package com.secure.sportal.sdk.vpn;

import android.app.PendingIntent;
import android.content.Intent;
import android.net.VpnService;
import android.os.Build;
import android.os.Handler;
import android.os.Looper;
import android.os.ParcelFileDescriptor;
import android.system.OsConstants;
import android.widget.Toast;
import com.secure.comm.SPLog;
import com.secure.comm.net.SPIPCIDR;
import com.secure.comm.net.SPIPPool;
import com.secure.comm.net.SPIPRange;
import com.secure.comm.utils.SPIPUtil;
import com.secure.comm.utils.SPNetUtil;
import com.secure.sportal.entry.SPNCIFConfigInfo;
import com.secure.sportal.entry.SPServiceInfo;
import com.secure.sportal.gateway.GatewayAgent;
import com.secure.sportal.gateway.GatewayAgentAuth;
import com.secure.sportal.gateway.GatewayLink;
import com.secure.sportal.gateway.msg.GatewayRsp;
import com.secure.sportal.jni.SPLibBridge;
import com.secure.sportal.sdk.app.SPNCConfigActivity;
import com.secure.sportal.service.PortalSession;
import com.tencent.mm.sdk.platformtools.Util;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: classes5.dex */
public class SPNCService extends VpnService implements Runnable {
    public static final String NC_DATA = "ncdata";
    public static final String START_SERVICE = "startnc";
    private static final int STATE_RUN = 3;
    private static final int STATE_SSL = 1;
    private static final int STATE_TUN = 2;
    private static SPLog mLog = SPLog.getLog("").prefix("nc");
    private static AtomicBoolean mRunning = new AtomicBoolean(false);
    private Handler mHandler;
    private SPNCIFConfigInfo mIFConfig;
    private PendingIntent mPendingIntent;
    private SocketChannel mSSLConn;
    private byte[] mSSLData;
    private int mSSLLen;
    private int mState;
    private byte[] mTicket;
    private byte[] mTunData;
    private ParcelFileDescriptor mTunFD;
    private FileInputStream mTunIns;
    private FileOutputStream mTunOuts;
    private String mUsername;
    private String mVpnIP;
    private int mVpnPort;
    private List<SPIPCIDR> mSvcRouteList = new ArrayList();
    private List<SPServiceInfo> mSvcList = new ArrayList();
    private boolean mLoginRenew = false;
    private boolean mToastMsg = true;
    private boolean mInetBlocking = false;
    private List<SPIPCIDR> mInetBlockingRouteList = new ArrayList();
    private SPIPPool mInetBlockingBlackPool = new SPIPPool();
    private List<String> mBypassPkgNames = new ArrayList();
    private List<String> mBypassIPs = new ArrayList();
    private AtomicInteger mTunState = new AtomicInteger(0);

    private void allowAFFamilies(VpnService.Builder builder) {
        builder.allowFamily(OsConstants.AF_INET);
    }

    private void closeRemote() {
        mLog.i("closeRemote", new Object[0]);
        SocketChannel socketChannel = this.mSSLConn;
        if (socketChannel != null) {
            try {
                socketChannel.close();
            } catch (Exception unused) {
            }
            this.mSSLConn = null;
        }
    }

    private void closeTun() {
        mLog.i("closeTun", new Object[0]);
        SPLibBridge.setNCConfig(false, null, null);
        ParcelFileDescriptor parcelFileDescriptor = this.mTunFD;
        if (parcelFileDescriptor != null) {
            try {
                parcelFileDescriptor.close();
            } catch (Exception unused) {
            }
            this.mTunFD = null;
        }
        this.mTunIns = null;
        this.mTunOuts = null;
    }

