package com.cisco.umbrella.network;

import android.content.Context;
import android.os.Build;
import android.system.OsConstants;
import com.cisco.anyconnect.vpn.android.localization.UITranslator;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.cisco.anyconnect.vpn.android.util.CustLogComponent;
import com.cisco.anyconnect.vpn.interceptor.NetworkFlow;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor;
import com.cisco.anyconnect.vpn.interceptor.NetworkInterceptorConfig;
import com.cisco.umbrella.EDNSData;
import com.cisco.umbrella.R;
import com.cisco.umbrella.crypto.DNSCryptHelper;
import com.cisco.umbrella.network.PublicNetworkMonitor;
import com.cisco.umbrella.network.SelectSocketChannel;
import com.cisco.umbrella.registration.RegistrationData;
import com.cisco.umbrella.sync.ISyncHandler;
import com.cisco.umbrella.tnd.ITNDHandler;
import com.cisco.umbrella.tnd.TNDHandler;
import com.cisco.umbrella.ui.UIUpdater;
import com.cisco.umbrella.ui.states.EncryptionState;
import com.cisco.umbrella.ui.states.ProtectionState;
import com.cisco.umbrella.util.ConfigHelper;
import com.cisco.umbrella.util.Constant;
import com.cisco.umbrella.util.Helper;
import com.cisco.umbrella.util.ValidationHelper;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Observable;
import java.util.Observer;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;

/* loaded from: classes.dex */
public class NetworkInterceptorCB implements NetworkInterceptor.INetworkInterceptorCB, SelectSocketChannel.ISelectSocketChannelCB, TNDHandler.TndCallback, Observer {
    private static final String TAG = NetworkInterceptorCB.class.getSimpleName();
    private ScheduledFuture checkUmbrellaResolverScheduledFuture;
    private ScheduledFuture configureNetworkInterceptorScheduledFuture;
    private Context context;
    private ScheduledFuture dnsCryptFetchCertRetryScheduledFuture;
    private DNSCryptHelper dnsCryptHelper;
    private boolean dnsCryptInitSuccessful;
    private ScheduledFuture dnsCryptRefreshCertScheduledFuture;
    private ExecutorService mExecutor;
    private ScheduledFuture networkFlowMapCleanerScheduledFuture;
    private NetworkInterceptor networkInterceptor;
    private IPublicNetworkMonitor publicNetworkMonitor;
    private RegistrationData registrationData;
    private SelectSocketChannel selectSocketChannel;
    private ISyncHandler syncHandler;
    private ITNDHandler tndHandler;
    private int umbrellaResolverCounter;
    private Map<Short, NetworkFlow> networkFlowMap = new HashMap();
    private EDNSData ednsData = null;
    private ScheduledExecutorService singleThreadedScheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
    private AtomicBoolean isBehindVA = new AtomicBoolean(false);
    private AtomicBoolean isPacketReceived = new AtomicBoolean(false);
    private AtomicBoolean isUmbrellaResolverReachable = new AtomicBoolean(true);
    private int countVpnRequest = 0;
    private PublicNetworkMonitor.Callback publicNetworkMonitorCallback = new PublicNetworkMonitor.Callback() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.1
        @Override // com.cisco.umbrella.network.PublicNetworkMonitor.Callback
        public void onNetworkUpdate(boolean z) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Received onNetworkUpdate - in NICB - " + z);
            NetworkInterceptorCB.this.isUmbrellaResolverReachable.set(true);
            NetworkInterceptorCB.this.umbrellaResolverCounter = 0;
            if (!z || NetworkInterceptorCB.this.registrationData == null) {
                return;
            }
            NetworkInterceptorCB.this.ednsData = new EDNSData(NetworkInterceptorCB.this.registrationData);
        }
    };
    private Runnable networkFlowMapCleaner = new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.6
        @Override // java.lang.Runnable
        public void run() {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Clearing closed network flow maps. Total Size: " + NetworkInterceptorCB.this.networkFlowMap.size());
            Iterator it = NetworkInterceptorCB.this.networkFlowMap.entrySet().iterator();
            while (it.hasNext()) {
                if (((NetworkFlow) ((Map.Entry) it.next()).getValue()).isClosed()) {
                    it.remove();
                }
            }
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Cleared closed network flow maps. Total size: " + NetworkInterceptorCB.this.networkFlowMap.size());
            NetworkInterceptorCB.this.scheduleClosedFlowCleaner();
        }
    };

