package co.allconnected.lib.strongswan;

import android.content.Context;
import android.net.VpnService;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import android.system.OsConstants;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.Keep;
import co.allconnected.lib.ACVpnService;
import co.allconnected.lib.VpnAgent;
import co.allconnected.lib.model.Port;
import co.allconnected.lib.openvpn.NativeUtils;
import com.unity3d.services.UnityAdsConstants;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicInteger;
import org.json.JSONArray;
import org.json.JSONObject;
import p3.j;
import r2.i;
import t3.h;
import y3.b;
import y3.l;
import y3.p;
import y3.s;
import y3.u;
import y3.v;

@Keep
/* loaded from: classes.dex */
public class CharonVpnServiceProxy implements CharonVpnService, Runnable {
    private static final String KEY_ENABLE_IPSEC = "enable_ipsec";
    private static final String KEY_RECONNECT = "reconnect";
    private static final String KEY_REKEY_RECONNECT = "rekey_reconnect";
    private static final String KEY_VIP_EXPIRED = "vip_expired";
    private static final String LOG_FILE = "charon.log";
    private static final int LOG_LEVEL = -1;
    private static final String REMOTE_KEY_DISCONNECT_BY_SERVER_CONFIG = "disconnect_config";
    private static final int STATE_AUTH_ERROR = 3;
    private static final int STATE_CERTIFICATE_UNAVAILABLE = 7;
    private static final int STATE_CHILD_SA_DOWN = 2;
    private static final int STATE_CHILD_SA_UP = 1;
    private static final int STATE_DISCONNECTED = 9;
    private static final int STATE_GENERIC_ERROR = 8;
    private static final int STATE_LOOKUP_ERROR = 5;
    private static final int STATE_PEER_AUTH_ERROR = 4;
    private static final int STATE_UNREACHABLE_ERROR = 6;
    private static final String TAG = "CharonVpnServiceProxy";
    private final ACVpnService mACVpnService;
    private volatile X509Certificate mCertificate;
    private volatile Port mCurrentPort;
    private String mEsp;
    private String mIke;
    private volatile Port mNextPort;
    private final BuilderAdapter mBuilderAdapter = new BuilderAdapter();
    private volatile boolean mIsDisconnecting = false;
    private int mDropUdpStartPort = 0;
    private int mDropUdpEndPort = 0;
    private int mDropTcpStartPort = 0;
    private int mDropTcpEndPort = 0;
    private final AtomicInteger mVpnStatus = new AtomicInteger(-1);
    private long mRewardedTimestamp = 0;
    private long mConnectedTimestamp = 0;

    @Keep
    /* loaded from: classes.dex */
    public class BuilderAdapter {
        private VpnService.Builder mBuilder;
        private BuilderCache mCache;
        private BuilderCache mEstablishedCache;

        public BuilderAdapter() {
        }

        private synchronized ParcelFileDescriptor establishIntern() {
            try {
                this.mCache.applyData(this.mBuilder);
                ParcelFileDescriptor establish = this.mBuilder.establish();
                if (establish != null) {
                    closeBlocking();
                }
                if (establish == null) {
                    return null;
                }
                this.mBuilder = CharonVpnServiceProxy.this.mACVpnService.m();
                this.mEstablishedCache = this.mCache;
                this.mCache = new BuilderCache();
                return establish;
            } catch (Exception e10) {
                e10.printStackTrace();
                return null;
            }
        }

        public synchronized boolean addAddress(String str, int i9) {
            try {
                this.mCache.addAddress(str, i9);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addDnsServer(String str) {
            try {
                this.mBuilder.addDnsServer(str);
                this.mCache.recordAddressFamily(str);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addRoute(String str, int i9) {
            try {
                this.mCache.addRoute(str, i9);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized boolean addSearchDomain(String str) {
            try {
                this.mBuilder.addSearchDomain(str);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }

        public synchronized void closeBlocking() {
            i.a().d();
        }

        public synchronized int establish() {
            ParcelFileDescriptor establishIntern;
            establishIntern = establishIntern();
            return establishIntern != null ? establishIntern.detachFd() : -1;
        }

