package com.adguard.android.filtering.vpn;

import android.content.Context;
import ch.qos.logback.core.spi.AbstractComponentTracker;
import com.adguard.android.filtering.commons.AndroidWorkaroundUtils;
import com.adguard.android.filtering.commons.DeadlockDetectingLock;
import com.adguard.android.filtering.events.Mediator;
import com.adguard.android.filtering.filter.AppFilter;
import com.adguard.android.filtering.filter.FilteringMode;
import com.adguard.android.filtering.filter.NetConnectionInfo;
import com.adguard.android.filtering.filter.ReservedApps;
import com.adguard.android.filtering.lwip.TcpState;
import com.adguard.android.filtering.packet.IcmpIpPacket;
import com.adguard.android.filtering.packet.IpPacket;
import com.adguard.android.filtering.packet.PacketFactory;
import com.adguard.android.filtering.packet.TcpIpPacket;
import com.adguard.android.filtering.packet.UdpIpPacket;
import com.adguard.commons.concurrent.ExecutorsPool;
import com.adguard.commons.web.ConnectionProtocol;
import com.adguard.filter.network.ConnectionInfo;
import com.adguard.filter.proxy.ServerConstants;
import java.io.Closeable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class VpnProxyService implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(VpnProxyService.class);
    private static final ScheduledExecutorService SCHEDULER = Executors.newSingleThreadScheduledExecutor();
    private final Context context;
    private ScheduledFuture scheduledFuture;
    private final TunDevice tunDevice;
    private final DeadlockDetectingLock lock = new DeadlockDetectingLock(true);
    private final Map<Short, VpnTcpConnection> activeTcpConnections = new HashMap();
    private final Map<a, VpnUdpConnection> activeUdpConnections = new HashMap();
    private final Runnable scheduledTask = new Runnable() { // from class: com.adguard.android.filtering.vpn.VpnProxyService.1
        @Override // java.lang.Runnable
        public void run() {
            VpnProxyService.this.cleanUpConnections();
        }
    };
    private boolean open = true;

    public VpnProxyService(Context context, TunDevice tunDevice) {
        this.context = context;
        this.tunDevice = tunDevice;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanUp(BaseVpnConnection baseVpnConnection) {
        baseVpnConnection.close();
        baseVpnConnection.release();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanUpConnections() {
        cleanUpTcpConnections();
        cleanUpUdpConnections();
        if (this.lock.tryLock()) {
            try {
                if (this.activeTcpConnections.isEmpty() && this.activeUdpConnections.isEmpty() && this.scheduledFuture != null) {
                    LOG.info("Stop connections timer because there are no active connections");
                    this.scheduledFuture.cancel(false);
                    this.scheduledFuture = null;
                }
            } finally {
                this.lock.unlock();
            }
        }
    }

    private void cleanUpTcpConnections() {
        ArrayList arrayList;
        ArrayList arrayList2 = null;
        if (this.lock.tryLock()) {
            try {
                Iterator<Map.Entry<Short, VpnTcpConnection>> it = this.activeTcpConnections.entrySet().iterator();
                arrayList = null;
                while (it.hasNext()) {
                    VpnTcpConnection value = it.next().getValue();
                    if (shouldCleanUp(value)) {
                        it.remove();
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(value);
                    } else {
                        if (arrayList2 == null) {
                            arrayList2 = new ArrayList();
                        }
                        arrayList2.add(value);
                    }
                    arrayList = arrayList;
                    arrayList2 = arrayList2;
                }
            } finally {
                this.lock.unlock();
            }
        } else {
            arrayList = null;
        }
        if (arrayList != null) {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                cleanUp((VpnTcpConnection) it2.next());
            }
        }
        if (arrayList2 != null) {
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                ((VpnTcpConnection) it3.next()).tcpTimer();
            }
        }
    }

    private void cleanUpUdpConnections() {
        ArrayList arrayList = null;
        if (this.lock.tryLock()) {
            try {
                Iterator<Map.Entry<a, VpnUdpConnection>> it = this.activeUdpConnections.entrySet().iterator();
                while (it.hasNext()) {
                    VpnUdpConnection value = it.next().getValue();
                    if (shouldCleanUp(value)) {
                        it.remove();
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(value);
                    }
                    arrayList = arrayList;
                }
            } finally {
                this.lock.unlock();
            }
        }
        if (arrayList != null) {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                cleanUp((VpnUdpConnection) it2.next());
            }
        }
    }