    public NetworkInterceptorCB(Context context, IPublicNetworkMonitor iPublicNetworkMonitor, ISyncHandler iSyncHandler, ITNDHandler iTNDHandler) {
        context.getClass();
        this.context = context;
        iPublicNetworkMonitor.getClass();
        IPublicNetworkMonitor iPublicNetworkMonitor2 = iPublicNetworkMonitor;
        this.publicNetworkMonitor = iPublicNetworkMonitor2;
        iPublicNetworkMonitor2.subscribe(this.publicNetworkMonitorCallback);
        this.syncHandler = iSyncHandler;
        iTNDHandler.getClass();
        ITNDHandler iTNDHandler2 = iTNDHandler;
        this.tndHandler = iTNDHandler2;
        iTNDHandler2.subscribe(this);
        if (Build.VERSION.SDK_INT >= 24) {
            this.mExecutor = Executors.newWorkStealingPool();
        } else {
            this.mExecutor = Executors.newCachedThreadPool();
        }
    }

    private void cancelDnsCryptCertFetch() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "cancelDnsCryptCertFetch invoked");
        ScheduledFuture scheduledFuture = this.dnsCryptFetchCertRetryScheduledFuture;
        if (scheduledFuture == null || scheduledFuture.isCancelled()) {
            return;
        }
        this.dnsCryptFetchCertRetryScheduledFuture.cancel(false);
    }

    private void cancelUmbrellaResolverScheduler() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "cancelUmbrellaResolverScheduler invoked.");
        ScheduledFuture scheduledFuture = this.checkUmbrellaResolverScheduledFuture;
        if (scheduledFuture == null || scheduledFuture.isCancelled()) {
            return;
        }
        this.checkUmbrellaResolverScheduledFuture.cancel(true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkIfUmbrellaResolverReachable() {
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "checkIfUmbrellaResolverReachable invoked");
        if (this.isPacketReceived.compareAndSet(true, false)) {
            this.umbrellaResolverCounter = 0;
            scheduleUmbrellaResolverScheduler(15L, TimeUnit.SECONDS);
            return;
        }
        int i = this.umbrellaResolverCounter + 1;
        this.umbrellaResolverCounter = i;
        if (i < 3) {
            scheduleUmbrellaResolverScheduler(5L, TimeUnit.SECONDS);
            return;
        }
        if (this.dnsCryptHelper.checkIfUmbrellaResolverReachable()) {
            this.isPacketReceived.set(true);
            if (this.isUmbrellaResolverReachable.compareAndSet(false, true)) {
                initialize();
                return;
            } else {
                scheduleUmbrellaResolverScheduler(15L, TimeUnit.SECONDS);
                return;
            }
        }
        this.umbrellaResolverCounter = 0;
        AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, TAG, this.syncHandler.get().getFailClosedOption() ? "Umbrella Resolver is not reachable. Device State changed to Fail closed." : "Umbrella Resolver is not reachable. Device State changed to Fail open.");
        this.isUmbrellaResolverReachable.set(false);
        initialize();
        scheduleUmbrellaResolverScheduler(30L, TimeUnit.SECONDS);
    }

    private void cleanup() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "cleanup invoked");
        this.countVpnRequest = 0;
        NetworkInterceptor networkInterceptor = this.networkInterceptor;
        if (networkInterceptor != null && networkInterceptor.getState() != NetworkInterceptor.State.DISABLED) {
            this.networkInterceptor.disable();
        }
        ScheduledFuture scheduledFuture = this.configureNetworkInterceptorScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.configureNetworkInterceptorScheduledFuture.isCancelled()) {
            this.configureNetworkInterceptorScheduledFuture.cancel(true);
        }
        ScheduledFuture scheduledFuture2 = this.networkFlowMapCleanerScheduledFuture;
        if (scheduledFuture2 != null && !scheduledFuture2.isDone() && !this.networkFlowMapCleanerScheduledFuture.isCancelled()) {
            this.networkFlowMapCleanerScheduledFuture.cancel(true);
        }
        SelectSocketChannel selectSocketChannel = this.selectSocketChannel;
        if (selectSocketChannel != null) {
            selectSocketChannel.close();
        }
        cancelUmbrellaResolverScheduler();
        cancelDnsCryptCertFetch();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void configureNetworkInterceptor(NetworkInterceptorConfig networkInterceptorConfig, boolean z) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Configure network interceptor called");
        if (networkInterceptorConfig != null) {
            if (this.networkInterceptor.configure(networkInterceptorConfig)) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Call to configure is successful.");
            } else {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Call to configure failed.");
            }
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Network interceptor configuration is missing.");
            if (z && this.networkInterceptor != null) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Disabling network interception");
                this.networkInterceptor.disable();
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
            }
        }
    }

