package com.cisco.umbrella.network;

import android.content.Context;
import android.os.Build;
import com.cisco.anyconnect.vpn.android.localization.UITranslator;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.cisco.anyconnect.vpn.android.util.CustLogComponent;
import com.cisco.anyconnect.vpn.interceptor.NetworkFlow;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptorConfig;
import com.cisco.umbrella.EDNSData;
import com.cisco.umbrella.R;
import com.cisco.umbrella.crypto.DNSCryptCertHandler;
import com.cisco.umbrella.crypto.DNSCryptHelper;
import com.cisco.umbrella.network.NICBNotifier;
import com.cisco.umbrella.network.PublicNetworkMonitor;
import com.cisco.umbrella.network.SelectSocketChannel;
import com.cisco.umbrella.probe.UmbrellaProbeHandler;
import com.cisco.umbrella.registration.RegistrationData;
import com.cisco.umbrella.sync.ISyncHandler;
import com.cisco.umbrella.tnd.ITNDHandler;
import com.cisco.umbrella.tnd.TNDHandler;
import com.cisco.umbrella.ui.UIUpdater;
import com.cisco.umbrella.ui.states.EncryptionState;
import com.cisco.umbrella.ui.states.ProtectionState;
import com.cisco.umbrella.util.ConfigHelper;
import com.cisco.umbrella.util.Constant;
import com.cisco.umbrella.util.Helper;
import com.cisco.umbrella.util.ValidationHelper;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;

/* loaded from: classes.dex */
public class NetworkInterceptorCB implements NetworkInterceptor.INetworkInterceptorCB, SelectSocketChannel.ISelectSocketChannelCB, TNDHandler.TndCallback, NICBNotifier.NICBCallback {
    private static final String TAG = "NetworkInterceptorCB";
    private ScheduledFuture<?> configureNetworkInterceptorScheduledFuture;
    private Context context;
    private DNSCryptCertHandler dnsCryptCertHandler;
    private DNSCryptHelper dnsCryptHelper;
    private boolean dnsCryptInitSuccessful;
    private ScheduledFuture<?> initializeNetworkInterceptorScheduledFuture;
    private ExecutorService mExecutor;
    private ScheduledFuture<?> networkFlowMapCleanerScheduledFuture;
    private NetworkInterceptor networkInterceptor;
    private NICBNotifier nicbNotifier;
    private IPublicNetworkMonitor publicNetworkMonitor;
    private RegistrationData registrationData;
    private SelectSocketChannel selectSocketChannel;
    private ISyncHandler syncHandler;
    private ITNDHandler tndHandler;
    private UmbrellaProbeHandler umbrellaProbeHandler;
    private Map<Short, NetworkFlow> networkFlowMap = new HashMap();
    private EDNSData ednsData = null;
    private ScheduledExecutorService singleThreadedScheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
    private AtomicBoolean isBehindVA = new AtomicBoolean(false);
    private AtomicBoolean isPacketReceived = new AtomicBoolean(false);
    private AtomicBoolean isUmbrellaResolverReachable = new AtomicBoolean(false);
    private int countVpnRequest = 0;
    private PublicNetworkMonitor.Callback publicNetworkMonitorCallback = new PublicNetworkMonitor.Callback() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda1
        @Override // com.cisco.umbrella.network.PublicNetworkMonitor.Callback
        public final void onNetworkUpdate(boolean z) {
            NetworkInterceptorCB.this.m733lambda$new$0$comciscoumbrellanetworkNetworkInterceptorCB(z);
        }
    };
    private Runnable networkFlowMapCleaner = new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda2
        @Override // java.lang.Runnable
        public final void run() {
            NetworkInterceptorCB.this.m734lambda$new$3$comciscoumbrellanetworkNetworkInterceptorCB();
        }
    };

