package com.punicapp.intellivpn.service.vpn;

import android.annotation.TargetApi;
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.net.VpnService;
import android.os.Build;
import android.os.Bundle;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.system.OsConstants;
import android.util.Log;
import com.punicapp.intellivpn.IntelliVpnApp;
import com.punicapp.intellivpn.activities.MainActivity;
import com.punicapp.intellivpn.api.local.IRepository;
import com.punicapp.intellivpn.events.vpn.VpnStartErrorEvent;
import com.punicapp.intellivpn.model.data.AppSettings;
import com.punicapp.intellivpn.model.data.VpnProfile;
import com.punicapp.intellivpn.model.strongswan.IPRange;
import com.punicapp.intellivpn.model.strongswan.IPRangeSet;
import com.punicapp.intellivpn.model.strongswan.ImcState;
import com.punicapp.intellivpn.model.strongswan.RemediationInstruction;
import com.punicapp.intellivpn.model.strongswan.SettingsWriter;
import com.punicapp.intellivpn.model.vpn.VpnErrorKind;
import com.punicapp.intellivpn.model.vpn.VpnStatus;
import com.punicapp.intellivpn.notifications.NotificationManager;
import com.punicapp.intellivpn.security.TrustedCertificateManager;
import com.punicapp.intellivpn.service.vpn.VpnStateService;
import com.punicapp.intellivpn.view.vpnStateActions.VpnStateAction;
import java.io.File;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.inject.Inject;
import net.intellivpn.android.R;
import org.greenrobot.eventbus.EventBus;
import rx.functions.Action1;
import rx.schedulers.Schedulers;
import rx.subjects.ReplaySubject;

/* loaded from: classes10.dex */
public class IntelliVpnService extends VpnService implements Runnable {
    public static final String CONNECTION_LOCAL_ID_KEY = "connection.local_id";
    public static final String CONNECTION_PASSWORD_KEY = "connection.password";
    public static final String CONNECTION_REMOTE_ID_KEY = "connection.remote_id";
    public static final String CONNECTION_SERVER_KEY = "connection.server";
    public static final String CONNECTION_TYPE = "ikev2-eap";
    public static final String CONNECTION_TYPE_KEY = "connection.type";
    public static final String CONNECTION_USERNAME_KEY = "connection.username";
    public static final String CONNECT_ACTION = "com.punicapp.intellivpn.service.vpn.IntelliVpnService.CONNECT";
    public static final String DISCONNECT_ACTION = "com.punicapp.intellivpn.service.vpn.IntelliVpnService.DISCONNECT";
    public static final String EVENT = "EVENT";
    public static final String GLOBAL_LANGUAGE_KEY = "global.language";
    public static final String IS_RUNNING = "is_running";
    public static final String LOG_FILE = "intellivpn.log";
    public static final int MAX_RECONNECT_TRY_COUNTER = 5;
    public static final boolean RECONNECT_ON_ERROR = true;
    public static final boolean RECONNECT_ON_NETWORK_TYPE_CHANGE = false;
    public static final String SET_IS_RUNNING = "set_is_running";
    public static final String SHOW_NOTIFICATION = "show_notification";
    public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
    public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
    static final int STATE_AUTH_ERROR = 3;
    static final int STATE_CHILD_SA_DOWN = 2;
    static final int STATE_CHILD_SA_UP = 1;
    static final int STATE_GENERIC_ERROR = 7;
    static final int STATE_LOOKUP_ERROR = 5;
    static final int STATE_PEER_AUTH_ERROR = 4;
    static final int STATE_UNREACHABLE_ERROR = 6;
    private static final String TAG = IntelliVpnService.class.getSimpleName();
    private static int reconnectTryCounter = 5;

    @Inject
    protected EventBus bus;
    private VpnStateAction changeStateAction;
    private Thread mConnectionHandler;
    private VpnProfile mCurrentProfile;
    private volatile boolean mIsDisconnecting;
    private String mLogFile;
    private VpnProfile mNextProfile;
    private volatile boolean mProfileUpdated;
    private VpnStateService mService;
    private volatile boolean mTerminate;

    @Inject
    protected NotificationManager notificationManager;

    @Inject
    protected IRepository<AppSettings> settingsRepo;

