package com.cisco.android.nchs.support.ics;

import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.net.VpnService;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import com.cisco.android.nchs.Globals;
import com.cisco.android.nchs.NetworkComponentHostService;
import com.cisco.android.nchs.aidl.IICSSupportService;
import com.cisco.android.nchs.aidl.INCHSShutdownListener;
import com.cisco.android.nchs.aidl.INetworkComponentHostService;
import com.cisco.android.nchs.aidl.NCHSReturnCode;
import com.cisco.android.nchs.support.VpnConfigBroadcast;
import com.cisco.android.nchs.support.reflection.ICSApiReflection;
import com.cisco.anyconnect.vpn.android.service.ConnectionType;
import com.cisco.anyconnect.vpn.android.service.VpnActivityGlobals;
import com.cisco.anyconnect.vpn.android.service.VpnConnection;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.io.FileDescriptor;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class ICSSupportService extends VpnService {
    private static final String ENTITY_NAME = "ICSSupportService";
    private VpnConnection mActiveConnection;
    private VpnService.Builder mBuilder;
    private boolean mKnoxEnableMeta;
    private String mKnoxProfile;
    private INetworkComponentHostService mNCHS;
    private IICSSupportService.Stub mServiceImpl = new IICSSupportService.Stub() { // from class: com.cisco.android.nchs.support.ics.ICSSupportService.1
        private Context getKnoxVpnContext(boolean z) {
            try {
                Object newInstance = Class.forName("com.sec.vpn.knox.GenericVpnContext").getDeclaredConstructor(Context.class).newInstance(ICSSupportService.this);
                newInstance.getClass().getMethod("setGenericVpnParams", String.class, Boolean.TYPE).invoke(newInstance, ICSSupportService.this.mKnoxProfile, Boolean.valueOf(z));
                newInstance.getClass().getMethod("enableMetaData", Boolean.TYPE).invoke(newInstance, Boolean.valueOf(ICSSupportService.this.mKnoxEnableMeta));
                return (Context) newInstance;
            } catch (Exception e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "Could not enable Knox framework metadata.");
                return ICSSupportService.this.getBaseContext();
            }
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean addAddress(String str, int i) throws RemoteException {
            ICSSupportService.this.mBuilder.addAddress(str, i);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean addAppIds(List<String> list) {
            if (ICSSupportService.this.mAppIds == null) {
                ICSSupportService.this.mAppIds = new ArrayList();
            }
            ICSSupportService.this.mAppIds.addAll(list);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean addDnsServer(String str) throws RemoteException {
            ICSSupportService.this.mBuilder.addDnsServer(str);
            ICSSupportService.this.mDnsServers.add(str);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean addRoute(String str, int i) throws RemoteException {
            ICSSupportService.this.mBuilder.addRoute(str, i);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean addSearchDomain(String str) throws RemoteException {
            ICSSupportService.this.mBuilder.addSearchDomain(str);
            ICSSupportService.this.mDnsSearch = str;
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public ParcelFileDescriptor createDatagramSocket(boolean z) throws RemoteException {
            AppLog.logDebugBuildFunctionEntry(ICSSupportService.ENTITY_NAME, "createDatagramSocket()");
            return ICSSupportService.this.createSocket(false, z);
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public ParcelFileDescriptor createStreamSocket(boolean z) throws RemoteException {
            AppLog.logDebugBuildFunctionEntry(ICSSupportService.ENTITY_NAME, "CreateStreamSocket()");
            return ICSSupportService.this.createSocket(true, z);
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public ParcelFileDescriptor establish() throws RemoteException {
            List<String> tunnelApplications;
            if (ICSSupportService.this.mAppIds != null) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "adding default route for app tunneling");
                ICSSupportService.this.mBuilder.addRoute("0.0.0.0", 0);
                List<String> list = ICSSupportService.this.mAppIds;
                if (ICSSupportService.this.mActiveConnection != null && ICSSupportService.this.mActiveConnection.GetType() == ConnectionType.Profile_Android_Work && (tunnelApplications = ICSSupportService.this.mActiveConnection.getTunnelApplications()) != null && !tunnelApplications.isEmpty()) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "applying managed profile's tunneled applications.");
                    list = tunnelApplications;
                }
                try {
                    Iterator<String> it = list.iterator();
                    while (it.hasNext()) {
                        ICSSupportService.this.mBuilder.getClass().getMethod("addAllowedApplication", String.class).invoke(ICSSupportService.this.mBuilder, it.next());
                    }
                } catch (Exception e) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ICSSupportService.ENTITY_NAME, "addAllowedApplication failed", e);
                }
            }
            ParcelFileDescriptor establish = ICSSupportService.this.mBuilder.establish();
            VpnConfigBroadcast.onConfigDns(ICSSupportService.this, ICSSupportService.this.mDnsServers, ICSSupportService.this.mDnsSearch);
            ICSSupportService.this.mBuilder = new VpnService.Builder(ICSSupportService.this);
            return establish;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public synchronized boolean isKnoxManagedAppTunnel() {
            boolean z = false;
            synchronized (this) {
                if (ICSSupportService.this.mActiveConnection != null) {
                    if (ICSSupportService.this.mActiveConnection.GetType() == ConnectionType.Profile_Knox_AppTunnel) {
                        z = true;
                    }
                }
            }
            return z;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean isKnoxMetaEnabled() {
            return ICSSupportService.this.mKnoxEnableMeta;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public Intent prepare() {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "preparing VPN");
            try {
                return VpnService.prepare(ICSSupportService.this.mKnoxProfile != null ? getKnoxVpnContext(true) : ICSSupportService.this.getBaseContext());
            } catch (SecurityException e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_WARN, ICSSupportService.ENTITY_NAME, "Failed to enable Knox metadata. Falling back.");
                ICSSupportService.this.mKnoxEnableMeta = false;
                return VpnService.prepare(ICSSupportService.this.getBaseContext());
            }
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean protect(ParcelFileDescriptor parcelFileDescriptor) throws RemoteException {
            int fd = ICSApiReflection.ParcelFileDescriptorReflector.getFD(parcelFileDescriptor);
            if (-1 != fd) {
                return ICSSupportService.this.protect(fd);
            }
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ICSSupportService.ENTITY_NAME, "getFD failed");
            return false;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public void restore() {
            ICSSupportService.this.mAppIds = null;
            ICSSupportService.this.mDnsServers.clear();
            ICSSupportService.this.mDnsSearch = "";
            VpnConfigBroadcast.onRestoreDns(ICSSupportService.this);
            ICSSupportService.this.mBuilder = new VpnService.Builder(ICSSupportService.this);
            if (ICSSupportService.this.mKnoxProfile == null) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "No Knox profile; no restore necessary.");
                return;
            }
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "restoring Knox VPN");
            Context knoxVpnContext = ICSSupportService.this.mKnoxEnableMeta ? getKnoxVpnContext(false) : ICSSupportService.this.getBaseContext();
            ICSSupportService.this.mKnoxEnableMeta = false;
            ICSSupportService.this.mKnoxProfile = null;
            VpnService.prepare(knoxVpnContext);
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean setConfigureIntent(PendingIntent pendingIntent) throws RemoteException {
            ICSSupportService.this.mBuilder.setConfigureIntent(pendingIntent);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public void setKnoxParams(String str, boolean z) {
            ICSSupportService.this.mKnoxProfile = str;
            ICSSupportService.this.mKnoxEnableMeta = z;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean setMtu(int i) throws RemoteException {
            ICSSupportService.this.mBuilder.setMtu(i);
            return true;
        }

