package com.amazon.aws.argon.service.argonclient;

import android.content.Context;
import android.content.pm.PackageManager;
import android.net.VpnService;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.ParcelFileDescriptor;
import com.amazon.aws.argon.core.BuildConfig;
import com.amazon.aws.argon.crypto.CryptoToolException;
import com.amazon.aws.argon.crypto.CryptoTools;
import com.amazon.aws.argon.data.PersistentStore;
import com.amazon.aws.argon.data.argonclient.ArgonClientConfiguration;
import com.amazon.aws.argon.data.argonclient.ClientCertificateData;
import com.amazon.aws.argon.data.argonclient.DnsConfiguration;
import com.amazon.aws.argon.data.argonclient.TunnelSettings;
import com.amazon.aws.argon.logging.ArgonLogger;
import com.amazon.aws.argon.networking.DnsServerResolver;
import com.amazon.aws.argon.service.ApplicationState;
import com.amazon.aws.argon.service.nativeevents.NativeEventHandler;
import com.amazon.worklink.R;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import lombok.NonNull;

/* loaded from: classes.dex */
public class ArgonAndroidClient extends HandlerThread {
    private static final String TAG = ArgonAndroidClient.class.getSimpleName();
    private DnsConfiguration cachedDnsConfiguration;
    private final Context context;
    private final CryptoTools cryptoTools;
    private final DnsServerResolver dnsServerResolver;
    private final NativeEventHandler nativeEventHandler;
    private Long nativePointer;
    private final PersistentStore persistentStore;
    private long sessionCount;
    private AtomicBoolean started;
    private TunnelSettings tunnelSettings;
    private ParcelFileDescriptor vpnDescriptor;

    static {
        System.loadLibrary("argon_jni");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ArgonAndroidClient(@NonNull PersistentStore persistentStore, @NonNull Context context, CryptoTools cryptoTools, @NonNull DnsServerResolver dnsServerResolver, @NonNull NativeEventHandler nativeEventHandler) {
        super(TAG + "_" + System.currentTimeMillis());
        this.started = new AtomicBoolean(false);
        this.sessionCount = 0L;
        if (persistentStore == null) {
            throw new NullPointerException("persistentStore");
        }
        if (context == null) {
            throw new NullPointerException("context");
        }
        if (dnsServerResolver == null) {
            throw new NullPointerException("dnsServerResolver");
        }
        if (nativeEventHandler == null) {
            throw new NullPointerException("nativeEventHandler");
        }
        this.persistentStore = persistentStore;
        this.context = context;
        this.cryptoTools = cryptoTools;
        this.dnsServerResolver = dnsServerResolver;
        this.nativeEventHandler = nativeEventHandler;
        this.tunnelSettings = new TunnelSettings();
    }

    private int createFd(TunnelSettings tunnelSettings, VpnService vpnService, DnsConfiguration dnsConfiguration) {
        String str = tunnelSettings.getTunnelIps().get(0);
        if (str == null) {
            ArgonLogger.e(TAG, "Missing tunnel IP to enable Vpn.");
            throw new RuntimeException("Missing tunnel IP");
        }
        vpnService.getClass();
        VpnService.Builder builder = new VpnService.Builder(vpnService);
        StringBuilder sb = new StringBuilder("WorkLinkVpnService_");
        long j = this.sessionCount;
        this.sessionCount = 1 + j;
        String sb2 = sb.append(j).toString();
        ArgonLogger.i(TAG, "VPN session id: " + sb2);
        builder.setSession(sb2).addAddress(str, 32).addDnsServer(tunnelSettings.getArbiterIp()).addRoute(tunnelSettings.getArbiterIp(), 32).setMtu(2000).setBlocking(false);
        try {
            builder.addAllowedApplication("com.android.chrome");
            builder.addAllowedApplication(this.context.getPackageName());
            Iterator<String> it = dnsConfiguration.getDnsServers().iterator();
            while (it.hasNext()) {
                builder.addDnsServer(it.next());
            }
            ParcelFileDescriptor establish = builder.establish();
            this.vpnDescriptor = establish;
            return establish.getFd();
        } catch (PackageManager.NameNotFoundException e) {
            throw new RuntimeException("Adding allowed applications during vpn building contains an unknown package name");
        }
    }

