package com.android.internal.net.ipsec.ike.net;

import android.net.ConnectivityManager;
import android.net.IpPrefix;
import android.net.IpSecManager;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkRequest;
import android.net.ipsec.ike.IkeManager;
import android.net.ipsec.ike.IkeSessionConnectionInfo;
import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.exceptions.IkeException;
import android.os.Handler;
import android.os.Message;
import android.system.ErrnoException;
import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.IkeContext;
import com.android.internal.net.ipsec.ike.IkeSocket;
import com.android.internal.net.ipsec.ike.IkeSocketConfig;
import com.android.internal.net.ipsec.ike.IkeUdp4Socket;
import com.android.internal.net.ipsec.ike.IkeUdp6Socket;
import com.android.internal.net.ipsec.ike.IkeUdp6WithEncapPortSocket;
import com.android.internal.net.ipsec.ike.IkeUdpEncapSocket;
import com.android.internal.net.ipsec.ike.SaRecord;
import com.android.internal.net.ipsec.ike.keepalive.IkeNattKeepalive;
import com.android.internal.net.ipsec.ike.message.IkeHeader;
import com.android.internal.net.ipsec.ike.shim.ShimUtils;
import com.android.internal.net.ipsec.ike.utils.IkeAlarm;
import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController.class */
public class IkeConnectionController implements IkeNetworkUpdater, IkeSocket.Callback {
    private static final int MAX_DNS_RESOLUTION_ATTEMPTS = 3;

    @VisibleForTesting
    public static final int AUTO_KEEPALIVE_DELAY_SEC_WIFI = 15;

    @VisibleForTesting
    public static final int AUTO_KEEPALIVE_DELAY_SEC_CELL = 150;
    public static final int NAT_TRAVERSAL_SUPPORT_NOT_CHECKED = 0;
    public static final int NAT_TRAVERSAL_UNSUPPORTED = 1;
    public static final int NAT_NOT_DETECTED = 2;
    public static final int NAT_DETECTED = 3;
    private final IkeContext mIkeContext;
    private final Config mConfig;
    private final ConnectivityManager mConnectivityManager;
    private final IpSecManager mIpSecManager;
    private final Dependencies mDependencies;
    private final IkeLocalAddressGenerator mIkeLocalAddressGenerator;
    private final Callback mCallback;
    private final boolean mForcePort4500;
    private final boolean mUseCallerConfiguredNetwork;
    private final String mRemoteHostname;
    private final int mDscp;
    private final IkeSessionParams mIkeParams;
    private IkeAlarm.IkeAlarmConfig mKeepaliveAlarmConfig;
    private IkeSocket mIkeSocket;
    private Network mNetwork;
    private NetworkCapabilities mNc;
    private IkeNetworkCallbackBase mNetworkCallback;
    private boolean mMobilityEnabled;
    private InetAddress mLocalAddress;
    private InetAddress mRemoteAddress;
    private final List<Inet4Address> mRemoteAddressesV4;
    private final List<Ipv6AddrInfo> mRemoteAddressesV6;
    private final Set<SaRecord.IkeSaRecord> mIkeSaRecords;
    private int mNatStatus;
    private int mIpVersion;
    private int mEncapType;
    private Network mUnderpinnedNetwork;
    private IkeNattKeepalive mIkeNattKeepalive;
    private static final String TAG = IkeConnectionController.class.getSimpleName();
    private static final SparseArray<String> NAT_STATUS_TO_STR = new SparseArray<>();

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController$Callback.class */
    public interface Callback {
        void onUnderlyingNetworkUpdated();

        void onUnderlyingNetworkDied(Network network);

        void onIkePacketReceived(IkeHeader ikeHeader, byte[] bArr);

        void onError(IkeException ikeException);
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController$Config.class */
    public static class Config {
        public final IkeSessionParams ikeParams;
        public final int ikeSessionId;
        public final int alarmCmd;
        public final int sendKeepaliveCmd;
        public final Callback callback;

        public Config(IkeSessionParams ikeSessionParams, int i, int i2, int i3, Callback callback) {
            this.ikeParams = ikeSessionParams;
            this.ikeSessionId = i;
            this.alarmCmd = i2;
            this.sendKeepaliveCmd = i3;
            this.callback = callback;
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController$Dependencies.class */
    public static class Dependencies {
        public IkeLocalAddressGenerator newIkeLocalAddressGenerator() {
            return new IkeLocalAddressGenerator();
        }

        public IkeNattKeepalive newIkeNattKeepalive(IkeContext ikeContext, IkeNattKeepalive.KeepaliveConfig keepaliveConfig) throws IOException {
            IkeNattKeepalive ikeNattKeepalive = new IkeNattKeepalive(ikeContext, (ConnectivityManager) ikeContext.getContext().getSystemService(ConnectivityManager.class), keepaliveConfig);
            ikeNattKeepalive.start();
            return ikeNattKeepalive;
        }

