package de.schaeuffelhut.android.openvpn.service.impl;

import android.content.Context;
import android.net.LocalServerSocket;
import android.os.ParcelFileDescriptor;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.common.net.InetAddresses;
import de.schaeuffelhut.android.openvpn.service.VpnServiceStateHolder;
import de.schaeuffelhut.android.openvpn.service.impl.OpenVpnGenericState;
import de.schaeuffelhut.android.openvpn.service.impl.OpenVpnLifeCycleHandler;
import de.schaeuffelhut.android.openvpn.shared.util.CidrPrefix;
import de.schaeuffelhut.android.openvpn.shared.util.JniUtil;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import net.torguard.openvpn.client.api14.TorGuardVpnService;
import net.torguard.openvpn.client.api14.models.Remote;
import net.torguard.openvpn.client.events.WireGuardSetUpResponse;
import net.torguard.openvpn.client.torguardapi.CredentialsStore;
import net.torguard.openvpn.client.wgutil.WireGuardAPI;
import net.torguard.openvpn.client.wgutil.WireGuardClientConfiguration;
import net.torguard.openvpn.client.wgutil.WireGuardException;
import net.torguard.openvpn.client.wgutil.WireGuardKeyPair;
import net.torguard.openvpn.client.wgutil.WireGuardPeer;
import net.torguard.openvpn.client.wgutil.WireGuardWrapperCommunicator;
import org.greenrobot.eventbus.EventBus;
import org.greenrobot.eventbus.Subscribe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class WireGuardManagementThread extends ManagementThread implements WireGuardWrapperCommunicator.CommunicatorCallback {
    public final WireGuardDaemonMonitor daemonMonitor;
    public IfConfig ifConfig;
    public OpenVpnLifeCycleHandler lch;
    public Context mContext;
    public Remote remote;
    public final WireGuardWrapperCommunicator wgCommunicator;
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) WireGuardManagementThread.class);
    public static long RECONNECTION_TIMEOUT = 210;
    public static long FORCED_RECONNECTION_TIMEOUT = 86400;
    public static WireGuardKeyPair keys = null;
    public final CountDownLatch mTerminated = new CountDownLatch(1);
    public String localIp = "";
    public String lastState = "WAIT";
    public String username = "";
    public String password = "";
    public final Object monitorLock = new Object();
    public final Object lockInterfacePreparation = new Object();
    public OpenVpnGenericState.CredentialsRequest credentialsRequest = OpenVpnGenericState.CredentialsRequest.NONE;
    public int authRetry = 0;
    public boolean stopRequest = false;
    public int reAuthCounter = 0;
    public boolean wgEnabled = false;

    /* renamed from: de.schaeuffelhut.android.openvpn.service.impl.WireGuardManagementThread$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$de$schaeuffelhut$android$openvpn$service$impl$OpenVpnGenericState$CredentialsRequest;

        static {
            int[] iArr = new int[OpenVpnGenericState.CredentialsRequest.values().length];
            $SwitchMap$de$schaeuffelhut$android$openvpn$service$impl$OpenVpnGenericState$CredentialsRequest = iArr;
            try {
                OpenVpnGenericState.CredentialsRequest credentialsRequest = OpenVpnGenericState.CredentialsRequest.USERNAME_PASSWORD;
                iArr[2] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = $SwitchMap$de$schaeuffelhut$android$openvpn$service$impl$OpenVpnGenericState$CredentialsRequest;
                OpenVpnGenericState.CredentialsRequest credentialsRequest2 = OpenVpnGenericState.CredentialsRequest.PASSPHRASE;
                iArr2[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    public class CredentialsReceiverImpl implements OpenVpnLifeCycleHandler.CredentialsReceiver {
        public /* synthetic */ CredentialsReceiverImpl(AnonymousClass1 anonymousClass1) {
        }

