package android.net;

import android.Manifest;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.content.Context;
import android.inputmethodservice.navigationbar.NavigationBarInflaterView;
import android.net.connectivity.com.android.modules.utils.build.SdkLevel;
import android.os.Binder;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.system.ErrnoException;
import android.system.OsConstants;
import android.util.AndroidException;
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
import dalvik.system.CloseGuard;
import java.io.FileDescriptor;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.Socket;
import java.util.Objects;

/* loaded from: input_file:android/net/IpSecManager.class */
public class IpSecManager {
    private static final String TAG = "IpSecManager";
    public static final String FEATURE_IPSEC_TUNNEL_MIGRATION = "android.software.ipsec_tunnel_migration";
    public static final int DIRECTION_IN = 0;
    public static final int DIRECTION_OUT = 1;

    @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
    public static final int DIRECTION_FWD = 2;
    public static final int INVALID_SECURITY_PARAMETER_INDEX = 0;
    public static final int INVALID_RESOURCE_ID = -1;
    private final Context mContext;
    private final IIpSecService mService;

    @SystemApi
    /* loaded from: input_file:android/net/IpSecManager$IpSecTunnelInterface.class */
    public static class IpSecTunnelInterface implements AutoCloseable {
        private final String mOpPackageName;
        private final IIpSecService mService;
        private final InetAddress mRemoteAddress;
        private final InetAddress mLocalAddress;
        private final Network mUnderlyingNetwork;
        private final CloseGuard mCloseGuard = CloseGuard.get();
        private String mInterfaceName;
        private int mResourceId;

        public String getInterfaceName() {
            return this.mInterfaceName;
        }

        @SystemApi
        @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
        public void addAddress(InetAddress inetAddress, int i) throws IOException {
            try {
                this.mService.addAddressToTunnelInterface(this.mResourceId, new LinkAddress(inetAddress, i), this.mOpPackageName);
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            } catch (ServiceSpecificException e2) {
                throw IpSecManager.rethrowCheckedExceptionFromServiceSpecificException(e2);
            }
        }

        @SystemApi
        @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
        public void removeAddress(InetAddress inetAddress, int i) throws IOException {
            try {
                this.mService.removeAddressFromTunnelInterface(this.mResourceId, new LinkAddress(inetAddress, i), this.mOpPackageName);
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            } catch (ServiceSpecificException e2) {
                throw IpSecManager.rethrowCheckedExceptionFromServiceSpecificException(e2);
            }
        }

        @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
        public void setUnderlyingNetwork(Network network) throws IOException {
            try {
                this.mService.setNetworkForTunnelInterface(this.mResourceId, network, this.mOpPackageName);
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
        }

        private IpSecTunnelInterface(Context context, IIpSecService iIpSecService, InetAddress inetAddress, InetAddress inetAddress2, Network network) throws ResourceUnavailableException, IOException {
            this.mResourceId = -1;
            this.mOpPackageName = context.getOpPackageName();
            this.mService = iIpSecService;
            this.mLocalAddress = inetAddress;
            this.mRemoteAddress = inetAddress2;
            this.mUnderlyingNetwork = network;
            try {
                IpSecTunnelInterfaceResponse createTunnelInterface = this.mService.createTunnelInterface(inetAddress.getHostAddress(), inetAddress2.getHostAddress(), network, new Binder(), this.mOpPackageName);
                switch (createTunnelInterface.status) {
                    case 0:
                        this.mResourceId = createTunnelInterface.resourceId;
                        this.mInterfaceName = createTunnelInterface.interfaceName;
                        this.mCloseGuard.open("close");
                        return;
                    case 1:
                        throw new ResourceUnavailableException("No more tunnel interfaces may be allocated by this requester.");
                    default:
                        throw new RuntimeException("Unknown status returned by IpSecService: " + createTunnelInterface.status);
                }
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            try {
                try {
                    this.mService.deleteTunnelInterface(this.mResourceId, this.mOpPackageName);
                    this.mResourceId = -1;
                    this.mCloseGuard.close();
                } catch (RemoteException e) {
                    throw e.rethrowFromSystemServer();
                } catch (Exception e2) {
                    Log.e(IpSecManager.TAG, "Failed to close " + this + ", Exception=" + e2);
                    this.mResourceId = -1;
                    this.mCloseGuard.close();
                }
            } catch (Throwable th) {
                this.mResourceId = -1;
                this.mCloseGuard.close();
                throw th;
            }
        }

        protected void finalize() throws Throwable {
            if (this.mCloseGuard != null) {
                this.mCloseGuard.warnIfOpen();
            }
            close();
        }