        public IkeUdp4Socket newIkeUdp4Socket(IkeSocketConfig ikeSocketConfig, IkeSocket.Callback callback, Handler handler) throws ErrnoException, IOException {
            return IkeUdp4Socket.getInstance(ikeSocketConfig, callback, handler);
        }

        public IkeUdp6Socket newIkeUdp6Socket(IkeSocketConfig ikeSocketConfig, IkeSocket.Callback callback, Handler handler) throws ErrnoException, IOException {
            return IkeUdp6Socket.getInstance(ikeSocketConfig, callback, handler);
        }

        public IkeUdp6WithEncapPortSocket newIkeUdp6WithEncapPortSocket(IkeSocketConfig ikeSocketConfig, IkeSocket.Callback callback, Handler handler) throws ErrnoException, IOException {
            return IkeUdp6WithEncapPortSocket.getIkeUdpEncapSocket(ikeSocketConfig, callback, handler);
        }

        public IkeUdpEncapSocket newIkeUdpEncapSocket(IkeSocketConfig ikeSocketConfig, IpSecManager ipSecManager, IkeSocket.Callback callback, Handler handler) throws ErrnoException, IOException, IpSecManager.ResourceUnavailableException {
            return IkeUdpEncapSocket.getIkeUdpEncapSocket(ikeSocketConfig, ipSecManager, callback, handler.getLooper());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController$Ipv6AddrInfo.class */
    public static class Ipv6AddrInfo {
        public final Inet6Address address;
        public final boolean isNat64Addr;

        Ipv6AddrInfo(Inet6Address inet6Address, boolean z) {
            this.address = inet6Address;
            this.isNat64Addr = z;
        }

        public String toString() {
            String obj = this.address.toString();
            return this.isNat64Addr ? obj + "(Nat64)" : obj;
        }
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/net/IkeConnectionController$NatStatus.class */
    public @interface NatStatus {
    }

    @VisibleForTesting
    public IkeConnectionController(IkeContext ikeContext, Config config, Dependencies dependencies) {
        this.mMobilityEnabled = false;
        this.mRemoteAddressesV4 = new ArrayList();
        this.mRemoteAddressesV6 = new ArrayList();
        this.mIkeSaRecords = new HashSet();
        this.mIkeContext = ikeContext;
        this.mConfig = config;
        this.mConnectivityManager = (ConnectivityManager) this.mIkeContext.getContext().getSystemService(ConnectivityManager.class);
        this.mIpSecManager = (IpSecManager) this.mIkeContext.getContext().getSystemService(IpSecManager.class);
        this.mDependencies = dependencies;
        this.mIkeLocalAddressGenerator = dependencies.newIkeLocalAddressGenerator();
        this.mCallback = config.callback;
        this.mIkeParams = config.ikeParams;
        this.mForcePort4500 = config.ikeParams.hasIkeOption(3);
        this.mRemoteHostname = config.ikeParams.getServerHostname();
        this.mUseCallerConfiguredNetwork = config.ikeParams.getConfiguredNetwork() != null;
        this.mIpVersion = config.ikeParams.getIpVersion();
        this.mEncapType = config.ikeParams.getEncapType();
        this.mDscp = config.ikeParams.getDscp();
        this.mUnderpinnedNetwork = null;
        if (this.mUseCallerConfiguredNetwork) {
            this.mNetwork = config.ikeParams.getConfiguredNetwork();
        } else {
            this.mNetwork = this.mConnectivityManager.getActiveNetwork();
            if (this.mNetwork == null) {
                throw new IllegalStateException("No active default network found");
            }
        }
        IkeManager.getIkeLog().d(TAG, "Set up on Network " + this.mNetwork);
        this.mNatStatus = 0;
    }

    public IkeConnectionController(IkeContext ikeContext, Config config) {
        this(ikeContext, config, new Dependencies());
    }

    @VisibleForTesting
    public static int getKeepaliveDelaySec(IkeContext ikeContext, IkeSessionParams ikeSessionParams, NetworkCapabilities networkCapabilities) {
        int nattKeepAliveDelaySeconds = ikeSessionParams.getNattKeepAliveDelaySeconds();
        if (ikeSessionParams.hasIkeOption(7)) {
            if (networkCapabilities.hasTransport(1)) {
                nattKeepAliveDelaySeconds = Math.min(nattKeepAliveDelaySeconds, 15);
            } else if (networkCapabilities.hasTransport(0)) {
                nattKeepAliveDelaySeconds = Math.min(nattKeepAliveDelaySeconds, ikeContext.getDeviceConfigPropertyInt(IkeContext.CONFIG_AUTO_NATT_KEEPALIVES_CELLULAR_TIMEOUT_OVERRIDE_SECONDS, 10, 3600, 150));
            }
        }
        return nattKeepAliveDelaySeconds;
    }