        public synchronized void establishBlocking() {
            this.mCache.addAddress("172.16.252.1", 32);
            this.mCache.addAddress("fd00::fd02:1", 128);
            this.mCache.addRoute("0.0.0.0", 0);
            this.mCache.addRoute("::", 0);
            this.mBuilder.addDnsServer("8.8.8.8");
            this.mBuilder.addDnsServer("2001:4860:4860::8888");
            if (Build.VERSION.SDK_INT >= 21) {
                this.mBuilder.setBlocking(true);
            }
            ParcelFileDescriptor establishIntern = establishIntern();
            if (establishIntern != null) {
                i.a().c(establishIntern, this.mCache.mMtu);
            }
        }

        public synchronized int establishNoDns() {
            if (this.mEstablishedCache == null) {
                return -1;
            }
            try {
                VpnService.Builder m10 = CharonVpnServiceProxy.this.mACVpnService.m();
                this.mEstablishedCache.applyData(m10);
                ParcelFileDescriptor establish = m10.establish();
                if (establish == null) {
                    return -1;
                }
                return establish.detachFd();
            } catch (Exception e10) {
                e10.printStackTrace();
                return -1;
            }
        }

        public synchronized void init() {
            this.mBuilder = CharonVpnServiceProxy.this.mACVpnService.m();
            this.mCache = new BuilderCache();
        }

        public synchronized boolean setMtu(int i9) {
            try {
                this.mCache.setMtu(i9);
            } catch (IllegalArgumentException unused) {
                return false;
            }
            return true;
        }
    }

    /* loaded from: classes.dex */
    public class BuilderCache {
        private static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
        private static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
        private boolean mIPv4Seen;
        private boolean mIPv6Seen;
        private final List<IPRange> mAddresses = new ArrayList();
        private final List<IPRange> mRoutesIPv4 = new ArrayList();
        private final List<IPRange> mRoutesIPv6 = new ArrayList();
        private final IPRangeSet mIncludedSubnetsv4 = new IPRangeSet();
        private final IPRangeSet mIncludedSubnetsv6 = new IPRangeSet();
        private final int mSplitTunneling = 0;
        private int mMtu = 1500;

        public BuilderCache() {
        }

        private boolean isIPv6(String str) throws UnknownHostException {
            InetAddress byName = InetAddress.getByName(str);
            return !(byName instanceof Inet4Address) && (byName instanceof Inet6Address);
        }

        public void addAddress(String str, int i9) {
            try {
                this.mAddresses.add(new IPRange(str, i9));
                recordAddressFamily(str);
            } catch (UnknownHostException e10) {
                e10.printStackTrace();
            }
        }

        public void addRoute(String str, int i9) {
            try {
                if (isIPv6(str)) {
                    this.mRoutesIPv6.add(new IPRange(str, i9));
                } else {
                    this.mRoutesIPv4.add(new IPRange(str, i9));
                }
            } catch (UnknownHostException e10) {
                e10.printStackTrace();
            }
        }

        public void applyData(VpnService.Builder builder) {
            for (IPRange iPRange : this.mAddresses) {
                builder.addAddress(iPRange.getFrom(), iPRange.getPrefix().intValue());
            }
            IPRangeSet iPRangeSet = new IPRangeSet();
            for (String str : l.v(CharonVpnServiceProxy.this.getContext())) {
                try {
                    h.b("bypass_ip", "set bypath ip : " + str, new Object[0]);
                    iPRangeSet.add(new IPRange(str, 32));
                } catch (UnknownHostException e10) {
                    e10.printStackTrace();
                }
            }
            if (this.mIPv4Seen) {
                IPRangeSet iPRangeSet2 = new IPRangeSet();
                if (this.mIncludedSubnetsv4.size() > 0) {
                    iPRangeSet2.add(this.mIncludedSubnetsv4);
                } else {
                    iPRangeSet2.addAll(this.mRoutesIPv4);
                }
                iPRangeSet2.remove(iPRangeSet);
                for (IPRange iPRange2 : iPRangeSet2.subnets()) {
                    try {
                        builder.addRoute(iPRange2.getFrom(), iPRange2.getPrefix().intValue());
                    } catch (IllegalArgumentException e11) {
                        if (!iPRange2.getFrom().isMulticastAddress()) {
                            throw e11;
                        }
                    }
                }
            } else if (Build.VERSION.SDK_INT >= 21) {
                builder.allowFamily(OsConstants.AF_INET);
            }
            if (this.mIPv6Seen) {
                IPRangeSet iPRangeSet3 = new IPRangeSet();
                if (this.mIncludedSubnetsv6.size() > 0) {
                    iPRangeSet3.add(this.mIncludedSubnetsv6);
                } else {
                    iPRangeSet3.addAll(this.mRoutesIPv6);
                }
                iPRangeSet3.remove(iPRangeSet);
                for (IPRange iPRange3 : iPRangeSet3.subnets()) {
                    try {
                        builder.addRoute(iPRange3.getFrom(), iPRange3.getPrefix().intValue());
                    } catch (IllegalArgumentException e12) {
                        if (!iPRange3.getFrom().isMulticastAddress()) {
                            throw e12;
                        }
                    }
                }
            } else if (Build.VERSION.SDK_INT >= 21) {
                builder.allowFamily(OsConstants.AF_INET6);
            }
            builder.setMtu(this.mMtu);
        }

