package com.android.server;

import android.content.Context;
import android.net.IIpSecService;
import android.net.INetd;
import android.net.IpSecAlgorithm;
import android.net.IpSecConfig;
import android.net.IpSecSpiResponse;
import android.net.IpSecTransformResponse;
import android.net.IpSecUdpEncapResponse;
import android.net.util.NetdService;
import android.os.Binder;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.system.ErrnoException;
import android.system.Os;
import android.system.OsConstants;
import android.util.Log;
import android.util.Slog;
import android.util.SparseArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.Preconditions;
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.concurrent.atomic.AtomicInteger;
import libcore.io.IoUtils;

/* loaded from: classes.dex */
public class IpSecService extends IIpSecService.Stub {
    static final int FREE_PORT_MIN = 1024;
    private static final InetAddress INADDR_ANY;
    private static final int MAX_PORT_BIND_ATTEMPTS = 10;
    private static final int NETD_FETCH_TIMEOUT = 5000;
    private static final String NETD_SERVICE_NAME = "netd";
    static final int PORT_MAX = 65535;
    private static AtomicInteger mNextResourceId;
    private final Context mContext;

    @GuardedBy("this")
    private final ManagedResourceArray<SpiRecord> mSpiRecords;

    @GuardedBy("this")
    private final ManagedResourceArray<TransformRecord> mTransformRecords;

    @GuardedBy("this")
    private final ManagedResourceArray<UdpSocketRecord> mUdpSocketRecords;
    private static final String TAG = "IpSecService";
    private static final boolean DBG = Log.isLoggable(TAG, 3);
    private static final int[] DIRECTIONS = {1, 0};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public abstract class ManagedResource implements IBinder.DeathRecipient {
        private IBinder mBinder;
        protected int mResourceId;
        private AtomicInteger mReferenceCount = new AtomicInteger(0);
        final int pid = Binder.getCallingPid();
        final int uid = Binder.getCallingUid();

        ManagedResource(int i, IBinder iBinder) {
            this.mBinder = iBinder;
            this.mResourceId = i;
            try {
                this.mBinder.linkToDeath(this, 0);
            } catch (RemoteException e) {
                binderDied();
            }
        }

        public void addReference() {
            this.mReferenceCount.incrementAndGet();
        }

        @Override // android.os.IBinder.DeathRecipient
        public final void binderDied() {
            try {
                release();
            } catch (Exception e) {
                Log.e(IpSecService.TAG, "Failed to release resource: " + e);
            }
        }

        public void checkOwnerOrSystemAndThrow() {
            if (this.uid != Binder.getCallingUid() && 1000 != Binder.getCallingUid()) {
                throw new SecurityException("Only the owner may access managed resources!");
            }
        }

        public boolean isReferenced() {
            return this.mReferenceCount.get() > 0;
        }

        public final void release() throws RemoteException {
            synchronized (IpSecService.this) {
                if (isReferenced()) {
                    throw new IllegalStateException("Cannot release a resource that has active references!");
                }
                if (this.mResourceId == 0) {
                    return;
                }
                releaseResources();
                if (this.mBinder != null) {
                    this.mBinder.unlinkToDeath(this, 0);
                }
                this.mBinder = null;
                this.mResourceId = 0;
            }
        }

        protected abstract void releaseResources() throws RemoteException;

        public void removeReference() {
            if (this.mReferenceCount.decrementAndGet() < 0) {
                Log.wtf(IpSecService.TAG, "Programming error: negative reference count");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class ManagedResourceArray<T extends ManagedResource> {
        SparseArray<T> mArray;

        private ManagedResourceArray() {
            this.mArray = new SparseArray<>();
        }

        T get(int i) {
            T t = this.mArray.get(i);
            if (t != null) {
                t.checkOwnerOrSystemAndThrow();
            }
            return t;
        }

        void put(int i, T t) {
            Preconditions.checkNotNull(t, "Null resources cannot be added");
            this.mArray.put(i, t);
        }

        void remove(int i) {
            this.mArray.remove(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public final class SpiRecord extends ManagedResource {
        private final int mDirection;
        private final String mLocalAddress;
        private boolean mOwnedByTransform;
        private final String mRemoteAddress;
        private int mSpi;