    private static IkeAlarm.IkeAlarmConfig buildInitialKeepaliveAlarmConfig(Handler handler, IkeContext ikeContext, Config config, IkeSessionParams ikeSessionParams, NetworkCapabilities networkCapabilities) {
        Message obtainMessage = handler.obtainMessage(config.alarmCmd, config.ikeSessionId, config.sendKeepaliveCmd);
        return new IkeAlarm.IkeAlarmConfig(ikeContext.getContext(), IkeAlarmReceiver.ACTION_KEEPALIVE, TimeUnit.SECONDS.toMillis(getKeepaliveDelaySec(ikeContext, ikeSessionParams, networkCapabilities)), IkeAlarm.buildIkeAlarmIntent(ikeContext.getContext(), IkeAlarmReceiver.ACTION_KEEPALIVE, getIntentIdentifier(config.ikeSessionId), obtainMessage), obtainMessage);
    }

    private static String getIntentIdentifier(int i) {
        return TAG + "_" + i;
    }

    private void setupOrUpdateNattKeeaplive(IkeSocket ikeSocket) throws IOException {
        if (!(ikeSocket instanceof IkeUdpEncapSocket)) {
            if (this.mIkeNattKeepalive != null) {
                this.mIkeNattKeepalive.stop();
                this.mIkeNattKeepalive = null;
                return;
            }
            return;
        }
        IkeNattKeepalive.KeepaliveConfig keepaliveConfig = new IkeNattKeepalive.KeepaliveConfig((Inet4Address) this.mLocalAddress, (Inet4Address) this.mRemoteAddress, ((IkeUdpEncapSocket) ikeSocket).getUdpEncapsulationSocket(), this.mNetwork, this.mUnderpinnedNetwork, this.mKeepaliveAlarmConfig, this.mIkeParams);
        if (this.mIkeNattKeepalive != null) {
            this.mIkeNattKeepalive.restart(keepaliveConfig);
        } else {
            this.mIkeNattKeepalive = this.mDependencies.newIkeNattKeepalive(this.mIkeContext, keepaliveConfig);
        }
    }

    private IkeSocket getIkeSocket(boolean z, boolean z2) throws IkeException {
        IkeSocketConfig ikeSocketConfig = new IkeSocketConfig(this, this.mDscp);
        try {
            IkeSocket newIkeUdpEncapSocket = z2 ? z ? this.mDependencies.newIkeUdpEncapSocket(ikeSocketConfig, this.mIpSecManager, this, new Handler(this.mIkeContext.getLooper())) : this.mDependencies.newIkeUdp6WithEncapPortSocket(ikeSocketConfig, this, new Handler(this.mIkeContext.getLooper())) : z ? this.mDependencies.newIkeUdp4Socket(ikeSocketConfig, this, new Handler(this.mIkeContext.getLooper())) : this.mDependencies.newIkeUdp6Socket(ikeSocketConfig, this, new Handler(this.mIkeContext.getLooper()));
            if (newIkeUdpEncapSocket == null) {
                throw new IOException("No socket created");
            }
            newIkeUdpEncapSocket.bindToNetwork(this.mNetwork);
            return newIkeUdpEncapSocket;
        } catch (IpSecManager.ResourceUnavailableException | ErrnoException | IOException e) {
            throw IkeException.wrapAsIkeException(e);
        }
    }

    private void migrateSpiToIkeSocket(long j, IkeSocket ikeSocket, IkeSocket ikeSocket2) {
        ikeSocket2.registerIke(j, this);
        ikeSocket.unregisterIke(j);
    }

    private void getAndSwitchToIkeSocket(boolean z, boolean z2) throws IkeException {
        IkeSocket ikeSocket = getIkeSocket(z, z2);
        try {
            setupOrUpdateNattKeeaplive(ikeSocket);
            if (ikeSocket != this.mIkeSocket) {
                Iterator<SaRecord.IkeSaRecord> it = this.mIkeSaRecords.iterator();
                while (it.hasNext()) {
                    migrateSpiToIkeSocket(it.next().getLocalSpi(), this.mIkeSocket, ikeSocket);
                }
                this.mIkeSocket.releaseReference(this);
                this.mIkeSocket = ikeSocket;
            }
        } catch (IOException e) {
            throw IkeException.wrapAsIkeException(e);
        }
    }