    public NetworkInterceptorCB(Context context, IPublicNetworkMonitor iPublicNetworkMonitor, ISyncHandler iSyncHandler, ITNDHandler iTNDHandler) {
        context.getClass();
        this.context = context;
        iPublicNetworkMonitor.getClass();
        this.publicNetworkMonitor = iPublicNetworkMonitor;
        iPublicNetworkMonitor.subscribe(this.publicNetworkMonitorCallback);
        this.syncHandler = iSyncHandler;
        iTNDHandler.getClass();
        this.tndHandler = iTNDHandler;
        iTNDHandler.subscribe(this);
        this.dnsCryptHelper = DNSCryptHelper.getInstance();
        this.nicbNotifier = NICBNotifier.getInstance();
        this.umbrellaProbeHandler = new UmbrellaProbeHandler(this.dnsCryptHelper, this.nicbNotifier);
        this.dnsCryptCertHandler = new DNSCryptCertHandler(this.singleThreadedScheduledExecutorService, context, this.umbrellaProbeHandler, this.dnsCryptHelper, this.nicbNotifier);
        NICBNotifier.getInstance().subscribe(this);
        if (Build.VERSION.SDK_INT >= 24) {
            this.mExecutor = Executors.newWorkStealingPool();
        } else {
            this.mExecutor = Executors.newCachedThreadPool();
        }
    }

    private void cleanup() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "cleanup invoked");
        this.countVpnRequest = 0;
        NetworkInterceptor networkInterceptor = this.networkInterceptor;
        if (networkInterceptor != null && networkInterceptor.getState() != NetworkInterceptor.State.DISABLED) {
            this.networkInterceptor.disable();
        }
        ScheduledFuture<?> scheduledFuture = this.configureNetworkInterceptorScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.configureNetworkInterceptorScheduledFuture.isCancelled()) {
            this.configureNetworkInterceptorScheduledFuture.cancel(true);
        }
        ScheduledFuture<?> scheduledFuture2 = this.initializeNetworkInterceptorScheduledFuture;
        if (scheduledFuture2 != null && !scheduledFuture2.isDone() && !this.initializeNetworkInterceptorScheduledFuture.isCancelled()) {
            this.initializeNetworkInterceptorScheduledFuture.cancel(true);
        }
        ScheduledFuture<?> scheduledFuture3 = this.networkFlowMapCleanerScheduledFuture;
        if (scheduledFuture3 != null && !scheduledFuture3.isDone() && !this.networkFlowMapCleanerScheduledFuture.isCancelled()) {
            this.networkFlowMapCleanerScheduledFuture.cancel(true);
        }
        SelectSocketChannel selectSocketChannel = this.selectSocketChannel;
        if (selectSocketChannel != null) {
            selectSocketChannel.close();
        }
        UmbrellaProbeHandler umbrellaProbeHandler = this.umbrellaProbeHandler;
        if (umbrellaProbeHandler != null) {
            umbrellaProbeHandler.cleanUp();
        }
        DNSCryptCertHandler dNSCryptCertHandler = this.dnsCryptCertHandler;
        if (dNSCryptCertHandler != null) {
            dNSCryptCertHandler.cancelCertFetch();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void configureNetworkInterceptor(NetworkInterceptorConfig networkInterceptorConfig, boolean z) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Configure network interceptor called");
        if (networkInterceptorConfig != null) {
            if (this.networkInterceptor.configure(networkInterceptorConfig)) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Call to configure is successful.");
            } else {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Call to configure failed.");
            }
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Network interceptor configuration is missing.");
            if (z && this.networkInterceptor != null) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Disabling network interception");
                this.networkInterceptor.disable();
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
            }
        }
    }

    private void createDummyVPNConfig(NetworkInterceptorConfig.Standalone.Builder builder) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Creating dummy network interceptor config for backoff.");
        Collection<InetAddress> dnsServers = NetworkUtils.getDnsServers(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (dnsServers != null && !dnsServers.isEmpty()) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Adding system resolvers.");
            Iterator<InetAddress> it = dnsServers.iterator();
            while (it.hasNext()) {
                builder.addDnsServer(it.next().getHostAddress());
            }
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "No valid DNS servers found. Adding public Umbrella resolver.");
        for (String str2 : ConfigHelper.getUmbrellaResolverIps()) {
            builder.addDnsServer(str2);
        }
    }

