package org.strongswan.android.logic;

import android.annotation.TargetApi;
import android.content.ComponentName;
import android.content.Intent;
import android.content.ServiceConnection;
import android.net.VpnService;
import android.os.Build;
import android.os.Bundle;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.system.OsConstants;
import android.util.Log;
import java.io.File;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.strongswan.android.data.VpnProfile;
import org.strongswan.android.data.VpnType;
import org.strongswan.android.logic.VpnStateService;
import org.strongswan.android.logic.imc.ImcState;
import org.strongswan.android.logic.imc.RemediationInstruction;
import org.strongswan.android.utils.SettingsWriter;

/* loaded from: classes.dex */
public class CharonVpnService extends VpnService implements Runnable {
    public static final String LOG_FILE = "charon.log";
    static final int STATE_AUTH_ERROR = 3;
    static final int STATE_CHILD_SA_DOWN = 2;
    static final int STATE_CHILD_SA_UP = 1;
    static final int STATE_GENERIC_ERROR = 7;
    static final int STATE_LOOKUP_ERROR = 5;
    static final int STATE_PEER_AUTH_ERROR = 4;
    static final int STATE_UNREACHABLE_ERROR = 6;
    private static final String TAG = CharonVpnService.class.getSimpleName();
    private Thread mConnectionHandler;
    private volatile String mCurrentCertificateAlias;
    private VpnProfile mCurrentProfile;
    private volatile String mCurrentUserCertificateAlias;
    private volatile boolean mIsDisconnecting;
    private String mLogFile;
    private VpnProfile mNextProfile;
    private volatile boolean mProfileUpdated;
    private VpnStateService mService;
    private volatile boolean mTerminate;
    private final Object mServiceLock = new Object();
    private final ServiceConnection mServiceConnection = new ServiceConnection() { // from class: org.strongswan.android.logic.CharonVpnService.1
        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            synchronized (CharonVpnService.this.mServiceLock) {
                CharonVpnService.this.mService = ((VpnStateService.LocalBinder) iBinder).getService();
            }
            CharonVpnService.this.mConnectionHandler.start();
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            synchronized (CharonVpnService.this.mServiceLock) {
                CharonVpnService.this.mService = null;
            }
        }
    };

    /* loaded from: classes.dex */
    public class BuilderAdapter {
        private VpnService.Builder mBuilder;
        private BuilderCache mCache;
        private BuilderCache mEstablishedCache;
        private final String mName;
        private final Integer mSplitTunneling;

        public BuilderAdapter(String str, Integer num) {
            this.mName = str;
            this.mSplitTunneling = num;
            this.mBuilder = createBuilder(str);
            this.mCache = new BuilderCache(this.mSplitTunneling);
        }

        private VpnService.Builder createBuilder(String str) {
            VpnService.Builder builder = new VpnService.Builder(CharonVpnService.this);
            builder.setSession(this.mName);
            return builder;
        }

        public synchronized boolean addAddress(String str, int i) {
            boolean z;
            try {
                this.mCache.addAddress(str, i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addDnsServer(String str) {
            boolean z;
            try {
                this.mBuilder.addDnsServer(str);
                this.mCache.recordAddressFamily(str);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addRoute(String str, int i) {
            boolean z;
            try {
                this.mCache.addRoute(str, i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addSearchDomain(String str) {
            boolean z;
            try {
                this.mBuilder.addSearchDomain(str);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized int establish() {
            int i = -1;
            synchronized (this) {
                try {
                    this.mCache.applyData(this.mBuilder);
                    ParcelFileDescriptor establish = this.mBuilder.establish();
                    if (establish != null) {
                        this.mBuilder = createBuilder(this.mName);
                        this.mEstablishedCache = this.mCache;
                        this.mCache = new BuilderCache(this.mSplitTunneling);
                        i = establish.detachFd();
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            return i;
        }

        public synchronized int establishNoDns() {
            int i = -1;
            synchronized (this) {
                if (this.mEstablishedCache != null) {
                    try {
                        VpnService.Builder createBuilder = createBuilder(this.mName);
                        this.mEstablishedCache.applyData(createBuilder);
                        ParcelFileDescriptor establish = createBuilder.establish();
                        if (establish != null) {
                            i = establish.detachFd();
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
            return i;
        }

        public synchronized boolean setMtu(int i) {
            boolean z;
            try {
                this.mCache.setMtu(i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }
    }

