package com.android.server;

import android.Manifest;
import android.content.Context;
import android.net.IIpSecService;
import android.net.INetd;
import android.net.IpSecAlgorithm;
import android.net.IpSecConfig;
import android.net.IpSecManager;
import android.net.util.NetdService;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.util.Log;
import android.util.Slog;
import android.util.SparseArray;
import android.util.TimedRemoteCaller;
import com.android.internal.annotations.GuardedBy;
import java.io.FileDescriptor;
import java.io.PrintWriter;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:com/android/server/IpSecService.class */
public class IpSecService extends IIpSecService.Stub {
    private static final String NETD_SERVICE_NAME = "netd";
    private final Context mContext;
    private static final int NETD_FETCH_TIMEOUT = 5000;
    private static final String TAG = "IpSecService";
    private static final boolean DBG = Log.isLoggable(TAG, 3);
    private static final int[] DIRECTIONS = {1, 0};
    private Object mLock = new Object();
    private AtomicInteger mNextResourceId = new AtomicInteger(16441040);

    @GuardedBy("mSpiRecords")
    private final SparseArray<SpiRecord> mSpiRecords = new SparseArray<>();

    @GuardedBy("mTransformRecords")
    private final SparseArray<TransformRecord> mTransformRecords = new SparseArray<>();

    /* loaded from: input_file:com/android/server/IpSecService$ManagedResource.class */
    private abstract class ManagedResource implements IBinder.DeathRecipient {
        final int pid = Binder.getCallingPid();
        final int uid = Binder.getCallingUid();
        private IBinder mBinder;

        ManagedResource(IBinder iBinder) {
            this.mBinder = iBinder;
            try {
                this.mBinder.linkToDeath(this, 0);
            } catch (RemoteException e) {
                binderDied();
            }
        }

        public final void release() {
            releaseResources();
            if (this.mBinder != null) {
                this.mBinder.unlinkToDeath(this, 0);
            }
            this.mBinder = null;
            nullifyRecord();
        }

        @Override // android.os.IBinder.DeathRecipient
        public final void binderDied() {
            release();
        }

        protected abstract void nullifyRecord();

        protected abstract void releaseResources();
    }

    /* loaded from: input_file:com/android/server/IpSecService$SpiRecord.class */
    private final class SpiRecord extends ManagedResource {
        private final int mDirection;
        private final String mLocalAddress;
        private final String mRemoteAddress;
        private final IBinder mBinder;
        private int mSpi;
        private int mResourceId;

        SpiRecord(int i, int i2, String str, String str2, int i3, IBinder iBinder) {
            super(iBinder);
            this.mResourceId = i;
            this.mDirection = i2;
            this.mLocalAddress = str;
            this.mRemoteAddress = str2;
            this.mSpi = i3;
            this.mBinder = iBinder;
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void releaseResources() {
            try {
                IpSecService.this.getNetdInstance().ipSecDeleteSecurityAssociation(this.mResourceId, this.mDirection, this.mLocalAddress, this.mRemoteAddress, this.mSpi);
            } catch (RemoteException e) {
                Log.e(IpSecService.TAG, "Failed to delete SPI reservation with ID: " + this.mResourceId);
            } catch (ServiceSpecificException e2) {
            }
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void nullifyRecord() {
            this.mSpi = 0;
            this.mResourceId = 0;
        }
    }

    /* loaded from: input_file:com/android/server/IpSecService$TransformRecord.class */
    private final class TransformRecord extends ManagedResource {
        private IpSecConfig mConfig;
        private int mResourceId;

        TransformRecord(IpSecConfig ipSecConfig, int i, IBinder iBinder) {
            super(iBinder);
            this.mConfig = ipSecConfig;
            this.mResourceId = i;
        }

        public IpSecConfig getConfig() {
            return this.mConfig;
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void releaseResources() {
            for (int i : IpSecService.DIRECTIONS) {
                try {
                    IpSecService.this.getNetdInstance().ipSecDeleteSecurityAssociation(this.mResourceId, i, this.mConfig.getLocalAddress() != null ? this.mConfig.getLocalAddress().getHostAddress() : "", this.mConfig.getRemoteAddress() != null ? this.mConfig.getRemoteAddress().getHostAddress() : "", this.mConfig.getSpi(i));
                } catch (RemoteException e) {
                    Log.e(IpSecService.TAG, "Failed to delete SA with ID: " + this.mResourceId);
                } catch (ServiceSpecificException e2) {
                }
            }
        }