    private void createNetworkConfiguration(NetworkInterceptorConfig.Standalone.Builder builder) {
        String[] splitStringOnDelimiter = Helper.splitStringOnDelimiter(ConfigHelper.getConfig(Constant.SUBNET_IPS), ",");
        if (this.isBehindVA.get()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[0], 32)).addIncludeRoute(new NetworkInterceptorConfig.Subnet(ConfigHelper.getConfig(Constant.ROUTE_SUBNET_IP), 32));
            return;
        }
        if (this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[3], 32));
            builder.addAddress(new NetworkInterceptorConfig.Subnet(NetworkUtils.getLinkLocalAddress(), 64));
        } else if (this.syncHandler.get().getFailClosedOption()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[2], 32));
        } else {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[1], 32)).addIncludeRoute(new NetworkInterceptorConfig.Subnet(ConfigHelper.getConfig(Constant.ROUTE_SUBNET_IP), 32));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NetworkInterceptorConfig createNetworkInterceptorConfig() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Creating network interceptor config");
        NetworkInterceptorConfig.Builder builder = new NetworkInterceptorConfig.Builder();
        NetworkInterceptorConfig.Standalone.Builder vpnRequestDescription = builder.standalone().setSessionName(UITranslator.getString(R.string.umbrella_vpn_session_name)).setVpnRequestDescription(UITranslator.getString(R.string.umbrella_vpn_request_reason));
        String searchDomains = NetworkUtils.getSearchDomains(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (ValidationHelper.isNonNullOrNotEmpty(searchDomains)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "The search domains are " + searchDomains);
            vpnRequestDescription.addDnsSearchDomains(searchDomains);
        }
        if (this.isBehindVA.get() || !((this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) || this.syncHandler.get().getFailClosedOption())) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Creating dummy VPN");
            createDummyVPNConfig(vpnRequestDescription);
        } else {
            setDnsServersAndRoutes(vpnRequestDescription);
            List<String> mergeDomains = mergeDomains(NetworkUtils.getDomains(this.context, this.publicNetworkMonitor.getConnectedNetwork()), this.syncHandler.get().getWhitelist());
            if (mergeDomains.isEmpty()) {
                AppLog.info(this, "Do not have any whitelisted domains. Fail Open.");
                return null;
            }
            setWhitelistedDomains(builder, mergeDomains);
            builder.remoteAccess().setIncludeDns(true);
        }
        createNetworkConfiguration(vpnRequestDescription);
        return builder.build();
    }

    private int getPrefixLength(InetAddress inetAddress) {
        return inetAddress instanceof Inet4Address ? 32 : 64;
    }

    private synchronized void handleConfiguredState() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "handleInterceptorStateChange state is CONFIGURED :: ");
        try {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Scheduling closed flow cleaner");
            scheduleClosedFlowCleaner();
            if (this.isBehindVA.get()) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Updating protection status to behind VA");
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.BEHIND_VA, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
                this.dnsCryptCertHandler.cancelCertFetch();
                this.umbrellaProbeHandler.cleanUp();
            } else {
                if (this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) {
                    initSocketChannel(false);
                    AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Updating protection status to protected");
                    UIUpdater.updateUI(EncryptionState.ENCRYPTED, ProtectionState.PROTECTED, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
                }
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.FAIL_OPEN_CLOSED, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
            }
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Updating UI with protection state");
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, TAG, "failed to init proxy channel " + e);
            this.networkInterceptor.disable();
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        }
    }

    private void handleDisabledState() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "handleDisableState invoked");
        UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN);
        this.networkFlowMap.clear();
        NetworkInterceptor.FailureCode lastFailureCode = this.networkInterceptor.getLastFailureCode();
        if (lastFailureCode == null) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, str, "Network interceptor failed with null failure code");
            return;
        }
        if (NetworkInterceptor.FailureCode.REVOKED == lastFailureCode) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, str, "VPN has been revoked.");
            this.networkInterceptor = null;
            initialize();
        } else {
            if (NetworkInterceptor.FailureCode.CONFIGURE_FAILURE != lastFailureCode) {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, str, "Network interceptor failed with code: " + lastFailureCode);
                return;
            }
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, str, "VPN configuration failed");
            if (this.countVpnRequest == 0) {
                this.networkInterceptor = null;
                initialize();
                this.countVpnRequest++;
            }
        }
    }