        @VisibleForTesting
        public int getResourceId() {
            return this.mResourceId;
        }

        public String toString() {
            return "IpSecTunnelInterface{ifname=" + this.mInterfaceName + ",resourceId=" + this.mResourceId + "}";
        }
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: input_file:android/net/IpSecManager$PolicyDirection.class */
    public @interface PolicyDirection {
    }

    /* loaded from: input_file:android/net/IpSecManager$ResourceUnavailableException.class */
    public static class ResourceUnavailableException extends AndroidException {
        /* JADX INFO: Access modifiers changed from: package-private */
        public ResourceUnavailableException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:android/net/IpSecManager$SecurityParameterIndex.class */
    public static class SecurityParameterIndex implements AutoCloseable {
        private final IIpSecService mService;
        private final InetAddress mDestinationAddress;
        private final CloseGuard mCloseGuard = CloseGuard.get();
        private int mSpi;
        private int mResourceId;

        public int getSpi() {
            return this.mSpi;
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            try {
                try {
                    try {
                        this.mService.releaseSecurityParameterIndex(this.mResourceId);
                        this.mResourceId = -1;
                        this.mCloseGuard.close();
                    } catch (RemoteException e) {
                        throw e.rethrowFromSystemServer();
                    }
                } catch (Exception e2) {
                    Log.e(IpSecManager.TAG, "Failed to close " + this + ", Exception=" + e2);
                    this.mResourceId = -1;
                    this.mCloseGuard.close();
                }
            } catch (Throwable th) {
                this.mResourceId = -1;
                this.mCloseGuard.close();
                throw th;
            }
        }

        protected void finalize() throws Throwable {
            if (this.mCloseGuard != null) {
                this.mCloseGuard.warnIfOpen();
            }
            close();
        }

        private SecurityParameterIndex(IIpSecService iIpSecService, InetAddress inetAddress, int i) throws ResourceUnavailableException, SpiUnavailableException {
            this.mSpi = 0;
            this.mResourceId = -1;
            this.mService = iIpSecService;
            this.mDestinationAddress = inetAddress;
            try {
                IpSecSpiResponse allocateSecurityParameterIndex = this.mService.allocateSecurityParameterIndex(inetAddress.getHostAddress(), i, new Binder());
                if (allocateSecurityParameterIndex == null) {
                    throw new NullPointerException("Received null response from IpSecService");
                }
                int i2 = allocateSecurityParameterIndex.status;
                switch (i2) {
                    case 0:
                        this.mSpi = allocateSecurityParameterIndex.spi;
                        this.mResourceId = allocateSecurityParameterIndex.resourceId;
                        if (this.mSpi == 0) {
                            throw new RuntimeException("Invalid SPI returned by IpSecService: " + i2);
                        }
                        if (this.mResourceId == -1) {
                            throw new RuntimeException("Invalid Resource ID returned by IpSecService: " + i2);
                        }
                        this.mCloseGuard.open("close");
                        return;
                    case 1:
                        throw new ResourceUnavailableException("No more SPIs may be allocated by this requester.");
                    case 2:
                        throw new SpiUnavailableException("Requested SPI is unavailable", i);
                    default:
                        throw new RuntimeException("Unknown status returned by IpSecService: " + i2);
                }
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
        }

        @VisibleForTesting
        public int getResourceId() {
            return this.mResourceId;
        }

        public String toString() {
            return "SecurityParameterIndex{spi=" + this.mSpi + ",resourceId=" + this.mResourceId + "}";
        }
    }

    /* loaded from: input_file:android/net/IpSecManager$SpiUnavailableException.class */
    public static class SpiUnavailableException extends AndroidException {
        private final int mSpi;

        SpiUnavailableException(String str, int i) {
            super(str + " (spi: " + i + NavigationBarInflaterView.KEY_CODE_END);
            this.mSpi = i;
        }

        public int getSpi() {
            return this.mSpi;
        }
    }

    /* loaded from: input_file:android/net/IpSecManager$Status.class */
    public interface Status {
        public static final int OK = 0;
        public static final int RESOURCE_UNAVAILABLE = 1;
        public static final int SPI_UNAVAILABLE = 2;
    }