        @Override // de.schaeuffelhut.android.openvpn.service.impl.OpenVpnLifeCycleHandler.CredentialsReceiver
        public void setUsernamePassword(String str, String str2) {
            WireGuardManagementThread.this.sendUserPassword(str, str2);
        }
    }

    public WireGuardManagementThread(Context context, LocalServerSocket localServerSocket, IfConfigFactory ifConfigFactory, OpenVpnLifeCycleHandler openVpnLifeCycleHandler, WireGuardDaemonMonitor wireGuardDaemonMonitor) throws WireGuardException {
        this.mContext = context;
        this.ifConfig = ((TorGuardVpnService.MyIfConfigFactory) ifConfigFactory).createIfConfig();
        this.lch = openVpnLifeCycleHandler;
        openVpnLifeCycleHandler.setManagementThread(this);
        if (keys == null) {
            keys = new WireGuardKeyPair(this.mContext);
        }
        this.remote = new Remote();
        this.daemonMonitor = wireGuardDaemonMonitor;
        this.wgCommunicator = new WireGuardWrapperCommunicator(localServerSocket, this);
    }

    public final long currentTimestampInSecs() {
        return System.currentTimeMillis() / 1000;
    }

    @Override // net.torguard.openvpn.client.wgutil.WireGuardWrapperCommunicator.CommunicatorCallback
    public void destroyConnection() {
        this.stopRequest = true;
        if (EventBus.getDefault().isRegistered(this)) {
            EventBus.getDefault().unregister(this);
        }
        this.remote.host.isEmpty();
    }

    public final void monitor() {
        synchronized (this.monitorLock) {
            long currentTimestampInSecs = currentTimestampInSecs();
            if (!this.wgEnabled) {
                onLog("Wg interface is not yet enabled");
                onState(currentTimestampInSecs, "CONNECTING", this.localIp, "");
                return;
            }
            int i = this.reAuthCounter + 1;
            this.reAuthCounter = i;
            if (i > 600) {
                this.reAuthCounter = 0;
                WireGuardAPI.runWireGuardReAuth(this.mContext, this.remote.host, this.remote.port, this.username, this.password, keys.getPublicKeyExceptionSafe(this.mContext));
            }
            try {
                this.wgCommunicator.getWgConfig(currentTimestampInSecs);
            } catch (IOException e) {
                LOGGER.error("WgConfig could not be retrieved", (Throwable) e);
                onLog("WgConfig could not be retrieved, closing connection");
                onFatal("Error reading WG configuration");
                destroyConnection();
            }
        }
    }

    public final void onFatal(String str) {
        LOGGER.debug(str);
        this.lch.onFatal(str);
    }

    public final void onLog(String str) {
        LOGGER.debug(str);
        this.lch.onLog(str);
    }

    public final void onPassword() {
        this.credentialsRequest = OpenVpnGenericState.CredentialsRequest.USERNAME_PASSWORD;
        if (this.lch.hasUsernamePassword(this.authRetry)) {
            this.lch.supplyPassword(new CredentialsReceiverImpl(null));
        } else {
            this.lch.onPassword(this.authRetry);
        }
    }