    public void setUp() throws IkeException {
        unregisterResources();
        LinkProperties linkProperties = this.mConnectivityManager.getLinkProperties(this.mNetwork);
        this.mNc = this.mConnectivityManager.getNetworkCapabilities(this.mNetwork);
        this.mKeepaliveAlarmConfig = buildInitialKeepaliveAlarmConfig(new Handler(this.mIkeContext.getLooper()), this.mIkeContext, this.mConfig, this.mIkeParams, this.mNc);
        if (linkProperties != null) {
            try {
                if (this.mNc != null) {
                    resolveAndSetAvailableRemoteAddresses(linkProperties);
                    selectAndSetRemoteAddress(linkProperties);
                    int i = this.mForcePort4500 ? 4500 : 500;
                    boolean z = this.mRemoteAddress instanceof Inet4Address;
                    this.mLocalAddress = this.mIkeLocalAddressGenerator.generateLocalAddress(this.mNetwork, z, this.mRemoteAddress, i);
                    this.mIkeSocket = getIkeSocket(z, this.mForcePort4500);
                    setupOrUpdateNattKeeaplive(this.mIkeSocket);
                    try {
                        if (this.mUseCallerConfiguredNetwork) {
                            NetworkRequest build = new NetworkRequest.Builder().clearCapabilities().build();
                            this.mNetworkCallback = new IkeSpecificNetworkCallback(this, this.mNetwork, this.mLocalAddress, linkProperties, this.mNc);
                            this.mConnectivityManager.registerNetworkCallback(build, this.mNetworkCallback, new Handler(this.mIkeContext.getLooper()));
                        } else {
                            this.mNetworkCallback = new IkeDefaultNetworkCallback(this, this.mNetwork, this.mLocalAddress, linkProperties, this.mNc);
                            this.mConnectivityManager.registerDefaultNetworkCallback(this.mNetworkCallback, new Handler(this.mIkeContext.getLooper()));
                        }
                        return;
                    } catch (RuntimeException e) {
                        this.mNetworkCallback = null;
                        throw IkeException.wrapAsIkeException(e);
                    }
                }
            } catch (ErrnoException | IOException e2) {
                throw IkeException.wrapAsIkeException(e2);
            }
        }
        throw IkeException.wrapAsIkeException(new NullPointerException("Attempt setup on network " + this.mNetwork + " with null LinkProperties or null NetworkCapabilities"));
    }

    private void unregisterResources() {
        if (this.mIkeNattKeepalive != null) {
            this.mIkeNattKeepalive.stop();
            this.mIkeNattKeepalive = null;
        }
        if (this.mNetworkCallback != null) {
            this.mConnectivityManager.unregisterNetworkCallback(this.mNetworkCallback);
            this.mNetworkCallback = null;
        }
        if (this.mIkeSocket != null) {
            Iterator<SaRecord.IkeSaRecord> it = this.mIkeSaRecords.iterator();
            while (it.hasNext()) {
                this.mIkeSocket.unregisterIke(it.next().getLocalSpi());
            }
            this.mIkeSocket.releaseReference(this);
            this.mIkeSocket = null;
        }
        this.mIkeSaRecords.clear();
    }

    public void tearDown() {
        unregisterResources();
    }

    public IkeSocket getIkeSocket() {
        return this.mIkeSocket;
    }

    public boolean useUdpEncapSocket() {
        return this.mIkeSocket instanceof IkeUdpEncapSocket;
    }

    public void sendIkePacket(byte[] bArr) {
        this.mIkeSocket.sendIkePacket(bArr, this.mRemoteAddress);
    }

    public void registerIkeSpi(long j) {
        this.mIkeSocket.registerIke(j, this);
    }

    public void unregisterIkeSpi(long j) {
        this.mIkeSocket.unregisterIke(j);
    }

    public void registerIkeSaRecord(SaRecord.IkeSaRecord ikeSaRecord) {
        this.mIkeSaRecords.add(ikeSaRecord);
        this.mIkeSocket.registerIke(ikeSaRecord.getLocalSpi(), this);
    }

    public void unregisterIkeSaRecord(SaRecord.IkeSaRecord ikeSaRecord) {
        this.mIkeSaRecords.remove(ikeSaRecord);
        this.mIkeSocket.unregisterIke(ikeSaRecord.getLocalSpi());
    }

