package com.citrix.vpn.service;

import android.app.Notification;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.net.ConnectivityManager;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.ProxyInfo;
import android.net.Uri;
import android.net.VpnService;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.Messenger;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.system.OsConstants;
import android.text.TextUtils;
import android.util.Pair;
import com.citrix.vpn.config.JsonVpnConfiguration;
import com.citrix.vpn.config.k;
import com.citrix.vpn.service.CitrixVpnService;
import com.citrix.worx.sdk.CtxLog;
import h6.f;
import h6.q;
import j6.h;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import l6.n;
import l6.r;
import l6.s;
import l6.u;

/* loaded from: classes.dex */
public class CitrixVpnService implements Runnable {

    /* renamed from: x0, reason: collision with root package name */
    private static CitrixVpnService f7542x0 = null;

    /* renamed from: y0, reason: collision with root package name */
    private static final String f7543y0 = "CitrixVpnService";

    /* renamed from: z0, reason: collision with root package name */
    private static boolean f7544z0;
    private Messenger A;
    private String B;
    private String C;
    private String D;
    private String E;
    private String F;
    private String G;
    private String H;
    private PendingIntent I;
    private int J;
    private boolean K;
    private String L;
    private ParcelFileDescriptor M;
    private InetAddress N;
    protected ExecutorService O;
    private s P;
    private r Q;
    private c6.c R;
    private h S;
    private j6.d T;
    private final AtomicLong U;
    private final AtomicLong V;
    private n6.d W;
    private com.citrix.vpn.service.b X;
    private n6.e Y;
    private ArrayList Z;

    /* renamed from: a0, reason: collision with root package name */
    private c6.a f7545a0;

    /* renamed from: b0, reason: collision with root package name */
    private String f7546b0;

    /* renamed from: c0, reason: collision with root package name */
    private VpnService f7547c0;

    /* renamed from: d0, reason: collision with root package name */
    private ArrayList f7548d0;

    /* renamed from: e0, reason: collision with root package name */
    private HashMap f7549e0;

    /* renamed from: f0, reason: collision with root package name */
    private final Bundle f7550f0;

    /* renamed from: g0, reason: collision with root package name */
    private a f7551g0;

    /* renamed from: h0, reason: collision with root package name */
    private byte[] f7552h0;

    /* renamed from: i0, reason: collision with root package name */
    private char[] f7553i0;

    /* renamed from: j0, reason: collision with root package name */
    private List f7554j0;

    /* renamed from: k0, reason: collision with root package name */
    private boolean f7555k0;

    /* renamed from: l0, reason: collision with root package name */
    private g6.b f7556l0;

    /* renamed from: m0, reason: collision with root package name */
    private boolean f7557m0;

    /* renamed from: n0, reason: collision with root package name */
    private boolean f7558n0;

    /* renamed from: o0, reason: collision with root package name */
    private boolean f7559o0;

    /* renamed from: p0, reason: collision with root package name */
    private ConnectivityManager f7560p0;

    /* renamed from: q0, reason: collision with root package name */
    private int f7561q0;

    /* renamed from: r0, reason: collision with root package name */
    private boolean f7562r0;

    /* renamed from: s0, reason: collision with root package name */
    private volatile boolean f7563s0;

    /* renamed from: t0, reason: collision with root package name */
    private d f7564t0;

    /* renamed from: u0, reason: collision with root package name */
    private final ReentrantLock f7565u0;

    /* renamed from: v0, reason: collision with root package name */
    private volatile boolean f7566v0;

    /* renamed from: w, reason: collision with root package name */
    private final b f7567w;

    /* renamed from: w0, reason: collision with root package name */
    private final c f7568w0;

    /* renamed from: x, reason: collision with root package name */
    private final Messenger f7569x;

    /* renamed from: y, reason: collision with root package name */
    private InetAddress f7570y;

    /* renamed from: z, reason: collision with root package name */
    private InetAddress f7571z;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        String f7572a;

        /* renamed from: b, reason: collision with root package name */
        String f7573b;

        /* renamed from: c, reason: collision with root package name */
        String f7574c;

        /* renamed from: d, reason: collision with root package name */
        char[] f7575d;

        public a(String str, String str2, char[] cArr, String str3) {
            this.f7572a = str;
            this.f7573b = str2;
            this.f7574c = str3;
            this.f7575d = cArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b extends Handler {

        /* renamed from: a, reason: collision with root package name */
        private final CitrixVpnService f7576a;

        private b(CitrixVpnService citrixVpnService) {
            super(Looper.getMainLooper());
            this.f7576a = citrixVpnService;
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            CtxLog.g(CitrixVpnService.f7543y0, "received message from CR: " + message.what);
            int i10 = message.what;
            if (i10 == 1) {
                this.f7576a.A = message.replyTo;
                return;
            }
            if (i10 == 2) {
                this.f7576a.A = null;
                return;
            }
            switch (i10) {
                case 6001:
                    this.f7576a.m0(5002);
                    this.f7576a.p0();
                    return;
                case 6002:
                    ArrayList<String> stringArrayList = message.getData().getStringArrayList("ALLOWED_APP_LIST");
                    if (stringArrayList != null) {
                        this.f7576a.f7545a0.a(stringArrayList);
                    }
                    this.f7576a.R.u();
                    return;
                case 6003:
                    ArrayList<String> stringArrayList2 = message.getData().getStringArrayList("ALLOWED_APP_LIST");
                    if (stringArrayList2 != null) {
                        this.f7576a.f7545a0.d(stringArrayList2);
                    }
                    this.f7576a.R.u();
                    return;
                case 6004:
                    this.f7576a.reconnectService(message.getData());
                    return;
                default:
                    switch (i10) {
                        case 6006:
                            this.f7576a.reconnectMuxChannel();
                            return;
                        case 6007:
                            this.f7576a.sendMessageToReceiver(6007);
                            return;
                        case 6008:
                            this.f7576a.reconnectTunnel();
                            return;
                        case 6009:
                            this.f7576a.stopTunnel();
                            return;
                        default:
                            super.handleMessage(message);
                            return;
                    }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class c implements Runnable {

        /* renamed from: w, reason: collision with root package name */
        private ConnectivityManager f7577w;

        private c() {
            this.f7577w = null;
        }

        private ConnectivityManager b() {
            ConnectivityManager connectivityManager = this.f7577w;
            if (connectivityManager != null) {
                return connectivityManager;
            }
            ConnectivityManager connectivityManager2 = (ConnectivityManager) CitrixVpnService.this.H().getSystemService("connectivity");
            this.f7577w = connectivityManager2;
            return connectivityManager2;
        }

        private boolean c() {
            Network activeNetwork;
            NetworkCapabilities networkCapabilities;
            ConnectivityManager b10 = b();
            if (b10 == null || (activeNetwork = b10.getActiveNetwork()) == null || (networkCapabilities = b10.getNetworkCapabilities(activeNetwork)) == null) {
                return false;
            }
            return networkCapabilities.hasTransport(1) || networkCapabilities.hasTransport(0) || networkCapabilities.hasTransport(3) || networkCapabilities.hasTransport(2);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void d() {
            if (CitrixVpnService.this.T == null) {
                CitrixVpnService.this.f7566v0 = false;
                return;
            }
            boolean H = CitrixVpnService.this.T.H();
            CitrixVpnService.this.f7566v0 = false;
            if (H) {
                CitrixVpnService.this.P.update(null, null);
                return;
            }
            if (System.nanoTime() - CitrixVpnService.this.V.get() > 180000000000L) {
                CtxLog.Info(CitrixVpnService.f7543y0, "MUX reconnect has been failing for too long, check if we can reconnect the VPN");
                CitrixVpnService citrixVpnService = CitrixVpnService.this;
                citrixVpnService.onGwConnectivityLostMessage(citrixVpnService.V.get());
            }
            CitrixVpnService.this.reconnectMuxChannel();
        }

