivateAddress(String str, int i) {
            this.subnet = String.format(str, "0");
            this.address = String.format(str, "1");
            this.router = String.format(str, "2");
            this.prefix = i;
        }

        public String toString() {
            return String.format("{ subnet: %s, address: %s, router: %s, prefix: %d }", this.subnet, this.address, this.router, Integer.valueOf(this.prefix));
        }
    }

    private DnsVpnAdapter(@NonNull DnsVpnService dnsVpnService, ParcelFileDescriptor parcelFileDescriptor) {
        super(LOG_TAG);
        this.vpnService = dnsVpnService;
        this.tunFd = parcelFileDescriptor;
        this.in = new FileInputStream(parcelFileDescriptor.getFileDescriptor());
        this.out = new FileOutputStream(parcelFileDescriptor.getFileDescriptor());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DnsVpnAdapter establish(DnsVpnService dnsVpnService) {
        ParcelFileDescriptor establishVpn = establishVpn(dnsVpnService);
        if (establishVpn == null) {
            return null;
        }
        return new DnsVpnAdapter(dnsVpnService, establishVpn);
    }

    private static ParcelFileDescriptor establishVpn(DnsVpnService dnsVpnService) {
        PrivateAddress privateAddress = new PrivateAddress(IPV6_SUBNET, 120);
        PrivateAddress selectPrivateAddress = selectPrivateAddress();
        if (selectPrivateAddress == null) {
            FirebaseCrash.logcat(6, LOG_TAG, "Unable to find a private address on which to establish a VPN.");
            return null;
        }
        Log.i(LOG_TAG, String.format("VPN address: { IPv4: %s, IPv6: %s }", selectPrivateAddress, privateAddress));
        try {
            VpnService.Builder addDnsServer = dnsVpnService.newBuilder().setSession("Intra split-tunnel VPN").setMtu(UDP_MAX_DATAGRAM_LEN).addAddress(selectPrivateAddress.address, selectPrivateAddress.prefix).addRoute(selectPrivateAddress.subnet, selectPrivateAddress.prefix).addDnsServer(selectPrivateAddress.router).addAddress(privateAddress.address, privateAddress.prefix).addRoute(privateAddress.subnet, privateAddress.prefix).addDnsServer(privateAddress.router);
            if (Build.VERSION.SDK_INT >= 21) {
                addDnsServer = addDnsServer.setBlocking(true);
            }
            return addDnsServer.establish();
        } catch (IllegalArgumentException e) {
            FirebaseCrash.report(e);
            Log.e(LOG_TAG, "Failed to establish VPN ", e);
            return null;
        } catch (IllegalStateException e2) {
            FirebaseCrash.report(e2);
            Log.e(LOG_TAG, "Failed to establish VPN ", e2);
            return null;
        } catch (SecurityException e3) {
            FirebaseCrash.report(e3);
            Log.e(LOG_TAG, "Failed to establish VPN ", e3);
            return null;
        }
    }

    private String getProtocolErrorMessage(byte b) {
        if (b != 1) {
            if (b == 6) {
                return "Received TCP packet.";
            }
            if (b != 58) {
                return String.format("Received non-UDP IP packet: %d", Byte.valueOf(b));
            }
        }
        return "Received ICMP packet.";
    }

    private static PrivateAddress selectPrivateAddress() {
        HashMap hashMap = new HashMap();
        hashMap.put("10", new PrivateAddress("10.0.0.%s", 8));
        hashMap.put("172", new PrivateAddress("172.16.0.%s", 12));
        hashMap.put("192", new PrivateAddress("192.168.0.%s", 16));
        hashMap.put("169", new PrivateAddress("169.254.1.%s", 24));
        try {
            Iterator it = Collections.list(NetworkInterface.getNetworkInterfaces()).iterator();
            while (it.hasNext()) {
                Iterator it2 = Collections.list(((NetworkInterface) it.next()).getInetAddresses()).iterator();
                while (it2.hasNext()) {
                    InetAddress inetAddress = (InetAddress) it2.next();
                    if (!inetAddress.isLoopbackAddress() && (inetAddress instanceof Inet4Address)) {
                        String hostAddress = inetAddress.getHostAddress();
                        if (hostAddress.startsWith("10.")) {
                            hashMap.remove("10");
                        } else if (hostAddress.length() >= 6 && hostAddress.substring(0, 6).compareTo("172.16") >= 0 && hostAddress.substring(0, 6).compareTo("172.31") <= 0) {
                            hashMap.remove("172");
                        } else if (hostAddress.startsWith("192.168")) {
                            hashMap.remove("192");
                        }
                    }
                }
            }
            if (hashMap.size() > 0) {
                return (PrivateAddress) hashMap.values().iterator().next();
            }
            return null;
        } catch (SocketException e) {
            FirebaseCrash.report(e);
            e.printStackTrace();
            return null;
        }
    }