    @Inject
    protected IRepository<VpnProfile> vpnProfileRepo;
    private boolean mSetVpnIsRunning = false;
    private ReplaySubject<Void> serviceConnectedSubject = ReplaySubject.create(1);
    private final Object mServiceLock = new Object();
    private final ServiceConnection mServiceConnection = new ServiceConnection() { // from class: com.punicapp.intellivpn.service.vpn.IntelliVpnService.1
        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            synchronized (IntelliVpnService.this.mServiceLock) {
                IntelliVpnService.this.mService = ((VpnStateService.LocalBinder) iBinder).getService();
                IntelliVpnService.this.serviceConnectedSubject.onNext(null);
            }
            IntelliVpnService.this.mConnectionHandler.start();
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            synchronized (IntelliVpnService.this.mServiceLock) {
                IntelliVpnService.this.mService = null;
            }
        }
    };

    /* loaded from: classes10.dex */
    public class BuilderAdapter {
        private VpnService.Builder mBuilder;
        private BuilderCache mCache;
        private BuilderCache mEstablishedCache;
        private String mProfileName;

        public BuilderAdapter(String str) {
            this.mProfileName = str;
            this.mBuilder = createBuilder(str);
            this.mCache = new BuilderCache();
        }

        private VpnService.Builder createBuilder(String str) {
            VpnService.Builder builder = new VpnService.Builder(IntelliVpnService.this);
            builder.setSession(str);
            Context applicationContext = IntelliVpnService.this.getApplicationContext();
            builder.setConfigureIntent(PendingIntent.getActivity(applicationContext, 0, new Intent(applicationContext, (Class<?>) MainActivity.class), 134217728));
            return builder;
        }

        public synchronized boolean addAddress(String str, int i) {
            boolean z;
            try {
                this.mCache.addAddress(str, i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addDnsServer(String str) {
            boolean z;
            try {
                this.mBuilder.addDnsServer(str);
                this.mCache.recordAddressFamily(str);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addRoute(String str, int i) {
            boolean z;
            try {
                this.mCache.addRoute(str, i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized boolean addSearchDomain(String str) {
            boolean z;
            try {
                this.mBuilder.addSearchDomain(str);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }

        public synchronized int establish() {
            int i = -1;
            synchronized (this) {
                try {
                    this.mCache.applyData(this.mBuilder);
                    ParcelFileDescriptor establish = this.mBuilder.establish();
                    if (establish != null) {
                        this.mBuilder = createBuilder(this.mProfileName);
                        this.mEstablishedCache = this.mCache;
                        this.mCache = new BuilderCache();
                        i = establish.detachFd();
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            return i;
        }

        public synchronized int establishNoDns() {
            int i = -1;
            synchronized (this) {
                if (this.mEstablishedCache != null) {
                    try {
                        VpnService.Builder createBuilder = createBuilder(this.mProfileName);
                        this.mEstablishedCache.applyData(createBuilder);
                        ParcelFileDescriptor establish = createBuilder.establish();
                        if (establish != null) {
                            i = establish.detachFd();
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
            return i;
        }

        public synchronized boolean setMtu(int i) {
            boolean z;
            try {
                this.mCache.setMtu(i);
                z = true;
            } catch (IllegalArgumentException e) {
                z = false;
            }
            return z;
        }
    }

    /* loaded from: classes10.dex */
    public class BuilderCache {
        private final IPRangeSet mExcludedSubnets;
        private boolean mIPv4Seen;
        private boolean mIPv6Seen;
        private int mMtu;
        private final int mSplitTunneling;
        private final List<IPRange> mAddresses = new ArrayList();
        private final List<IPRange> mRoutesIPv4 = new ArrayList();
        private final List<IPRange> mRoutesIPv6 = new ArrayList();
        private final IPRangeSet mIncludedSubnetsv4 = new IPRangeSet();
        private final IPRangeSet mIncludedSubnetsv6 = new IPRangeSet();

        public BuilderCache() {
            Iterator<IPRange> it = new IPRangeSet().iterator();
            while (it.hasNext()) {
                IPRange next = it.next();
                if (next.getFrom() instanceof Inet4Address) {
                    this.mIncludedSubnetsv4.add(next);
                } else if (next.getFrom() instanceof Inet6Address) {
                    this.mIncludedSubnetsv6.add(next);
                }
            }
            this.mExcludedSubnets = new IPRangeSet();
            this.mSplitTunneling = 0;
        }

        private boolean isIPv6(String str) throws UnknownHostException {
            InetAddress byName = InetAddress.getByName(str);
            return !(byName instanceof Inet4Address) && (byName instanceof Inet6Address);
        }

        public void addAddress(String str, int i) {
            try {
                this.mAddresses.add(new IPRange(str, i));
                recordAddressFamily(str);
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }

        public void addRoute(String str, int i) {
            try {
                if (isIPv6(str)) {
                    this.mRoutesIPv6.add(new IPRange(str, i));
                } else {
                    this.mRoutesIPv4.add(new IPRange(str, i));
                }
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }

        @TargetApi(21)
        public void applyData(VpnService.Builder builder) {
            for (IPRange iPRange : this.mAddresses) {
                builder.addAddress(iPRange.getFrom(), iPRange.getPrefix().intValue());
            }
            if ((this.mSplitTunneling & 1) == 0) {
                if (this.mIPv4Seen) {
                    IPRangeSet iPRangeSet = new IPRangeSet();
                    if (this.mIncludedSubnetsv4.size() > 0) {
                        iPRangeSet.add(this.mIncludedSubnetsv4);
                    } else {
                        iPRangeSet.addAll(this.mRoutesIPv4);
                    }
                    iPRangeSet.remove(this.mExcludedSubnets);
                    for (IPRange iPRange2 : iPRangeSet.subnets()) {
                        builder.addRoute(iPRange2.getFrom(), iPRange2.getPrefix().intValue());
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET);
                }
            } else if (this.mIPv4Seen) {
                builder.addRoute("0.0.0.0", 0);
            }
            if ((this.mSplitTunneling & 2) == 0) {
                if (this.mIPv6Seen) {
                    IPRangeSet iPRangeSet2 = new IPRangeSet();
                    if (this.mIncludedSubnetsv6.size() > 0) {
                        iPRangeSet2.add(this.mIncludedSubnetsv6);
                    } else {
                        iPRangeSet2.addAll(this.mRoutesIPv6);
                    }
                    iPRangeSet2.remove(this.mExcludedSubnets);
                    for (IPRange iPRange3 : iPRangeSet2.subnets()) {
                        builder.addRoute(iPRange3.getFrom(), iPRange3.getPrefix().intValue());
                    }
                } else if (Build.VERSION.SDK_INT >= 21) {
                    builder.allowFamily(OsConstants.AF_INET6);
                }
            } else if (this.mIPv6Seen) {
                builder.addRoute("::", 0);
            }
            builder.setMtu(this.mMtu);
        }

        public void recordAddressFamily(String str) {
            try {
                if (isIPv6(str)) {
                    this.mIPv6Seen = true;
                } else {
                    this.mIPv4Seen = true;
                }
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }

        public void setMtu(int i) {
            this.mMtu = i;
        }
    }

    static {
        if (Build.VERSION.SDK_INT < 18) {
            System.loadLibrary("strongswan");
            System.loadLibrary("charon");
            System.loadLibrary("ipsec");
        }
        System.loadLibrary("androidbridge");
    }

    private static String getAndroidVersion() {
        String str = "Android " + Build.VERSION.RELEASE + " - " + Build.DISPLAY;
        return Build.VERSION.SDK_INT >= 23 ? str + "/" + Build.VERSION.SECURITY_PATCH : str;
    }

    private static String getDeviceString() {
        return Build.MODEL + " - " + Build.BRAND + "/" + Build.PRODUCT + "/" + Build.MANUFACTURER;
    }

    private byte[][] getTrustedCertificates() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<X509Certificate> it = TrustedCertificateManager.getInstance().load().getAllCACertificates().values().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getEncoded());
            }
            return (byte[][]) arrayList.toArray(new byte[arrayList.size()]);
        } catch (CertificateEncodingException e) {
            e.printStackTrace();
            return (byte[][]) null;
        }
    }

    private byte[][] getUserCertificate() throws KeyChainException, InterruptedException, CertificateEncodingException {
        ArrayList arrayList = new ArrayList();
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(getApplicationContext(), null);
        if (certificateChain == null || certificateChain.length == 0) {
            return (byte[][]) null;
        }
        for (X509Certificate x509Certificate : certificateChain) {
            arrayList.add(x509Certificate.getEncoded());
        }
        return (byte[][]) arrayList.toArray(new byte[arrayList.size()]);
    }

