package com.google.android.libraries.privacy.ppn.krypton;

import android.content.Context;
import android.net.IpSecAlgorithm;
import android.net.IpSecManager;
import android.net.IpSecTransform;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import android.util.Log;
import defpackage.clp;
import defpackage.khm;
import defpackage.khq;
import defpackage.kiv;
import defpackage.kiz;
import defpackage.oyl;
import java.io.IOException;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class KryptonIpSecHelperImpl implements KryptonIpSecHelper {
    private static final String TAG = "KryptonIpSecHelperImpl";
    private final Context context;
    private final IpSecManager ipSecManager;
    private final kiz xenon;
    private IpSecManager.SecurityParameterIndex uplinkSpi = null;
    private IpSecManager.SecurityParameterIndex downlinkSpi = null;
    private IpSecTransform inTransform = null;
    private IpSecTransform outTransform = null;
    private IpSecManager.UdpEncapsulationSocket encapsulationSocket = null;
    private KryptonKeepaliveHelper keepaliveHelper = null;
    private final Object lock = new Object();

    public KryptonIpSecHelperImpl(Context context, kiz kizVar) {
        this.context = context;
        this.ipSecManager = (IpSecManager) context.getSystemService("ipsec");
        this.xenon = kizVar;
    }

    private IpSecTransform buildTransform(InetAddress inetAddress, IpSecManager.SecurityParameterIndex securityParameterIndex, byte[] bArr, int i) {
        IpSecTransform.Builder authenticatedEncryption = new IpSecTransform.Builder(this.context).setAuthenticatedEncryption(new IpSecAlgorithm("rfc4106(gcm(aes))", bArr, 128));
        IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket = this.encapsulationSocket;
        if (udpEncapsulationSocket != null) {
            authenticatedEncryption = authenticatedEncryption.setIpv4Encapsulation(udpEncapsulationSocket, i);
        }
        return authenticatedEncryption.buildTransportModeTransform(inetAddress, securityParameterIndex);
    }

    private void close() {
        synchronized (this.lock) {
            IpSecManager.SecurityParameterIndex securityParameterIndex = this.uplinkSpi;
            if (securityParameterIndex != null) {
                securityParameterIndex.close();
                this.uplinkSpi = null;
            }
            IpSecManager.SecurityParameterIndex securityParameterIndex2 = this.downlinkSpi;
            if (securityParameterIndex2 != null) {
                securityParameterIndex2.close();
                this.downlinkSpi = null;
            }
            IpSecTransform ipSecTransform = this.inTransform;
            if (ipSecTransform != null) {
                ipSecTransform.close();
                this.inTransform = null;
            }
            IpSecTransform ipSecTransform2 = this.outTransform;
            if (ipSecTransform2 != null) {
                ipSecTransform2.close();
                this.outTransform = null;
            }
            KryptonKeepaliveHelper kryptonKeepaliveHelper = this.keepaliveHelper;
            if (kryptonKeepaliveHelper != null) {
                kryptonKeepaliveHelper.stopKeepalive();
            }
            IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket = this.encapsulationSocket;
            if (udpEncapsulationSocket != null) {
                try {
                    udpEncapsulationSocket.close();
                    this.encapsulationSocket = null;
                } catch (IOException e) {
                    Log.w(TAG, "Exception while closing encapsulation socket.", e);
                }
            }
        }
    }

    private static InetAddress getDestinationAddress(kiv kivVar, String str) {
        return kivVar.b.getByName(str);
    }

    private static byte[] getKeyingMaterial(oyl oylVar, oyl oylVar2) {
        byte[] A = oylVar.A();
        byte[] A2 = oylVar2.A();
        int length = A.length;
        int length2 = A2.length;
        byte[] copyOf = Arrays.copyOf(A, length + length2);
        System.arraycopy(A2, 0, copyOf, length, length2);
        return copyOf;
    }