    private synchronized void handleInitializedState() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "handleInterceptorStateChange state is INITIALIZED :: ");
        if (Build.VERSION.SDK_INT >= 21) {
            configureNetworkInterceptor(createNetworkInterceptorConfig(), true);
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Unable to configure NI on Android OS < Lollipop");
            this.networkInterceptor.disable();
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: handleInterceptorStateChange, reason: merged with bridge method [inline-methods] */
    public void m731x18453883(NetworkInterceptor.State state) {
        if (state == NetworkInterceptor.State.INITIALIZED) {
            handleInitializedState();
        } else if (state == NetworkInterceptor.State.CONFIGURED) {
            handleConfiguredState();
        } else if (state == NetworkInterceptor.State.DISABLED) {
            handleDisabledState();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: handleUDPFlowData, reason: merged with bridge method [inline-methods] */
    public void m730x31876e45(NetworkFlow networkFlow, ByteBuffer byteBuffer) {
        this.networkFlowMap.put(Short.valueOf(Helper.getTransactionId(byteBuffer)), networkFlow);
        byteBuffer.rewind();
        ByteBuffer appendEDNS = this.ednsData.appendEDNS(byteBuffer);
        appendEDNS.rewind();
        CustLogComponent custLogComponent = CustLogComponent.UMBRELLA_CONFIG;
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logVerboseMessage(custLogComponent, severity, str, "Creating byte array from edns packet");
        if (isEncryptedPort()) {
            int limit = appendEDNS.limit();
            byte[] bArr = new byte[limit];
            appendEDNS.get(bArr);
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "DNS Query Length::" + limit + "  ::DNS Query:: " + Helper.byteToHex(bArr));
            appendEDNS = ByteBuffer.wrap(this.dnsCryptHelper.encrypt(bArr));
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Received encrypted packet; Sending it to resolver");
        } else {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Skipping packet encryption. Sending to resolver");
        }
        this.selectSocketChannel.writeBuffer(appendEDNS);
    }

    private void initSocketChannel(boolean z) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Init SocketChannel");
        if (!z) {
            try {
                SelectSocketChannel selectSocketChannel = this.selectSocketChannel;
                if (selectSocketChannel != null && selectSocketChannel.getSocket() != null && this.selectSocketChannel.getSocket().getInetAddress() != null && this.umbrellaProbeHandler.getResolverIP().equals(this.selectSocketChannel.getSocket().getInetAddress().getHostAddress())) {
                    return;
                }
            } catch (Exception e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, TAG, "failed to init proxy channel " + e);
                return;
            }
        }
        SelectSocketChannel selectSocketChannel2 = new SelectSocketChannel(4096, this, this.publicNetworkMonitor);
        this.selectSocketChannel = selectSocketChannel2;
        selectSocketChannel2.initialize(InetAddress.getByName(this.umbrellaProbeHandler.getResolverIP()), this.dnsCryptHelper.getActivePort());
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Completed configuration of socket channel to resolver: " + this.umbrellaProbeHandler.getResolverIP());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initialize() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        StringBuilder sb = new StringBuilder("initialize invoked and the state is ");
        NetworkInterceptor networkInterceptor = this.networkInterceptor;
        sb.append(networkInterceptor == null ? "DISABLED" : networkInterceptor.getState());
        AppLog.logDebugMessage(severity, str, sb.toString());
        NetworkInterceptor networkInterceptor2 = this.networkInterceptor;
        if (networkInterceptor2 != null && networkInterceptor2.getState() != NetworkInterceptor.State.DISABLED) {
            ScheduledFuture<?> scheduledFuture = this.configureNetworkInterceptorScheduledFuture;
            if (scheduledFuture != null && !scheduledFuture.isDone() && !this.configureNetworkInterceptorScheduledFuture.isCancelled()) {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Cancelling existing reconfiguration request");
                this.configureNetworkInterceptorScheduledFuture.cancel(true);
            }
            if (this.networkInterceptor.getState() == NetworkInterceptor.State.CONFIGURED) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, str, "Scheduling reconfiguration request for 3s from now");
                this.configureNetworkInterceptorScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.1
                    @Override // java.lang.Runnable
                    public void run() {
                        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Reconfiguring network interceptor.");
                        NetworkInterceptorCB networkInterceptorCB = NetworkInterceptorCB.this;
                        networkInterceptorCB.configureNetworkInterceptor(networkInterceptorCB.createNetworkInterceptorConfig(), false);
                    }
                }, 3L, TimeUnit.SECONDS);
            }
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Initializing network interceptor");
        NetworkInterceptor networkInterceptor3 = new NetworkInterceptor(this.context, this);
        this.networkInterceptor = networkInterceptor3;
        if (networkInterceptor3.initialize()) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, str, "Successfully inited network interceptor.");
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_WARN, str, "Unable to init network interceptor.");
        }
    }