    private void handshake() {
        GatewayRsp ncAuthorize;
        mLog.d("SecVpnService.handshake", new Object[0]);
        if (SPNetUtil.isNetworkAvailable(this)) {
            try {
                SocketChannel open = SocketChannel.open(new InetSocketAddress("127.0.0.1", SPLibBridge.getRelayPort()));
                this.mSSLConn = open;
                open.configureBlocking(true);
                ncAuthorize = GatewayAgentAuth.ncAuthorize(new GatewayLink(this.mSSLConn.socket()), this.mTicket, this.mUsername);
                mLog.v("SecVpnService.handshake app_port=%d, server-rsp=%08X", Integer.valueOf(this.mSSLConn.socket().getLocalPort()), Integer.valueOf(ncAuthorize.errcode));
            } catch (Exception e) {
                mLog.d(e);
            }
            if (ncAuthorize.errcode != 0) {
                if ((ncAuthorize.errcode & 65535) == 1028) {
                    if (this.mLoginRenew) {
                        GatewayAgentAuth.loginRenew(this.mVpnIP, this.mVpnPort, PortalSession.instance(this).makeLoginJSon());
                    } else {
                        stopNC();
                    }
                }
                closeRemote();
                return;
            }
            this.mState |= 1;
            this.mSSLLen = 0;
            this.mSSLConn.configureBlocking(false);
            SPNCIFConfigInfo sPNCIFConfigInfo = (SPNCIFConfigInfo) ncAuthorize.getData();
            if (this.mIFConfig == null || !this.mIFConfig.ipaddr.equals(sPNCIFConfigInfo.ipaddr)) {
                this.mState &= -3;
            }
            this.mIFConfig = sPNCIFConfigInfo;
            mLog.v("SecVpnService.handshake ip=%s", sPNCIFConfigInfo.ipaddr);
            SPIPPool exclusionPool = SPIPPool.exclusionPool();
            exclusionPool.pushIP(this.mVpnIP);
            SPIPPool sPIPPool = new SPIPPool();
            sPIPPool.setExclusions(exclusionPool.getIPRanges());
            for (String[] strArr : this.mIFConfig.routes) {
                long ipToLong = SPIPUtil.ipToLong(strArr[0]);
                sPIPPool.pushIPRange(ipToLong, SPIPUtil.getEndAddress(ipToLong, SPIPUtil.ipToLong(strArr[1])));
            }
            this.mIFConfig.routeList.clear();
            this.mIFConfig.routeList.addAll(sPIPPool.combine().makeRouteTable());
            if (this.mInetBlocking) {
                for (String str : this.mIFConfig.dns) {
                    this.mInetBlockingBlackPool.pushIP(str);
                }
                this.mInetBlockingBlackPool.combine();
                mLog.v("mInetBlockingBlackPool %s", this.mInetBlockingBlackPool.toString());
            }
        }
    }