    private InetAddress getLocalAddress(kiv kivVar, InetAddress inetAddress) {
        DatagramSocket datagramSocket = new DatagramSocket();
        try {
            kivVar.b.bindSocket(datagramSocket);
            datagramSocket.connect(inetAddress, 443);
            if (datagramSocket.getLocalAddress().isAnyLocalAddress()) {
                throw new KryptonException("Local address is wildcard address. This usually means the network does not support the same protocol (IPv4 vs IPv6) as the remote address.");
            }
            return datagramSocket.getLocalAddress();
        } finally {
            datagramSocket.close();
        }
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.KryptonIpSecHelper
    public void removeTransformFromFd(int i) {
        try {
            Log.w(TAG, "Removing transforms.");
            this.ipSecManager.removeTransportModeTransforms(ParcelFileDescriptor.fromFd(i).getFileDescriptor());
            close();
        } catch (IOException e) {
            throw new KryptonException("Error encountered when removing transform from fd.", e);
        }
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.KryptonIpSecHelper
    public void transformFd(khm khmVar, boolean z, Runnable runnable) {
        IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket;
        Log.w(TAG, "Setting up transformFd for network = " + khmVar.g);
        kiv a = this.xenon.a(khmVar.g);
        if (a == null) {
            throw new KryptonException("Unable to fetch network with id " + khmVar.g);
        }
        Log.w(TAG, "Network lookup succeeded: ".concat(a.toString()));
        try {
            InetAddress destinationAddress = getDestinationAddress(a, khmVar.i);
            try {
                InetAddress localAddress = getLocalAddress(a, destinationAddress);
                synchronized (this.lock) {
                    close();
                    ParcelFileDescriptor adoptFd = ParcelFileDescriptor.adoptFd(khmVar.h);
                    try {
                        try {
                            int i = khmVar.e;
                            if (i == 0) {
                                throw new KryptonException("missing uplink spi");
                            }
                            this.uplinkSpi = this.ipSecManager.allocateSecurityParameterIndex(destinationAddress, i);
                            int i2 = khmVar.f;
                            if (i2 == 0) {
                                throw new KryptonException("missing downlink spi");
                            }
                            this.downlinkSpi = this.ipSecManager.allocateSecurityParameterIndex(localAddress, i2);
                            khq b = khq.b(khmVar.j);
                            if (b == null) {
                                b = khq.V4;
                            }
                            if (b == khq.V4) {
                                this.encapsulationSocket = this.ipSecManager.openUdpEncapsulationSocket();
                            }
                            this.outTransform = buildTransform(localAddress, this.uplinkSpi, getKeyingMaterial(khmVar.a, khmVar.c), khmVar.k);
                            this.inTransform = buildTransform(destinationAddress, this.downlinkSpi, getKeyingMaterial(khmVar.b, khmVar.d), khmVar.k);
                            this.ipSecManager.applyTransportModeTransform(adoptFd.getFileDescriptor(), 0, this.inTransform);
                            this.ipSecManager.applyTransportModeTransform(adoptFd.getFileDescriptor(), 1, this.outTransform);
                            if (Build.VERSION.SDK_INT >= 29 && z && (udpEncapsulationSocket = this.encapsulationSocket) != null) {
                                if (this.keepaliveHelper == null) {
                                    this.keepaliveHelper = new KryptonKeepaliveHelperImpl(this.context);
                                }
                                this.keepaliveHelper.startKeepalive(a.b, udpEncapsulationSocket, localAddress, destinationAddress, khmVar.l, runnable);
                            }
                        } catch (Exception e) {
                            close();
                            throw new KryptonException("Unable to apply IpSec transforms to fd.", e);
                        }
                    } finally {
                        adoptFd.detachFd();
                    }
                }
            } catch (Exception e2) {
                throw new KryptonException(clp.b(destinationAddress, "Unable to get local address for ", " for transform."), e2);
            }
        } catch (UnknownHostException e3) {
            throw new KryptonException("Unable to resolve destination address for transform.", e3);
        }
    }
}