    @Subscribe
    public void onServerResponse(WireGuardSetUpResponse wireGuardSetUpResponse) {
        synchronized (this.lockInterfacePreparation) {
            if (this.wgEnabled) {
                LOGGER.debug("Wg Interface is already active");
                return;
            }
            LOGGER.debug("Turning old WireGuard interface off...");
            this.wgCommunicator.sendCommandImmediately(WireGuardWrapperCommunicator.COMMAND_OFF);
            if (wireGuardSetUpResponse.localError) {
                LOGGER.error("Local error, no valid request created, aborting connection");
                onFatal("Local error occurred while trying to communicate to the server");
                reconnectToServer();
                return;
            }
            if (!wireGuardSetUpResponse.responseReceived) {
                LOGGER.error("Server error, no valid response received, aborting connection");
                onFatal("No valid response received from server");
                reconnectToServer();
                return;
            }
            if (wireGuardSetUpResponse.statusCode == 401) {
                LOGGER.debug("Username/Password not accepted");
                int i = this.authRetry + 1;
                this.authRetry = i;
                OpenVpnGenericState.CredentialsRequest credentialsRequest = OpenVpnGenericState.CredentialsRequest.USERNAME_PASSWORD;
                this.credentialsRequest = credentialsRequest;
                OpenVpnGenericState.CredentialsRequest onPasswordVerificationFailed = this.lch.onPasswordVerificationFailed(credentialsRequest, i);
                this.credentialsRequest = onPasswordVerificationFailed;
                if (onPasswordVerificationFailed.needsCredentials) {
                    onPassword();
                } else {
                    setupPeerToServer();
                }
                onState(currentTimestampInSecs(), "AUTH", "", "");
                return;
            }
            if (!(wireGuardSetUpResponse.statusCode == 200)) {
                LOGGER.error("Server error, status code: {}", Integer.valueOf(wireGuardSetUpResponse.statusCode));
                onFatal("Server error");
                reconnectToServer();
                return;
            }
            try {
                WireGuardClientConfiguration parseWireGuardServerResponse = WireGuardClientConfiguration.parseWireGuardServerResponse(keys, wireGuardSetUpResponse.response);
                ArrayList arrayList = new ArrayList(parseWireGuardServerResponse.wgInterface.addresses);
                WireGuardPeer wireGuardPeer = parseWireGuardServerResponse.wgPeer;
                List<InetAddress> list = parseWireGuardServerResponse.dns;
                if (arrayList.size() != 1) {
                    if (arrayList.size() == 0) {
                        LOGGER.error("No local addresses received, while we expect one local address");
                    } else {
                        LOGGER.error("Multiple local addresses received, while we expect only one local address");
                        Iterator it = arrayList.iterator();
                        while (it.hasNext()) {
                            LOGGER.error("Address: {}", ((CidrPrefix) it.next()).toString());
                        }
                    }
                    onFatal("Error preparing WireGuard configuration");
                    reconnectToServer();
                    return;
                }
                CidrPrefix cidrPrefix = (CidrPrefix) arrayList.get(0);
                this.localIp = cidrPrefix.address;
                this.ifConfig.setIfconfig(cidrPrefix.address + " " + cidrPrefix.maskDotForm() + " 1500 subnet");
                for (CidrPrefix cidrPrefix2 : wireGuardPeer.allowedIps) {
                    this.ifConfig.setRoute(cidrPrefix2.address + " " + cidrPrefix2.maskDotForm());
                }
                Iterator<InetAddress> it2 = list.iterator();
                while (it2.hasNext()) {
                    this.ifConfig.dnsServers.add(InetAddresses.toAddrString(it2.next()));
                }
                try {
                    prepareInterface(parseWireGuardServerResponse);
                } catch (WireGuardException e) {
                    LOGGER.error("Exception while preparing configuration from server response: {}", wireGuardSetUpResponse.response);
                    LOGGER.error("Aborting connection", (Throwable) e);
                    onFatal("Exception while preparing configuration, aborting connection");
                    reconnectToServer();
                }
            } catch (WireGuardException e2) {
                LOGGER.error("Error preparing WireGuard client configuration, aborting", (Throwable) e2);
                onFatal("Error preparing WireGuard configuration");
                reconnectToServer();
            }
        }
    }

    public final void onState(long j, String str, String str2, String str3) {
        LOGGER.info("State: {}", str);
        if (!this.lastState.equals(VpnServiceStateHolder.instance.getVpnState().openVpnStateName)) {
            LOGGER.error("Last state {}, does not correspond to last state in VpnServiceStateHolder {}", str, VpnServiceStateHolder.instance.getVpnState().openVpnStateName);
            LOGGER.debug("Synchronize last states...");
            this.lastState = VpnServiceStateHolder.instance.getVpnState().openVpnStateName;
        }
        if (str.equals(this.lastState)) {
            return;
        }
        LOGGER.info("New state {}, calling lifecyclehandlers", str);
        this.lastState = str;
        if ("CONNECTING".equals(str)) {
            this.lch.onState(new OpenVpnStateConnecting(j, this.credentialsRequest));
            return;
        }
        if ("TCP_CONNECT".equals(str)) {
            this.lch.onState(new OpenVpnStateTcpConnect(j, this.credentialsRequest));
            return;
        }
        if ("RESOLVE".equals(str)) {
            this.lch.onState(new OpenVpnStateResolve(j, this.credentialsRequest));
            return;
        }
        if ("WAIT".equals(str)) {
            this.lch.onState(new OpenVpnStateWait(j, this.credentialsRequest));
            return;
        }
        if ("AUTH".equals(str)) {
            this.lch.onState(new OpenVpnStateAuth(j, this.credentialsRequest));
            return;
        }
        if ("GET_CONFIG".equals(str)) {
            this.lch.onState(new OpenVpnStateGetConfig(j, this.credentialsRequest));
            return;
        }
        if ("ASSIGN_IP".equals(str)) {
            this.lch.onState(new OpenVpnStateAssignIp(j, str2, this.credentialsRequest));
            return;
        }
        if ("ADD_ROUTES".equals(str)) {
            this.lch.onState(new OpenVpnStateAddRoutes(j, this.credentialsRequest));
            return;
        }
        if ("CONNECTED".equals(str)) {
            this.authRetry = 0;
            this.lch.onState(new OpenVpnStateConnected(j, "", str2, str3, this.credentialsRequest));
        } else if ("RECONNECTING".equals(str)) {
            this.lch.onState(new OpenVpnStateReconnecting(j, "", this.credentialsRequest));
        } else if ("EXITING".equals(str)) {
            this.lch.onState(new OpenVpnStateExiting(j, "", this.credentialsRequest));
        } else {
            LOGGER.info("Unknown state.");
        }
    }