        SpiRecord(int i, IBinder iBinder, int i2, String str, String str2, int i3) {
            super(i, iBinder);
            this.mOwnedByTransform = false;
            this.mDirection = i2;
            this.mLocalAddress = str;
            this.mRemoteAddress = str2;
            this.mSpi = i3;
        }

        public int getSpi() {
            return this.mSpi;
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void releaseResources() {
            if (this.mOwnedByTransform) {
                Log.d(IpSecService.TAG, "Cannot release Spi " + this.mSpi + ": Currently locked by a Transform");
                return;
            }
            try {
                IpSecService.this.getNetdInstance().ipSecDeleteSecurityAssociation(this.mResourceId, this.mDirection, this.mLocalAddress, this.mRemoteAddress, this.mSpi);
            } catch (ServiceSpecificException e) {
            } catch (RemoteException e2) {
                Log.e(IpSecService.TAG, "Failed to delete SPI reservation with ID: " + this.mResourceId);
            }
            this.mSpi = 0;
        }

        public void setOwnedByTransform() {
            if (this.mOwnedByTransform) {
                throw new IllegalStateException("Cannot own an SPI twice!");
            }
            this.mOwnedByTransform = true;
        }
    }

    /* loaded from: classes.dex */
    private final class TransformRecord extends ManagedResource {
        private final IpSecConfig mConfig;
        private final UdpSocketRecord mSocket;
        private final SpiRecord[] mSpis;

        TransformRecord(int i, IBinder iBinder, IpSecConfig ipSecConfig, SpiRecord[] spiRecordArr, UdpSocketRecord udpSocketRecord) {
            super(i, iBinder);
            this.mConfig = ipSecConfig;
            this.mSpis = spiRecordArr;
            this.mSocket = udpSocketRecord;
            for (int i2 : IpSecService.DIRECTIONS) {
                this.mSpis[i2].addReference();
                this.mSpis[i2].setOwnedByTransform();
            }
            if (this.mSocket != null) {
                this.mSocket.addReference();
            }
        }

        public IpSecConfig getConfig() {
            return this.mConfig;
        }

        public SpiRecord getSpiRecord(int i) {
            return this.mSpis[i];
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void releaseResources() {
            for (int i : IpSecService.DIRECTIONS) {
                try {
                    IpSecService.this.getNetdInstance().ipSecDeleteSecurityAssociation(this.mResourceId, i, this.mConfig.getLocalAddress() != null ? this.mConfig.getLocalAddress().getHostAddress() : "", this.mConfig.getRemoteAddress() != null ? this.mConfig.getRemoteAddress().getHostAddress() : "", this.mSpis[i].getSpi());
                } catch (ServiceSpecificException e) {
                } catch (RemoteException e2) {
                    Log.e(IpSecService.TAG, "Failed to delete SA with ID: " + this.mResourceId);
                }
            }
            for (int i2 : IpSecService.DIRECTIONS) {
                this.mSpis[i2].removeReference();
            }
            if (this.mSocket != null) {
                this.mSocket.removeReference();
            }
        }
    }

    /* loaded from: classes.dex */
    private final class UdpSocketRecord extends ManagedResource {
        private final int mPort;
        private FileDescriptor mSocket;

        UdpSocketRecord(int i, IBinder iBinder, FileDescriptor fileDescriptor, int i2) {
            super(i, iBinder);
            this.mSocket = fileDescriptor;
            this.mPort = i2;
        }

        public int getPort() {
            return this.mPort;
        }

        public FileDescriptor getSocket() {
            return this.mSocket;
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void releaseResources() {
            Log.d(IpSecService.TAG, "Closing port " + this.mPort);
            IoUtils.closeQuietly(this.mSocket);
            this.mSocket = null;
        }
    }

    static {
        try {
            INADDR_ANY = InetAddress.getByAddress(new byte[]{0, 0, 0, 0});
            mNextResourceId = new AtomicInteger(16441040);
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    private IpSecService(Context context) {
        this.mSpiRecords = new ManagedResourceArray<>();
        this.mTransformRecords = new ManagedResourceArray<>();
        this.mUdpSocketRecords = new ManagedResourceArray<>();
        this.mContext = context;
    }

    private void bindToRandomPort(FileDescriptor fileDescriptor) throws IOException {
        for (int i = 10; i > 0; i--) {
            try {
                FileDescriptor socket = Os.socket(OsConstants.AF_INET, OsConstants.SOCK_DGRAM, OsConstants.IPPROTO_UDP);
                Os.bind(socket, INADDR_ANY, 0);
                int port = ((InetSocketAddress) Os.getsockname(socket)).getPort();
                Os.close(socket);
                Log.v(TAG, "Binding to port " + port);
                Os.bind(fileDescriptor, INADDR_ANY, port);
                return;
            } catch (ErrnoException e) {
                if (e.errno != OsConstants.EADDRINUSE) {
                    throw e.rethrowAsIOException();
                }
            }
        }
        throw new IOException("Failed 10 attempts to bind to a port");
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.android.server.IpSecService$1] */
    private void connectNativeNetdService() {
        new Thread() { // from class: com.android.server.IpSecService.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                synchronized (IpSecService.this) {
                    NetdService.get(5000L);
                }
            }
        }.start();
    }