    /* loaded from: classes.dex */
    public class BuilderCache {
        private boolean mIPv4Seen;
        private boolean mIPv6Seen;
        private int mMtu;
        private final int mSplitTunneling;
        private final List<PrefixedAddress> mAddresses = new ArrayList();
        private final List<PrefixedAddress> mRoutesIPv4 = new ArrayList();
        private final List<PrefixedAddress> mRoutesIPv6 = new ArrayList();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes.dex */
        public class PrefixedAddress {
            public String mAddress;
            public int mPrefix;

            public PrefixedAddress(String str, int i) {
                this.mAddress = str;
                this.mPrefix = i;
            }
        }

        public BuilderCache(Integer num) {
            this.mSplitTunneling = num != null ? num.intValue() : 0;
        }

        private boolean isIPv6(String str) throws UnknownHostException {
            InetAddress byName = InetAddress.getByName(str);
            return !(byName instanceof Inet4Address) && (byName instanceof Inet6Address);
        }

        public void addAddress(String str, int i) {
            this.mAddresses.add(new PrefixedAddress(str, i));
            recordAddressFamily(str);
        }

        public void addRoute(String str, int i) {
            try {
                if (isIPv6(str)) {
                    this.mRoutesIPv6.add(new PrefixedAddress(str, i));
                } else {
                    this.mRoutesIPv4.add(new PrefixedAddress(str, i));
                }
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }

        @TargetApi(21)
        public void applyData(VpnService.Builder builder) {
            for (PrefixedAddress prefixedAddress : this.mAddresses) {
                builder.addAddress(prefixedAddress.mAddress, prefixedAddress.mPrefix);
            }
            if ((this.mSplitTunneling & 1) == 0) {
                if (this.mIPv4Seen) {
                    for (PrefixedAddress prefixedAddress2 : this.mRoutesIPv4) {
                        builder.addRoute(prefixedAddress2.mAddress, prefixedAddress2.mPrefix);
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET);
                }
            } else if (this.mIPv4Seen) {
                builder.addRoute("0.0.0.0", 0);
            }
            if ((this.mSplitTunneling & 2) == 0) {
                if (this.mIPv6Seen) {
                    for (PrefixedAddress prefixedAddress3 : this.mRoutesIPv6) {
                        builder.addRoute(prefixedAddress3.mAddress, prefixedAddress3.mPrefix);
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET6);
                }
            } else if (this.mIPv6Seen) {
                builder.addRoute("::", 0);
            }
            builder.setMtu(this.mMtu);
        }

        public void recordAddressFamily(String str) {
            try {
                if (isIPv6(str)) {
                    this.mIPv6Seen = true;
                } else {
                    this.mIPv4Seen = true;
                }
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }

        public void setMtu(int i) {
            this.mMtu = i;
        }
    }

    static {
        if (Build.VERSION.SDK_INT < 18) {
            System.loadLibrary("strongswan");
            System.loadLibrary("tncif");
            System.loadLibrary("tnccs");
            System.loadLibrary("tpmtss");
            System.loadLibrary("imcv");
            System.loadLibrary("hydra");
            System.loadLibrary("charon");
            System.loadLibrary("ipsec");
        }
        System.loadLibrary("androidbridge");
    }