        @Override // java.lang.Runnable
        public void run() {
            CtxLog.g(CitrixVpnService.f7543y0, "Executing reconnect MUX task");
            if (CitrixVpnService.this.isStopped()) {
                CitrixVpnService.this.f7566v0 = false;
                return;
            }
            if (!c()) {
                CtxLog.Info(CitrixVpnService.f7543y0, "network not connected, skipping mux reconnect, will wait for network change...");
                CitrixVpnService.this.f7566v0 = false;
                return;
            }
            try {
                if (CitrixVpnService.this.U.get() - CitrixVpnService.this.V.get() > 0) {
                    CitrixVpnService.this.V.set(System.nanoTime());
                }
                CitrixVpnService.this.O.submit(new Runnable() { // from class: com.citrix.vpn.service.a
                    @Override // java.lang.Runnable
                    public final void run() {
                        CitrixVpnService.c.this.d();
                    }
                });
            } catch (RejectedExecutionException e10) {
                CitrixVpnService.this.f7566v0 = false;
                CtxLog.q(CitrixVpnService.f7543y0, "Mux execution rejected", e10);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class d {

        /* renamed from: a, reason: collision with root package name */
        final boolean f7579a;

        /* renamed from: b, reason: collision with root package name */
        final boolean f7580b;

        /* renamed from: c, reason: collision with root package name */
        final String f7581c;

        /* renamed from: d, reason: collision with root package name */
        final String f7582d;

        /* renamed from: e, reason: collision with root package name */
        final String f7583e;

        /* renamed from: f, reason: collision with root package name */
        String f7584f;

        /* renamed from: g, reason: collision with root package name */
        final String f7585g;

        /* renamed from: h, reason: collision with root package name */
        final Messenger f7586h;

        /* renamed from: i, reason: collision with root package name */
        final String f7587i;

        /* renamed from: j, reason: collision with root package name */
        final int f7588j;

        /* renamed from: k, reason: collision with root package name */
        final ArrayList f7589k;

        /* renamed from: l, reason: collision with root package name */
        final ArrayList f7590l;

        /* renamed from: m, reason: collision with root package name */
        final String f7591m;

        /* renamed from: n, reason: collision with root package name */
        final String f7592n;

        /* renamed from: o, reason: collision with root package name */
        final boolean f7593o;

        /* renamed from: p, reason: collision with root package name */
        final boolean f7594p;

        /* renamed from: q, reason: collision with root package name */
        final boolean f7595q;

        /* renamed from: r, reason: collision with root package name */
        final PendingIntent f7596r;

        /* renamed from: s, reason: collision with root package name */
        final a f7597s;

        /* renamed from: t, reason: collision with root package name */
        final byte[] f7598t;

        /* renamed from: u, reason: collision with root package name */
        final char[] f7599u;

        /* renamed from: v, reason: collision with root package name */
        final List f7600v;

        /* renamed from: w, reason: collision with root package name */
        final boolean f7601w;

        /* renamed from: x, reason: collision with root package name */
        final boolean f7602x;

        public d(Bundle bundle) {
            Notification notification;
            Object parcelable;
            Object parcelable2;
            this.f7584f = "";
            ArrayList arrayList = new ArrayList();
            this.f7600v = arrayList;
            this.f7579a = bundle.getBoolean("DEBUG", false);
            this.f7580b = bundle.getBoolean("fips", false);
            this.f7581c = bundle.getString("ADDRESS");
            this.f7582d = bundle.getString("GATEWAY_IP");
            this.f7583e = bundle.getString("PORT");
            this.f7584f = bundle.getString("COOKIE");
            String string = bundle.getString("USERAGENT");
            this.f7585g = string;
            CtxLog.g(CitrixVpnService.f7543y0, "UserAgent = " + string);
            int i10 = Build.VERSION.SDK_INT;
            if (i10 >= 33) {
                parcelable2 = bundle.getParcelable("MESSENGER", Messenger.class);
                this.f7586h = (Messenger) parcelable2;
            } else {
                this.f7586h = (Messenger) bundle.getParcelable("MESSENGER");
            }
            if (this.f7586h == null) {
                CtxLog.Error(CitrixVpnService.f7543y0, "receiverMessenger is null");
            }
            this.f7587i = bundle.getString("VPN_CONFIG_FILE_LOCATION");
            this.f7588j = bundle.getInt("PROFILE_ID", -1);
            this.f7589k = bundle.getStringArrayList("ALLOWED_APP_LIST");
            this.f7590l = bundle.getStringArrayList("EXCLUDE_LIST");
            String string2 = bundle.getString("PERAPPVPN_APPNAMES");
            this.f7591m = string2;
            String string3 = bundle.getString("PERAPPVPN_TYPE");
            this.f7592n = string3;
            CtxLog.g(CitrixVpnService.f7543y0, "app names:[" + string2 + "] per app VPN type: " + string3);
            this.f7593o = bundle.getBoolean("DisableFqdnSplitTunnel", true) ^ true;
            this.f7594p = bundle.getBoolean("DisableReconnectOnAdcVipChange", false) ^ true;
            this.f7602x = bundle.getBoolean("DisableMuxReceiveTimeout", false);
            this.f7595q = bundle.getBoolean("STARTING_ALWAYS_ON", false);
            if (i10 >= 33) {
                parcelable = bundle.getParcelable("NotificationInfo", Notification.class);
                notification = (Notification) parcelable;
            } else {
                notification = (Notification) bundle.getParcelable("NotificationInfo");
            }
            this.f7596r = notification != null ? notification.contentIntent : null;
            String string4 = bundle.getString("CERT_TYPE");
            String string5 = bundle.getString("CERTALIAS");
            if (TextUtils.isEmpty(string4)) {
                this.f7597s = null;
            } else {
                this.f7597s = new a(string4, string5, bundle.getCharArray("CERTPASSWORD"), bundle.getString("CERTFILELOCATION"));
            }
            this.f7598t = bundle.getByteArray("USER_ACCEPTED_CERTS_KEY_STORE");
            this.f7599u = bundle.getCharArray("USER_ACCEPTED_CERTS_KEY_STORE_PASSWORD");
            ArrayList<String> stringArrayList = bundle.getStringArrayList("SERVER_CERTIFICATE_PINS");
            if (stringArrayList == null) {
                this.f7601w = false;
                return;
            }
            arrayList.addAll(stringArrayList);
            boolean z10 = bundle.getBoolean("ENFORCE_CERT_PINNING", true);
            this.f7601w = z10;
            CtxLog.Info(CitrixVpnService.f7543y0, "Using certificate pins: " + arrayList + ", enforcing: " + z10);
        }

        void a(String str) {
            this.f7584f = str;
        }
    }

    /* loaded from: classes.dex */
    private class e {

        /* renamed from: a, reason: collision with root package name */
        private boolean f7603a;