    private void closeAllConnections(final List<BaseVpnConnection> list) {
        ExecutorsPool.getCachedExecutorService().submit(new Runnable() { // from class: com.adguard.android.filtering.vpn.VpnProxyService.2
            @Override // java.lang.Runnable
            public void run() {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    VpnProxyService.this.cleanUp((BaseVpnConnection) it.next());
                }
            }
        });
    }

    private NetConnectionInfo getUdpNetConnectionInfo(UdpIpPacket udpIpPacket) {
        return AndroidWorkaroundUtils.needNetConnectionInfo(udpIpPacket) ? AppFilter.getInstance().findNetConnectionInfoWithAppConflictCheck(this.context, udpIpPacket.getSrcPort() & 65535, FilteringMode.VPN, ConnectionProtocol.UDP) : new NetConnectionInfo(new ConnectionInfo(null, null, 0), ReservedApps.getRootApp());
    }

    private void handleTcpPacket(TcpIpPacket tcpIpPacket) {
        VpnTcpConnection vpnTcpConnection = this.activeTcpConnections.get(Short.valueOf(tcpIpPacket.getSrcPort()));
        if (vpnTcpConnection == null) {
            if (!tcpIpPacket.isFlagSyn()) {
                LOG.debug("First packet is not SYN but {}. Sending RST.", tcpIpPacket);
                sendRst(tcpIpPacket);
                return;
            }
            NetConnectionInfo findNetConnectionInfoWithAppConflictCheck = AppFilter.getInstance().findNetConnectionInfoWithAppConflictCheck(this.context, tcpIpPacket.getSrcPort() & 65535, FilteringMode.VPN, ConnectionProtocol.TCP);
            if (!AppFilter.getInstance().isAllowed(findNetConnectionInfoWithAppConflictCheck)) {
                sendRst(tcpIpPacket);
                Mediator.getInstance().postConnectionRejectedEvent(NetConnectionInfo.getPackageName(findNetConnectionInfoWithAppConflictCheck));
                return;
            } else if (!AndroidWorkaroundUtils.isAllowed(findNetConnectionInfoWithAppConflictCheck)) {
                sendRst(tcpIpPacket);
                return;
            } else {
                vpnTcpConnection = new VpnTcpConnection(this.tunDevice, tcpIpPacket, findNetConnectionInfoWithAppConflictCheck);
                this.activeTcpConnections.put(Short.valueOf(tcpIpPacket.getSrcPort()), vpnTcpConnection);
            }
        }
        vpnTcpConnection.addBrowserInput(tcpIpPacket);
    }

    private void handleUdpPacket(UdpIpPacket udpIpPacket) {
        if (AndroidWorkaroundUtils.isQuicPacket(udpIpPacket)) {
            LOG.debug("Ignoring QUIC packet {}", udpIpPacket);
            return;
        }
        NetConnectionInfo udpNetConnectionInfo = getUdpNetConnectionInfo(udpIpPacket);
        if (!AppFilter.getInstance().isAllowed(udpNetConnectionInfo)) {
            Mediator.getInstance().postConnectionRejectedEvent(NetConnectionInfo.getPackageName(udpNetConnectionInfo));
            return;
        }
        a aVar = new a(udpIpPacket);
        VpnUdpConnection vpnUdpConnection = this.activeUdpConnections.get(aVar);
        if (vpnUdpConnection == null || !vpnUdpConnection.isOpen()) {
            LOG.debug("UDP connect to {}", udpIpPacket.getDestinationAddress());
            vpnUdpConnection = new VpnUdpConnection(this.tunDevice, udpIpPacket, udpNetConnectionInfo);
            this.activeUdpConnections.put(aVar, vpnUdpConnection);
        }
        vpnUdpConnection.addBrowserInput(udpIpPacket);
    }

    private void scheduleConnectionsTimer() {
        if (this.lock.tryLock()) {
            try {
                LOG.info("Create and start connections timer rate={}ms", Integer.valueOf(ServerConstants.MAX_REQUESTS_PER_CONNECTION));
                this.scheduledFuture = SCHEDULER.scheduleAtFixedRate(this.scheduledTask, ServerConstants.MAX_REQUESTS_PER_CONNECTION, ServerConstants.MAX_REQUESTS_PER_CONNECTION, TimeUnit.MILLISECONDS);
            } finally {
                this.lock.unlock();
            }
        }
    }