    private ArgonClientConfiguration fetchArgonClientConfiguration() {
        try {
            ArgonClientConfiguration argonClientConfiguration = (ArgonClientConfiguration) this.persistentStore.retrieveObject(this.context.getString(R.string.argon_client_config_key), ArgonClientConfiguration.class);
            if (argonClientConfiguration != null) {
                return argonClientConfiguration;
            }
            ArgonLogger.e(TAG, "Argon settings are not persisted. This is a BUG!");
            throw new RuntimeException("Argon settings are not persisted. This is a BUG!");
        } catch (IOException e) {
            ArgonLogger.e(TAG, "Failed to retrieve argon settings.", e);
            throw new RuntimeException("Failed to retrieve argon settings.");
        }
    }

    private byte[] fetchCryptoKey() {
        try {
            byte[] retrieve = this.persistentStore.retrieve("argon_crypto");
            if (retrieve != null) {
                try {
                    byte[] decrypt = this.cryptoTools.decrypt(retrieve);
                    new StringBuilder("Key size: ").append(decrypt.length);
                    return decrypt;
                } catch (CryptoToolException e) {
                    ArgonLogger.e(TAG, "Could not decrypt passed in key.", e);
                    throw new RuntimeException(e);
                }
            }
            byte[] generateRandomKey = this.cryptoTools.generateRandomKey();
            new StringBuilder("Key size: ").append(generateRandomKey.length);
            try {
                try {
                    this.persistentStore.persist("argon_crypto", this.cryptoTools.encrypt(generateRandomKey));
                    return generateRandomKey;
                } catch (IOException e2) {
                    ArgonLogger.e(TAG, "Failed to store the new argon key.", e2);
                    throw new RuntimeException("Failed to store the new argon key.");
                }
            } catch (CryptoToolException e3) {
                ArgonLogger.e(TAG, "Could not encrypt generated key.", e3);
                throw new RuntimeException(e3);
            }
        } catch (IOException e4) {
            ArgonLogger.e(TAG, "Failed to load argon key.", e4);
            throw new RuntimeException("Failed to load argon key.");
        }
    }

    private String fetchJWTToken() {
        String string = this.context.getString(R.string.argon_client_jwt_key);
        try {
            byte[] retrieve = this.persistentStore.retrieve(string);
            this.persistentStore.deleteFile(string);
            return retrieve == null ? BuildConfig.FLAVOR : new String(retrieve, StandardCharsets.UTF_8);
        } catch (IOException e) {
            ArgonLogger.e(TAG, "Failed to read JWT token.", e);
            throw new RuntimeException("Failed to read JWT token.");
        }
    }

    private native int getClientState(long j);

    private native long loadArgonClient(ArgonClientConfiguration argonClientConfiguration, byte[] bArr, String str, String str2, DnsConfiguration dnsConfiguration);

    private void replaceTunnel(@NonNull VpnService vpnService, @NonNull TunnelSettings tunnelSettings, @NonNull DnsConfiguration dnsConfiguration) {
        if (vpnService == null) {
            throw new NullPointerException("vpnService");
        }
        if (tunnelSettings == null) {
            throw new NullPointerException("tunnelSettings");
        }
        if (dnsConfiguration == null) {
            throw new NullPointerException("dnsConfiguration");
        }
        if (this.started.get()) {
            ParcelFileDescriptor parcelFileDescriptor = this.vpnDescriptor;
            updateTunnelFD(this.nativePointer.longValue(), createFd(tunnelSettings, vpnService, dnsConfiguration), dnsConfiguration);
            try {
                parcelFileDescriptor.close();
            } catch (IOException e) {
                ArgonLogger.e(TAG, "Failed to close the previous vpn FD. This may cause connectivity issues.");
            }
        }
    }

    private native void requestArgonToken(long j, int i);

    private native void requestTunnelSettings(long j, TunnelSettings tunnelSettings);

    private native void setClientCertData(long j, ClientCertificateData clientCertificateData);

    private native void startVpn(long j, int i);

    private native void stopVpn(long j);

    private native void updateTunnelFD(long j, int i, DnsConfiguration dnsConfiguration);

    public ApplicationState getClientState() {
        if (this.nativePointer == null) {
            return ApplicationState.NATIVE_CLIENT_NOT_AVAILABLE;
        }
        ApplicationState from = ApplicationState.from(getClientState(this.nativePointer.longValue()));
        new StringBuilder("ApplicationState: ").append(from);
        return from;
    }

    public void handleArgonClientCallback(int i, String str) {
        MessageFormat.format("Received jcallback: {0} with callbackType {1}", str, Integer.valueOf(i));
        this.nativeEventHandler.processEvent(i, str);
    }

