package com.cisco.anyconnect.vpn.interceptor;

import android.app.Service;
import android.content.Intent;
import android.os.Build;
import android.os.Handler;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import com.cisco.anyconnect.common.network.SelectSocketChannel;
import com.cisco.anyconnect.vpn.android.network.ProcessNetworkBinder;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptorConfig;
import java.io.FileDescriptor;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: classes.dex */
public class TestInterceptorService extends Service implements SelectSocketChannel.ISelectSocketChannelCB {
    private static final String PROXY_FINAL_DNS = "2001:420:2c51:1311:e031:2a1:1ad2:1d6a";
    private static boolean TEST_RECONFIGURE = false;
    private NetworkInterceptor mInterceptor;
    private ProcessNetworkBinder mNetworkBinder;
    private SelectSocketChannel mProxyChannel;
    private Map<Short, NetworkFlow> mTxFlowMap = new ConcurrentHashMap();
    private int mConfigureCount = 0;
    Handler mHandler = new Handler();
    Runnable mRemoveClosedFlows = new Runnable() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.1
        @Override // java.lang.Runnable
        public void run() {
            Iterator it = TestInterceptorService.this.mTxFlowMap.entrySet().iterator();
            while (it.hasNext()) {
                if (((NetworkFlow) ((Map.Entry) it.next()).getValue()).isClosed()) {
                    it.remove();
                }
            }
            AppLog.info(this, "ddx4 removed closed flows " + TestInterceptorService.this.mTxFlowMap.size());
            TestInterceptorService.this.scheduleRemoveClosedFlows();
        }
    };
    Runnable mConfigureTask = new Runnable() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.2
        @Override // java.lang.Runnable
        public void run() {
            TestInterceptorService.this.doConfigure();
        }
    };
    NetworkInterceptor.INetworkInterceptorCB mInterceptorCB = new NetworkInterceptor.INetworkInterceptorCB() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.4
        @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
        public void handleFlowClosed(NetworkFlow networkFlow) {
            AppLog.info(this, "ddxt flow closed: " + networkFlow);
        }

        @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
        public void handleFlowData(NetworkFlow networkFlow, ByteBuffer byteBuffer) {
            byteBuffer.order(ByteOrder.BIG_ENDIAN);
            short s = byteBuffer.getShort(0);
            TestInterceptorService.this.mTxFlowMap.put(Short.valueOf(s), networkFlow);
            AppLog.info(this, "ddxt flow data: " + networkFlow + " msgId=" + ((int) s) + " len=" + byteBuffer.limit());
            byteBuffer.rewind();
            TestInterceptorService.this.mProxyChannel.writeBuffer(byteBuffer);
        }

        @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
        public void handleStateChange(final NetworkInterceptor.State state, final NetworkInterceptor.State state2) {
            TestInterceptorService.this.mHandler.post(new Runnable() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.4.1
                @Override // java.lang.Runnable
                public void run() {
                    TestInterceptorService.this.handleInterceptorStateChange(state, state2);
                }
            });
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    public void doConfigure() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("host1.com");
        arrayList.add("host2.com");
        NetworkInterceptorConfig.Builder builder = new NetworkInterceptorConfig.Builder();
        builder.standalone().setSessionName("Umbrella Protection").addAddress(new NetworkInterceptorConfig.Subnet("10.10.10.10", 32)).addAddress(new NetworkInterceptorConfig.Subnet("FE80:0000:0000:0000:AADD:207C:71F0:371E", 64)).addDnsServer(PROXY_FINAL_DNS).addIncludeRoute(new NetworkInterceptorConfig.Subnet(PROXY_FINAL_DNS, 128)).addIncludeRoute(new NetworkInterceptorConfig.Subnet("1.2.3.4", 32));
        if (TEST_RECONFIGURE && this.mConfigureCount % 3 == 0) {
            builder.standalone().addDnsServer("8.8.8." + (this.mConfigureCount % 256));
        }
        builder.excludeDnsQueries(new ArrayList<String>() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.3
            {
                add("*.cisco.com");
                add("*.synocorp.net");
            }
        });
        AppLog.info(this, "ddxc configure result: " + this.mInterceptor.configure(builder.build()) + " state=" + this.mInterceptor.getState() + " count=" + this.mConfigureCount);
        this.mConfigureCount = this.mConfigureCount + 1;
        if (TEST_RECONFIGURE) {
            this.mHandler.postDelayed(this.mConfigureTask, 20000L);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleInterceptorStateChange(NetworkInterceptor.State state, NetworkInterceptor.State state2) {
        NetworkInterceptor.FailureCode lastFailureCode;
        AppLog.info(this, "ddxt interceptor state change: " + state + " -> " + state2);
        if (state2 == NetworkInterceptor.State.INITIALIZED) {
            doConfigure();
            return;
        }
        if (state2 != NetworkInterceptor.State.CONFIGURED) {
            if (state2 != NetworkInterceptor.State.DISABLED || (lastFailureCode = this.mInterceptor.getLastFailureCode()) == null) {
                return;
            }
            if (NetworkInterceptor.FailureCode.REVOKED == lastFailureCode) {
                AppLog.warn(this, "ddx8 vpn revoked!");
                return;
            }
            AppLog.error(this, "ddx8 interceptor failed with code: " + lastFailureCode);
            return;
        }
        AppLog.info(this, "ddxt protecting socket");
        SelectSocketChannel selectSocketChannel = this.mProxyChannel;
        if (selectSocketChannel != null && selectSocketChannel.isInitialized()) {
            AppLog.info(this, "ddxt reconfigured");
            return;
        }
        if (protectChannel()) {
            try {
                this.mProxyChannel.initialize(InetAddress.getByName(PROXY_FINAL_DNS), 53);
                scheduleRemoveClosedFlows();
                AppLog.info(this, "ddxt protected socket");
            } catch (Exception e) {
                AppLog.error(this, "failed to init proxy channel", e);
                throw new RuntimeException(e);
            }
        }
    }