        @Override // com.android.server.IpSecService.ManagedResource
        protected void nullifyRecord() {
            this.mConfig = null;
            this.mResourceId = 0;
        }
    }

    private IpSecService(Context context) {
        this.mContext = context;
    }

    static IpSecService create(Context context) throws InterruptedException {
        IpSecService ipSecService = new IpSecService(context);
        ipSecService.connectNativeNetdService();
        return ipSecService;
    }

    public void systemReady() {
        if (isNetdAlive()) {
            Slog.d(TAG, "IpSecService is ready");
        } else {
            Slog.wtf(TAG, "IpSecService not ready: failed to connect to NetD Native Service!");
        }
    }

    private void connectNativeNetdService() {
        new Thread(new Runnable() { // from class: com.android.server.IpSecService.1
            @Override // java.lang.Runnable
            public void run() {
                synchronized (IpSecService.this.mLock) {
                    NetdService.get(TimedRemoteCaller.DEFAULT_CALL_TIMEOUT_MILLIS);
                }
            }
        }).run();
    }

    INetd getNetdInstance() throws RemoteException {
        INetd netdService = NetdService.getInstance();
        if (netdService == null) {
            throw new RemoteException("Failed to Get Netd Instance");
        }
        return netdService;
    }

    boolean isNetdAlive() {
        synchronized (this.mLock) {
            try {
                INetd netdInstance = getNetdInstance();
                if (netdInstance == null) {
                    return false;
                }
                return netdInstance.isAlive();
            } catch (RemoteException e) {
                return false;
            }
        }
    }

    @Override // android.net.IIpSecService
    public Bundle reserveSecurityParameterIndex(int i, String str, int i2, IBinder iBinder) throws RemoteException {
        int andIncrement = this.mNextResourceId.getAndIncrement();
        int i3 = 0;
        Bundle bundle = new Bundle(3);
        try {
            i3 = getNetdInstance().ipSecAllocateSpi(andIncrement, i, "", str, i2);
            Log.d(TAG, "Allocated SPI " + i3);
            bundle.putInt("status", 0);
            bundle.putInt(IpSecManager.KEY_RESOURCE_ID, andIncrement);
            bundle.putInt(IpSecManager.KEY_SPI, i3);
            synchronized (this.mSpiRecords) {
                this.mSpiRecords.put(andIncrement, new SpiRecord(andIncrement, i, "", str, i3, iBinder));
            }
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        } catch (ServiceSpecificException e2) {
            bundle.putInt("status", 2);
            bundle.putInt(IpSecManager.KEY_RESOURCE_ID, andIncrement);
            bundle.putInt(IpSecManager.KEY_SPI, i3);
        }
        return bundle;
    }

    @Override // android.net.IIpSecService
    public void releaseSecurityParameterIndex(int i) throws RemoteException {
    }

    @Override // android.net.IIpSecService
    public Bundle openUdpEncapsulationSocket(int i, IBinder iBinder) throws RemoteException {
        return null;
    }

    @Override // android.net.IIpSecService
    public void closeUdpEncapsulationSocket(ParcelFileDescriptor parcelFileDescriptor) {
    }