        @Override // com.cisco.android.nchs.aidl.IICSSupportService
        public boolean setSession(String str) throws RemoteException {
            ICSSupportService.this.mBuilder.setSession(str);
            return true;
        }
    };
    private List<String> mAppIds = null;
    private final List<String> mDnsServers = new ArrayList();
    private String mDnsSearch = "";
    private final INCHSShutdownListener mNchsShutdownListener = new INCHSShutdownListener.Stub() { // from class: com.cisco.android.nchs.support.ics.ICSSupportService.2
        @Override // com.cisco.android.nchs.aidl.INCHSShutdownListener
        public void NCHSShutdownCB(String str) throws RemoteException {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ICSSupportService.ENTITY_NAME, "NCHS is shutting down=" + str);
            ICSSupportService.this.stopSelf();
            ICSSupportService.this.unbindNchs();
        }
    };
    ServiceConnection mNchsConnection = new ServiceConnection() { // from class: com.cisco.android.nchs.support.ics.ICSSupportService.3
        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            ICSSupportService.this.mNCHS = INetworkComponentHostService.Stub.asInterface(iBinder);
            try {
                NCHSReturnCode code = ICSSupportService.this.mNCHS.RegisterShutdownListener(ICSSupportService.this.getPackageName(), ICSSupportService.this.mNchsShutdownListener).getCode();
                if (NCHSReturnCode.RESULT_OPERATION_COMPLETED != code) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ICSSupportService.ENTITY_NAME, "failed to register shutdown listener: " + code);
                }
            } catch (RemoteException e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ICSSupportService.ENTITY_NAME, "RegisterShutdownListener failed", e);
            }
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            ICSSupportService.this.mNCHS = null;
        }
    };
    BroadcastReceiver mReceiver = new BroadcastReceiver() { // from class: com.cisco.android.nchs.support.ics.ICSSupportService.4
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (VpnActivityGlobals.UPDATE_ACTIVE_CONNECTION_INTENT.equals(intent.getAction())) {
                try {
                    ICSSupportService.this.mActiveConnection = (VpnConnection) intent.getParcelableExtra(VpnActivityGlobals.UPDATE_ACTIVE_CONNECTION_KEY_CONNECTION);
                } catch (Exception e) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ICSSupportService.ENTITY_NAME, "Failed to retrieve active connection", e);
                }
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    public ParcelFileDescriptor createSocket(boolean z, boolean z2) {
        FileDescriptor socket = ICSApiReflection.LibCoreReflector.socket(z, z2);
        if (socket == null) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "failed to create new socket type=" + z);
            return null;
        }
        ParcelFileDescriptor adoptFd = ParcelFileDescriptor.adoptFd(ICSApiReflection.FileDescriptorReflector.getInt(socket));
        if (adoptFd == null) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "could not adopt FD type=" + z);
            return null;
        }
        if (protect(adoptFd.getFd())) {
            return adoptFd;
        }
        AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "failed to protect new socket type=" + z);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void unbindNchs() {
        try {
            if (this.mNCHS != null) {
                unbindService(this.mNchsConnection);
            }
        } catch (Exception e) {
        }
        this.mNCHS = null;
    }