    public boolean isVpnStarted() {
        return this.started.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ void lambda$startVpn$0$ArgonAndroidClient() {
        this.cachedDnsConfiguration = this.dnsServerResolver.getDnsConfiguration();
        ArgonClientConfiguration fetchArgonClientConfiguration = fetchArgonClientConfiguration();
        byte[] fetchCryptoKey = fetchCryptoKey();
        String fetchJWTToken = fetchJWTToken();
        new StringBuilder("loadArgonClient with: ").append(fetchArgonClientConfiguration.toString()).append(" AND ").append(this.cachedDnsConfiguration.toString());
        this.nativePointer = Long.valueOf(loadArgonClient(fetchArgonClientConfiguration, fetchCryptoKey, fetchJWTToken, com.amazon.aws.argon.BuildConfig.VERSION_NAME, this.cachedDnsConfiguration));
        requestTunnelSettings(this.nativePointer.longValue(), this.tunnelSettings);
        new StringBuilder("Tunnel Settings:").append(this.tunnelSettings);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ void lambda$startVpn$1$ArgonAndroidClient(VpnService vpnService) {
        if (!this.tunnelSettings.isValid()) {
            ArgonLogger.e(TAG, "VPN was not started due to invalid tunnel settings: " + this.tunnelSettings);
        } else {
            startVpn(this.nativePointer.longValue(), createFd(this.tunnelSettings, vpnService, this.cachedDnsConfiguration));
            ArgonLogger.i(TAG, "Tunnel has been completely stopped.");
        }
    }

    public void requestArgonToken(int i) {
        requestArgonToken(this.nativePointer.longValue(), i);
    }

    public void setClientCertData(@NonNull ClientCertificateData clientCertificateData) {
        if (clientCertificateData == null) {
            throw new NullPointerException("mdmData");
        }
        new StringBuilder("setClientCertData: ").append(clientCertificateData.getCertChain().size());
        setClientCertData(this.nativePointer.longValue(), clientCertificateData);
    }

    public void startVpn(@NonNull final VpnService vpnService) {
        if (vpnService == null) {
            throw new NullPointerException("vpnService");
        }
        this.started.set(true);
        start();
        Handler handler = new Handler(getLooper());
        handler.post(new Runnable(this) { // from class: com.amazon.aws.argon.service.argonclient.ArgonAndroidClient$$Lambda$0
            private final ArgonAndroidClient arg$1;

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                this.arg$1 = this;
            }

            @Override // java.lang.Runnable
            public final void run() {
                this.arg$1.lambda$startVpn$0$ArgonAndroidClient();
            }
        });
        handler.post(new Runnable(this, vpnService) { // from class: com.amazon.aws.argon.service.argonclient.ArgonAndroidClient$$Lambda$1
            private final ArgonAndroidClient arg$1;
            private final VpnService arg$2;

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                this.arg$1 = this;
                this.arg$2 = vpnService;
            }

            @Override // java.lang.Runnable
            public final void run() {
                this.arg$1.lambda$startVpn$1$ArgonAndroidClient(this.arg$2);
            }
        });
    }

    public void stopVpn() {
        if (!this.started.compareAndSet(true, false)) {
            ArgonLogger.e(TAG, "stopVpn was called but we are not started.");
            return;
        }
        if (this.nativePointer != null) {
            stopVpn(this.nativePointer.longValue());
            this.nativePointer = null;
        }
        if (this.vpnDescriptor != null) {
            try {
                this.vpnDescriptor.close();
            } catch (IOException e) {
                ArgonLogger.e(TAG, "Failed to close the VPN descriptor. Ignoring it.", e);
            } finally {
                this.vpnDescriptor = null;
            }
        }
        quit();
    }

    public void updateDnsServers(@NonNull VpnService vpnService, @NonNull DnsConfiguration dnsConfiguration) {
        if (vpnService == null) {
            throw new NullPointerException("vpnService");
        }
        if (dnsConfiguration == null) {
            throw new NullPointerException("dnsConfiguration");
        }
        List<String> dnsServers = dnsConfiguration.getDnsServers();
        if (this.cachedDnsConfiguration != null && dnsServers.size() == this.cachedDnsConfiguration.getDnsServers().size() && dnsServers.containsAll(this.cachedDnsConfiguration.getDnsServers())) {
            return;
        }
        this.cachedDnsConfiguration = dnsConfiguration;
        replaceTunnel(vpnService, this.tunnelSettings, dnsConfiguration);
    }

    public void updateTunnelSettings(@NonNull VpnService vpnService, @NonNull TunnelSettings tunnelSettings) {
        if (vpnService == null) {
            throw new NullPointerException("vpnService");
        }
        if (tunnelSettings == null) {
            throw new NullPointerException("tunnelSettings");
        }
        this.tunnelSettings = tunnelSettings;
        replaceTunnel(vpnService, tunnelSettings, this.cachedDnsConfiguration);
    }
}
