package org.outline.vpn;

import android.net.ConnectivityManager;
import android.net.Network;
import android.net.VpnService;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import okhttp3.internal.ws.WebSocketProtocol;
import org.apache.commons.net.util.SubnetUtils;
import shadowsocks.Client;
import tun2socks.Tun2socks;
import tun2socks.Tunnel;

/* loaded from: classes3.dex */
public class VpnTunnel {
    private static final String PRIVATE_LAN_BYPASS_SUBNETS_ID = "reserved_bypass_subnets";
    private static final int VPN_INTERFACE_MTU = 1500;
    private static final int VPN_INTERFACE_PREFIX_LENGTH = 24;
    private static final String VPN_INTERFACE_PRIVATE_LAN = "10.111.222.%s";
    private String dnsResolverAddress;
    private ParcelFileDescriptor tunFd;
    private Tunnel tunnel;
    private final VpnTunnelService vpnService;
    private static final Logger LOG = Logger.getLogger(VpnTunnel.class.getName());
    private static final String[] DNS_RESOLVER_IP_ADDRESSES = {"208.67.222.222", "208.67.220.220", "1.1.1.1", "9.9.9.9"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class Subnet {
        public String address;
        public String cidr;
        public int prefix;

        public Subnet(String str, String str2, int i) {
            this.address = str2;
            this.prefix = i;
            this.cidr = str;
        }

        public static Subnet parse(String str) throws IllegalArgumentException {
            if (str == null) {
                throw new IllegalArgumentException("Must provide a subnet string");
            }
            String[] split = str.split("/", 2);
            if (split.length == 2) {
                return new Subnet(str, split[0], Integer.parseInt(split[1]));
            }
            throw new IllegalArgumentException("Malformed subnet string");
        }
    }

    public VpnTunnel(VpnTunnelService vpnTunnelService) {
        if (vpnTunnelService == null) {
            throw new IllegalArgumentException("Must provide a VPN service instance");
        }
        this.vpnService = vpnTunnelService;
    }

    private String getHighAddress(String str) {
        return new SubnetUtils(str).getInfo().getHighAddress();
    }

    private String getLowAddress(String str) {
        return new SubnetUtils(str).getInfo().getLowAddress();
    }

    private String getNextIPAddress(String str) {
        String[] split = str.split("\\.");
        int parseInt = (Integer.parseInt(split[3]) | (Integer.parseInt(split[0]) << 24) | (Integer.parseInt(split[2]) << 8) | (Integer.parseInt(split[1]) << 16)) + 1;
        if (((byte) parseInt) == -1) {
            parseInt++;
        }
        return String.format("%d.%d.%d.%d", Integer.valueOf((parseInt >>> 24) & 255), Integer.valueOf((parseInt >> 16) & 255), Integer.valueOf((parseInt >> 8) & 255), Integer.valueOf((parseInt >> 0) & 255));
    }

    private String getPreviousIPAddress(String str) {
        String[] split = str.split("\\.");
        if (split.length != 4) {
            throw new IllegalArgumentException("Invalid IPv4 address format.");
        }
        int[] iArr = new int[4];
        for (int i = 0; i < 4; i++) {
            int parseInt = Integer.parseInt(split[i]);
            iArr[i] = parseInt;
            if (parseInt < 0 || parseInt > 255) {
                throw new IllegalArgumentException("Invalid IP address component: " + split[i]);
            }
        }
        int i2 = ((((iArr[0] << 24) | (iArr[1] << 16)) | (iArr[2] << 8)) | iArr[3]) - 1;
        if (i2 < 0) {
            throw new IllegalArgumentException("Cannot calculate previous IP address for 0.0.0.0");
        }
        int[] iArr2 = new int[4];
        for (int i3 = 3; i3 >= 0; i3--) {
            iArr2[i3] = i2 & 255;
            i2 >>= 8;
        }
        return String.format("%d.%d.%d.%d", Integer.valueOf(iArr2[0]), Integer.valueOf(iArr2[1]), Integer.valueOf(iArr2[2]), Integer.valueOf(iArr2[3]));
    }

    private ArrayList<Subnet> getReservedBypassSubnets(String str) {
        String[] stringArray = this.vpnService.getResources().getStringArray(this.vpnService.getResourceId(PRIVATE_LAN_BYPASS_SUBNETS_ID, "array"));
        ArrayList<Subnet> arrayList = new ArrayList<>(stringArray.length);
        for (String str2 : stringArray) {
            try {
                if (isInRange(str2, str)) {
                    Iterator<String> it = range2cidrlist(getLowAddress(str2), getPreviousIPAddress(str)).iterator();
                    while (it.hasNext()) {
                        arrayList.add(Subnet.parse(it.next()));
                    }
                    Iterator<String> it2 = range2cidrlist(getNextIPAddress(str), getHighAddress(str2)).iterator();
                    while (it2.hasNext()) {
                        arrayList.add(Subnet.parse(it2.next()));
                    }
                } else {
                    arrayList.add(Subnet.parse(str2));
                }
            } catch (Exception unused) {
                LOG.warning(String.format(Locale.ROOT, "Failed to parse subnet: %s", str2));
            }
        }
        return arrayList;
    }