    private void openTun() {
        List<SPIPCIDR> list;
        mLog.d("SecVpnService.openTun", new Object[0]);
        try {
            closeTun();
            StringBuilder sb = new StringBuilder();
            sb.append("NCTunnel: SSLVPN-");
            sb.append(this.mIFConfig.ipaddr);
            sb.append("\nAddr: ");
            sb.append(this.mIFConfig.ipaddr);
            sb.append("/");
            sb.append(32);
            sb.append("\nMtu: ");
            sb.append(1400);
            VpnService.Builder builder = new VpnService.Builder(this);
            String str = Build.VERSION.RELEASE;
            if (Build.VERSION.SDK_INT == 19 && !str.startsWith("4.4.3") && !str.startsWith("4.4.4") && !str.startsWith("4.4.5")) {
                str.startsWith("4.4.6");
            }
            builder.setMtu(1400);
            builder.addAddress(this.mIFConfig.ipaddr, 32);
            if (this.mInetBlocking) {
                sb.append("\nrouteMode: internet blocking");
                list = this.mInetBlockingRouteList;
            } else if (this.mIFConfig.routeAuto) {
                sb.append("\nrouteMode: by services");
                list = this.mSvcRouteList;
            } else {
                sb.append("\nrouteMode: vpn-server");
                list = this.mIFConfig.routeList;
            }
            for (SPIPCIDR spipcidr : list) {
                String longToIP = SPIPUtil.longToIP(spipcidr.address);
                try {
                    builder.addRoute(longToIP, spipcidr.prefix);
                    mLog.v("Add route: %s/%d (%s)", longToIP, Integer.valueOf(spipcidr.prefix), SPIPUtil.cidrToRoute(spipcidr));
                } catch (Exception e) {
                    mLog.d(e);
                }
            }
            Set<String> systemDnsList = SPIPUtil.getSystemDnsList();
            ArrayList arrayList = new ArrayList();
            if (this.mIFConfig.dns != null && this.mIFConfig.dns.length > 0) {
                for (String str2 : this.mIFConfig.dns) {
                    sb.append("\ndns: ");
                    sb.append(str2);
                    if (!str2.equals(this.mVpnIP)) {
                        builder.addRoute(str2, 32);
                        arrayList.add(str2);
                    }
                    builder.addDnsServer(str2);
                    systemDnsList.remove(str2);
                }
                for (String str3 : systemDnsList) {
                    sb.append("\ndns: ");
                    sb.append(str3);
                    builder.addDnsServer(str3);
                }
            }
            if (Build.VERSION.SDK_INT >= 21) {
                setNonBlocking(builder);
                allowAFFamilies(builder);
                setBypassPackageNames(builder);
                if ("samsung".equalsIgnoreCase(Build.BRAND)) {
                    for (String str4 : systemDnsList) {
                        mLog.v("Samsung Android 5.0+ devices ignore DNS servers outside the VPN range. To enable DNS resolution a route to your DNS Server (%s) has been added.", str4);
                        builder.addRoute(str4, 32);
                        arrayList.add(str4);
                    }
                }
            }
            builder.setSession("SSLVPN - " + this.mIFConfig.ipaddr);
            if (this.mPendingIntent == null) {
                this.mPendingIntent = PendingIntent.getActivity(this, 0, new Intent(getBaseContext(), (Class<?>) SPNCConfigActivity.class), 268435456);
            }
            builder.setConfigureIntent(this.mPendingIntent);
            ParcelFileDescriptor establish = builder.establish();
            this.mTunFD = establish;
            if (establish == null) {
                toastMsg("启动NC失败");
                mLog.i("Build VpnService failed.", new Object[0]);
                mLog.v(sb.toString(), new Object[0]);
            } else {
                this.mTunIns = new FileInputStream(this.mTunFD.getFileDescriptor());
                this.mTunOuts = new FileOutputStream(this.mTunFD.getFileDescriptor());
                mLog.i(sb.toString(), new Object[0]);
                this.mState |= 2;
                SPLibBridge.setNCConfig(true, this.mSvcList, arrayList);
            }
        } catch (Exception e2) {
            toastMsg("启动NC失败");
            mLog.d(e2);
            closeTun();
        }
    }

    private void parseUserData(SPNCDataInfo sPNCDataInfo) {
        this.mLoginRenew = sPNCDataInfo.autoLogin;
        this.mToastMsg = sPNCDataInfo.toastMsg;
        this.mTicket = sPNCDataInfo.ticket;
        this.mUsername = sPNCDataInfo.username;
        this.mVpnIP = SPIPUtil.nameToIP(sPNCDataInfo.vpn_ip);
        this.mVpnPort = sPNCDataInfo.vpn_port;
        this.mSvcList.clear();
        this.mSvcList.addAll(sPNCDataInfo.svcList);
        this.mBypassPkgNames.clear();
        this.mBypassPkgNames.addAll(sPNCDataInfo.bypassPkgNames);
        this.mBypassIPs.clear();
        this.mBypassIPs.addAll(sPNCDataInfo.bypassIPs);
        SPIPPool exclusionPool = SPIPPool.exclusionPool();
        exclusionPool.pushIP(this.mVpnIP);
        Iterator<String> it = this.mBypassIPs.iterator();
        while (it.hasNext()) {
            exclusionPool.pushIP(it.next());
        }
        SPIPPool sPIPPool = new SPIPPool();
        boolean z = sPNCDataInfo.inetBlockingEnable;
        this.mInetBlocking = z;
        if (!z) {
            sPIPPool.setExclusions(exclusionPool.getIPRanges());
            for (SPServiceInfo sPServiceInfo : sPNCDataInfo.svcList) {
                sPIPPool.pushIPRange(sPServiceInfo.ip_start, sPServiceInfo.ip_end);
            }
            this.mSvcRouteList.clear();
            this.mSvcRouteList.addAll(sPIPPool.combine().makeRouteTable());
            return;
        }
        for (SPIPRange sPIPRange : sPNCDataInfo.inetBlockingBlackList) {
            exclusionPool.pushIPRange(sPIPRange.start, sPIPRange.end);
        }
        sPIPPool.setExclusions(exclusionPool.getIPRanges());
        sPIPPool.pushIPRange(0L, Util.MAX_32BIT_VALUE);
        this.mInetBlockingRouteList.clear();
        this.mInetBlockingRouteList.addAll(sPIPPool.combine().makeRouteTable());
        this.mInetBlockingBlackPool.clear();
        for (SPServiceInfo sPServiceInfo2 : sPNCDataInfo.svcList) {
            this.mInetBlockingBlackPool.pushIPRange(sPServiceInfo2.ip_start, sPServiceInfo2.ip_end);
        }
        this.mInetBlockingBlackPool.combine();
    }

