package com.android.server.net;

import android.R;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.NetworkInfo;
import android.os.INetworkManagementService;
import android.os.RemoteException;
import android.security.KeyStore;
import android.text.TextUtils;
import android.util.Slog;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnProfile;
import com.android.internal.util.Preconditions;
import com.android.server.ConnectivityService;
import com.android.server.EventLogTags;
import com.android.server.connectivity.Vpn;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class LockdownVpnTracker {
    private static final String ACTION_LOCKDOWN_RESET = "com.android.server.action.LOCKDOWN_RESET";
    private static final String ACTION_VPN_SETTINGS = "android.net.vpn.SETTINGS";
    private static final String EXTRA_PICK_LOCKDOWN = "android.net.vpn.PICK_LOCKDOWN";
    private static final int MAX_ERROR_COUNT = 4;
    private static final String TAG = "LockdownVpnTracker";
    private String mAcceptedEgressIface;
    private String mAcceptedIface;
    private List<LinkAddress> mAcceptedSourceAddr;
    private final PendingIntent mConfigIntent;
    private final ConnectivityService mConnService;
    private final Context mContext;
    private int mErrorCount;
    private final INetworkManagementService mNetService;
    private final VpnProfile mProfile;
    private final PendingIntent mResetIntent;
    private final Vpn mVpn;
    private final Object mStateLock = new Object();
    private BroadcastReceiver mResetReceiver = new BroadcastReceiver() { // from class: com.android.server.net.LockdownVpnTracker.1
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            LockdownVpnTracker.this.reset();
        }
    };

    public LockdownVpnTracker(Context context, INetworkManagementService iNetworkManagementService, ConnectivityService connectivityService, Vpn vpn, VpnProfile vpnProfile) {
        this.mContext = (Context) Preconditions.checkNotNull(context);
        this.mNetService = (INetworkManagementService) Preconditions.checkNotNull(iNetworkManagementService);
        this.mConnService = (ConnectivityService) Preconditions.checkNotNull(connectivityService);
        this.mVpn = (Vpn) Preconditions.checkNotNull(vpn);
        this.mProfile = (VpnProfile) Preconditions.checkNotNull(vpnProfile);
        Intent intent = new Intent(ACTION_VPN_SETTINGS);
        intent.putExtra(EXTRA_PICK_LOCKDOWN, true);
        this.mConfigIntent = PendingIntent.getActivity(this.mContext, 0, intent, 0);
        Intent intent2 = new Intent(ACTION_LOCKDOWN_RESET);
        intent2.addFlags(1073741824);
        this.mResetIntent = PendingIntent.getBroadcast(this.mContext, 0, intent2, 0);
    }

    private void clearSourceRulesLocked() {
        try {
            if (this.mAcceptedIface != null) {
                this.mNetService.setFirewallInterfaceRule(this.mAcceptedIface, false);
                this.mAcceptedIface = null;
            }
            if (this.mAcceptedSourceAddr != null) {
                Iterator<LinkAddress> it = this.mAcceptedSourceAddr.iterator();
                while (it.hasNext()) {
                    this.mNetService.setFirewallEgressSourceRule(it.next().toString(), false);
                }
                this.mAcceptedSourceAddr = null;
            }
        } catch (RemoteException e) {
            throw new RuntimeException("Problem setting firewall rules", e);
        }
    }

    private void handleStateChangedLocked() {
        Slog.d(TAG, "handleStateChanged()");
        NetworkInfo activeNetworkInfoUnfiltered = this.mConnService.getActiveNetworkInfoUnfiltered();
        LinkProperties activeLinkProperties = this.mConnService.getActiveLinkProperties();
        NetworkInfo networkInfo = this.mVpn.getNetworkInfo();
        VpnConfig legacyVpnConfig = this.mVpn.getLegacyVpnConfig();
        boolean z = activeNetworkInfoUnfiltered == null || NetworkInfo.State.DISCONNECTED.equals(activeNetworkInfoUnfiltered.getState());
        boolean z2 = activeLinkProperties == null || !TextUtils.equals(this.mAcceptedEgressIface, activeLinkProperties.getInterfaceName());
        if (z || z2) {
            clearSourceRulesLocked();
            this.mAcceptedEgressIface = null;
            this.mVpn.stopLegacyVpn();
        }
        if (z) {
            hideNotification();
            return;
        }
        int type = activeNetworkInfoUnfiltered.getType();
        if (networkInfo.getDetailedState() == NetworkInfo.DetailedState.FAILED) {
            EventLogTags.writeLockdownVpnError(type);
        }
        if (this.mErrorCount > 4) {
            showNotification(R.string.mobile_provisioning_apn, 17303963);
            return;
        }
        if (activeNetworkInfoUnfiltered.isConnected() && !networkInfo.isConnectedOrConnecting()) {
            if (!this.mProfile.isValidLockdownProfile()) {
                Slog.e(TAG, "Invalid VPN profile; requires IP-based server and DNS");
                showNotification(R.string.mobile_provisioning_apn, 17303963);
                return;
            }
            Slog.d(TAG, "Active network connected; starting VPN");
            EventLogTags.writeLockdownVpnConnecting(type);
            showNotification(R.string.mmiFdnError, 17303963);
            this.mAcceptedEgressIface = activeLinkProperties.getInterfaceName();
            try {
                this.mVpn.startLegacyVpn(this.mProfile, KeyStore.getInstance(), activeLinkProperties);
                return;
            } catch (IllegalStateException e) {
                this.mAcceptedEgressIface = null;
                Slog.e(TAG, "Failed to start VPN", e);
                showNotification(R.string.mobile_provisioning_apn, 17303963);
                return;
            }
        }
        if (!networkInfo.isConnected() || legacyVpnConfig == null) {
            return;
        }
        String str = legacyVpnConfig.interfaze;
        List<LinkAddress> list = legacyVpnConfig.addresses;
        if (TextUtils.equals(str, this.mAcceptedIface) && list.equals(this.mAcceptedSourceAddr)) {
            return;
        }
        Slog.d(TAG, "VPN connected using iface=" + str + ", sourceAddr=" + list.toString());
        EventLogTags.writeLockdownVpnConnected(type);
        showNotification(R.string.mobile_no_internet, 17303962);
        try {
            clearSourceRulesLocked();
            this.mNetService.setFirewallInterfaceRule(str, true);
            Iterator<LinkAddress> it = list.iterator();
            while (it.hasNext()) {
                this.mNetService.setFirewallEgressSourceRule(it.next().toString(), true);
            }
            this.mErrorCount = 0;
            this.mAcceptedIface = str;
            this.mAcceptedSourceAddr = list;
            this.mConnService.sendConnectedBroadcast(augmentNetworkInfo(activeNetworkInfoUnfiltered));
        } catch (RemoteException e2) {
            throw new RuntimeException("Problem setting firewall rules", e2);
        }
    }