    private byte[][] getTrustedCertificates() {
        ArrayList arrayList = new ArrayList();
        TrustedCertificateManager trustedCertificateManager = TrustedCertificateManager.getInstance();
        try {
            String str = this.mCurrentCertificateAlias;
            if (str != null) {
                X509Certificate cACertificateFromAlias = trustedCertificateManager.getCACertificateFromAlias(str);
                if (cACertificateFromAlias == null) {
                    return (byte[][]) null;
                }
                arrayList.add(cACertificateFromAlias.getEncoded());
            } else {
                Iterator<X509Certificate> it = trustedCertificateManager.getAllCACertificates().values().iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getEncoded());
                }
            }
            return (byte[][]) arrayList.toArray(new byte[arrayList.size()]);
        } catch (CertificateEncodingException e) {
            e.printStackTrace();
            return (byte[][]) null;
        }
    }

    private byte[][] getUserCertificate() throws KeyChainException, InterruptedException, CertificateEncodingException {
        ArrayList arrayList = new ArrayList();
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(getApplicationContext(), this.mCurrentUserCertificateAlias);
        if (certificateChain == null || certificateChain.length == 0) {
            return (byte[][]) null;
        }
        for (X509Certificate x509Certificate : certificateChain) {
            arrayList.add(x509Certificate.getEncoded());
        }
        return (byte[][]) arrayList.toArray(new byte[arrayList.size()]);
    }

    private PrivateKey getUserKey() throws KeyChainException, InterruptedException {
        return KeyChain.getPrivateKey(getApplicationContext(), this.mCurrentUserCertificateAlias);
    }

    private void setError(VpnStateService.ErrorState errorState) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.setError(errorState);
            }
        }
    }

    private void setErrorDisconnect(VpnStateService.ErrorState errorState) {
        synchronized (this.mServiceLock) {
            if (this.mService != null && !this.mIsDisconnecting) {
                this.mService.setError(errorState);
            }
        }
    }

    private void setImcState(ImcState imcState) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.setImcState(imcState);
            }
        }
    }

    private void setNextProfile(VpnProfile vpnProfile) {
        synchronized (this) {
            this.mNextProfile = vpnProfile;
            this.mProfileUpdated = true;
            notifyAll();
        }
    }

    private void setState(VpnStateService.State state) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.setState(state);
            }
        }
    }

    private void startConnection(VpnProfile vpnProfile) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.startConnection(vpnProfile);
            }
        }
    }

    private void stopCurrentConnection() {
        synchronized (this) {
            if (this.mCurrentProfile != null) {
                setState(VpnStateService.State.DISCONNECTING);
                this.mIsDisconnecting = true;
                deinitializeCharon();
                Log.i(TAG, "charon stopped");
                this.mCurrentProfile = null;
            }
        }
    }

    public void addRemediationInstruction(String str) {
        for (RemediationInstruction remediationInstruction : RemediationInstruction.fromXml(str)) {
            synchronized (this.mServiceLock) {
                if (this.mService != null) {
                    this.mService.addRemediationInstruction(remediationInstruction);
                }
            }
        }
    }

    public native void deinitializeCharon();

    public native boolean initializeCharon(BuilderAdapter builderAdapter, String str, boolean z);

    public native void initiate(String str);

    @Override // android.app.Service
    public void onCreate() {
        this.mLogFile = getFilesDir().getAbsolutePath() + File.separator + LOG_FILE;
        this.mConnectionHandler = new Thread(this);
        bindService(new Intent(this, (Class<?>) VpnStateService.class), this.mServiceConnection, 1);
    }

    @Override // android.app.Service
    public void onDestroy() {
        this.mTerminate = true;
        setNextProfile(null);
        try {
            this.mConnectionHandler.join();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        if (this.mService != null) {
            unbindService(this.mServiceConnection);
        }
    }