    private void initializeNetworkInterceptor() {
        ScheduledFuture<?> scheduledFuture = this.initializeNetworkInterceptorScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.initializeNetworkInterceptorScheduledFuture.isCancelled()) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Cancelling existing reinitialization request");
            this.initializeNetworkInterceptorScheduledFuture.cancel(true);
        }
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Scheduling reInitialization request for 3s from now");
        this.initializeNetworkInterceptorScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.2
            @Override // java.lang.Runnable
            public void run() {
                NetworkInterceptorCB.this.initialize();
            }
        }, 3L, TimeUnit.SECONDS);
    }

    private boolean isEncryptedPort() {
        return this.dnsCryptHelper.getActivePort() != 53;
    }

    private List<String> mergeDomains(Collection<String> collection, List<String> list) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Merging domains from network interface and sync response");
        if (list == null) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Sync response is empty and hence not merging whitelisted domains");
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            arrayList.addAll(collection);
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Merging sync white liisted domains");
        arrayList.addAll(list);
        return arrayList;
    }

    private void scheduleClosedFlowCleaner() {
        CustLogComponent custLogComponent = CustLogComponent.UMBRELLA_CONFIG;
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logVerboseMessage(custLogComponent, severity, str, "Scheduling network flow map cleaner");
        ScheduledFuture<?> scheduledFuture = this.networkFlowMapCleanerScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.networkFlowMapCleanerScheduledFuture.isCancelled()) {
            this.networkFlowMapCleanerScheduledFuture.cancel(true);
        }
        this.networkFlowMapCleanerScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(this.networkFlowMapCleaner, 2L, TimeUnit.MINUTES);
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Scheduled network flow map cleaner");
    }

    private void setDnsServersAndRoutes(NetworkInterceptorConfig.Standalone.Builder builder) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Configuring DNS servers");
        Collection<InetAddress> dnsServers = NetworkUtils.getDnsServers(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (dnsServers != null && !dnsServers.isEmpty()) {
            for (InetAddress inetAddress : dnsServers) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Adding DNS server: " + inetAddress.getHostAddress());
                builder.addDnsServer(inetAddress.getHostAddress()).addIncludeRoute(new NetworkInterceptorConfig.Subnet(inetAddress.getHostAddress(), getPrefixLength(inetAddress)));
            }
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "IPv4 DNS Server Unavailable");
        for (String str2 : ConfigHelper.getUmbrellaResolverIps()) {
            try {
                builder.addDnsServer(str2).addIncludeRoute(new NetworkInterceptorConfig.Subnet(str2, getPrefixLength(InetAddress.getByName(str2))));
            } catch (Exception unused) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "unable to set DnsServers and Routes");
            }
        }
    }

    private void setWhitelistedDomains(NetworkInterceptorConfig.Builder builder, List<String> list) {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logDebugMessage(severity, str, "Configuring whitelisting");
        if (list == null || list.isEmpty()) {
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "Setting whitelisted domains: " + Arrays.toString(list.toArray()));
        builder.excludeDnsQueries(list);
    }

    @Override // com.cisco.umbrella.tnd.TNDHandler.TndCallback
    public void backoff(boolean z, boolean z2) {
        if (z2) {
            cleanup();
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Backoff. Disabling NI.");
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        } else if (z) {
            this.isBehindVA.set(true);
            if (this.publicNetworkMonitor.isOnline()) {
                initialize();
            }
            this.umbrellaProbeHandler.cancelProbe();
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Backoff. Network is behind VA.");
        }
    }