    @VisibleForTesting
    public Set<SaRecord.IkeSaRecord> getIkeSaRecords() {
        return Collections.unmodifiableSet(this.mIkeSaRecords);
    }

    public void onNetworkSetByUser(Network network, int i, int i2, int i3) throws IkeException {
        if (!this.mMobilityEnabled) {
            IkeManager.getIkeLog().wtf(TAG, "Attempt to update network when mobility is disabled");
            return;
        }
        IkeManager.getIkeLog().d(TAG, "onNetworkSetByUser: network " + network + " ipVersion " + i + " encapType " + i2 + " keepaliveDelaySeconds " + i3);
        LinkProperties linkProperties = this.mConnectivityManager.getLinkProperties(network);
        NetworkCapabilities networkCapabilities = this.mConnectivityManager.getNetworkCapabilities(network);
        if (linkProperties == null || networkCapabilities == null) {
            throw IkeException.wrapAsIkeException(new NullPointerException("Attempt migrating to network " + network + " with null LinkProperties or null NetworkCapabilities"));
        }
        this.mIpVersion = i;
        this.mEncapType = i2;
        if (i3 == -1) {
            i3 = getKeepaliveDelaySec(this.mIkeContext, this.mIkeParams, this.mNc);
        }
        long millis = TimeUnit.SECONDS.toMillis(i3);
        if (millis != this.mKeepaliveAlarmConfig.delayMs) {
            this.mKeepaliveAlarmConfig = this.mKeepaliveAlarmConfig.buildCopyWithDelayMs(millis);
            restartKeepaliveIfRunning();
        }
        this.mNetworkCallback.setNetwork(network, linkProperties, networkCapabilities);
        handleUnderlyingNetworkUpdated(network, linkProperties, networkCapabilities, false);
    }

    public void onUnderpinnedNetworkSetByUser(Network network) throws IkeException {
        this.mUnderpinnedNetwork = network;
        restartKeepaliveIfRunning();
    }

    private void restartKeepaliveIfRunning() throws IkeException {
        try {
            setupOrUpdateNattKeeaplive(this.mIkeSocket);
        } catch (IOException e) {
            throw IkeException.wrapAsIkeException(e);
        }
    }

    public Network getNetwork() {
        return this.mNetwork;
    }

    public int getMetricsNetworkType() {
        if (this.mNc.hasTransport(1)) {
            return 1;
        }
        return this.mNc.hasTransport(0) ? 2 : 0;
    }

    public Network getUnderpinnedNetwork() {
        return this.mUnderpinnedNetwork;
    }

    public boolean isMobilityEnabled() {
        return this.mMobilityEnabled;
    }

    @VisibleForTesting
    public int getDscp() {
        return this.mDscp;
    }

    @VisibleForTesting
    public void setLocalAddress(InetAddress inetAddress) {
        this.mLocalAddress = inetAddress;
    }

    public InetAddress getLocalAddress() {
        return this.mLocalAddress;
    }

    @VisibleForTesting
    public void setRemoteAddress(InetAddress inetAddress) {
        this.mRemoteAddress = inetAddress;
        addRemoteAddress(inetAddress);
    }

    @VisibleForTesting
    public void addRemoteAddress(InetAddress inetAddress) {
        if (inetAddress instanceof Inet4Address) {
            this.mRemoteAddressesV4.add((Inet4Address) inetAddress);
        } else {
            this.mRemoteAddressesV6.add(new Ipv6AddrInfo((Inet6Address) inetAddress, false));
        }
    }

    @VisibleForTesting
    public void addRemoteAddressV6(Inet6Address inet6Address, boolean z) {
        this.mRemoteAddressesV6.add(new Ipv6AddrInfo(inet6Address, z));
    }

    @VisibleForTesting
    public void clearRemoteAddress() {
        this.mRemoteAddressesV4.clear();
        this.mRemoteAddressesV6.clear();
    }

    public InetAddress getRemoteAddress() {
        return this.mRemoteAddress;
    }

    public List<Inet4Address> getAllRemoteIpv4Addresses() {
        return new ArrayList(this.mRemoteAddressesV4);
    }

    public List<Inet6Address> getAllRemoteIpv6Addresses() {
        ArrayList arrayList = new ArrayList();
        Iterator<Ipv6AddrInfo> it = this.mRemoteAddressesV6.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().address);
        }
        return arrayList;
    }

    public int getLocalPort() {
        try {
            return this.mIkeSocket.getLocalPort();
        } catch (ErrnoException e) {
            throw new IllegalStateException("Fail to get local port", e);
        }
    }

    public int getRemotePort() {
        return this.mIkeSocket.getIkeServerPort();
    }

    public void handleNatDetectionResultInIkeInit(boolean z, long j) throws IkeException {
        if (!z) {
            this.mNatStatus = 2;
            return;
        }
        this.mNatStatus = 3;
        if (this.mRemoteAddress instanceof Inet6Address) {
            throw IkeException.wrapAsIkeException(new UnsupportedOperationException("IPv6 NAT-T not supported"));
        }
        IkeManager.getIkeLog().d(TAG, "Switching to send to remote port 4500 if it's not already");
        IkeSocket ikeSocket = getIkeSocket(true, true);
        try {
            setupOrUpdateNattKeeaplive(ikeSocket);
            if (ikeSocket != this.mIkeSocket) {
                migrateSpiToIkeSocket(j, this.mIkeSocket, ikeSocket);
                this.mIkeSocket.releaseReference(this);
                this.mIkeSocket = ikeSocket;
            }
        } catch (IOException e) {
            throw IkeException.wrapAsIkeException(e);
        }
    }