        /* renamed from: b, reason: collision with root package name */
        private int f7604b;

        /* renamed from: c, reason: collision with root package name */
        private k f7605c;

        private e() {
            this.f7603a = true;
        }

        private boolean d() {
            try {
                n nVar = new n(CitrixVpnService.this.C, CitrixVpnService.this.B, CitrixVpnService.this.D, CitrixVpnService.this.L, CitrixVpnService.this.E, CitrixVpnService.this.F, CitrixVpnService.this.f7556l0);
                CitrixVpnService citrixVpnService = CitrixVpnService.this;
                citrixVpnService.f7546b0 = com.citrix.vpn.config.b.a(citrixVpnService.f7547c0, nVar, Integer.toString(CitrixVpnService.this.J));
                return true;
            } catch (UnknownHostException e10) {
                CtxLog.k("VpnConfigProcessor", "DNS error when looking up VPN config file", e10);
                CitrixVpnService.this.b0("failure_reason", "Failed resolve gateway name");
                this.f7604b = 7004;
                return false;
            } catch (SSLException e11) {
                CtxLog.k("VpnConfigProcessor", "SSL exception when fetching VPN config file", e11);
                CitrixVpnService.this.b0("failure_reason", "SSL exception in config fetch");
                this.f7604b = 7005;
                return false;
            } catch (IOException e12) {
                CtxLog.Error("VpnConfigProcessor", "IO exception when fetching VPN config file from network: " + e12.getMessage());
                String message = e12.getMessage();
                if (message == null) {
                    CitrixVpnService.this.b0("failure_reason", "Tunnel config fetch failed");
                    this.f7604b = 7002;
                    return false;
                }
                if (message.contains("401") || message.contains("302")) {
                    this.f7603a = false;
                    CtxLog.Error("VpnConfigProcessor", "Cookies are invalid. Message already sent so not sending again");
                    return false;
                }
                if (message.contains("403")) {
                    CtxLog.Warning("VpnConfigProcessor", "Got access denied while fetching config, trying to use previously saved config if any");
                    CitrixVpnService citrixVpnService2 = CitrixVpnService.this;
                    citrixVpnService2.f7546b0 = o6.c.b(citrixVpnService2.f7547c0, CitrixVpnService.this.B + "_" + CitrixVpnService.this.D, CitrixVpnService.this.J);
                }
                if (!TextUtils.isEmpty(CitrixVpnService.this.f7546b0)) {
                    CtxLog.b("VpnConfigProcessor", "Loading the saved config from local file");
                    return true;
                }
                CtxLog.Error("VpnConfigProcessor", "VPN config doesn't exist. Exiting VPN");
                CitrixVpnService.this.b0("failure_reason", "Tunnel config fetch failed");
                this.f7604b = 7002;
                return false;
            } catch (Exception e13) {
                CtxLog.h("VpnConfigProcessor", "Exception while fetching config", e13);
                CitrixVpnService.this.b0("failure_reason", "Tunnel config fetch failed");
                this.f7604b = 7002;
                return false;
            }
        }

        boolean a() {
            CtxLog.Info("VpnConfigProcessor", "Going in backward compatibility mode");
            if (!d()) {
                return false;
            }
            byte[] bArr = null;
            this.f7605c = null;
            try {
                bArr = o6.c.c(CitrixVpnService.this.f7546b0);
            } catch (Exception e10) {
                CtxLog.k("VpnConfigProcessor", "Exception while reading config from file", e10);
            }
            if (bArr == null) {
                CtxLog.Error("VpnConfigProcessor", "Failed to read config from file");
                CitrixVpnService.this.b0("failure_reason", "Invalid tunnel config");
                this.f7604b = 7002;
                return false;
            }
            try {
                JsonVpnConfiguration jsonVpnConfiguration = new JsonVpnConfiguration(new String(bArr, StandardCharsets.US_ASCII), CitrixVpnService.this.C);
                this.f7605c = jsonVpnConfiguration;
                if (jsonVpnConfiguration.k()) {
                    return true;
                }
                CtxLog.Error("VpnConfigProcessor", "Failed to parse config");
                CitrixVpnService.this.b0("failure_reason", "Invalid tunnel config");
                o6.c.a(CitrixVpnService.this.f7546b0);
                this.f7604b = 7003;
                return false;
            } catch (Exception unused) {
                CtxLog.g("VpnConfigProcessor", "VpnConfig initialization failed");
                this.f7604b = 7003;
                return false;
            }
        }

        k b() {
            return this.f7605c;
        }

        int c() {
            return this.f7604b;
        }

        boolean e() {
            return this.f7603a;
        }
    }

    static {
        try {
            System.loadLibrary("jniinterface");
        } catch (UnsatisfiedLinkError e10) {
            CtxLog.Error(f7543y0, e10.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public CitrixVpnService() {
        b bVar = new b();
        this.f7567w = bVar;
        this.f7569x = new Messenger(bVar);
        this.f7570y = null;
        this.K = false;
        this.M = null;
        this.N = null;
        this.O = Executors.newFixedThreadPool(1);
        this.P = null;
        this.Q = null;
        this.R = null;
        this.S = null;
        this.T = null;
        AtomicLong atomicLong = new AtomicLong(System.nanoTime());
        this.U = atomicLong;
        this.V = new AtomicLong(atomicLong.get());
        this.W = null;
        this.X = null;
        this.Y = null;
        this.Z = null;
        this.f7545a0 = null;
        this.f7547c0 = null;
        this.f7548d0 = null;
        this.f7550f0 = new Bundle();
        this.f7551g0 = null;
        this.f7554j0 = null;
        this.f7555k0 = false;
        this.f7556l0 = null;
        this.f7557m0 = true;
        this.f7558n0 = true;
        this.f7559o0 = false;
        this.f7560p0 = null;
        this.f7562r0 = false;
        this.f7563s0 = false;
        this.f7565u0 = new ReentrantLock();
        this.f7566v0 = false;
        this.f7568w0 = new c();
    }

    private void A(VpnService.Builder builder, List list) {
        CtxLog.g(f7543y0, "Adding disallowed apps for per-app VPN ");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                CtxLog.g(f7543y0, MessageFormat.format("Adding {0}", str));
                builder.addDisallowedApplication(str.trim());
            } catch (PackageManager.NameNotFoundException unused) {
                CtxLog.r(f7543y0, "App [%1$s] not found", str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void B() {
        CtxLog.g(f7543y0, "stopSelf called for service");
        this.f7547c0.stopSelf(this.f7561q0);
        this.f7562r0 = true;
    }

    private boolean C(d dVar) {
        ArrayList arrayList = dVar.f7589k;
        if (arrayList != null && !arrayList.isEmpty()) {
            return true;
        }
        CtxLog.Error(f7543y0, "Allowed app list is empty can't start VPN.");
        disconnectVPN(7007);
        b0("failure_reason", "Invalid parameters");
        return false;
    }