        public void recordAddressFamily(String str) {
            try {
                if (isIPv6(str)) {
                    this.mIPv6Seen = true;
                } else {
                    this.mIPv4Seen = true;
                }
            } catch (UnknownHostException e10) {
                e10.printStackTrace();
            }
        }

        public void setMtu(int i9) {
            this.mMtu = i9;
        }
    }

    static {
        if (Build.VERSION.SDK_INT < 18) {
            System.loadLibrary("strongswan");
            System.loadLibrary("charon");
            System.loadLibrary("ipsec");
        }
        System.loadLibrary("androidbridge");
    }

    public CharonVpnServiceProxy(ACVpnService aCVpnService) {
        this.mACVpnService = aCVpnService;
    }

    private String decryptPassword(Context context, String str) {
        try {
            byte[] d10 = b.d(Base64.decode(str, 2), NativeUtils.getApiHeaderKey(context));
            if (d10 != null) {
                return Base64.encodeToString(d10, 2);
            }
            return null;
        } catch (Throwable unused) {
            return null;
        }
    }

    private static String getAndroidVersion() {
        String str = "Android " + Build.VERSION.RELEASE + " - " + Build.DISPLAY;
        if (Build.VERSION.SDK_INT < 23) {
            return str;
        }
        return str + UnityAdsConstants.DefaultUrls.AD_ASSET_PATH + Build.VERSION.SECURITY_PATCH;
    }

    private static String getDeviceString() {
        return Build.MODEL + " - " + Build.BRAND + UnityAdsConstants.DefaultUrls.AD_ASSET_PATH + Build.PRODUCT + UnityAdsConstants.DefaultUrls.AD_ASSET_PATH + Build.MANUFACTURER;
    }

    private byte[][] getTrustedCertificates() {
        ArrayList arrayList = new ArrayList();
        try {
            h.f(TAG, "getTrustedCertificates: " + this.mCertificate.getIssuerDN(), new Object[0]);
            if (this.mCertificate == null) {
                return null;
            }
            arrayList.add(this.mCertificate.getEncoded());
            return (byte[][]) arrayList.toArray(new byte[arrayList.size()]);
        } catch (CertificateEncodingException e10) {
            e10.printStackTrace();
            return null;
        }
    }

    private byte[][] getUserCertificate() {
        throw new UnsupportedOperationException("unsupported getUserCertificate");
    }

    private PrivateKey getUserKey() {
        throw new UnsupportedOperationException("unsupported getUserKey");
    }

    private void initDropP2pPort() {
        JSONObject n10 = j.o().n("drop_p2p");
        if (n10 != null && n10.optBoolean(KEY_ENABLE_IPSEC, true)) {
            if (n10.optBoolean("include_vip", false) || !p.r()) {
                try {
                    JSONArray jSONArray = n10.getJSONArray("udp");
                    this.mDropUdpStartPort = jSONArray.getInt(0);
                    this.mDropUdpEndPort = jSONArray.getInt(1);
                    JSONArray jSONArray2 = n10.getJSONArray("tcp");
                    this.mDropTcpStartPort = jSONArray2.getInt(0);
                    this.mDropTcpEndPort = jSONArray2.getInt(1);
                } catch (Exception unused) {
                }
            }
        }
    }

    private void stopCurrentConnection() {
        if (h.f52900b) {
            h.r("auto_disconnect", new Exception(), "stopCurrentConnection", new Object[0]);
        }
        if (s.K(this.mACVpnService) && this.mNextPort != null) {
            this.mBuilderAdapter.init();
            this.mBuilderAdapter.establishBlocking();
        }
        if (this.mCurrentPort != null) {
            updateStatus(9);
            this.mIsDisconnecting = true;
            SimpleFetcher.disable();
            deinitializeCharon();
            this.mCurrentPort = null;
            if (this.mNextPort == null) {
                this.mBuilderAdapter.closeBlocking();
            }
        }
    }