    private long ipToLong(String str) {
        String[] split = str.split("\\.");
        long j = 0;
        for (int i = 0; i < 4; i++) {
            j += Long.valueOf(split[i]).longValue() << ((3 - i) * 8);
        }
        return j;
    }

    private boolean isInRange(String str, String str2) {
        SubnetUtils.SubnetInfo info = new SubnetUtils(str).getInfo();
        int asInteger = info.asInteger(str2);
        return info.asInteger(info.getLowAddress()) <= asInteger && asInteger <= info.asInteger(info.getHighAddress());
    }

    private boolean isTunnelConnected() {
        Tunnel tunnel = this.tunnel;
        return tunnel != null && tunnel.isConnected();
    }

    private String longToIP(long j) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(j >>> 24).append(".").append((16777215 & j) >>> 16).append(".").append(String.valueOf((WebSocketProtocol.PAYLOAD_SHORT_MAX & j) >>> 8)).append(".").append(String.valueOf(j & 255));
        return stringBuffer.toString();
    }

    private List<String> range2cidrlist(String str, String str2) {
        ArrayList arrayList = null;
        if (str != null && str.length() >= 8 && str2 != null && str2.length() >= 8) {
            long ipToLong = ipToLong(str);
            long ipToLong2 = ipToLong(str2);
            if (ipToLong > ipToLong2) {
                return null;
            }
            arrayList = new ArrayList();
            while (ipToLong <= ipToLong2) {
                arrayList.add(longToIP(ipToLong) + "/" + Math.max(32 - ((int) Math.floor(Math.log((ipToLong2 - ipToLong) + 1) / Math.log(2.0d))), 32 - ((int) (Math.log((-ipToLong) & ipToLong) / Math.log(2.0d)))));
                ipToLong = (long) (ipToLong + Math.pow(2.0d, 32 - r3));
            }
        }
        return arrayList;
    }

    private String selectDnsResolverAddress() {
        String[] strArr = DNS_RESOLVER_IP_ADDRESSES;
        return strArr[new Random().nextInt(strArr.length)];
    }

    public synchronized void connectTunnel(Client client, boolean z) throws Exception {
        Logger logger = LOG;
        logger.info("Connecting the tunnel.");
        if (client == null) {
            logger.log(Level.SEVERE, "Must provide a Shadowsocks client.");
            throw new IllegalArgumentException("Must provide a Shadowsocks client.");
        }
        if (this.tunFd == null) {
            logger.log(Level.SEVERE, "Must establish the VPN before connecting the tunnel.");
            throw new IllegalStateException("Must establish the VPN before connecting the tunnel.");
        }
        if (isTunnelConnected()) {
            logger.log(Level.SEVERE, "Tunnel already connected");
            throw new IllegalStateException("Tunnel already connected");
        }
        logger.info("Starting tun2socks...");
        this.tunnel = Tun2socks.connectShadowsocksTunnel(this.tunFd.getFd(), client, z);
    }

    public synchronized void disconnectTunnel() {
        LOG.info("Disconnecting the tunnel.");
        if (isTunnelConnected()) {
            this.tunnel.disconnect();
            this.tunnel = null;
        }
    }

    public synchronized boolean establishVpn(String str) {
        ParcelFileDescriptor establish;
        LOG.info("Establishing the VPN.");
        try {
            this.dnsResolverAddress = selectDnsResolverAddress();
            VpnService.Builder addAllowedApplication = this.vpnService.newBuilder().setSession(this.vpnService.getApplicationName()).setMtu(1500).addAddress(String.format(Locale.ROOT, VPN_INTERFACE_PRIVATE_LAN, "1"), 24).addDnsServer(this.dnsResolverAddress).setBlocking(true).addAllowedApplication(this.vpnService.getPackageName());
            addAllowedApplication.setUnderlyingNetworks(new Network[]{((ConnectivityManager) this.vpnService.getSystemService(ConnectivityManager.class)).getActiveNetwork()});
            if (Build.VERSION.SDK_INT >= 29) {
                addAllowedApplication.setMetered(false);
            }
            Iterator<Subnet> it = getReservedBypassSubnets(str).iterator();
            while (it.hasNext()) {
                Subnet next = it.next();
                if (isInRange(next.cidr, str)) {
                    LOG.info(String.format(Locale.ROOT, "IP %s is in range: %s", str, next.cidr));
                } else {
                    LOG.info(String.format(Locale.ROOT, "IP %s is not in range: %s", str, next.cidr));
                }
                addAllowedApplication.addRoute(next.address, next.prefix);
            }
            establish = addAllowedApplication.establish();
            this.tunFd = establish;
        } catch (Exception e) {
            LOG.log(Level.SEVERE, "Failed to establish the VPN", (Throwable) e);
            return false;
        }
        return establish != null;
    }

    public synchronized void tearDownVpn() {
        LOG.info("Tearing down the VPN.");
        ParcelFileDescriptor parcelFileDescriptor = this.tunFd;
        if (parcelFileDescriptor == null) {
            return;
        }
        try {
            try {
                parcelFileDescriptor.close();
            } catch (IOException unused) {
                LOG.severe("Failed to close the VPN interface file descriptor.");
            }
        } finally {
            this.tunFd = null;
        }
    }

    public synchronized boolean updateUDPSupport() {
        if (!isTunnelConnected()) {
            return false;
        }
        return this.tunnel.updateUDPSupport();
    }
}