    private boolean D(d dVar) {
        if (TextUtils.isEmpty(dVar.f7581c)) {
            return true;
        }
        Uri parse = Uri.parse(dVar.f7581c);
        if (parse != null) {
            this.L = parse.getScheme();
            this.B = parse.getHost();
            return true;
        }
        CtxLog.Error(f7543y0, "AG address " + dVar.f7581c + " is malformed, failed to start VPN.");
        b0("failure_reason", "Invalid parameters");
        disconnectVPN(7007);
        return false;
    }

    private void E() {
        h hVar = this.S;
        if (hVar != null) {
            hVar.o();
        }
        j6.d dVar = this.T;
        if (dVar != null) {
            dVar.o();
        }
        n6.e eVar = this.Y;
        if (eVar != null) {
            eVar.a();
        }
        r rVar = this.Q;
        if (rVar != null) {
            rVar.i();
        }
        com.citrix.vpn.service.b bVar = this.X;
        if (bVar != null) {
            bVar.h();
        }
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        new Thread(new Runnable() { // from class: l6.f
            @Override // java.lang.Runnable
            public final void run() {
                CitrixVpnService.S(countDownLatch);
            }
        }).start();
        try {
            if (!countDownLatch.await(5L, TimeUnit.SECONDS)) {
                CtxLog.Warning(f7543y0, "ConnectionStack did not shutdown before timeout");
            }
        } catch (InterruptedException unused) {
            Thread.currentThread().interrupt();
        }
        c6.c cVar = this.R;
        if (cVar != null) {
            cVar.p();
        }
        n6.d dVar2 = this.W;
        if (dVar2 != null) {
            dVar2.p();
        }
        this.S = null;
        this.T = null;
        this.Y = null;
        this.Q = null;
        this.X = null;
        this.R = null;
        this.W = null;
    }

    private static void F() {
        f7542x0 = null;
    }

    private void G(boolean z10, int i10) {
        if (!z10) {
            CtxLog.b(f7543y0, "exiting run without sending a message");
            return;
        }
        if (5001 == i10) {
            CtxLog.b(f7543y0, "exiting run and vpn established");
            updateLastSuccessfulConnectTime();
            b0("result", "Success");
            sendMessageToReceiver(5001);
            return;
        }
        b0("result", "Failure");
        CtxLog.b(f7543y0, "exiting run and sending a disconnect message");
        this.f7547c0.stopForeground(1);
        disconnectVPN(i10);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Context H() {
        return this.f7547c0.getApplicationContext();
    }

    private VpnService.Builder I() {
        VpnService vpnService = this.f7547c0;
        Objects.requireNonNull(vpnService);
        return new VpnService.Builder(vpnService);
    }

    private static Provider J() {
        Provider[] providers = Security.getProviders("KeyStore.PKCS12");
        if (providers.length >= 2) {
            return providers[1];
        }
        if (providers.length == 1) {
            return providers[0];
        }
        return null;
    }

    private InetAddress K() {
        this.N = o6.d.e(o6.d.i(this.N.getHostAddress()) + 1);
        while (NetworkInterface.getByInetAddress(this.N) != null) {
            try {
                this.N = o6.d.e(o6.d.i(this.N.getHostAddress()) + 1);
            } catch (SocketException e10) {
                CtxLog.Info(f7543y0, "Could not find free IP, retrying: " + e10.getMessage());
            }
        }
        return this.N;
    }

    private X509TrustManager L() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            X509TrustManager x509TrustManager = null;
            try {
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManager;
                    }
                }
                if (x509TrustManager != null) {
                    return x509TrustManager;
                }
                throw new IllegalStateException("Should never happen");
            } catch (KeyStoreException unused) {
                throw new IllegalStateException("Should never happen");
            }
        } catch (NoSuchAlgorithmException unused2) {
            throw new IllegalStateException("Should never happen");
        }
    }

    private X509TrustManager M(String str, byte[] bArr, char[] cArr, List list, boolean z10) {
        X509TrustManager x509TrustManager = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", null, new KeyStore.PasswordProtection(cArr)).getKeyStore();
            keyStore.load(byteArrayInputStream, cArr);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager hVar = new h6.h(trustManagerFactory.getTrustManagers());
            try {
                if (!list.isEmpty()) {
                    hVar = keyStore.size() == 0 ? new q(str, new TrustManager[]{L()}, z10, list) : new q(str, trustManagerFactory.getTrustManagers(), z10, list);
                }
                return hVar;
            } catch (Exception e10) {
                e = e10;
                x509TrustManager = hVar;
                CtxLog.q(f7543y0, "Failed to create proper trust manager", e);
                return x509TrustManager;
            }
        } catch (Exception e11) {
            e = e11;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x004b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:19:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void N(boolean r6) {
        /*
            boolean r0 = com.citrix.vpn.service.CitrixVpnService.f7544z0
            if (r0 != 0) goto L8c
            if (r6 == 0) goto L8c
            java.lang.String r6 = com.citrix.vpn.service.CitrixVpnService.f7543y0
            java.lang.String r0 = "Setting up SSL SDK"
            com.citrix.worx.sdk.CtxLog.Info(r6, r0)
            r6 = 1
            com.citrix.vpn.service.CitrixVpnService.f7544z0 = r6
            r0 = 0
            java.lang.String r1 = "com.citrix.sdk.ssl.androidnative.CitrixJSSEProvider"
            java.lang.Class r1 = java.lang.Class.forName(r1)     // Catch: java.lang.Exception -> L2d
            java.lang.reflect.Constructor r1 = r1.getDeclaredConstructor(r0)     // Catch: java.lang.Exception -> L2d
            java.lang.Object r1 = r1.newInstance(r0)     // Catch: java.lang.Exception -> L2d
            java.security.Provider r1 = (java.security.Provider) r1     // Catch: java.lang.Exception -> L2d
            java.lang.String r2 = "com.citrix.work.vpnutils.SSLSDKLoader"
            java.lang.Class r2 = java.lang.Class.forName(r2)     // Catch: java.lang.Exception -> L2b
            r2.newInstance()     // Catch: java.lang.Exception -> L2b
            goto L49
        L2b:
            r2 = move-exception
            goto L2f
        L2d:
            r2 = move-exception
            r1 = r0
        L2f:
            java.lang.String r3 = com.citrix.vpn.service.CitrixVpnService.f7543y0
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            java.lang.String r5 = "Failed to setup Citrix SSLSDK: "
            r4.append(r5)
            java.lang.String r2 = r2.getMessage()
            r4.append(r2)
            java.lang.String r2 = r4.toString()
            com.citrix.worx.sdk.CtxLog.g(r3, r2)
        L49:
            if (r1 == 0) goto L8c
            java.security.Security.insertProviderAt(r1, r6)     // Catch: java.lang.Exception -> L84
            java.lang.String r1 = "com.citrix.sdk.ssl.androidnative.CitrixSSLSocketFactory"
            java.lang.Class r1 = java.lang.Class.forName(r1)     // Catch: java.lang.Exception -> L84
            java.lang.String r2 = "setupSSLSDKwithCAs"
            java.lang.Class r3 = java.lang.Integer.TYPE     // Catch: java.lang.Exception -> L84
            java.lang.Class<java.lang.Object[]> r4 = java.lang.Object[].class
            java.lang.Class[] r4 = new java.lang.Class[]{r3, r4}     // Catch: java.lang.Exception -> L84
            java.lang.reflect.Method r2 = r1.getMethod(r2, r4)     // Catch: java.lang.Exception -> L84
            r4 = 0
            java.lang.Integer r4 = java.lang.Integer.valueOf(r4)     // Catch: java.lang.Exception -> L84
            java.lang.Object[] r4 = new java.lang.Object[]{r4, r0}     // Catch: java.lang.Exception -> L84
            r2.invoke(r0, r4)     // Catch: java.lang.Exception -> L84
            java.lang.String r2 = "setFIPSMode"
            java.lang.Class[] r3 = new java.lang.Class[]{r3}     // Catch: java.lang.Exception -> L84
            java.lang.reflect.Method r1 = r1.getMethod(r2, r3)     // Catch: java.lang.Exception -> L84
            java.lang.Integer r6 = java.lang.Integer.valueOf(r6)     // Catch: java.lang.Exception -> L84
            java.lang.Object[] r6 = new java.lang.Object[]{r6}     // Catch: java.lang.Exception -> L84
            r1.invoke(r0, r6)     // Catch: java.lang.Exception -> L84
            goto L8c
        L84:
            r6 = move-exception
            java.lang.String r0 = com.citrix.vpn.service.CitrixVpnService.f7543y0
            java.lang.String r1 = "Setting up FIPS failed"
            com.citrix.worx.sdk.CtxLog.k(r0, r1, r6)
        L8c:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.vpn.service.CitrixVpnService.N(boolean):void");
    }