    public void handleNatDetectionResultInMobike(boolean z) throws IkeException {
        if (!z) {
            this.mNatStatus = 2;
            return;
        }
        this.mNatStatus = 3;
        if (this.mRemoteAddress instanceof Inet6Address) {
            throw IkeException.wrapAsIkeException(new UnsupportedOperationException("IPv6 NAT-T not supported"));
        }
        IkeManager.getIkeLog().d(TAG, "Switching to send to remote port 4500 if it's not already");
        getAndSwitchToIkeSocket(true, true);
    }

    public void markSeverNattUnsupported() {
        this.mNatStatus = 1;
    }

    @VisibleForTesting
    public void resetSeverNattSupport() {
        this.mNatStatus = 0;
    }

    @VisibleForTesting
    public void setNatDetected(boolean z) {
        if (z) {
            this.mNatStatus = 3;
        } else {
            this.mNatStatus = 2;
        }
    }

    public int getNatStatus() {
        return this.mNatStatus;
    }

    public IkeNattKeepalive getIkeNattKeepalive() {
        return this.mIkeNattKeepalive;
    }

    public void fireKeepAlive() {
        if (this.mIkeNattKeepalive != null) {
            this.mIkeNattKeepalive.onAlarmFired();
        }
    }

    private void resolveAndSetAvailableRemoteAddresses(LinkProperties linkProperties) throws IOException {
        InetAddress[] inetAddressArr = null;
        for (int i = 0; i < 3 && (inetAddressArr == null || inetAddressArr.length == 0); i++) {
            try {
                inetAddressArr = this.mNetwork.getAllByName(this.mRemoteHostname);
            } catch (UnknownHostException e) {
                IkeManager.getIkeLog().d(TAG, "Failed to look up host for attempt " + (i + 1) + ": " + this.mRemoteHostname + " retrying? " + (i + 1 < 3), e);
            }
        }
        if (inetAddressArr == null || inetAddressArr.length == 0) {
            throw ShimUtils.getInstance().getDnsFailedException("DNS resolution for " + this.mRemoteHostname + " failed after 3 attempts");
        }
        IkeManager.getIkeLog().d(TAG, "Resolved addresses for peer: " + Arrays.toString(inetAddressArr) + " to replace old addresses: v4=" + this.mRemoteAddressesV4 + " v6=" + this.mRemoteAddressesV6);
        this.mRemoteAddressesV4.clear();
        this.mRemoteAddressesV6.clear();
        for (InetAddress inetAddress : inetAddressArr) {
            if (inetAddress instanceof Inet4Address) {
                this.mRemoteAddressesV4.add((Inet4Address) inetAddress);
            } else {
                Inet6Address inet6Address = (Inet6Address) inetAddress;
                IpPrefix nat64Prefix = linkProperties.getNat64Prefix();
                this.mRemoteAddressesV6.add(new Ipv6AddrInfo(inet6Address, nat64Prefix != null && nat64Prefix.contains(inet6Address)));
            }
        }
    }

    private static boolean hasLocalIpV4Address(LinkProperties linkProperties) {
        Iterator<LinkAddress> it = linkProperties.getAllLinkAddresses().iterator();
        while (it.hasNext()) {
            if (it.next().getAddress() instanceof Inet4Address) {
                return true;
            }
        }
        return false;
    }

    @VisibleForTesting
    public void selectAndSetRemoteAddress(LinkProperties linkProperties) throws IOException {
        boolean z = !this.mRemoteAddressesV4.isEmpty() && hasLocalIpV4Address(linkProperties);
        boolean z2 = !this.mRemoteAddressesV6.isEmpty() && linkProperties.hasGlobalIpv6Address();
        adjustIpVersionPreference();
        if (isIpVersionRequired(4)) {
            if (!z) {
                throw ShimUtils.getInstance().getDnsFailedException("IPv4 required but no IPv4 address available");
            }
            this.mRemoteAddress = this.mRemoteAddressesV4.get(0);
            return;
        }
        if (isIpVersionRequired(6)) {
            if (!z2) {
                throw ShimUtils.getInstance().getDnsFailedException("IPv6 required but no global IPv6 address available");
            }
            this.mRemoteAddress = this.mRemoteAddressesV6.get(0).address;
        } else if (isIpV4Preferred(this.mIkeParams, this.mNc) && z) {
            this.mRemoteAddress = this.mRemoteAddressesV4.get(0);
        } else if (z2) {
            this.mRemoteAddress = this.mRemoteAddressesV6.get(0).address;
        } else {
            if (!z) {
                throw new IllegalArgumentException("No valid IPv4 or IPv6 addresses for peer");
            }
            this.mRemoteAddress = this.mRemoteAddressesV4.get(0);
        }
    }