    @Override // app.intra.VpnAdapter
    public void close() {
        try {
            this.tunFd.close();
        } catch (IOException e) {
            FirebaseCrash.report(e);
        }
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        IpPacket ipv6Packet;
        FirebaseCrash.logcat(3, LOG_TAG, "Query thread starting");
        if (this.tunFd == null) {
            FirebaseCrash.logcat(5, LOG_TAG, "VPN/TUN file descriptor is null");
            return;
        }
        ByteBuffer allocate = ByteBuffer.allocate(UDP_MAX_DATAGRAM_LEN);
        while (!isInterrupted()) {
            try {
                allocate.clear();
                try {
                    int read = this.in.read(allocate.array());
                    if (read <= 0) {
                        try {
                            Thread.sleep(1500L);
                        } catch (InterruptedException unused) {
                            return;
                        }
                    } else if (read < 20) {
                        FirebaseCrash.logcat(5, LOG_TAG, "Received malformed IP packet.");
                    } else {
                        allocate.limit(read);
                        byte ipVersion = IpPacket.getIpVersion(allocate);
                        Log.d(LOG_TAG, String.format("Received IPv%d packet", Byte.valueOf(ipVersion)));
                        if (ipVersion == 4) {
                            try {
                                ipv6Packet = new Ipv4Packet(allocate);
                            } catch (IllegalArgumentException e) {
                                FirebaseCrash.logcat(5, LOG_TAG, "Received malformed IP packet: " + e.getMessage());
                            }
                        } else {
                            ipv6Packet = new Ipv6Packet(allocate);
                        }
                        byte protocol = ipv6Packet.getProtocol();
                        if (protocol != 17) {
                            FirebaseCrash.logcat(5, LOG_TAG, getProtocolErrorMessage(protocol));
                        } else {
                            UdpPacket udpPacket = new UdpPacket(ByteBuffer.wrap(ipv6Packet.getPayload()));
                            if (udpPacket.destPort != 53) {
                                FirebaseCrash.logcat(5, LOG_TAG, "Received non-DNS UDP packet");
                            } else if (udpPacket.length == 0) {
                                FirebaseCrash.logcat(4, LOG_TAG, "Received interrupt UDP packet.");
                            } else {
                                DnsUdpQuery fromUdpBody = DnsUdpQuery.fromUdpBody(udpPacket.data);
                                if (fromUdpBody == null) {
                                    FirebaseCrash.logcat(6, LOG_TAG, "Failed to parse DNS request");
                                } else {
                                    Log.d(LOG_TAG, "NAME: " + fromUdpBody.name + " ID: " + ((int) fromUdpBody.requestId) + " TYPE: " + ((int) fromUdpBody.type));
                                    fromUdpBody.sourceAddress = ipv6Packet.getSourceAddress();
                                    fromUdpBody.destAddress = ipv6Packet.getDestAddress();
                                    fromUdpBody.sourcePort = udpPacket.sourcePort;
                                    fromUdpBody.destPort = udpPacket.destPort;
                                    DnsResolverUdpToHttps.processQuery(this.vpnService.getServerConnection(), fromUdpBody, udpPacket.data, this);
                                }
                            }
                        }
                    }
                } catch (IOException e2) {
                    if (isInterrupted()) {
                        return;
                    }
                    FirebaseCrash.logcat(6, LOG_TAG, "Failed to read from tun interface.");
                    FirebaseCrash.report(e2);
                    return;
                }
            } catch (Exception e3) {
                if (!isInterrupted()) {
                    FirebaseCrash.logcat(5, LOG_TAG, "Unexpected exception in UDP loop.");
                    FirebaseCrash.report(e3);
                }
            }
        }
    }

    @Override // app.intra.DnsResponseWriter
    public void sendResult(DnsUdpQuery dnsUdpQuery, DnsTransaction dnsTransaction) {
        if (dnsTransaction.response != null) {
            byte[] rawPacket = new UdpPacket(dnsUdpQuery.destPort, dnsUdpQuery.sourcePort, dnsTransaction.response).getRawPacket();
            try {
                this.out.write((dnsUdpQuery.sourceAddress instanceof Inet4Address ? new Ipv4Packet((byte) 17, dnsUdpQuery.destAddress, dnsUdpQuery.sourceAddress, rawPacket) : new Ipv6Packet((byte) 17, dnsUdpQuery.destAddress, dnsUdpQuery.sourceAddress, rawPacket)).getRawPacket());
            } catch (IOException e) {
                FirebaseCrash.logcat(6, LOG_TAG, "Failed to write to VPN/TUN interface.");
                FirebaseCrash.report(e);
                dnsTransaction.status = DnsTransaction.Status.INTERNAL_ERROR;
            }
        }
        this.vpnService.recordTransaction(dnsTransaction);
    }
}