    private void initProxyChannel() {
        try {
            this.mProxyChannel = new SelectSocketChannel(2000, this);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean protectChannel() {
        AppLog.info(this, "ddx protectChannel entry");
        DatagramSocket socket = this.mProxyChannel.getSocket();
        if (Build.VERSION.SDK_INT >= 29) {
            return true;
        }
        try {
            if (this.mInterceptor.protect(ParcelFileDescriptor.dup((FileDescriptor) socket.getClass().getDeclaredMethod("getFileDescriptor$", null).invoke(socket, null)))) {
                return true;
            }
            AppLog.error(this, "Failed to protect socket!");
            this.mInterceptor.disable();
            return false;
        } catch (Exception e) {
            AppLog.error(this, "failed to protect socket", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleRemoveClosedFlows() {
        this.mHandler.removeCallbacks(this.mRemoveClosedFlows);
        this.mHandler.postDelayed(this.mRemoveClosedFlows, 120000L);
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        throw new UnsupportedOperationException("Not yet implemented");
    }

    @Override // com.cisco.anyconnect.common.network.SelectSocketChannel.ISelectSocketChannelCB
    public void onChannelReconnected() {
        this.mHandler.post(new Runnable() { // from class: com.cisco.anyconnect.vpn.interceptor.TestInterceptorService.5
            @Override // java.lang.Runnable
            public void run() {
                AppLog.info(TestInterceptorService.this, "channel reconnected; reprotecting");
                if (TestInterceptorService.this.protectChannel()) {
                    return;
                }
                AppLog.error(TestInterceptorService.this, "failed to reprotect channel");
            }
        });
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        AppLog.info(this, "ddxt oncreate test int");
        ProcessNetworkBinder processNetworkBinder = new ProcessNetworkBinder("TestInterceptorService", this);
        this.mNetworkBinder = processNetworkBinder;
        processNetworkBinder.start();
        NetworkInterceptor networkInterceptor = new NetworkInterceptor(this, this.mInterceptorCB);
        this.mInterceptor = networkInterceptor;
        networkInterceptor.initialize();
        initProxyChannel();
    }

    @Override // com.cisco.anyconnect.common.network.SelectSocketChannel.ISelectSocketChannelCB
    public void onDataReceived(byte[] bArr) {
        AppLog.info(this, "ddx proxy received data: " + bArr.length);
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        short s = wrap.getShort(0);
        NetworkFlow networkFlow = this.mTxFlowMap.get(Short.valueOf(s));
        if (networkFlow != null) {
            networkFlow.writeData(wrap);
            return;
        }
        AppLog.error(this, "missing flow for txid: " + ((int) s));
    }

    @Override // android.app.Service
    public void onDestroy() {
        NetworkInterceptor networkInterceptor = this.mInterceptor;
        if (networkInterceptor != null) {
            networkInterceptor.disable();
        }
        SelectSocketChannel selectSocketChannel = this.mProxyChannel;
        if (selectSocketChannel != null) {
            selectSocketChannel.close();
        }
        this.mHandler.removeCallbacks(this.mRemoveClosedFlows);
        AppLog.info(this, "ddxt ondestroy");
        super.onDestroy();
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        AppLog.info(this, "ddxt start test interceptor");
        return 1;
    }
}
