package org.outline.vpn;

import android.net.ConnectivityManager;
import android.net.Network;
import android.net.VpnService;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Locale;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import tun2socks.OutlineTunnel;
import tun2socks.Tun2socks;

/* loaded from: classes.dex */
public class VpnTunnel {
    private static final String PRIVATE_LAN_BYPASS_SUBNETS_ID = "reserved_bypass_subnets";
    private static final int VPN_INTERFACE_MTU = 1500;
    private static final int VPN_INTERFACE_PREFIX_LENGTH = 24;
    private static final String VPN_INTERFACE_PRIVATE_LAN = "10.111.222.%s";
    private String dnsResolverAddress;
    private ParcelFileDescriptor tunFd;
    private OutlineTunnel tunnel;
    private final VpnTunnelService vpnService;
    private static final Logger LOG = Logger.getLogger(VpnTunnel.class.getName());
    private static final String[] DNS_RESOLVER_IP_ADDRESSES = {"208.67.222.222", "208.67.220.220", "1.1.1.1", "9.9.9.9"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Subnet {
        public String address;
        public int prefix;

        public Subnet(String str, int i) {
            this.address = str;
            this.prefix = i;
        }

        public static Subnet parse(String str) throws IllegalArgumentException {
            if (str == null) {
                throw new IllegalArgumentException("Must provide a subnet string");
            }
            String[] split = str.split("/", 2);
            if (split.length == 2) {
                return new Subnet(split[0], Integer.parseInt(split[1]));
            }
            throw new IllegalArgumentException("Malformed subnet string");
        }
    }

    public VpnTunnel(VpnTunnelService vpnTunnelService) {
        if (vpnTunnelService == null) {
            throw new IllegalArgumentException("Must provide a VPN service instance");
        }
        this.vpnService = vpnTunnelService;
    }

    private ArrayList<Subnet> getReservedBypassSubnets() {
        String[] stringArray = this.vpnService.getResources().getStringArray(this.vpnService.getResourceId(PRIVATE_LAN_BYPASS_SUBNETS_ID, "array"));
        ArrayList<Subnet> arrayList = new ArrayList<>(stringArray.length);
        for (String str : stringArray) {
            try {
                arrayList.add(Subnet.parse(str));
            } catch (Exception unused) {
                LOG.warning(String.format(Locale.ROOT, "Failed to parse subnet: %s", str));
            }
        }
        return arrayList;
    }

    private boolean isTunnelConnected() {
        OutlineTunnel outlineTunnel = this.tunnel;
        return outlineTunnel != null && outlineTunnel.isConnected();
    }

    private String selectDnsResolverAddress() {
        return DNS_RESOLVER_IP_ADDRESSES[new Random().nextInt(DNS_RESOLVER_IP_ADDRESSES.length)];
    }

    public synchronized void connectTunnel(String str, int i, String str2, String str3, boolean z) throws Exception {
        LOG.info("Connecting the tunnel.");
        if (str == null || i <= 0 || i > 65535 || str2 == null || str3 == null) {
            throw new IllegalArgumentException("Must provide valid Shadowsocks proxy parameters.");
        }
        if (this.tunFd == null) {
            throw new IllegalStateException("Must establish the VPN before connecting the tunnel.");
        }
        if (isTunnelConnected()) {
            throw new IllegalStateException("Tunnel already connected");
        }
        LOG.fine("Starting tun2socks...");
        this.tunnel = Tun2socks.connectShadowsocksTunnel(this.tunFd.getFd(), str, i, str2, str3, z);
    }

    public synchronized void disconnectTunnel() {
        LOG.info("Disconnecting the tunnel.");
        if (isTunnelConnected()) {
            this.tunnel.disconnect();
            this.tunnel = null;
        }
    }

    public synchronized boolean establishVpn() {
        ParcelFileDescriptor establish;
        LOG.info("Establishing the VPN.");
        try {
            this.dnsResolverAddress = selectDnsResolverAddress();
            VpnService.Builder addDisallowedApplication = this.vpnService.newBuilder().setSession(this.vpnService.getApplicationName()).setMtu(VPN_INTERFACE_MTU).addAddress(String.format(Locale.ROOT, VPN_INTERFACE_PRIVATE_LAN, "1"), 24).addDnsServer(this.dnsResolverAddress).setBlocking(true).addDisallowedApplication(this.vpnService.getPackageName());
            if (Build.VERSION.SDK_INT >= 23) {
                addDisallowedApplication.setUnderlyingNetworks(new Network[]{((ConnectivityManager) this.vpnService.getSystemService(ConnectivityManager.class)).getActiveNetwork()});
            }
            Iterator<Subnet> it = getReservedBypassSubnets().iterator();
            while (it.hasNext()) {
                Subnet next = it.next();
                addDisallowedApplication.addRoute(next.address, next.prefix);
            }
            establish = addDisallowedApplication.establish();
            this.tunFd = establish;
        } catch (Exception e) {
            LOG.log(Level.SEVERE, "Failed to establish the VPN", (Throwable) e);
            return false;
        }
        return establish != null;
    }

    public synchronized void tearDownVpn() {
        LOG.info("Tearing down the VPN.");
        if (this.tunFd == null) {
            return;
        }
        try {
            try {
                this.tunFd.close();
            } catch (IOException unused) {
                LOG.severe("Failed to close the VPN interface file descriptor.");
            }
        } finally {
            this.tunFd = null;
        }
    }

    public synchronized boolean updateUDPSupport() {
        if (!isTunnelConnected()) {
            return false;
        }
        return this.tunnel.updateUDPSupport();
    }
}