    @Override // android.net.VpnService, android.app.Service
    public IBinder onBind(Intent intent) {
        AppLog.logDebugBuildFunctionEntry(ENTITY_NAME, "onBind()");
        IBinder onBind = super.onBind(intent);
        return onBind != null ? onBind : this.mServiceImpl;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        AppLog.logDebugBuildFunctionEntry(ENTITY_NAME, "onCreate");
        this.mBuilder = new VpnService.Builder(this);
        Intent intent = new Intent(INetworkComponentHostService.class.getName());
        intent.setClassName(this, NetworkComponentHostService.class.getName());
        if (!bindService(intent, this.mNchsConnection, 1)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Failed to bind to NCHS");
        }
        registerReceiver(this.mReceiver, new IntentFilter(VpnActivityGlobals.UPDATE_ACTIVE_CONNECTION_INTENT));
    }

    @Override // android.app.Service
    public void onDestroy() {
        super.onDestroy();
        unbindNchs();
        unregisterReceiver(this.mReceiver);
    }

    @Override // android.net.VpnService
    public void onRevoke() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "VPN revoked");
        AppLog.logDebugBuildFunctionEntry(ENTITY_NAME, "onRevoke()");
        Intent intent = new Intent();
        intent.setAction(Globals.ACTION_VPN_REVOKED);
        sendBroadcast(intent);
    }
}