    public void addRemediationInstruction(String str) {
    }

    public native void deinitializeCharon();

    public void disconnectByServer() {
        if (h.f52900b) {
            h.r("auto_disconnect", new Exception(), "disconnectByServer", new Object[0]);
        }
        HashMap hashMap = new HashMap(8);
        hashMap.put("conn_id", VpnAgent.Q0(this.mACVpnService).N0());
        hashMap.put("protocol", "ipsec");
        l3.h.d(this.mACVpnService, "vpn_6_server_killed", hashMap);
        JSONObject n10 = j.o().n(REMOTE_KEY_DISCONNECT_BY_SERVER_CONFIG);
        boolean optBoolean = n10 != null ? n10.optBoolean(KEY_REKEY_RECONNECT, true) : true;
        long currentTimeMillis = System.currentTimeMillis();
        long j10 = this.mConnectedTimestamp;
        long j11 = currentTimeMillis - j10;
        boolean z10 = j10 != 0 && j11 > 600000;
        if (z10) {
            if (h.f52900b) {
                h.r("VpnAgent", new Exception(), "disconnectByServer 1", new Object[0]);
            }
            if (optBoolean) {
                VpnAgent.Q0(getContext()).A1();
                this.mConnectedTimestamp = 0L;
            } else {
                hashMap.put("duration", String.valueOf(j11));
                l3.h.d(this.mACVpnService, "vpn_6_server_killed_10m", hashMap);
            }
        }
        if ((!z10 || optBoolean) && (n10 == null || !n10.optBoolean(KEY_RECONNECT, false))) {
            setNextServer(null, "", "");
        }
        if (n10 != null && n10.optBoolean(KEY_VIP_EXPIRED, false) && p.r()) {
            if (this.mRewardedTimestamp > 0 && p.f54354w > 0) {
                s.e2(this.mACVpnService, true);
            }
            VpnAgent.Q0(this.mACVpnService).A0(KEY_VIP_EXPIRED);
            VpnAgent.Q0(this.mACVpnService).X1(true);
        }
    }

    public Context getContext() {
        return this.mACVpnService.getApplicationContext();
    }

    public native boolean initializeCharon(BuilderAdapter builderAdapter, String str, int i9, String str2);

    public native void initiate(String str);

    public boolean protect(int i9) {
        return this.mACVpnService.protect(i9);
    }