    /* loaded from: input_file:android/net/IpSecManager$UdpEncapsulationSocket.class */
    public static class UdpEncapsulationSocket implements AutoCloseable {
        private final ParcelFileDescriptor mPfd;
        private final IIpSecService mService;
        private int mResourceId;
        private final int mPort;
        private final CloseGuard mCloseGuard = CloseGuard.get();

        private UdpEncapsulationSocket(IIpSecService iIpSecService, int i) throws ResourceUnavailableException, IOException {
            this.mResourceId = -1;
            this.mService = iIpSecService;
            try {
                IpSecUdpEncapResponse openUdpEncapsulationSocket = this.mService.openUdpEncapsulationSocket(i, new Binder());
                switch (openUdpEncapsulationSocket.status) {
                    case 0:
                        this.mResourceId = openUdpEncapsulationSocket.resourceId;
                        this.mPort = openUdpEncapsulationSocket.port;
                        this.mPfd = openUdpEncapsulationSocket.fileDescriptor;
                        this.mCloseGuard.open("close");
                        return;
                    case 1:
                        throw new ResourceUnavailableException("No more Sockets may be allocated by this requester.");
                    default:
                        throw new RuntimeException("Unknown status returned by IpSecService: " + openUdpEncapsulationSocket.status);
                }
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
        }

        public FileDescriptor getFileDescriptor() {
            if (this.mPfd == null) {
                return null;
            }
            return this.mPfd.getFileDescriptor();
        }

        public int getPort() {
            return this.mPort;
        }

        @Override // java.lang.AutoCloseable
        public void close() throws IOException {
            try {
                try {
                    this.mService.closeUdpEncapsulationSocket(this.mResourceId);
                    this.mResourceId = -1;
                    this.mResourceId = -1;
                    this.mCloseGuard.close();
                } catch (RemoteException e) {
                    throw e.rethrowFromSystemServer();
                } catch (Exception e2) {
                    Log.e(IpSecManager.TAG, "Failed to close " + this + ", Exception=" + e2);
                    this.mResourceId = -1;
                    this.mCloseGuard.close();
                }
                try {
                    this.mPfd.close();
                } catch (IOException e3) {
                    Log.e(IpSecManager.TAG, "Failed to close UDP Encapsulation Socket with Port= " + this.mPort);
                    throw e3;
                }
            } catch (Throwable th) {
                this.mResourceId = -1;
                this.mCloseGuard.close();
                throw th;
            }
        }

        protected void finalize() throws Throwable {
            if (this.mCloseGuard != null) {
                this.mCloseGuard.warnIfOpen();
            }
            close();
        }

        @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
        public int getResourceId() {
            return this.mResourceId;
        }

        public String toString() {
            return "UdpEncapsulationSocket{port=" + this.mPort + ",resourceId=" + this.mResourceId + "}";
        }
    }

    public SecurityParameterIndex allocateSecurityParameterIndex(InetAddress inetAddress) throws ResourceUnavailableException {
        try {
            return new SecurityParameterIndex(this.mService, inetAddress, 0);
        } catch (SpiUnavailableException e) {
            throw new ResourceUnavailableException("No SPIs available");
        } catch (ServiceSpecificException e2) {
            throw rethrowUncheckedExceptionFromServiceSpecificException(e2);
        }
    }

    public SecurityParameterIndex allocateSecurityParameterIndex(InetAddress inetAddress, int i) throws SpiUnavailableException, ResourceUnavailableException {
        if (i == 0) {
            throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");
        }
        try {
            return new SecurityParameterIndex(this.mService, inetAddress, i);
        } catch (ServiceSpecificException e) {
            throw rethrowUncheckedExceptionFromServiceSpecificException(e);
        }
    }

    public void applyTransportModeTransform(Socket socket, int i, IpSecTransform ipSecTransform) throws IOException {
        socket.getSoLinger();
        applyTransportModeTransform(socket.getFileDescriptor$(), i, ipSecTransform);
    }

    public void applyTransportModeTransform(DatagramSocket datagramSocket, int i, IpSecTransform ipSecTransform) throws IOException {
        applyTransportModeTransform(datagramSocket.getFileDescriptor$(), i, ipSecTransform);
    }

    public void applyTransportModeTransform(FileDescriptor fileDescriptor, int i, IpSecTransform ipSecTransform) throws IOException {
        try {
            ParcelFileDescriptor dup = ParcelFileDescriptor.dup(fileDescriptor);
            try {
                this.mService.applyTransportModeTransform(dup, i, ipSecTransform.getResourceId());
                if (dup != null) {
                    dup.close();
                }
            } finally {
            }
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        } catch (ServiceSpecificException e2) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e2);
        }
    }

    public void removeTransportModeTransforms(Socket socket) throws IOException {
        socket.getSoLinger();
        removeTransportModeTransforms(socket.getFileDescriptor$());
    }

    public void removeTransportModeTransforms(DatagramSocket datagramSocket) throws IOException {
        removeTransportModeTransforms(datagramSocket.getFileDescriptor$());
    }