    @Override // net.torguard.openvpn.client.wgutil.WireGuardWrapperCommunicator.CommunicatorCallback
    public void parseWgConfig(long j, WireGuardWrapperCommunicator.WireGuardConfigResult wireGuardConfigResult) {
        onLog(wireGuardConfigResult.toString());
        this.lch.onByteCount(wireGuardConfigResult.bytesIn, wireGuardConfigResult.bytesOut);
        long j2 = wireGuardConfigResult.lastHandshakeTimestamp;
        if (j2 == 0) {
            LOGGER.debug("No handshake received yet");
            onState(currentTimestampInSecs(), "CONNECTING", this.localIp, wireGuardConfigResult.remoteIp);
            return;
        }
        if (FORCED_RECONNECTION_TIMEOUT + j2 >= j) {
            if (j2 + RECONNECTION_TIMEOUT >= j) {
                onState(j, "CONNECTED", this.localIp, wireGuardConfigResult.remoteIp);
                return;
            } else {
                LOGGER.debug("Handshake is old, WireGuard is trying to reconnect");
                onState(j, "RECONNECTING", this.localIp, wireGuardConfigResult.remoteIp);
                return;
            }
        }
        LOGGER.warn("Long time since last handshake, forcing reconnection...");
        onState(currentTimestampInSecs(), "RECONNECTING", this.localIp, wireGuardConfigResult.remoteIp);
        WireGuardDaemonMonitor wireGuardDaemonMonitor = this.daemonMonitor;
        wireGuardDaemonMonitor.stop();
        try {
            wireGuardDaemonMonitor.waitForTermination();
        } catch (InterruptedException unused) {
            WireGuardDaemonMonitor.LOGGER.debug("Joining ManagementThread was interrupted");
        }
        wireGuardDaemonMonitor.start();
    }

    public void prepareInterface(WireGuardClientConfiguration wireGuardClientConfiguration) throws WireGuardException {
        LOGGER.debug("Turning WireGuard interface on...");
        ParcelFileDescriptor establish = this.ifConfig.establish();
        this.wgCommunicator.turnInterfaceOn(establish, wireGuardClientConfiguration);
        try {
            establish.close();
        } catch (IOException unused) {
            LOGGER.error("Failed to close our side of tun fd");
        }
        this.wgCommunicator.sendCommandImmediately(WireGuardWrapperCommunicator.COMMAND_GET_SOCKET_V4);
        LOGGER.debug("Wg interface is turned on");
        this.wgEnabled = true;
    }

    @Override // net.torguard.openvpn.client.wgutil.WireGuardWrapperCommunicator.CommunicatorCallback
    public void protectFds() {
        WireGuardWrapperCommunicator wireGuardWrapperCommunicator = this.wgCommunicator;
        FileDescriptor[] fileDescriptorArr = null;
        if (wireGuardWrapperCommunicator == null) {
            throw null;
        }
        try {
            fileDescriptorArr = wireGuardWrapperCommunicator.mSocket.getAncillaryFileDescriptors();
        } catch (IOException e) {
            WireGuardWrapperCommunicator.LOGGER.error("Error reading fds from socket", (Throwable) e);
        }
        if (fileDescriptorArr == null) {
            LOGGER.error("No File Descriptors received");
            destroyConnection();
            return;
        }
        for (FileDescriptor fileDescriptor : fileDescriptorArr) {
            this.ifConfig.protect(fileDescriptor);
            JniUtil.closeQuietly(fileDescriptor);
        }
        LOGGER.debug("File descriptors protected");
    }

    public final void reconnectToServer() {
        onState(currentTimestampInSecs(), "RECONNECTING", "", "");
        setupPeerToServer();
    }