    private f O(String str, char[] cArr, String str2) {
        f fVar;
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            try {
                KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
                Provider J = J();
                if (J != null) {
                    KeyStore keyStore = KeyStore.Builder.newInstance("PKCS12", J, passwordProtection).getKeyStore();
                    keyStore.load(fileInputStream, cArr);
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, passwordProtection);
                    fVar = new f(privateKeyEntry.getPrivateKey(), (X509Certificate[]) privateKeyEntry.getCertificateChain(), str);
                } else {
                    fVar = new f(null, null, null);
                }
                fileInputStream.close();
                return fVar;
            } finally {
            }
        } catch (Exception e10) {
            CtxLog.g(f7543y0, "Exception while init from file: " + e10.getMessage());
            return new f(null, null, null);
        }
    }

    private f P(String str) {
        try {
            PrivateKey privateKey = KeyChain.getPrivateKey(H(), str);
            if (privateKey != null) {
                return new f(privateKey, KeyChain.getCertificateChain(H(), str), str);
            }
            throw new KeyChainException("Private key is not available for alias: " + str);
        } catch (KeyChainException e10) {
            CtxLog.g(f7543y0, "Exception while init from KeyChain: " + e10.getMessage());
            return new f(null, null, null);
        } catch (InterruptedException unused) {
            Thread.currentThread().interrupt();
            return null;
        }
    }

    private void Q(VpnService.Builder builder, List list) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            String[] split = str.split("/");
            try {
                builder.addRoute(split[0], split.length < 2 ? 32 : Integer.parseInt(split[1]));
                CtxLog.Info(f7543y0, "VPN-Route: " + str);
            } catch (IllegalArgumentException unused) {
                CtxLog.Info(f7543y0, "Illegal route: " + str);
            }
        }
    }

    private int R() {
        boolean isAlwaysOn;
        if (Build.VERSION.SDK_INT < 29) {
            return this.K ? 1 : 0;
        }
        isAlwaysOn = this.f7547c0.isAlwaysOn();
        return isAlwaysOn ? 1 : 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void S(CountDownLatch countDownLatch) {
        try {
            try {
                m6.e.t();
            } catch (IllegalStateException e10) {
                CtxLog.b(f7543y0, "ConnectionStack shutdown error " + e10.getMessage());
            }
        } finally {
            countDownLatch.countDown();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:10:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x004b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void T(java.lang.String r6) {
        /*
            r5 = this;
            java.util.List r0 = o6.d.c(r6)     // Catch: java.net.UnknownHostException -> L2a
            java.lang.String r1 = com.citrix.vpn.service.CitrixVpnService.f7543y0     // Catch: java.net.UnknownHostException -> L28
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.net.UnknownHostException -> L28
            r2.<init>()     // Catch: java.net.UnknownHostException -> L28
            java.lang.String r3 = "Excluding "
            r2.append(r3)     // Catch: java.net.UnknownHostException -> L28
            r2.append(r6)     // Catch: java.net.UnknownHostException -> L28
            java.lang.String r3 = " , resolved to list of IPs = "
            r2.append(r3)     // Catch: java.net.UnknownHostException -> L28
            r2.append(r0)     // Catch: java.net.UnknownHostException -> L28
            java.lang.String r3 = " from tunnel"
            r2.append(r3)     // Catch: java.net.UnknownHostException -> L28
            java.lang.String r2 = r2.toString()     // Catch: java.net.UnknownHostException -> L28
            com.citrix.worx.sdk.CtxLog.g(r1, r2)     // Catch: java.net.UnknownHostException -> L28
            goto L49
        L28:
            r1 = move-exception
            goto L2c
        L2a:
            r1 = move-exception
            r0 = 0
        L2c:
            java.lang.String r2 = com.citrix.vpn.service.CitrixVpnService.f7543y0
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            r3.append(r6)
            java.lang.String r4 = " not added to exclusion list "
            r3.append(r4)
            java.lang.String r1 = r1.getMessage()
            r3.append(r1)
            java.lang.String r1 = r3.toString()
            com.citrix.worx.sdk.CtxLog.Warning(r2, r1)
        L49:
            if (r0 == 0) goto L50
            java.util.HashMap r1 = r5.f7549e0
            r1.put(r6, r0)
        L50:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.vpn.service.CitrixVpnService.T(java.lang.String):void");
    }

    private void U() {
        if (this.f7548d0 == null) {
            return;
        }
        this.f7549e0 = new HashMap(this.f7548d0.size());
        Iterator it = this.f7548d0.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (TextUtils.isEmpty(str)) {
                CtxLog.Warning(f7543y0, str + " not added to exclusion list, got null uri for it");
            } else {
                String host = Uri.parse(str).getHost();
                if (TextUtils.isEmpty(host)) {
                    T(str);
                } else {
                    T(host);
                }
            }
        }
    }

    private void V(boolean z10) {
        if (Build.VERSION.SDK_INT < 29) {
            this.K = z10;
        }
    }

    private void W(d dVar) {
        this.B = dVar.f7581c;
        this.C = dVar.f7582d;
        this.D = dVar.f7583e;
        this.E = dVar.f7584f;
        this.F = dVar.f7585g;
        this.A = dVar.f7586h;
        this.f7546b0 = dVar.f7587i;
        this.J = dVar.f7588j;
        this.Z = dVar.f7589k;
        this.f7548d0 = dVar.f7590l;
        this.H = dVar.f7591m;
        this.G = dVar.f7592n;
        this.f7557m0 = dVar.f7593o;
        this.f7558n0 = dVar.f7594p;
        this.f7559o0 = dVar.f7602x;
    }