    static IpSecService create(Context context) throws InterruptedException {
        IpSecService ipSecService = new IpSecService(context);
        ipSecService.connectNativeNetdService();
        return ipSecService;
    }

    private synchronized <T extends ManagedResource> void releaseManagedResource(ManagedResourceArray<T> managedResourceArray, int i, String str) throws RemoteException {
        T t = managedResourceArray.get(i);
        if (t == null) {
            throw new IllegalArgumentException(str + " " + i + " is not available to be deleted");
        }
        t.release();
        managedResourceArray.remove(i);
    }

    public synchronized void applyTransportModeTransform(ParcelFileDescriptor parcelFileDescriptor, int i) throws RemoteException {
        TransformRecord transformRecord = this.mTransformRecords.get(i);
        if (transformRecord == null) {
            throw new IllegalArgumentException("Transform " + i + " is not active");
        }
        if (transformRecord.pid != getCallingPid() || transformRecord.uid != getCallingUid()) {
            throw new SecurityException("Only the owner of an IpSec Transform may apply it!");
        }
        IpSecConfig config = transformRecord.getConfig();
        try {
            for (int i2 : DIRECTIONS) {
                getNetdInstance().ipSecApplyTransportModeTransform(parcelFileDescriptor.getFileDescriptor(), i, i2, config.getLocalAddress() != null ? config.getLocalAddress().getHostAddress() : "", config.getRemoteAddress() != null ? config.getRemoteAddress().getHostAddress() : "", transformRecord.getSpiRecord(i2).getSpi());
            }
        } catch (ServiceSpecificException e) {
        }
    }

    public void closeUdpEncapsulationSocket(int i) throws RemoteException {
        releaseManagedResource(this.mUdpSocketRecords, i, "UdpEncapsulationSocket");
    }

    public synchronized IpSecTransformResponse createTransportModeTransform(IpSecConfig ipSecConfig, IBinder iBinder) throws RemoteException {
        IpSecTransformResponse ipSecTransformResponse;
        int andIncrement = mNextResourceId.getAndIncrement();
        SpiRecord[] spiRecordArr = new SpiRecord[DIRECTIONS.length];
        int i = 0;
        int i2 = 0;
        UdpSocketRecord udpSocketRecord = null;
        int encapType = ipSecConfig.getEncapType();
        if (encapType != 0) {
            udpSocketRecord = this.mUdpSocketRecords.get(ipSecConfig.getEncapLocalResourceId());
            i = udpSocketRecord.getPort();
            i2 = ipSecConfig.getEncapRemotePort();
        }
        for (int i3 : DIRECTIONS) {
            IpSecAlgorithm authentication = ipSecConfig.getAuthentication(i3);
            IpSecAlgorithm encryption = ipSecConfig.getEncryption(i3);
            spiRecordArr[i3] = this.mSpiRecords.get(ipSecConfig.getSpiResourceId(i3));
            try {
                getNetdInstance().ipSecAddSecurityAssociation(andIncrement, ipSecConfig.getMode(), i3, ipSecConfig.getLocalAddress() != null ? ipSecConfig.getLocalAddress().getHostAddress() : "", ipSecConfig.getRemoteAddress() != null ? ipSecConfig.getRemoteAddress().getHostAddress() : "", ipSecConfig.getNetwork() != null ? ipSecConfig.getNetwork().getNetworkHandle() : 0L, spiRecordArr[i3].getSpi(), authentication != null ? authentication.getName() : "", authentication != null ? authentication.getKey() : null, authentication != null ? authentication.getTruncationLengthBits() : 0, encryption != null ? encryption.getName() : "", encryption != null ? encryption.getKey() : null, encryption != null ? encryption.getTruncationLengthBits() : 0, encapType, i, i2);
            } catch (ServiceSpecificException e) {
                ipSecTransformResponse = new IpSecTransformResponse(1);
            }
        }
        this.mTransformRecords.put(andIncrement, new TransformRecord(andIncrement, iBinder, ipSecConfig, spiRecordArr, udpSocketRecord));
        ipSecTransformResponse = new IpSecTransformResponse(0, andIncrement);
        return ipSecTransformResponse;
    }

    public void deleteTransportModeTransform(int i) throws RemoteException {
        releaseManagedResource(this.mTransformRecords, i, "IpSecTransform");
    }

    protected void dump(FileDescriptor fileDescriptor, PrintWriter printWriter, String[] strArr) {
        this.mContext.enforceCallingOrSelfPermission("android.permission.DUMP", TAG);
        printWriter.println("IpSecService Log:");
        printWriter.println("NetdNativeService Connection: " + (isNetdAlive() ? "alive" : "dead"));
        printWriter.println();
    }