    public void removeTransportModeTransforms(FileDescriptor fileDescriptor) throws IOException {
        try {
            ParcelFileDescriptor dup = ParcelFileDescriptor.dup(fileDescriptor);
            try {
                this.mService.removeTransportModeTransforms(dup);
                if (dup != null) {
                    dup.close();
                }
            } finally {
            }
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        } catch (ServiceSpecificException e2) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e2);
        }
    }

    public void removeTunnelModeTransform(Network network, IpSecTransform ipSecTransform) {
    }

    public UdpEncapsulationSocket openUdpEncapsulationSocket(int i) throws IOException, ResourceUnavailableException {
        if (i == 0) {
            throw new IllegalArgumentException("Specified port must be a valid port number!");
        }
        try {
            return new UdpEncapsulationSocket(this.mService, i);
        } catch (ServiceSpecificException e) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e);
        }
    }

    public UdpEncapsulationSocket openUdpEncapsulationSocket() throws IOException, ResourceUnavailableException {
        try {
            return new UdpEncapsulationSocket(this.mService, 0);
        } catch (ServiceSpecificException e) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e);
        }
    }

    @SystemApi
    @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
    public IpSecTunnelInterface createIpSecTunnelInterface(InetAddress inetAddress, InetAddress inetAddress2, Network network) throws ResourceUnavailableException, IOException {
        try {
            return new IpSecTunnelInterface(this.mContext, this.mService, inetAddress, inetAddress2, network);
        } catch (ServiceSpecificException e) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e);
        }
    }

    @SystemApi
    @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
    public void applyTunnelModeTransform(IpSecTunnelInterface ipSecTunnelInterface, int i, IpSecTransform ipSecTransform) throws IOException {
        try {
            this.mService.applyTunnelModeTransform(ipSecTunnelInterface.getResourceId(), i, ipSecTransform.getResourceId(), this.mContext.getOpPackageName());
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        } catch (ServiceSpecificException e2) {
            throw rethrowCheckedExceptionFromServiceSpecificException(e2);
        }
    }

    @SystemApi
    @RequiresPermission(Manifest.permission.MANAGE_IPSEC_TUNNELS)
    public void startTunnelModeTransformMigration(IpSecTransform ipSecTransform, InetAddress inetAddress, InetAddress inetAddress2) {
        if (!SdkLevel.isAtLeastU()) {
            throw new UnsupportedOperationException("Transform migration only supported for Android 14+");
        }
        Objects.requireNonNull(ipSecTransform, "transform was null");
        Objects.requireNonNull(inetAddress, "newSourceAddress was null");
        Objects.requireNonNull(inetAddress2, "newDestinationAddress was null");
        try {
            this.mService.migrateTransform(ipSecTransform.getResourceId(), inetAddress.getHostAddress(), inetAddress2.getHostAddress(), this.mContext.getOpPackageName());
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    public IpSecTransformResponse createTransform(IpSecConfig ipSecConfig, IBinder iBinder, String str) {
        try {
            return this.mService.createTransform(ipSecConfig, iBinder, str);
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    public void deleteTransform(int i) {
        try {
            this.mService.deleteTransform(i);
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    public IpSecManager(Context context, IIpSecService iIpSecService) {
        this.mContext = context;
        this.mService = (IIpSecService) Objects.requireNonNull(iIpSecService, "missing service");
    }

    private static void maybeHandleServiceSpecificException(ServiceSpecificException serviceSpecificException) {
        if (serviceSpecificException.errorCode == OsConstants.EINVAL) {
            throw new IllegalArgumentException(serviceSpecificException);
        }
        if (serviceSpecificException.errorCode == OsConstants.EAGAIN) {
            throw new IllegalStateException(serviceSpecificException);
        }
        if (serviceSpecificException.errorCode == OsConstants.EOPNOTSUPP || serviceSpecificException.errorCode == OsConstants.EPROTONOSUPPORT) {
            throw new UnsupportedOperationException(serviceSpecificException);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RuntimeException rethrowUncheckedExceptionFromServiceSpecificException(ServiceSpecificException serviceSpecificException) {
        maybeHandleServiceSpecificException(serviceSpecificException);
        throw new RuntimeException(serviceSpecificException);
    }

    static IOException rethrowCheckedExceptionFromServiceSpecificException(ServiceSpecificException serviceSpecificException) throws IOException {
        maybeHandleServiceSpecificException(serviceSpecificException);
        throw new ErrnoException("IpSec encountered errno=" + serviceSpecificException.errorCode, serviceSpecificException.errorCode).rethrowAsIOException();
    }
}