    private void publishState(int i) {
        if (this.mTunState.get() != i) {
            this.mTunState.set(i);
            Intent intent = new Intent();
            intent.setAction(SPNCServiceManagement.MSG_ACTION);
            intent.putExtra(SPNCServiceManagement.MSG_EXTRA_STATE, i);
            sendBroadcast(intent);
        }
    }

    private int readLocalTun() {
        int i = 0;
        while (true) {
            try {
                int read = this.mTunIns.read(this.mTunData, 12, 16372);
                if (read < 1) {
                    break;
                }
                i += read;
                ByteBuffer wrap = ByteBuffer.wrap(this.mTunData);
                SPIPUtil.fixIPPacketMSS(this.mTunData, 12, read);
                wrap.position(0);
                wrap.putInt(GatewayAgent.VPN_PRD_DATA);
                wrap.putInt(read + 4);
                wrap.putInt(0);
                wrap.position(0).limit(read + 12);
                try {
                    this.mSSLConn.write(wrap);
                } catch (Exception e) {
                    mLog.v(e);
                    mLog.d("SSL write exception", new Object[0]);
                    this.mState &= -2;
                    return -1;
                }
            } catch (Exception e2) {
                mLog.v(e2);
            }
        }
        if (i >= 0) {
            return i;
        }
        this.mState &= -3;
        return -1;
    }

    private int readRemoteGateway() {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(this.mSSLData, this.mSSLLen, this.mSSLData.length - this.mSSLLen);
            int read = this.mSSLConn.read(wrap);
            if (read <= 0) {
                if (read == 0) {
                    return 0;
                }
                mLog.d("SSL read error count=%d", Integer.valueOf(read));
                this.mState &= -2;
                return -1;
            }
            this.mSSLLen += read;
            while (mRunning.get() && this.mSSLLen >= 12) {
                wrap.position(0);
                int i = wrap.getInt();
                int i2 = wrap.getInt() - 4;
                if (i2 >= 0) {
                    if (i2 > this.mSSLLen - 12) {
                        break;
                    }
                    try {
                        this.mTunOuts.write(this.mSSLData, 12, i2);
                        wrap.position(i2 + 12);
                        wrap.limit(this.mSSLLen);
                        wrap.compact();
                        this.mSSLLen = (this.mSSLLen - 12) - i2;
                    } catch (Exception e) {
                        mLog.v(e);
                        this.mState &= -3;
                        return -1;
                    }
                } else {
                    mLog.d("runReadRemote, mRLen=%d, tag=0x%08x, len=%d", Integer.valueOf(this.mSSLLen), Integer.valueOf(i), Integer.valueOf(i2));
                    mLog.d("SSL read error", new Object[0]);
                    this.mState &= -2;
                    return -1;
                }
            }
            return read;
        } catch (Exception e2) {
            mLog.v(e2);
            this.mState &= -2;
            return -1;
        }
    }