    private void adjustIpVersionPreference() {
        int i = this.mIpVersion;
        if (this.mIpVersion == 0) {
            if (this.mEncapType == -1) {
                i = 6;
            } else if (this.mEncapType == 17) {
                i = 4;
            }
            if (i != this.mIpVersion) {
                IkeManager.getIkeLog().i(TAG, "IP version preference is overridden from " + this.mIpVersion + " to " + i);
                this.mIpVersion = i;
            }
        }
    }

    private boolean isIpVersionRequired(int i) {
        return i == this.mIpVersion;
    }

    @VisibleForTesting
    public boolean isIpV4Preferred(IkeSessionParams ikeSessionParams, NetworkCapabilities networkCapabilities) {
        return (this.mIpVersion == 0 || this.mIpVersion == 4) && ikeSessionParams.hasIkeOption(6) && networkCapabilities.hasTransport(1);
    }

    public void enableMobility() throws IkeException {
        this.mMobilityEnabled = true;
        if (this.mNatStatus == 1 || this.mIkeSocket.getIkeServerPort() == 4500) {
            return;
        }
        getAndSwitchToIkeSocket(this.mRemoteAddress instanceof Inet4Address, true);
    }

    public IkeSessionConnectionInfo buildIkeSessionConnectionInfo() {
        return new IkeSessionConnectionInfo(this.mLocalAddress, this.mRemoteAddress, this.mNetwork);
    }

    private void executeOrSendFatalError(Runnable runnable) {
        ShimUtils.getInstance().executeOrSendFatalError(runnable, this.mCallback);
    }

    private static Set<Integer> getSupportedVersions(boolean z, boolean z2) {
        HashSet hashSet = new HashSet();
        if (z) {
            hashSet.add(4);
        }
        if (z2) {
            hashSet.add(6);
        }
        return hashSet;
    }

    @VisibleForTesting
    public boolean isDnsLookupRequiredWithGlobalRemoteAddress(Network network, Network network2, LinkProperties linkProperties) {
        Set<Integer> supportedVersions = getSupportedVersions(hasLocalIpV4Address(linkProperties), linkProperties.hasGlobalIpv6Address());
        Set<Integer> supportedVersions2 = getSupportedVersions(!this.mRemoteAddressesV4.isEmpty(), !this.mRemoteAddressesV6.isEmpty());
        IkeManager.getIkeLog().d(TAG, "isDnsLookupRequiredWithGlobalRemoteAddress localIpVersions " + supportedVersions + " remoteIpVersionsCached " + supportedVersions2);
        if (supportedVersions.isEmpty()) {
            IkeManager.getIkeLog().wtf(TAG, "isDnsLookupRequiredWithGlobalRemoteAddress no local address on the Network");
            return true;
        }
        if (this.mIkeParams.hasIkeOption(9)) {
            return true;
        }
        if (network2.equals(network) && Objects.equals(supportedVersions, supportedVersions2)) {
            return false;
        }
        return (this.mIkeContext.getDeviceConfigPropertyBoolean(IkeContext.CONFIG_USE_CACHED_ADDRS, false) && supportedVersions2.containsAll(supportedVersions)) ? false : true;
    }