    @Override // java.lang.Runnable
    public void run() {
        stopCurrentConnection();
        if (this.mNextPort == null) {
            updateStatus(9);
            return;
        }
        this.mCertificate = q2.b.f(this.mACVpnService, s.h0(this.mACVpnService, p.r()));
        this.mCurrentPort = this.mNextPort;
        this.mNextPort = null;
        this.mIsDisconnecting = false;
        updateStatus(2);
        SimpleFetcher.enable();
        this.mBuilderAdapter.init();
        String str = this.mACVpnService.getFilesDir().getAbsolutePath() + UnityAdsConstants.DefaultUrls.AD_ASSET_PATH + LOG_FILE;
        String absolutePath = this.mACVpnService.getFilesDir().getAbsolutePath();
        this.mRewardedTimestamp = s.d0(this.mACVpnService);
        if (!initializeCharon(this.mBuilderAdapter, str, -1, absolutePath)) {
            updateStatus(8);
            this.mCurrentPort = null;
            return;
        }
        initDropP2pPort();
        SettingsWriter settingsWriter = new SettingsWriter();
        settingsWriter.setValue("global.language", Locale.getDefault().getLanguage());
        Boolean bool = Boolean.TRUE;
        settingsWriter.setValue("global.crl", bool);
        settingsWriter.setValue("global.ocsp", bool);
        settingsWriter.setValue("global.drop_port_udp_start", Integer.valueOf(this.mDropUdpStartPort));
        settingsWriter.setValue("global.drop_port_udp_end", Integer.valueOf(this.mDropUdpEndPort));
        settingsWriter.setValue("global.drop_port_tcp_start", Integer.valueOf(this.mDropTcpStartPort));
        settingsWriter.setValue("global.drop_port_tcp_end", Integer.valueOf(this.mDropTcpEndPort));
        settingsWriter.setValue("connection.server", this.mCurrentPort.host);
        int i9 = this.mCurrentPort.port;
        if (i9 == 0) {
            h.b(TAG, "❗port zero, set default 500", new Object[0]);
            i9 = 500;
        }
        settingsWriter.setValue("connection.port", Integer.valueOf(i9));
        settingsWriter.setValue("connection.username", s.C(this.mACVpnService));
        String decryptPassword = decryptPassword(this.mACVpnService, s.B(this.mACVpnService));
        if (TextUtils.isEmpty(decryptPassword)) {
            decryptPassword = "error_pwd";
        }
        settingsWriter.setValue("connection.password", decryptPassword);
        settingsWriter.setValue("connection.type", "ikev2-eap");
        settingsWriter.setValue("connection.certreq", bool);
        String c10 = q2.b.c(this.mACVpnService);
        String Y = TextUtils.isEmpty(c10) ? null : s.Y(this.mACVpnService, c10);
        if (TextUtils.isEmpty(Y)) {
            Y = v.z(this.mACVpnService, "ipsec_remote_id", "");
        }
        h.f(TAG, "Use cert [%s]& remote ID [%s]", c10, Y);
        settingsWriter.setValue("connection.local_id", (v.j(this.mACVpnService) + "." + v.C(ACVpnService.l())) + "@" + Y);
        settingsWriter.setValue("connection.remote_id", Y);
        String str2 = this.mIke;
        String str3 = this.mEsp;
        if (TextUtils.isEmpty(str2) || TextUtils.isEmpty(str3)) {
            str2 = s.J(this.mACVpnService);
            str3 = s.D(this.mACVpnService);
        }
        if (!TextUtils.isEmpty(str2) && !TextUtils.isEmpty(str3)) {
            h.b("ipsec_proposal", "ike=" + str2 + " esp=" + str3, new Object[0]);
            settingsWriter.setValue("connection.ike_proposal", str2);
            settingsWriter.setValue("connection.esp_proposal", str3);
        }
        initiate(settingsWriter.serialize());
    }

    @Override // co.allconnected.lib.strongswan.CharonVpnService
    public void setNextServer(Port port, String str, String str2) {
        if (port == null && !this.mACVpnService.f6147c) {
            this.mACVpnService.stopForeground(true);
        }
        if (port != null) {
            h.b(TAG, "setNextServer: " + port.mainInfo(), new Object[0]);
        }
        this.mNextPort = port;
        this.mIke = str;
        this.mEsp = str2;
        CharonControlExecutor.getInstance().submit(this);
    }

    public void updateByteCount(long j10, long j11) {
        if (this.mRewardedTimestamp <= 0 || p.f54354w <= 0 || System.currentTimeMillis() - this.mRewardedTimestamp <= p.f54354w) {
            u.c(j10, j11);
            return;
        }
        s.e2(this.mACVpnService, true);
        VpnAgent.Q0(this.mACVpnService).X1(true);
        VpnAgent.Q0(this.mACVpnService).A0(KEY_VIP_EXPIRED);
        setNextServer(null, "", "");
    }

    public void updateImcState(int i9) {
    }

    public void updateStatus(int i9) {
        if (h.f52900b) {
            h.r("auto_disconnect", new Exception(), "updateStatus:" + i9, new Object[0]);
        }
        if (this.mVpnStatus.get() == i9) {
            return;
        }
        switch (i9) {
            case 1:
                this.mVpnStatus.set(i9);
                this.mACVpnService.onStatus("ipsec", 8);
                this.mConnectedTimestamp = System.currentTimeMillis();
                updateByteCount(0L, 0L);
                return;
            case 2:
                if (this.mIsDisconnecting) {
                    return;
                }
                this.mVpnStatus.set(i9);
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onStatus("ipsec", 2);
                return;
            case 3:
                h.c(TAG, ">>>STATE_AUTH_ERROR<<<", new Object[0]);
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "auth_error");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 4:
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "peer_auth_error");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 5:
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "lookup_error");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 6:
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "unreachable_error");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 7:
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "certificate_unavailable");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 8:
                this.mVpnStatus.set(i9);
                setNextServer(null, "", "");
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onError("ipsec", 11, "generic_error");
                VpnAgent.Q0(this.mACVpnService).A0("ipsec_error");
                return;
            case 9:
                this.mVpnStatus.set(i9);
                this.mConnectedTimestamp = 0L;
                this.mACVpnService.onStatus("ipsec", 0);
                return;
            default:
                return;
        }
    }
}