    private void setBypassPackageNames(VpnService.Builder builder) {
        List<String> list = this.mBypassPkgNames;
        if (list == null || list.size() <= 0) {
            return;
        }
        Iterator<String> it = this.mBypassPkgNames.iterator();
        while (it.hasNext()) {
            try {
                builder.addDisallowedApplication(it.next());
            } catch (Exception unused) {
            }
        }
    }

    private void setNonBlocking(VpnService.Builder builder) {
        builder.setBlocking(false);
    }

    public static void setRunning(boolean z) {
        mRunning.set(z);
    }

    private void sleepEx(long j) {
        try {
            Thread.sleep(j);
        } catch (Exception unused) {
        }
    }

    private void startNC() {
        if (this.mHandler == null) {
            this.mHandler = new Handler(Looper.getMainLooper());
        }
        stopNC();
        mRunning.set(true);
        new Thread(this).start();
    }

    private void stopNC() {
        if (mRunning.get()) {
            mRunning.set(false);
            this.mState = 0;
            closeRemote();
            closeTun();
        }
        stopSelf();
        publishState(0);
    }

    private void toastMsg(final String str) {
        Handler handler = this.mHandler;
        if (handler == null || !this.mToastMsg) {
            return;
        }
        handler.post(new Runnable() { // from class: com.secure.sportal.sdk.vpn.SPNCService.1
            @Override // java.lang.Runnable
            public void run() {
                Toast.makeText(SPNCService.this, str, 0).show();
            }
        });
    }

    @Override // android.app.Service
    public void onCreate() {
        mLog.d("SecVpnService.onCreate", new Object[0]);
        super.onCreate();
    }

    @Override // android.net.VpnService
    public void onRevoke() {
        mLog.d("SecVpnService.onRevoke", new Object[0]);
        stopNC();
        super.onRevoke();
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        mLog.d("SecVpnService.onStartCommand flags=%d, startId=%d", Integer.valueOf(i), Integer.valueOf(i2));
        if (intent != null) {
            SPNCDataInfo sPNCDataInfo = (SPNCDataInfo) intent.getSerializableExtra(NC_DATA);
            if (START_SERVICE.equals(intent.getAction()) && sPNCDataInfo != null) {
                parseUserData(sPNCDataInfo);
                startNC();
            }
        }
        return super.onStartCommand(intent, i, i2);
    }

    @Override // android.app.Service
    public void onTaskRemoved(Intent intent) {
        stopNC();
        super.onTaskRemoved(intent);
    }

    @Override // java.lang.Runnable
    public void run() {
        this.mState = 0;
        this.mSSLData = new byte[65536];
        this.mTunData = new byte[16384];
        publishState(0);
        long j = 0;
        int i = 0;
        while (mRunning.get()) {
            if ((this.mState & 3) == 3) {
                if (readRemoteGateway() == 0 && readLocalTun() == 0) {
                    sleepEx(5L);
                }
            } else if (mRunning.get()) {
                publishState(1);
                int i2 = 255;
                if (System.currentTimeMillis() - j < 5000) {
                    sleepEx(5000L);
                }
                if (mRunning.get()) {
                    mLog.v("SecVpnService.state = 0x%04X", Integer.valueOf(this.mState));
                    int i3 = this.mState;
                    if ((i3 & 1) == 0) {
                        toastMsg("正在连接VPN服务器");
                        handshake();
                        i2 = 1;
                    } else if ((i3 & 2) == 0) {
                        openTun();
                        i2 = 2;
                    }
                    if ((this.mState & 3) == 3) {
                        publishState(2);
                        toastMsg("连接VPN服务器成功");
                    }
                    j = (this.mState & i2) == 0 ? System.currentTimeMillis() : 0L;
                    i = (this.mState & 3) == 3 ? 0 : i + 1;
                    mLog.d("errorTimes=%d", Integer.valueOf(i));
                }
            }
        }
        closeRemote();
        closeTun();
        stopNC();
        toastMsg("VPN连接退出");
    }
}