    @Override // com.cisco.umbrella.tnd.TNDHandler.TndCallback
    public void continueProtection() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Continue Protection  - isOnline - " + this.publicNetworkMonitor.isOnline());
        this.isBehindVA.set(false);
        if (this.publicNetworkMonitor.isOnline()) {
            if (this.isUmbrellaResolverReachable.get()) {
                if (this.dnsCryptInitSuccessful) {
                    initializeNetworkInterceptor();
                    return;
                } else {
                    this.dnsCryptCertHandler.initDNSCrypt();
                    return;
                }
            }
            probeUmbrellaResolver();
            if (this.dnsCryptInitSuccessful) {
                initializeNetworkInterceptor();
            }
        }
    }

    public void destroy() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "destroy invoked");
        cleanup();
        UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        DNSCryptCertHandler dNSCryptCertHandler = this.dnsCryptCertHandler;
        if (dNSCryptCertHandler != null) {
            dNSCryptCertHandler.cancelCertFetch();
            this.dnsCryptCertHandler.cleanUp();
        }
        DNSCryptHelper dNSCryptHelper = this.dnsCryptHelper;
        if (dNSCryptHelper != null) {
            dNSCryptHelper.cleanUp();
        }
        UmbrellaProbeHandler umbrellaProbeHandler = this.umbrellaProbeHandler;
        if (umbrellaProbeHandler != null) {
            umbrellaProbeHandler.cleanUp();
        }
        ScheduledExecutorService scheduledExecutorService = this.singleThreadedScheduledExecutorService;
        if (scheduledExecutorService != null) {
            scheduledExecutorService.shutdown();
        }
        this.tndHandler.unsubscribe(this);
        this.nicbNotifier.unsubscribe(this);
        IPublicNetworkMonitor iPublicNetworkMonitor = this.publicNetworkMonitor;
        if (iPublicNetworkMonitor != null) {
            iPublicNetworkMonitor.unSubscribe(this.publicNetworkMonitorCallback);
        }
        this.publicNetworkMonitor = null;
        this.configureNetworkInterceptorScheduledFuture = null;
        this.initializeNetworkInterceptorScheduledFuture = null;
        this.networkFlowMapCleanerScheduledFuture = null;
        this.selectSocketChannel = null;
        this.singleThreadedScheduledExecutorService = null;
        this.umbrellaProbeHandler = null;
        this.dnsCryptHelper = null;
        this.dnsCryptCertHandler = null;
        this.syncHandler = null;
        this.tndHandler = null;
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleFlowClosed(NetworkFlow networkFlow) {
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleFlowData(final NetworkFlow networkFlow, final ByteBuffer byteBuffer) {
        if (((this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) || !this.syncHandler.get().getFailClosedOption()) && this.publicNetworkMonitor.isOnline() && networkFlow.getProtocol() == NetworkFlow.IPProtocol.UDP && byteBuffer != null && Boolean.FALSE == this.selectSocketChannel.getIsReconnecting()) {
            this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda5
                @Override // java.lang.Runnable
                public final void run() {
                    NetworkInterceptorCB.this.m730x31876e45(networkFlow, byteBuffer);
                }
            });
        }
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleStateChange(NetworkInterceptor.State state, final NetworkInterceptor.State state2) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "handleStateChange is invoked::" + state + "::" + state2);
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                NetworkInterceptorCB.this.m731x18453883(state2);
            }
        });
    }