    private void handleUnderlyingNetworkUpdated(Network network, LinkProperties linkProperties, NetworkCapabilities networkCapabilities, boolean z) {
        if (!this.mMobilityEnabled) {
            IkeManager.getIkeLog().d(TAG, "onUnderlyingNetworkUpdated: Unable to handle network update");
            this.mCallback.onUnderlyingNetworkDied(this.mNetwork);
            return;
        }
        Network network2 = this.mNetwork;
        InetAddress inetAddress = this.mLocalAddress;
        InetAddress inetAddress2 = this.mRemoteAddress;
        this.mNetwork = network;
        this.mNc = networkCapabilities;
        if (!hasLocalIpV4Address(linkProperties) && !linkProperties.hasGlobalIpv6Address()) {
            this.mCallback.onError(IkeException.wrapAsIkeException(ShimUtils.getInstance().getDnsFailedException("No local address on the Network " + this.mNetwork)));
            return;
        }
        for (Ipv6AddrInfo ipv6AddrInfo : this.mRemoteAddressesV6) {
            if (ipv6AddrInfo.isNat64Addr) {
                this.mRemoteAddressesV6.remove(ipv6AddrInfo);
            }
        }
        if (isDnsLookupRequiredWithGlobalRemoteAddress(network2, this.mNetwork, linkProperties)) {
            try {
                resolveAndSetAvailableRemoteAddresses(linkProperties);
            } catch (IOException e) {
                this.mCallback.onError(IkeException.wrapAsIkeException(e));
                return;
            }
        }
        try {
            selectAndSetRemoteAddress(linkProperties);
            boolean z2 = this.mRemoteAddress instanceof Inet4Address;
            boolean z3 = this.mNatStatus != 1;
            try {
                this.mLocalAddress = this.mIkeLocalAddressGenerator.generateLocalAddress(this.mNetwork, z2, this.mRemoteAddress, z3 ? 4500 : 500);
                if (ShimUtils.getInstance().shouldSkipIfSameNetwork(z) && this.mNetwork.equals(network2) && this.mLocalAddress.equals(inetAddress) && this.mRemoteAddress.equals(inetAddress2)) {
                    IkeManager.getIkeLog().d(TAG, "onUnderlyingNetworkUpdated: None of network, local or remote address has changed, and the update is skippable. No action needed here.");
                    return;
                }
                if (!this.mNetwork.equals(network2)) {
                    getAndSwitchToIkeSocket(this.mLocalAddress instanceof Inet4Address, this.mForcePort4500 || z3);
                }
                Iterator<SaRecord.IkeSaRecord> it = this.mIkeSaRecords.iterator();
                while (it.hasNext()) {
                    it.next().migrate(this.mLocalAddress, this.mRemoteAddress);
                }
                this.mNetworkCallback.setAddress(this.mLocalAddress);
                this.mCallback.onUnderlyingNetworkUpdated();
            } catch (IkeException | ErrnoException | IOException e2) {
                this.mCallback.onError(IkeException.wrapAsIkeException(e2));
            }
        } catch (IOException e3) {
            this.mCallback.onError(IkeException.wrapAsIkeException(e3));
        }
    }

    public void dump(PrintWriter printWriter, String str) {
        printWriter.println("------------------------------");
        printWriter.println("IkeConnectionController:");
        printWriter.println(str + "Network: " + this.mNetwork);
        printWriter.println(str + "Nat status: " + NAT_STATUS_TO_STR.get(this.mNatStatus));
        printWriter.println(str + "Local address: " + this.mLocalAddress);
        printWriter.println(str + "Remote(Server) address: " + this.mRemoteAddress);
        printWriter.println(str + "Mobility status: " + this.mMobilityEnabled);
        printPortInfo(printWriter, str);
        printWriter.println(str + "Esp ip version: " + IkeSessionParams.IP_VERSION_TO_STR.get(this.mIpVersion));
        printWriter.println(str + "Esp encap type: " + IkeSessionParams.ENCAP_TYPE_TO_STR.get(this.mEncapType));
        printWriter.println("------------------------------");
        printWriter.println();
    }

    private void printPortInfo(PrintWriter printWriter, String str) {
        IkeSocket ikeSocket = this.mIkeSocket;
        if (ikeSocket == null) {
            printWriter.println(str + "Local port: null socket");
            printWriter.println(str + "Remote(server) port: null socket");
        } else {
            try {
                printWriter.println(str + "Local port: " + ikeSocket.getLocalPort());
            } catch (ErrnoException e) {
                printWriter.println(str + "Local port: failed to get port");
            }
            printWriter.println(str + "Remote(server) port: " + ikeSocket.getIkeServerPort());
        }
    }

    @Override // com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater
    public void onUnderlyingNetworkUpdated(Network network, LinkProperties linkProperties, NetworkCapabilities networkCapabilities) {
        executeOrSendFatalError(() -> {
            handleUnderlyingNetworkUpdated(network, linkProperties, networkCapabilities, true);
        });
    }

    @Override // com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater
    public void onCapabilitiesUpdated(NetworkCapabilities networkCapabilities) {
        executeOrSendFatalError(() -> {
            this.mNc = networkCapabilities;
        });
    }

    @Override // com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater
    public void onUnderlyingNetworkDied() {
        executeOrSendFatalError(() -> {
            this.mCallback.onUnderlyingNetworkDied(this.mNetwork);
        });
    }

    @Override // com.android.internal.net.ipsec.ike.IkeSocket.Callback
    public void onIkePacketReceived(IkeHeader ikeHeader, byte[] bArr) {
        executeOrSendFatalError(() -> {
            this.mCallback.onIkePacketReceived(ikeHeader, bArr);
        });
    }

    static {
        NAT_STATUS_TO_STR.put(0, "NAT_TRAVERSAL_SUPPORT_NOT_CHECKED");
        NAT_STATUS_TO_STR.put(1, "NAT_TRAVERSAL_UNSUPPORTED");
        NAT_STATUS_TO_STR.put(2, "NAT_NOT_DETECTED");
        NAT_STATUS_TO_STR.put(3, "NAT_DETECTED");
    }
}