    private void X(d dVar) {
        this.f7554j0 = dVar.f7600v;
        this.f7555k0 = dVar.f7601w;
    }

    private void Y(d dVar) {
        this.I = dVar.f7596r;
    }

    private void Z() {
        b0("ip_routes", "IP routes");
    }

    private void a0(VpnService.Builder builder, k kVar) {
        ProxyInfo b10 = kVar.b();
        if (b10 != null) {
            if (Build.VERSION.SDK_INT < 29) {
                CtxLog.Warning(f7543y0, "Client configuration specifies setting proxy which is unsupported on Android 9 and lower");
                return;
            }
            builder.setHttpProxy(b10);
            CtxLog.g(f7543y0, "Set proxy on VPN interface: " + b10);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b0(String str, String str2) {
        this.f7550f0.putString(str, str2);
    }

    private void c0(d dVar) {
        this.f7551g0 = dVar.f7597s;
        this.f7552h0 = dVar.f7598t;
        this.f7553i0 = dVar.f7599u;
    }

    private boolean d0(VpnService.Builder builder) {
        if (TextUtils.isEmpty(this.H)) {
            return true;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(this.H.split("[,;]")));
        if (this.G.equals("Allow")) {
            return z(builder, arrayList);
        }
        A(builder, arrayList);
        return true;
    }

    private void e0() {
        f fVar;
        byte[] bArr;
        char[] cArr;
        a aVar = this.f7551g0;
        X509TrustManager x509TrustManager = null;
        if (aVar != null) {
            if ("CERT_TYPE_ON_FILE_SYSTEM".equalsIgnoreCase(aVar.f7572a)) {
                a aVar2 = this.f7551g0;
                fVar = O(aVar2.f7573b, aVar2.f7575d, aVar2.f7574c);
            } else if ("CERT_TYPE_KEY_CHAIN".equalsIgnoreCase(this.f7551g0.f7572a)) {
                fVar = P(this.f7551g0.f7573b);
            }
            bArr = this.f7552h0;
            if (bArr != null && (cArr = this.f7553i0) != null) {
                x509TrustManager = M(this.B, bArr, cArr, this.f7554j0, this.f7555k0);
            }
            h6.n.e(fVar, x509TrustManager);
        }
        fVar = null;
        bArr = this.f7552h0;
        if (bArr != null) {
            x509TrustManager = M(this.B, bArr, cArr, this.f7554j0, this.f7555k0);
        }
        h6.n.e(fVar, x509TrustManager);
    }

    private void f0(k kVar, InetAddress inetAddress) {
        String hostAddress = inetAddress.getHostAddress();
        int i10 = (int) o6.d.i(hostAddress);
        n nVar = new n(this.C, this.B, this.D, this.L, this.E, this.F, this.f7556l0);
        u uVar = new u(nVar, kVar.j(), kVar.i(), kVar.d(), this.f7549e0);
        this.Q = new r(this.M, this.f7556l0);
        c6.a aVar = new c6.a(this.Z, H());
        this.f7545a0 = aVar;
        this.R = new c6.c(uVar, aVar);
        this.X = new com.citrix.vpn.service.b(this.M, this.f7556l0);
        d6.a aVar2 = new d6.a(this.R);
        if (kVar.j()) {
            b0("dns_truncate_flag", "DNS truncate flag");
        }
        this.S = new h(nVar, kVar.j(), this.f7549e0);
        n6.d dVar = new n6.d(nVar);
        this.W = dVar;
        d6.a aVar3 = new d6.a(dVar);
        this.T = new j6.d(i10, nVar);
        this.Y = new n6.e(hostAddress);
        try {
            m6.e.n();
        } catch (IllegalStateException e10) {
            CtxLog.k(f7543y0, "ConnectionStack Initialize error " + e10.getMessage(), e10);
        }
        new Thread(this.Y).start();
        this.Q.c(this.R);
        this.Q.e(this.W);
        this.R.c(this.S);
        this.R.e(aVar3);
        this.S.c(this.T);
        this.T.c(this.X);
        this.W.c(this.X);
        this.W.e(aVar2);
        this.Q.g();
        this.R.i();
        this.S.g();
        this.X.d();
        this.T.g();
        this.W.i();
    }

    private void g0(k kVar, VpnService.Builder builder) {
        this.f7571z = null;
        b0("split_dns", kVar.e().toString());
        InetAddress K = K();
        this.f7571z = K;
        builder.addDnsServer(K);
        builder.addRoute(this.f7571z, 32);
        if (getRealDnsServer() == null) {
            String str = f7543y0;
            CtxLog.Warning(str, "No local DNS server available.");
            if (kVar.m()) {
                CtxLog.Info(str, "Allowing AF_INET6 family when split tunnel is ON");
                builder.allowFamily(OsConstants.AF_INET6);
            }
        }
        for (String str2 : kVar.i()) {
            CtxLog.g(f7543y0, "Adding DNS search domain: " + str2);
            builder.addSearchDomain(str2);
        }
        if (kVar.i().isEmpty()) {
            return;
        }
        b0("dns_suffixes", "DNS suffixes");
    }

    public static CitrixVpnService getInstance() {
        return f7542x0;
    }

    private void h0() {
        try {
            this.N = InetAddress.getByName("169.254.1.0");
        } catch (UnknownHostException e10) {
            CtxLog.g(f7543y0, "Should not happen, " + e10.getMessage());
        }
    }

    private void i0(List list, List list2, long j10) {
        if (list2.isEmpty()) {
            long i10 = o6.d.i("255.255.255.255");
            list.addAll(o6.d.g(0L, j10 - 1));
            list.addAll(o6.d.g(j10 + 1, i10));
            return;
        }
        Z();
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            Pair pair = (Pair) it.next();
            if (j10 == 0 || ((Long) pair.first).longValue() > j10 || j10 > ((Long) pair.second).longValue()) {
                list.addAll(o6.d.g(((Long) pair.first).longValue(), ((Long) pair.second).longValue()));
            } else {
                list.addAll(o6.d.g(((Long) pair.first).longValue(), j10 - 1));
                list.addAll(o6.d.g(j10 + 1, ((Long) pair.second).longValue()));
            }
        }
    }

    private void j0(k kVar, VpnService.Builder builder) {
        List arrayList = new ArrayList();
        List c10 = kVar.c();
        l0(kVar);
        long i10 = o6.d.i(this.C);
        if (this.f7556l0.r()) {
            arrayList = k0(kVar, arrayList, c10, i10);
        } else {
            i0(arrayList, c10, i10);
        }
        Q(builder, arrayList);
        b0("split_tunnel", kVar.f().toString());
    }

    private List k0(k kVar, List list, List list2, long j10) {
        this.f7556l0.F(list2);
        if (kVar.l() || list2.isEmpty()) {
            return this.f7556l0.f(j10);
        }
        if (kVar.m()) {
            Z();
            return this.f7556l0.g(j10);
        }
        if (!kVar.n()) {
            return list;
        }
        Z();
        return this.f7556l0.h(j10);
    }