    @Override // com.cisco.umbrella.network.NICBNotifier.NICBCallback
    public void informNICB(String str, boolean z) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "informNICB invoked with action : " + str + " result : " + z);
        str.hashCode();
        char c = 65535;
        switch (str.hashCode()) {
            case -1812110608:
                if (str.equals(Constant.DNS_CRYPT_CERT_FETCHED)) {
                    c = 0;
                    break;
                }
                break;
            case -708332831:
                if (str.equals(Constant.UMBRELLA_RESOLVER_REACHABLILITY)) {
                    c = 1;
                    break;
                }
                break;
            case -593333359:
                if (str.equals(Constant.PORT_CHANGE)) {
                    c = 2;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
                this.dnsCryptInitSuccessful = z;
                initializeNetworkInterceptor();
                return;
            case 1:
                this.isUmbrellaResolverReachable.set(z);
                if (!z || this.dnsCryptInitSuccessful) {
                    initializeNetworkInterceptor();
                    return;
                } else {
                    this.dnsCryptCertHandler.initDNSCrypt();
                    return;
                }
            case 2:
                this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda4
                    @Override // java.lang.Runnable
                    public final void run() {
                        NetworkInterceptorCB.this.m732xc0a8a60b();
                    }
                });
                return;
            default:
                return;
        }
    }

    public void initialize(RegistrationData registrationData) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "initialize invoked with registration data ");
        this.registrationData = registrationData;
        this.ednsData = new EDNSData(registrationData);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$informNICB$5$com-cisco-umbrella-network-NetworkInterceptorCB, reason: not valid java name */
    public /* synthetic */ void m732xc0a8a60b() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "active port changed. init socket channel");
        SelectSocketChannel selectSocketChannel = this.selectSocketChannel;
        if (selectSocketChannel != null) {
            selectSocketChannel.close();
        }
        initSocketChannel(true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$new$0$com-cisco-umbrella-network-NetworkInterceptorCB, reason: not valid java name */
    public /* synthetic */ void m733lambda$new$0$comciscoumbrellanetworkNetworkInterceptorCB(boolean z) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Received onNetworkUpdate - in NICB - " + z);
        if (this.dnsCryptInitSuccessful) {
            this.isUmbrellaResolverReachable.compareAndSet(false, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$new$3$com-cisco-umbrella-network-NetworkInterceptorCB, reason: not valid java name */
    public /* synthetic */ void m734lambda$new$3$comciscoumbrellanetworkNetworkInterceptorCB() {
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Clearing closed network flow maps. Total Size: " + this.networkFlowMap.size());
        Iterator<Map.Entry<Short, NetworkFlow>> it = this.networkFlowMap.entrySet().iterator();
        while (it.hasNext()) {
            if (it.next().getValue().isClosed()) {
                it.remove();
            }
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Cleared closed network flow maps. Total size: " + this.networkFlowMap.size());
        scheduleClosedFlowCleaner();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$onDataReceived$4$com-cisco-umbrella-network-NetworkInterceptorCB, reason: not valid java name */
    public /* synthetic */ void m735x83848ab1(byte[] bArr) {
        CustLogComponent custLogComponent = CustLogComponent.UMBRELLA_CONFIG;
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        AppLog.logVerboseMessage(custLogComponent, severity, str, "Data received from the resolver.");
        if (isEncryptedPort()) {
            bArr = this.dnsCryptHelper.decrypt(bArr);
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "DNS response size :: " + bArr.length + " DNS Response:: " + Helper.byteToHex(bArr));
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        NetworkFlow remove = this.networkFlowMap.remove(Short.valueOf(Helper.getTransactionId(wrap)));
        wrap.rewind();
        if (remove == null) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "writeData networkFlow is null::");
        } else {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, str, "writeData is invoked::");
            remove.writeData(wrap);
        }
    }

    @Override // com.cisco.umbrella.network.SelectSocketChannel.ISelectSocketChannelCB
    public void onDataReceived(final byte[] bArr) {
        this.isPacketReceived.set(true);
        this.isUmbrellaResolverReachable.set(true);
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB$$ExternalSyntheticLambda3
            @Override // java.lang.Runnable
            public final void run() {
                NetworkInterceptorCB.this.m735x83848ab1(bArr);
            }
        });
    }

    @Override // com.cisco.umbrella.tnd.TNDHandler.TndCallback
    public void probeUmbrellaResolver() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "probeUmbrellaResolver - isOnline - " + this.publicNetworkMonitor.isOnline());
        this.isBehindVA.set(false);
        if (!this.publicNetworkMonitor.isOnline() || this.registrationData == null) {
            return;
        }
        NetworkUtils.initNetworkStack();
        this.ednsData = new EDNSData(this.registrationData);
        this.umbrellaProbeHandler.probe();
    }
}