    private PrivateKey getUserKey() throws KeyChainException, InterruptedException {
        return KeyChain.getPrivateKey(getApplicationContext(), null);
    }

    private void handleError(VpnErrorKind vpnErrorKind) {
        if (reconnectTryCounter > 0) {
            reconnectTryCounter--;
            setNextProfile(this.mCurrentProfile);
            Log.w("Reconnect", "RECONNECT_ON_ERROR");
        } else {
            this.mService.setError(vpnErrorKind);
            this.mSetVpnIsRunning = true;
            setNextProfile(null);
        }
    }

    private void setError(VpnErrorKind vpnErrorKind) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                handleError(vpnErrorKind);
            }
        }
    }

    private void setErrorDisconnect(VpnErrorKind vpnErrorKind) {
        synchronized (this.mServiceLock) {
            if (this.mService != null && !this.mIsDisconnecting) {
                handleError(vpnErrorKind);
            }
        }
    }

    private void setImcState(ImcState imcState) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.setImcState(imcState);
            }
        }
    }

    private void setNextProfile(VpnProfile vpnProfile) {
        synchronized (this) {
            this.mNextProfile = vpnProfile;
            this.mProfileUpdated = true;
            notifyAll();
        }
    }

    private void setState(VpnStatus vpnStatus) {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.setState(vpnStatus);
            }
            if (this.changeStateAction != null) {
                this.changeStateAction.onVpnChangeState(vpnStatus, this.bus);
            }
        }
    }

    private void startConnection() {
        synchronized (this.mServiceLock) {
            if (this.mService != null) {
                this.mService.startConnection();
            }
        }
    }

    private void stopCurrentConnection() {
        synchronized (this) {
            if (this.mCurrentProfile != null) {
                setState(VpnStatus.DISCONNECTING);
                this.mIsDisconnecting = true;
                deinitializeCharon();
                Log.i(TAG, "vpn service stopped");
                this.mCurrentProfile = null;
                stopForeground(true);
            }
        }
    }

    public void addRemediationInstruction(String str) {
        for (RemediationInstruction remediationInstruction : RemediationInstruction.fromXml(str)) {
            synchronized (this.mServiceLock) {
                if (this.mService != null) {
                    this.mService.addRemediationInstruction(remediationInstruction);
                }
            }
        }
    }

    public native void deinitializeCharon();

    public native boolean initializeCharon(BuilderAdapter builderAdapter, String str, int i, boolean z);

    public native void initiate(String str);

    @Override // android.app.Service
    public void onCreate() {
        this.mLogFile = getFilesDir().getAbsolutePath() + File.separator + LOG_FILE;
        this.mConnectionHandler = new Thread(this);
        bindService(new Intent(this, (Class<?>) VpnStateService.class), this.mServiceConnection, 1);
        IntelliVpnApp.getAppComponent().inject(this);
    }

    @Override // android.app.Service
    public void onDestroy() {
        this.mTerminate = true;
        this.mSetVpnIsRunning = true;
        setNextProfile(null);
        try {
            this.mConnectionHandler.join();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        if (this.mService != null) {
            unbindService(this.mServiceConnection);
        }
        this.bus.unregister(this);
        this.serviceConnectedSubject.onCompleted();
    }