    private void l0(k kVar) {
        this.f7556l0 = new g6.b(this.f7557m0, kVar.g(), kVar.h(), kVar.f(), kVar.c());
    }

    private boolean n0() {
        try {
            CtxLog.Info(f7543y0, "Attempting to start CitrixVpnService");
            this.O.submit(this);
            return true;
        } catch (RejectedExecutionException e10) {
            CtxLog.k(f7543y0, "ExecutorService rejected VPN execution. Disconnecting from VPN.", e10);
            b0("failure_reason", "Service thread start failed");
            disconnectVPN(7008);
            return false;
        }
    }

    private int o0(d dVar) {
        this.f7563s0 = false;
        N(dVar.f7580b);
        W(dVar);
        V(dVar.f7595q);
        Y(dVar);
        CtxLog.g(f7543y0, "app names:[" + dVar.f7591m + "] per app VPN type: " + dVar.f7592n);
        if (!C(dVar)) {
            return 2;
        }
        h0();
        c0(dVar);
        X(dVar);
        if (!D(dVar)) {
            return 2;
        }
        i6.a.d(dVar.f7579a, H());
        return !n0() ? 2 : 3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void p0() {
        this.f7567w.post(new Runnable() { // from class: l6.e
            @Override // java.lang.Runnable
            public final void run() {
                CitrixVpnService.this.B();
            }
        });
    }

    private void q0() {
        String str = f7543y0;
        CtxLog.g(str, "Shutting down vpn tunnel");
        this.f7563s0 = true;
        if (this.M == null) {
            CtxLog.d(str, "VPN interface already cleared");
            return;
        }
        E();
        try {
            try {
                this.M.close();
            } catch (IOException unused) {
                CtxLog.Error(f7543y0, "Unable to close VPN interface while tearing down tunnel.");
            }
            o6.b.c().deleteObservers();
            this.f7566v0 = false;
            CtxLog.g(f7543y0, "Tunnel shutdown completed");
        } finally {
            this.M = null;
        }
    }

    private void r0(k kVar, VpnService.Builder builder) {
        InetAddress a10 = kVar.a();
        this.f7570y = a10;
        if (a10.isLoopbackAddress() || this.f7570y.isAnyLocalAddress()) {
            this.f7570y = K();
        } else {
            b0("iip", "IIP");
        }
        builder.addAddress(this.f7570y, 32);
    }

    private boolean z(VpnService.Builder builder, List list) {
        PackageManager.PackageInfoFlags of2;
        CtxLog.g(f7543y0, "Adding allowed apps for per-app VPN");
        String packageName = getPackageName();
        list.add(packageName);
        PackageManager packageManager = H().getPackageManager();
        Iterator it = list.iterator();
        boolean z10 = false;
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                CtxLog.g(f7543y0, MessageFormat.format("Adding {0}", str));
                str = str.trim();
                if (Build.VERSION.SDK_INT < 33) {
                    packageManager.getPackageInfo(str, 0);
                } else {
                    of2 = PackageManager.PackageInfoFlags.of(0L);
                    packageManager.getPackageInfo(str, of2);
                }
                builder.addAllowedApplication(str);
                if (!str.equals(packageName)) {
                    z10 = true;
                }
            } catch (PackageManager.NameNotFoundException unused) {
                CtxLog.r(f7543y0, "App [%1$s] not found", str);
            }
        }
        return z10;
    }

    public void disconnectVPN(int i10) {
        CtxLog.Info(f7543y0, "Disconnecting VPN with msg: " + i10);
        if (i10 == 6001) {
            m0(5002);
        } else if (i10 == 6005) {
            m0(i10);
        } else {
            sendMessageToReceiver(i10);
            m0(i10);
        }
    }

    public InetAddress getDnsIp() {
        return this.f7571z;
    }

    public InetAddress getIip() {
        return this.f7570y;
    }

    public InetAddress getNewDnsServer() {
        return this.P.e();
    }

    public String getPackageName() {
        return this.f7547c0.getPackageName();
    }

    public String getPackageNameForConnection(int i10, int i11, int i12, int i13) {
        int connectionOwnerUid;
        if (Build.VERSION.SDK_INT < 29) {
            return "";
        }
        Context H = H();
        if (this.f7560p0 == null) {
            return "";
        }
        try {
            InetSocketAddress inetSocketAddress = new InetSocketAddress(o6.d.e(i12), i13);
            InetSocketAddress inetSocketAddress2 = new InetSocketAddress(getIip(), i11);
            connectionOwnerUid = this.f7560p0.getConnectionOwnerUid(i10, inetSocketAddress2, inetSocketAddress);
            if (connectionOwnerUid == -1) {
                CtxLog.Warning(f7543y0, "Connection not found for protocol: " + i10 + ", src: " + inetSocketAddress2 + ", dest: " + inetSocketAddress);
                return "";
            }
            String[] packagesForUid = H.getPackageManager().getPackagesForUid(connectionOwnerUid);
            if (packagesForUid != null && packagesForUid.length != 0) {
                return packagesForUid[0];
            }
            CtxLog.Warning(f7543y0, "No package found for uid: " + connectionOwnerUid);
            return "";
        } catch (IllegalArgumentException e10) {
            e = e10;
            CtxLog.Warning(f7543y0, "Failed to get app package information for the connection. Error: " + e.getMessage());
            return "";
        } catch (SecurityException e11) {
            e = e11;
            CtxLog.Warning(f7543y0, "Failed to get app package information for the connection. Error: " + e.getMessage());
            return "";
        }
    }

    public InetAddress getRealDnsServer() {
        return this.P.b();
    }

    public boolean hasTcpConnectivityToGateway() {
        InetSocketAddress inetSocketAddress = new InetSocketAddress(this.C, Integer.parseInt(this.D));
        for (int i10 = 0; i10 < 3; i10++) {
            try {
                Socket socket = new Socket();
                try {
                    socket.connect(inetSocketAddress, 1000);
                    CtxLog.g(f7543y0, inetSocketAddress + " is reachable");
                    socket.close();
                    return true;
                } finally {
                }
            } catch (IOException e10) {
                CtxLog.q(f7543y0, inetSocketAddress + " is not reachable", e10);
            }
        }
        return false;
    }

    public boolean isGwConnectivityLostMessageEnabled() {
        return this.f7558n0;
    }

    public boolean isMuxReceiveTimeoutDisabled() {
        return this.f7559o0;
    }

    public boolean isStopped() {
        return this.f7563s0 || this.f7562r0;
    }

    protected void m0(int i10) {
        String str = f7543y0;
        CtxLog.g(str, "Shutting down vpn service");
        this.f7563s0 = true;
        F();
        if (this.M == null) {
            CtxLog.d(str, "VPN interface already cleared");
            return;
        }
        E();
        try {
            try {
                this.M.close();
            } catch (IOException unused) {
                CtxLog.Error(f7543y0, "Unable to close VPN interface while shutting down.");
            }
            o6.b.c().deleteObservers();
            if (i10 != 6005) {
                p0();
                sendMessageToReceiver(i10);
            }
            this.f7566v0 = false;
        } finally {
            this.M = null;
        }
    }

    public void onDestroy() {
        CtxLog.b(f7543y0, "onDestroy called");
        m0(5002);
        this.O.shutdownNow();
        sendMessageToReceiver(5004);
    }