    private void sendRst(TcpIpPacket tcpIpPacket) {
        TcpIpPacket createRstPacket = PacketFactory.createRstPacket(tcpIpPacket);
        try {
            this.tunDevice.write(createRstPacket);
        } finally {
            createRstPacket.release();
        }
    }

    private boolean shouldCleanUp(VpnTcpConnection vpnTcpConnection) {
        TcpState tcpState = vpnTcpConnection.getTcpState();
        long currentTimeMillis = System.currentTimeMillis() - vpnTcpConnection.getConnectionStatistics().getLastActivityTimeMillis();
        if (tcpState == TcpState.CLOSED) {
            LOG.debug("TCP id={} Cleaning up connection", Long.valueOf(vpnTcpConnection.getId()));
            return true;
        }
        if (tcpState == TcpState.ESTABLISHED && currentTimeMillis >= 1800000) {
            LOG.debug("TCP id={} Cleaning up connection with state {} forcibly", Long.valueOf(vpnTcpConnection.getId()), tcpState);
            return true;
        }
        if (tcpState != TcpState.TIME_WAIT && tcpState != TcpState.ESTABLISHED && currentTimeMillis >= AbstractComponentTracker.LINGERING_TIMEOUT) {
            LOG.debug("TCP id={} Cleaning up connection with state {} forcibly", Long.valueOf(vpnTcpConnection.getId()), tcpState);
            return true;
        }
        if (tcpState != TcpState.TIME_WAIT || currentTimeMillis < AbstractComponentTracker.LINGERING_TIMEOUT) {
            return false;
        }
        LOG.debug("TCP id={} Cleaning up connection", Long.valueOf(vpnTcpConnection.getId()));
        return true;
    }

    private boolean shouldCleanUp(VpnUdpConnection vpnUdpConnection) {
        long currentTimeMillis = System.currentTimeMillis() - vpnUdpConnection.getConnectionStatistics().getLastActivityTimeMillis();
        boolean z = currentTimeMillis > 5000 && vpnUdpConnection.getConnectionStatistics().getBytesReceived() == 0;
        boolean z2 = vpnUdpConnection.getConnectionStatistics().getBytesReceived() > 0 && vpnUdpConnection.getDestinationPort() == 53;
        if (currentTimeMillis < 60000 && vpnUdpConnection.isServerSocketOpen() && !z && !z2) {
            return false;
        }
        LOG.debug("UDP id={} Cleaning up connection", Long.valueOf(vpnUdpConnection.getId()));
        return true;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.open) {
            if (this.lock.tryLock()) {
                if (!this.open) {
                    return;
                }
                if (this.scheduledFuture != null) {
                    this.scheduledFuture.cancel(false);
                    this.scheduledFuture = null;
                }
                LOG.info("Closing all connections...");
                try {
                    this.open = false;
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(this.activeTcpConnections.values());
                    arrayList.addAll(this.activeUdpConnections.values());
                    closeAllConnections(arrayList);
                    this.activeTcpConnections.clear();
                    this.activeUdpConnections.clear();
                    this.lock.unlock();
                    LOG.info("Connections closed.");
                } finally {
                    this.lock.unlock();
                }
            }
            IOUtils.closeQuietly(this.tunDevice);
        }
    }

    public void handlePacket(IpPacket ipPacket) {
        if (!this.open) {
            LOG.warn("Proxy service is closed. Ignoring packet {}", ipPacket);
            return;
        }
        if (this.lock.tryLock()) {
            if (!this.open) {
                LOG.warn("Proxy service is closed. Ignoring packet {}", ipPacket);
                return;
            }
            try {
                if (this.scheduledFuture == null) {
                    scheduleConnectionsTimer();
                }
                if (ipPacket instanceof TcpIpPacket) {
                    handleTcpPacket((TcpIpPacket) ipPacket);
                } else if (ipPacket instanceof UdpIpPacket) {
                    handleUdpPacket((UdpIpPacket) ipPacket);
                } else if (ipPacket instanceof IcmpIpPacket) {
                    VpnIcmpConnectionEmulator.handleIcmpPacket((IcmpIpPacket) ipPacket, this.tunDevice);
                } else {
                    LOG.warn("Cannot handle packet {} protocol {}", ipPacket);
                }
            } finally {
                this.lock.unlock();
            }
        }
    }
}