    INetd getNetdInstance() throws RemoteException {
        INetd netdService = NetdService.getInstance();
        if (netdService == null) {
            throw new RemoteException("Failed to Get Netd Instance");
        }
        return netdService;
    }

    synchronized boolean isNetdAlive() {
        boolean z = false;
        synchronized (this) {
            try {
                INetd netdInstance = getNetdInstance();
                if (netdInstance != null) {
                    z = netdInstance.isAlive();
                }
            } catch (RemoteException e) {
            }
        }
        return z;
    }

    public synchronized IpSecUdpEncapResponse openUdpEncapsulationSocket(int i, IBinder iBinder) throws RemoteException {
        IpSecUdpEncapResponse ipSecUdpEncapResponse;
        if (i != 0 && (i < 1024 || i > 65535)) {
            throw new IllegalArgumentException("Specified port number must be a valid non-reserved UDP port");
        }
        int andIncrement = mNextResourceId.getAndIncrement();
        FileDescriptor fileDescriptor = null;
        try {
            fileDescriptor = Os.socket(OsConstants.AF_INET, OsConstants.SOCK_DGRAM, OsConstants.IPPROTO_UDP);
            if (i != 0) {
                Log.v(TAG, "Binding to port " + i);
                Os.bind(fileDescriptor, INADDR_ANY, i);
            } else {
                bindToRandomPort(fileDescriptor);
            }
            Os.setsockoptInt(fileDescriptor, OsConstants.IPPROTO_UDP, OsConstants.UDP_ENCAP, OsConstants.UDP_ENCAP_ESPINUDP);
            this.mUdpSocketRecords.put(andIncrement, new UdpSocketRecord(andIncrement, iBinder, fileDescriptor, i));
            ipSecUdpEncapResponse = new IpSecUdpEncapResponse(0, andIncrement, i, fileDescriptor);
        } catch (ErrnoException e) {
            IoUtils.closeQuietly(fileDescriptor);
            ipSecUdpEncapResponse = new IpSecUdpEncapResponse(1);
            return ipSecUdpEncapResponse;
        } catch (IOException e2) {
            IoUtils.closeQuietly(fileDescriptor);
            ipSecUdpEncapResponse = new IpSecUdpEncapResponse(1);
            return ipSecUdpEncapResponse;
        }
        return ipSecUdpEncapResponse;
    }

    public void releaseSecurityParameterIndex(int i) throws RemoteException {
        releaseManagedResource(this.mSpiRecords, i, "SecurityParameterIndex");
    }

    public void removeTransportModeTransform(ParcelFileDescriptor parcelFileDescriptor, int i) throws RemoteException {
        try {
            getNetdInstance().ipSecRemoveTransportModeTransform(parcelFileDescriptor.getFileDescriptor());
        } catch (ServiceSpecificException e) {
        }
    }

    public synchronized IpSecSpiResponse reserveSecurityParameterIndex(int i, String str, int i2, IBinder iBinder) throws RemoteException {
        IpSecSpiResponse ipSecSpiResponse;
        int andIncrement = mNextResourceId.getAndIncrement();
        int i3 = 0;
        try {
            try {
                i3 = getNetdInstance().ipSecAllocateSpi(andIncrement, i, "", str, i2);
                Log.d(TAG, "Allocated SPI " + i3);
                this.mSpiRecords.put(andIncrement, new SpiRecord(andIncrement, iBinder, i, "", str, i3));
                ipSecSpiResponse = new IpSecSpiResponse(0, andIncrement, i3);
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
        } catch (ServiceSpecificException e2) {
            ipSecSpiResponse = new IpSecSpiResponse(2, 0, i3);
        }
        return ipSecSpiResponse;
    }

    public void systemReady() {
        if (isNetdAlive()) {
            Slog.d(TAG, "IpSecService is ready");
        } else {
            Slog.wtf(TAG, "IpSecService not ready: failed to connect to NetD Native Service!");
        }
    }
}