    private void hideNotification() {
        NotificationManager.from(this.mContext).cancel(TAG, 0);
    }

    private void initLocked() {
        Slog.d(TAG, "initLocked()");
        this.mVpn.setEnableNotifications(false);
        this.mVpn.setEnableTeardown(false);
        this.mContext.registerReceiver(this.mResetReceiver, new IntentFilter(ACTION_LOCKDOWN_RESET), "android.permission.CONNECTIVITY_INTERNAL", null);
        try {
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 500, true);
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 4500, true);
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 1701, true);
            synchronized (this.mStateLock) {
                handleStateChangedLocked();
            }
        } catch (RemoteException e) {
            throw new RuntimeException("Problem setting firewall rules", e);
        }
    }

    public static boolean isEnabled() {
        return KeyStore.getInstance().contains("LOCKDOWN_VPN");
    }

    private void showNotification(int i, int i2) {
        Notification.Builder builder = new Notification.Builder(this.mContext);
        builder.setWhen(0L);
        builder.setSmallIcon(i2);
        builder.setContentTitle(this.mContext.getString(i));
        builder.setContentText(this.mContext.getString(R.string.mobile_provisioning_url));
        builder.setContentIntent(this.mConfigIntent);
        builder.setPriority(-1);
        builder.setOngoing(true);
        builder.addAction(R.drawable.ic_media_route_connected_dark_20_mtrl, this.mContext.getString(R.string.muted_by), this.mResetIntent);
        NotificationManager.from(this.mContext).notify(TAG, 0, builder.build());
    }

    private void shutdownLocked() {
        Slog.d(TAG, "shutdownLocked()");
        this.mAcceptedEgressIface = null;
        this.mErrorCount = 0;
        this.mVpn.stopLegacyVpn();
        try {
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 500, false);
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 4500, false);
            this.mNetService.setFirewallEgressDestRule(this.mProfile.server, 1701, false);
            clearSourceRulesLocked();
            hideNotification();
            this.mContext.unregisterReceiver(this.mResetReceiver);
            this.mVpn.setEnableNotifications(true);
            this.mVpn.setEnableTeardown(true);
        } catch (RemoteException e) {
            throw new RuntimeException("Problem setting firewall rules", e);
        }
    }

    public NetworkInfo augmentNetworkInfo(NetworkInfo networkInfo) {
        if (!networkInfo.isConnected()) {
            return networkInfo;
        }
        NetworkInfo networkInfo2 = this.mVpn.getNetworkInfo();
        NetworkInfo networkInfo3 = new NetworkInfo(networkInfo);
        networkInfo3.setDetailedState(networkInfo2.getDetailedState(), networkInfo2.getReason(), null);
        return networkInfo3;
    }

    public void init() {
        synchronized (this.mStateLock) {
            initLocked();
        }
    }

    public void onNetworkInfoChanged(NetworkInfo networkInfo) {
        synchronized (this.mStateLock) {
            handleStateChangedLocked();
        }
    }

    public void onVpnStateChanged(NetworkInfo networkInfo) {
        if (networkInfo.getDetailedState() == NetworkInfo.DetailedState.FAILED) {
            this.mErrorCount++;
        }
        synchronized (this.mStateLock) {
            handleStateChangedLocked();
        }
    }

    public void reset() {
        synchronized (this.mStateLock) {
            shutdownLocked();
            initLocked();
            handleStateChangedLocked();
        }
    }

    public void shutdown() {
        synchronized (this.mStateLock) {
            shutdownLocked();
        }
    }
}