    @Override // android.net.VpnService
    public void onRevoke() {
        setNextProfile(null);
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        boolean z = true;
        if (intent == null) {
            return 2;
        }
        String action = intent.getAction();
        Bundle extras = intent.getExtras();
        if (extras != null && !extras.getBoolean(SET_IS_RUNNING, true)) {
            z = false;
        }
        this.mSetVpnIsRunning = z;
        this.changeStateAction = extras != null ? (VpnStateAction) intent.getExtras().getSerializable(EVENT) : null;
        if (DISCONNECT_ACTION.equals(action)) {
            setNextProfile(null);
            return 2;
        }
        if (!CONNECT_ACTION.equals(action)) {
            return 2;
        }
        VpnProfile instantFirst = this.vpnProfileRepo.instantFirst(null);
        if (instantFirst == null || !instantFirst.isVpnConnectionProfileValid()) {
            this.bus.post(new VpnStartErrorEvent(VpnErrorKind.VPN_CONNECT_PROFILE_INVALID));
            return 2;
        }
        if (instantFirst.isSelectedRegionValid()) {
            setNextProfile(instantFirst);
            return 2;
        }
        this.bus.post(new VpnStartErrorEvent(VpnErrorKind.REGION_INVALID));
        return 2;
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            synchronized (this) {
                while (!this.mProfileUpdated) {
                    try {
                        try {
                            wait();
                        } catch (Throwable th) {
                            stopCurrentConnection();
                            setState(VpnStatus.DISABLED);
                        }
                    } catch (InterruptedException e) {
                        stopCurrentConnection();
                        setState(VpnStatus.DISABLED);
                    }
                }
                this.mProfileUpdated = false;
                stopCurrentConnection();
                if (this.mNextProfile == null) {
                    if (this.mSetVpnIsRunning) {
                        this.settingsRepo.modifyFirst(new Action1<AppSettings>() { // from class: com.punicapp.intellivpn.service.vpn.IntelliVpnService.2
                            @Override // rx.functions.Action1
                            public void call(AppSettings appSettings) {
                                appSettings.setVpnRunning(false);
                                appSettings.setVpnError(null);
                            }
                        }).subscribeOn(Schedulers.io()).subscribe();
                        this.mSetVpnIsRunning = false;
                    }
                    setState(VpnStatus.DISABLED);
                    this.mService.stopForeground(true);
                    if (this.mTerminate) {
                        return;
                    }
                } else {
                    if (this.mSetVpnIsRunning) {
                        this.settingsRepo.modifyFirst(new Action1<AppSettings>() { // from class: com.punicapp.intellivpn.service.vpn.IntelliVpnService.3
                            @Override // rx.functions.Action1
                            public void call(AppSettings appSettings) {
                                appSettings.setVpnRunning(true);
                            }
                        }).subscribeOn(Schedulers.io()).subscribe();
                        this.mService.startForeground(1, this.notificationManager.buildStateNotification());
                        this.mSetVpnIsRunning = false;
                    }
                    this.mCurrentProfile = this.mNextProfile;
                    this.mNextProfile = null;
                    startConnection();
                    this.mIsDisconnecting = false;
                    if (initializeCharon(new BuilderAdapter(getString(R.string.vpn_session_name)), this.mLogFile, -1, false)) {
                        Log.i(TAG, "vpn service started");
                        SettingsWriter settingsWriter = new SettingsWriter();
                        settingsWriter.setValue(GLOBAL_LANGUAGE_KEY, Locale.getDefault().getLanguage());
                        settingsWriter.setValue(CONNECTION_TYPE_KEY, CONNECTION_TYPE);
                        settingsWriter.setValue(CONNECTION_SERVER_KEY, this.mCurrentProfile.getConnectUrl());
                        settingsWriter.setValue(CONNECTION_REMOTE_ID_KEY, this.mCurrentProfile.getDomain());
                        String username = this.mCurrentProfile.getUsername();
                        settingsWriter.setValue(CONNECTION_USERNAME_KEY, username);
                        settingsWriter.setValue(CONNECTION_PASSWORD_KEY, this.mCurrentProfile.getToken());
                        settingsWriter.setValue(CONNECTION_LOCAL_ID_KEY, username);
                        initiate(settingsWriter.serialize());
                    } else {
                        Log.e(TAG, "failed to start vpn service");
                        setError(VpnErrorKind.GENERIC_ERROR);
                        this.mCurrentProfile = null;
                    }
                }
            }
        }
    }

    public void updateImcState(int i) {
        ImcState fromValue = ImcState.fromValue(i);
        if (fromValue != null) {
            setImcState(fromValue);
        }
    }

    public void updateStatus(int i) {
        switch (i) {
            case 1:
                setState(VpnStatus.CONNECTED);
                reconnectTryCounter = 5;
                return;
            case 2:
                if (this.mIsDisconnecting) {
                    return;
                }
                setState(VpnStatus.CONNECTING);
                return;
            case 3:
                setErrorDisconnect(VpnErrorKind.AUTH_FAILED);
                return;
            case 4:
                setErrorDisconnect(VpnErrorKind.PEER_AUTH_FAILED);
                return;
            case 5:
                setErrorDisconnect(VpnErrorKind.LOOKUP_FAILED);
                return;
            case 6:
                setErrorDisconnect(VpnErrorKind.UNREACHABLE);
                return;
            case 7:
                setErrorDisconnect(VpnErrorKind.GENERIC_ERROR);
                return;
            default:
                Log.e(TAG, "Unknown status code received");
                return;
        }
    }
}