    @Override // de.schaeuffelhut.android.openvpn.service.impl.ManagementThread
    public void restartVpn() {
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        WireGuardWrapperCommunicator wireGuardWrapperCommunicator;
        LOGGER.debug("Wg management thread started");
        onState(currentTimestampInSecs(), "CONNECTING", "", "");
        try {
            try {
                this.wgCommunicator.blockTillNewConnection();
                this.lch.onManagementSocketConnected();
                LOGGER.trace("Successfully attached to WireGuard wrapper");
                wireGuardWrapperCommunicator = this.wgCommunicator;
            } catch (IOException e) {
                LOGGER.error("Error accepting incoming connection.", (Throwable) e);
            }
            if (wireGuardWrapperCommunicator == null) {
                throw null;
            }
            try {
                wireGuardWrapperCommunicator.localServerSocket.close();
            } catch (IOException e2) {
                WireGuardWrapperCommunicator.LOGGER.error("Error closing the server socket.", (Throwable) e2);
            }
            if (!EventBus.getDefault().isRegistered(this)) {
                EventBus.getDefault().register(this);
            }
            onPassword();
            onState(currentTimestampInSecs(), "AUTH", "", "");
            while (!this.stopRequest) {
                try {
                    Thread.sleep(3000L);
                    monitor();
                } catch (InterruptedException e3) {
                    e3.printStackTrace();
                }
            }
            LOGGER.debug("Turning WireGuard interface off...");
            this.wgCommunicator.sendCommandImmediately(WireGuardWrapperCommunicator.COMMAND_OFF);
            LOGGER.debug("Stopping WireGuard Wrapper...");
            this.wgCommunicator.sendCommandImmediately(WireGuardWrapperCommunicator.COMMAND_STOP_WG_WRAPPER);
        } finally {
            this.lch.onManagementSocketDisconnected();
            this.mTerminated.countDown();
            this.wgCommunicator.closeQuietly();
            LOGGER.debug("Wg management thread terminated");
            onState(currentTimestampInSecs(), "EXITING", "", "");
        }
    }

    @Override // de.schaeuffelhut.android.openvpn.service.impl.ManagementThread
    public void sendByteCountCommand(int i) {
        monitor();
    }

    @Override // de.schaeuffelhut.android.openvpn.service.impl.ManagementThread
    public void sendUserPassword(String str, String str2) {
        LOGGER.debug("Logging in to the server...");
        this.lch.onSuccessAuthUsernameEntered();
        this.username = str;
        this.password = str2;
        CredentialsStore.username = str;
        CredentialsStore.password = str2;
        onState(currentTimestampInSecs(), "CONNECTING", "", "");
        setupPeerToServer();
        this.credentialsRequest = OpenVpnGenericState.CredentialsRequest.NONE;
    }

    public final void setupPeerToServer() {
        Remote onRemote = this.lch.onRemote(this.remote);
        this.remote = onRemote;
        Context context = this.mContext;
        WireGuardAPI.runWireGuardSetup(context, onRemote.host, onRemote.port, this.username, this.password, keys.getPublicKeyExceptionSafe(context));
    }

    @Override // de.schaeuffelhut.android.openvpn.service.impl.ManagementThread
    public void stopVpn() {
        destroyConnection();
    }

    @Override // java.lang.Thread
    public String toString() {
        StringBuilder outline9 = GeneratedOutlineSupport.outline9("WireGuardManagementThread@");
        outline9.append(System.identityHashCode(this));
        outline9.append("{isAlive='");
        outline9.append(isAlive());
        outline9.append('\'');
        outline9.append('}');
        return outline9.toString();
    }

    @Override // de.schaeuffelhut.android.openvpn.service.impl.ManagementThread
    public void waitTerminatedCountDown() throws InterruptedException {
        this.mTerminated.await();
    }
}