    @Override // android.net.IIpSecService
    public Bundle createTransportModeTransform(IpSecConfig ipSecConfig, IBinder iBinder) throws RemoteException {
        int andIncrement = this.mNextResourceId.getAndIncrement();
        for (int i : DIRECTIONS) {
            IpSecAlgorithm authentication = ipSecConfig.getAuthentication(i);
            IpSecAlgorithm encryption = ipSecConfig.getEncryption(i);
            if (getNetdInstance().ipSecAddSecurityAssociation(andIncrement, ipSecConfig.getMode(), i, ipSecConfig.getLocalAddress() != null ? ipSecConfig.getLocalAddress().getHostAddress() : "", ipSecConfig.getRemoteAddress() != null ? ipSecConfig.getRemoteAddress().getHostAddress() : "", ipSecConfig.getNetwork() != null ? ipSecConfig.getNetwork().getNetworkHandle() : 0L, ipSecConfig.getSpi(i), authentication != null ? authentication.getName() : "", authentication != null ? authentication.getKey() : null, authentication != null ? authentication.getTruncationLengthBits() : 0, encryption != null ? encryption.getName() : "", encryption != null ? encryption.getKey() : null, encryption != null ? encryption.getTruncationLengthBits() : 0, ipSecConfig.getEncapType(), ipSecConfig.getEncapLocalPort(), ipSecConfig.getEncapRemotePort()) != ipSecConfig.getSpi(i)) {
                Bundle bundle = new Bundle(2);
                bundle.putInt("status", 2);
                bundle.putInt(IpSecManager.KEY_RESOURCE_ID, 0);
                return bundle;
            }
            continue;
        }
        synchronized (this.mTransformRecords) {
            this.mTransformRecords.put(andIncrement, new TransformRecord(ipSecConfig, andIncrement, iBinder));
        }
        Bundle bundle2 = new Bundle(2);
        bundle2.putInt("status", 0);
        bundle2.putInt(IpSecManager.KEY_RESOURCE_ID, andIncrement);
        return bundle2;
    }

    @Override // android.net.IIpSecService
    public void deleteTransportModeTransform(int i) throws RemoteException {
        synchronized (this.mTransformRecords) {
            TransformRecord transformRecord = this.mTransformRecords.get(i);
            if (transformRecord == null) {
                throw new IllegalArgumentException("Transform " + i + " is not available to be deleted");
            }
            if (transformRecord.pid != Binder.getCallingPid() || transformRecord.uid != Binder.getCallingUid()) {
                throw new SecurityException("Only the owner of an IpSec Transform may delete it!");
            }
            transformRecord.releaseResources();
            this.mTransformRecords.remove(i);
            transformRecord.nullifyRecord();
        }
    }

    @Override // android.net.IIpSecService
    public void applyTransportModeTransform(ParcelFileDescriptor parcelFileDescriptor, int i) throws RemoteException {
        synchronized (this.mTransformRecords) {
            TransformRecord transformRecord = this.mTransformRecords.get(i);
            if (transformRecord == null) {
                throw new IllegalArgumentException("Transform " + i + " is not active");
            }
            if (transformRecord.pid != getCallingPid() || transformRecord.uid != getCallingUid()) {
                throw new SecurityException("Only the owner of an IpSec Transform may apply it!");
            }
            IpSecConfig config = transformRecord.getConfig();
            try {
                for (int i2 : DIRECTIONS) {
                    getNetdInstance().ipSecApplyTransportModeTransform(parcelFileDescriptor.getFileDescriptor(), i, i2, config.getLocalAddress() != null ? config.getLocalAddress().getHostAddress() : "", config.getRemoteAddress() != null ? config.getRemoteAddress().getHostAddress() : "", config.getSpi(i2));
                }
            } catch (ServiceSpecificException e) {
            }
        }
    }

    @Override // android.net.IIpSecService
    public void removeTransportModeTransform(ParcelFileDescriptor parcelFileDescriptor, int i) throws RemoteException {
        try {
            getNetdInstance().ipSecRemoveTransportModeTransform(parcelFileDescriptor.getFileDescriptor());
        } catch (ServiceSpecificException e) {
        }
    }

    @Override // android.os.Binder
    protected void dump(FileDescriptor fileDescriptor, PrintWriter printWriter, String[] strArr) {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.DUMP, TAG);
        printWriter.println("IpSecService Log:");
        printWriter.println("NetdNativeService Connection: " + (isNetdAlive() ? "alive" : "dead"));
        printWriter.println();
    }
}