    public synchronized void onGwConnectivityLostMessage(long j10) {
        if (!isGwConnectivityLostMessageEnabled()) {
            CtxLog.Info(f7543y0, "Ignoring gateway connectivity lost message, FF disabled");
            return;
        }
        long j11 = j10 - this.U.get();
        if (j11 >= 0) {
            f7542x0.sendMessageToReceiver(5005);
            return;
        }
        CtxLog.Info(f7543y0, "Ignoring gateway connectivity lost message because it is from an earlier connection attempt than current MUX (re)connect. Time diff: " + j11);
    }

    public void onRevoke() {
        CtxLog.Info(f7543y0, "onRevoke called, OS requires us to shut down VPN service");
        this.f7550f0.putBoolean("isRevoked", true);
        disconnectVPN(5002);
        V(false);
    }

    public int onStartCommand(Intent intent, int i10, int i11) {
        String str = f7543y0;
        CtxLog.o(str, "onStartCommand called, flags: %d, startId: %d", Integer.valueOf(i10), Integer.valueOf(i11));
        this.f7561q0 = i11;
        this.f7550f0.clear();
        if (intent != null) {
            return startVpn(intent.getExtras());
        }
        CtxLog.Error(str, "Null intent received, can't start VPN");
        return 2;
    }

    public boolean protect(DatagramSocket datagramSocket) {
        return this.f7547c0.protect(datagramSocket);
    }

    public boolean protect(Socket socket) {
        return this.f7547c0.protect(socket);
    }

    public synchronized void reconnectMuxChannel() {
        if (isStopped()) {
            CtxLog.g(f7543y0, "Service is stopping, skipping MUX reconnect");
            return;
        }
        if (this.T == null) {
            CtxLog.Info(f7543y0, "MUX is not initialized yet or already cleaned up, skipping MUX reconnect");
            return;
        }
        if (this.f7566v0) {
            CtxLog.Info(f7543y0, "MUX reconnect already in progress");
            return;
        }
        this.f7566v0 = true;
        CtxLog.g(f7543y0, "Submitting Reconnect MUX task");
        this.f7567w.removeCallbacks(this.f7568w0);
        this.f7567w.postDelayed(this.f7568w0, TimeUnit.SECONDS.toMillis(2L));
    }

    public void reconnectService(Bundle bundle) {
        String str = f7543y0;
        CtxLog.Info(str, "Attempting to reconnect VPN service with new session...");
        String string = bundle.getString("COOKIE");
        if (string == null) {
            CtxLog.Error(str, "New session cookie is null, can't reconnect VPN");
        } else {
            this.f7564t0.a(string);
            o0(this.f7564t0);
        }
    }

    public void reconnectTunnel() {
        String str = f7543y0;
        CtxLog.Info(str, "Attempting to reconnect VPN tunnel...");
        q0();
        CtxLog.Info(str, "VPN tunnel teardown completed, setting it up again...");
        o0(this.f7564t0);
    }

    @Override // java.lang.Runnable
    public void run() {
        int i10;
        this.f7565u0.lock();
        boolean z10 = true;
        int i11 = 7008;
        try {
            try {
                e0();
                f7542x0 = this;
                this.P = new s(H());
            } catch (Exception e10) {
                CtxLog.k(f7543y0, "Exception while setting up VPN tunnel", e10);
            }
            if (TextUtils.isEmpty(this.E)) {
                CtxLog.Error(f7543y0, "mCookie is null is empty, was not initialized properly when starting the VPN.");
                b0("failure_reason", "Session cookie empty");
            } else {
                if (!TextUtils.isEmpty(this.D)) {
                    e eVar = new e();
                    if (eVar.a()) {
                        k b10 = eVar.b();
                        String str = f7543y0;
                        CtxLog.f(str, "Got gateway config: %s", b10.toString());
                        U();
                        VpnService.Builder I = I();
                        j0(b10, I);
                        I.setMtu(1500);
                        if (Build.VERSION.SDK_INT >= 29) {
                            I.setMetered(false);
                        }
                        r0(b10, I);
                        g0(b10, I);
                        if (!d0(I)) {
                            CtxLog.Warning(str, "None of the per-app VPN allowed/disallowed apps are installed");
                        }
                        a0(I, b10);
                        try {
                            ParcelFileDescriptor establish = I.setSession(this.B).setConfigureIntent(this.I).establish();
                            this.M = establish;
                            if (establish == null) {
                                throw new IOException("VPN interface can't be created");
                            }
                            f0(b10, this.f7570y);
                            o6.b.c().addObserver(this.P);
                            if (this.f7560p0 == null) {
                                this.f7560p0 = (ConnectivityManager) H().getSystemService("connectivity");
                            }
                            i11 = 5001;
                            return;
                        } catch (IOException | IllegalArgumentException | IllegalStateException | SecurityException e11) {
                            CtxLog.Error(f7543y0, "Could not create interface " + e11.getMessage());
                            b0("failure_reason", "Tunnel interface creation failed");
                            i10 = 7006;
                        }
                    } else {
                        z10 = eVar.e();
                        i10 = eVar.c();
                    }
                    G(z10, i10);
                    this.f7565u0.unlock();
                }
                CtxLog.Error(f7543y0, "mServerPort is empty, was not initialized properly when starting the VPN.");
                b0("failure_reason", "Gateway port not set");
            }
            G(true, 7007);
            this.f7565u0.unlock();
        } finally {
            G(true, 7008);
            this.f7565u0.unlock();
        }
    }

    public synchronized void sendMessageToReceiver(int i10) {
        try {
            String str = f7543y0;
            CtxLog.Info(str, "sending msg to CR : " + i10);
            if (this.A != null) {
                try {
                    Message obtain = Message.obtain((Handler) null, i10);
                    obtain.setData(this.f7550f0);
                    if (5001 == i10) {
                        obtain.replyTo = this.f7569x;
                    }
                    InetAddress inetAddress = this.f7571z;
                    if (inetAddress != null) {
                        obtain.arg1 = o6.d.h(inetAddress.getHostAddress());
                    }
                    obtain.arg2 = R();
                    this.A.send(obtain);
                } catch (RemoteException e10) {
                    CtxLog.Error(f7543y0, "Receiver (" + this.A + ") not available. " + e10.getMessage());
                    this.A = null;
                    disconnectVPN(6001);
                }
            } else {
                CtxLog.Error(str, "receiverMessenger is null " + i10);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public void setVpnService(VpnService vpnService) {
        this.f7547c0 = vpnService;
    }

    public int startVpn(Bundle bundle) {
        if (bundle == null) {
            CtxLog.Error(f7543y0, "Empty parameters received, can't start VPN");
            return 2;
        }
        d dVar = new d(bundle);
        this.f7564t0 = dVar;
        return o0(dVar);
    }

    public void stopTunnel() {
        String str = f7543y0;
        CtxLog.Info(str, "Attempting to stop VPN tunnel...");
        q0();
        sendMessageToReceiver(5006);
        CtxLog.Info(str, "VPN tunnel stopped");
    }

    public void updateLastSuccessfulConnectTime() {
        this.U.set(System.nanoTime());
    }
}