    @Override // android.net.VpnService
    public void onRevoke() {
        setNextProfile(null);
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        if (intent == null) {
            return 1;
        }
        Bundle extras = intent.getExtras();
        VpnProfile vpnProfile = null;
        if (extras != null) {
            vpnProfile = new VpnProfile();
            vpnProfile.setVpnType(VpnType.IKEV2_EAP);
            vpnProfile.setUserCertificateAlias(null);
            vpnProfile.setCertificateAlias(null);
            vpnProfile.setMTU(1360);
            vpnProfile.setPort(null);
            vpnProfile.setSplitTunneling(null);
            vpnProfile.setName(extras.getString("name"));
            vpnProfile.setGateway(extras.getString("gateway"));
            vpnProfile.setUsername(extras.getString("username"));
            vpnProfile.setPassword(extras.getString("password"));
        }
        setNextProfile(vpnProfile);
        return 1;
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            synchronized (this) {
                while (!this.mProfileUpdated) {
                    try {
                        wait();
                    } catch (InterruptedException e) {
                        stopCurrentConnection();
                        setState(VpnStateService.State.DISABLED);
                    }
                }
                this.mProfileUpdated = false;
                stopCurrentConnection();
                if (this.mNextProfile == null) {
                    setState(VpnStateService.State.DISABLED);
                    if (this.mTerminate) {
                        return;
                    }
                } else {
                    this.mCurrentProfile = this.mNextProfile;
                    this.mNextProfile = null;
                    this.mCurrentCertificateAlias = this.mCurrentProfile.getCertificateAlias();
                    this.mCurrentUserCertificateAlias = this.mCurrentProfile.getUserCertificateAlias();
                    startConnection(this.mCurrentProfile);
                    this.mIsDisconnecting = false;
                    if (initializeCharon(new BuilderAdapter(this.mCurrentProfile.getName(), this.mCurrentProfile.getSplitTunneling()), this.mLogFile, this.mCurrentProfile.getVpnType().has(VpnType.VpnTypeFeature.BYOD))) {
                        Log.i(TAG, "charon started");
                        SettingsWriter settingsWriter = new SettingsWriter();
                        settingsWriter.setValue("global.language", Locale.getDefault().getLanguage());
                        settingsWriter.setValue("global.mtu", this.mCurrentProfile.getMTU());
                        settingsWriter.setValue("connection.type", this.mCurrentProfile.getVpnType().getIdentifier());
                        settingsWriter.setValue("connection.server", this.mCurrentProfile.getGateway());
                        settingsWriter.setValue("connection.port", this.mCurrentProfile.getPort());
                        settingsWriter.setValue("connection.username", this.mCurrentProfile.getUsername());
                        settingsWriter.setValue("connection.password", this.mCurrentProfile.getPassword());
                        settingsWriter.setValue("connection.local_id", this.mCurrentProfile.getLocalId());
                        settingsWriter.setValue("connection.remote_id", this.mCurrentProfile.getRemoteId());
                        initiate(settingsWriter.serialize());
                    } else {
                        Log.e(TAG, "failed to start charon");
                        setError(VpnStateService.ErrorState.GENERIC_ERROR);
                        setState(VpnStateService.State.DISABLED);
                        this.mCurrentProfile = null;
                    }
                }
            }
        }
    }

    public void updateImcState(int i) {
        ImcState fromValue = ImcState.fromValue(i);
        if (fromValue != null) {
            setImcState(fromValue);
        }
    }

    public void updateStatus(int i) {
        switch (i) {
            case 1:
                setState(VpnStateService.State.CONNECTED);
                return;
            case 2:
                if (this.mIsDisconnecting) {
                    return;
                }
                setState(VpnStateService.State.CONNECTING);
                return;
            case 3:
                setErrorDisconnect(VpnStateService.ErrorState.AUTH_FAILED);
                return;
            case 4:
                setErrorDisconnect(VpnStateService.ErrorState.PEER_AUTH_FAILED);
                return;
            case 5:
                setErrorDisconnect(VpnStateService.ErrorState.LOOKUP_FAILED);
                return;
            case 6:
                setErrorDisconnect(VpnStateService.ErrorState.UNREACHABLE);
                return;
            case 7:
                setErrorDisconnect(VpnStateService.ErrorState.GENERIC_ERROR);
                return;
            default:
                Log.e(TAG, "Unknown status code received");
                return;
        }
    }
}
