package com.comodo.mdm.firewall;

import android.content.Intent;
import android.net.VpnService;
import android.os.ParcelFileDescriptor;
import android.util.Log;
import com.comodo.mdm.Logger;
import com.comodo.mdm.R;
import java.io.Closeable;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.channels.Selector;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public class FirewallService extends VpnService {
    private static final String VPN_ADDRESS = "10.0.0.2";
    private static final String VPN_ROUTE = "0.0.0.0";
    private static boolean isRunning = false;
    private static String[] restrictedDomains = new String[0];
    private ConcurrentLinkedQueue<Packet> deviceToNetworkTCPQueue;
    private ConcurrentLinkedQueue<Packet> deviceToNetworkUDPQueue;
    private ExecutorService executorService;
    private ConcurrentLinkedQueue<ByteBuffer> networkToDeviceQueue;
    private Selector tcpSelector;
    private Selector udpSelector;
    private ParcelFileDescriptor vpnInterface = null;

    /* loaded from: classes.dex */
    private static class VPNRunnable implements Runnable {
        private static final String TAG = "VPNRunnable";
        private ConcurrentLinkedQueue<Packet> deviceToNetworkTCPQueue;
        private ConcurrentLinkedQueue<Packet> deviceToNetworkUDPQueue;
        private ConcurrentLinkedQueue<ByteBuffer> networkToDeviceQueue;
        private FileDescriptor vpnFileDescriptor;

        public VPNRunnable(FileDescriptor fileDescriptor, ConcurrentLinkedQueue<Packet> concurrentLinkedQueue, ConcurrentLinkedQueue<Packet> concurrentLinkedQueue2, ConcurrentLinkedQueue<ByteBuffer> concurrentLinkedQueue3) {
            this.vpnFileDescriptor = fileDescriptor;
            this.deviceToNetworkUDPQueue = concurrentLinkedQueue;
            this.deviceToNetworkTCPQueue = concurrentLinkedQueue2;
            this.networkToDeviceQueue = concurrentLinkedQueue3;
        }

        private boolean _checkIpAndReplaceDestination(ByteBuffer byteBuffer) {
            ByteBuffer duplicate = byteBuffer.duplicate();
            char c = duplicate.getChar(2);
            if (duplicate.get(9) == 6) {
                byte[] bArr = new byte[c - 20];
                duplicate.position(20);
                duplicate.get(bArr);
                try {
                    String str = new String(bArr, "UTF-8");
                    for (String str2 : FirewallService.restrictedDomains) {
                        Matcher matcher = Pattern.compile("[^0-9a-z\\.-]+(" + str2 + ")[^0-9a-z\\.-]+", 66).matcher(str);
                        if (matcher.find()) {
                            Log.e(TAG, ">>>>>>>>>>>>>>>> Blocked: " + matcher.group(1));
                            return true;
                        }
                    }
                } catch (UnsupportedEncodingException e) {
                    e.printStackTrace();
                }
            }
            return false;
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z;
            Log.i(TAG, "Started");
            FileChannel channel = new FileInputStream(this.vpnFileDescriptor).getChannel();
            FileChannel channel2 = new FileOutputStream(this.vpnFileDescriptor).getChannel();
            ByteBuffer byteBuffer = null;
            boolean z2 = true;
            while (!Thread.interrupted()) {
                try {
                    try {
                        if (z2) {
                            byteBuffer = ByteBufferPool.acquire();
                        }
                        if (channel.read(byteBuffer) > 0) {
                            byteBuffer.flip();
                            Packet packet = new Packet(byteBuffer);
                            if (packet.isUDP()) {
                                this.deviceToNetworkUDPQueue.offer(packet);
                            } else if (!packet.isTCP()) {
                                Log.w(TAG, "Unknown packet type");
                            } else if (!_checkIpAndReplaceDestination(packet.backingBuffer)) {
                                this.deviceToNetworkTCPQueue.offer(packet);
                            }
                            z2 = true;
                        } else {
                            z2 = false;
                        }
                        ByteBuffer poll = this.networkToDeviceQueue.poll();
                        if (poll != null) {
                            poll.flip();
                            channel2.write(poll);
                            ByteBufferPool.release(poll);
                            z = true;
                        } else {
                            z = false;
                        }
                        if (!z2 && !z) {
                            Thread.sleep(10L);
                        }
                    } catch (IOException e) {
                        Log.w(TAG, e.toString(), e);
                        FirewallService.closeResources(channel, channel2);
                        return;
                    } catch (InterruptedException unused) {
                        Log.i(TAG, "Stopping");
                        FirewallService.closeResources(channel, channel2);
                        return;
                    }
                } catch (Throwable th) {
                    FirewallService.closeResources(channel, channel2);
                    throw th;
                }
            }
            FirewallService.closeResources(channel, channel2);
        }
    }

    private void cleanup() {
        this.deviceToNetworkTCPQueue = null;
        this.deviceToNetworkUDPQueue = null;
        this.networkToDeviceQueue = null;
        ByteBufferPool.clear();
        closeResources(this.udpSelector, this.tcpSelector, this.vpnInterface);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void closeResources(Closeable... closeableArr) {
        for (Closeable closeable : closeableArr) {
            try {
                closeable.close();
            } catch (IOException unused) {
            }
        }
    }

    public static boolean isRunning() {
        return isRunning;
    }

    private void setupVPN() throws UnknownHostException {
        if (this.vpnInterface == null) {
            VpnService.Builder builder = new VpnService.Builder(this);
            builder.addAddress(InetAddress.getByName(VPN_ADDRESS), 32);
            builder.addRoute(InetAddress.getByName(VPN_ROUTE), 0);
            this.vpnInterface = builder.setSession(getString(R.string.app_name)).establish();
        }
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        isRunning = true;
        try {
            setupVPN();
            this.udpSelector = Selector.open();
            this.tcpSelector = Selector.open();
            this.deviceToNetworkUDPQueue = new ConcurrentLinkedQueue<>();
            this.deviceToNetworkTCPQueue = new ConcurrentLinkedQueue<>();
            this.networkToDeviceQueue = new ConcurrentLinkedQueue<>();
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(5);
            this.executorService = newFixedThreadPool;
            newFixedThreadPool.submit(new UDPInput(this.networkToDeviceQueue, this.udpSelector));
            this.executorService.submit(new UDPOutput(this.deviceToNetworkUDPQueue, this.udpSelector, this));
            this.executorService.submit(new TCPInput(this.networkToDeviceQueue, this.tcpSelector));
            this.executorService.submit(new TCPOutput(this.deviceToNetworkTCPQueue, this.networkToDeviceQueue, this.tcpSelector, this));
            this.executorService.submit(new VPNRunnable(this.vpnInterface.getFileDescriptor(), this.deviceToNetworkUDPQueue, this.deviceToNetworkTCPQueue, this.networkToDeviceQueue));
            Logger.INSTANCE.i("Firewall service started");
        } catch (IOException unused) {
            Logger.INSTANCE.e("Error starting firewall service");
            cleanup();
        }
    }

    @Override // android.app.Service
    public void onDestroy() {
        super.onDestroy();
        isRunning = false;
        this.executorService.shutdownNow();
        cleanup();
        Logger.INSTANCE.i("Firewall service started");
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        String[] stringArrayExtra = intent.getStringArrayExtra("domains");
        if (stringArrayExtra == null) {
            return 1;
        }
        restrictedDomains = stringArrayExtra;
        return 1;
    }
}