    private void createDummyVPNConfig(NetworkInterceptorConfig.Standalone.Builder builder) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Creating dummy network interceptor config for backoff.");
        List ipv4DNSServers = NetworkUtils.getIpv4DNSServers(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (ipv4DNSServers != null && !ipv4DNSServers.isEmpty()) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Adding system resolvers.");
            Iterator it = ipv4DNSServers.iterator();
            while (it.hasNext()) {
                builder.addDnsServer((String) it.next());
            }
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "No valid DNS servers found. Adding public Umbrella resolver.");
        for (String str : getUmbrellaResolverIps()) {
            builder.addDnsServer(str);
        }
    }

    private void createNetworkConfiguration(NetworkInterceptorConfig.Standalone.Builder builder) {
        String[] splitStringOnDelimiter = Helper.splitStringOnDelimiter(ConfigHelper.getConfig(Constant.SUBNET_IPS), ",");
        if (this.isBehindVA.get()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[0], 32)).addIncludeRoute(new NetworkInterceptorConfig.Subnet(ConfigHelper.getConfig(Constant.ROUTE_SUBNET_IP), 32));
            return;
        }
        if (this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[3], 32));
        } else if (this.syncHandler.get().getFailClosedOption()) {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[2], 32));
        } else {
            builder.addAddress(new NetworkInterceptorConfig.Subnet(splitStringOnDelimiter[1], 32)).addIncludeRoute(new NetworkInterceptorConfig.Subnet(ConfigHelper.getConfig(Constant.ROUTE_SUBNET_IP), 32));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NetworkInterceptorConfig createNetworkInterceptorConfig() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Creating network interceptor config");
        NetworkInterceptorConfig.Builder builder = new NetworkInterceptorConfig.Builder();
        NetworkInterceptorConfig.Standalone.Builder vpnRequestDescription = builder.standalone().setSessionName(UITranslator.getString(R.string.umbrella_vpn_session_name)).setVpnRequestDescription(UITranslator.getString(R.string.umbrella_vpn_request_reason));
        vpnRequestDescription.setAllowFamily(OsConstants.AF_INET6);
        String searchDomains = NetworkUtils.getSearchDomains(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (ValidationHelper.isNonNullOrNotEmpty(searchDomains)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "The search domains are " + searchDomains);
            vpnRequestDescription.addDnsSearchDomains(searchDomains);
        }
        if (this.isBehindVA.get() || !((this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) || this.syncHandler.get().getFailClosedOption())) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Creating dummy VPN");
            createDummyVPNConfig(vpnRequestDescription);
        } else {
            setDnsServersAndRoutes(vpnRequestDescription);
            List<String> mergeDomains = mergeDomains(NetworkUtils.getDomains(this.context, this.publicNetworkMonitor.getConnectedNetwork()), this.syncHandler.get().getWhitelist());
            if (mergeDomains == null || mergeDomains.isEmpty()) {
                AppLog.info(this, "Do not have any whitelisted domains. Fail Open.");
                return null;
            }
            setWhitelistedDomains(builder, mergeDomains);
            builder.remoteAccess().setIncludeDns(true);
        }
        createNetworkConfiguration(vpnRequestDescription);
        return builder.build();
    }

    private String[] getUmbrellaResolverIps() {
        return Helper.splitStringOnDelimiter(ConfigHelper.getConfig(Constant.UMBRELLA_RESOLVER_IPS), ",");
    }

    private synchronized void handleConfiguredState() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "handleInterceptorStateChange state is CONFIGURED :: ");
        try {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Scheduling closed flow cleaner");
            scheduleClosedFlowCleaner();
            if (this.isBehindVA.get()) {
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.BEHIND_VA, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
                cancelDnsCryptCertFetch();
                cancelUmbrellaResolverScheduler();
            } else {
                if (this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Updating protection status to protected");
                    UIUpdater.updateUI(EncryptionState.ENCRYPTED, ProtectionState.PROTECTED, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
                    cancelUmbrellaResolverScheduler();
                    scheduleUmbrellaResolverScheduler(15L, TimeUnit.SECONDS);
                }
                UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.FAIL_OPEN_CLOSED, DateFormat.getInstance().format(Long.valueOf(this.registrationData.getRegisteredTime())), this.registrationData.getUserId());
            }
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Updating UI with protection state");
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, TAG, "failed to init proxy channel " + e);
            this.networkInterceptor.disable();
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        }
    }

    private void handleDisabledState() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "handleDisableState invoked");
        UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN);
        this.networkFlowMap.clear();
        NetworkInterceptor.FailureCode lastFailureCode = this.networkInterceptor.getLastFailureCode();
        if (lastFailureCode == null) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, TAG, "Network interceptor failed with null failure code");
            return;
        }
        if (NetworkInterceptor.FailureCode.REVOKED == lastFailureCode) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, TAG, "VPN has been revoked.");
            this.networkInterceptor = null;
            initialize();
            return;
        }
        if (NetworkInterceptor.FailureCode.CONFIGURE_FAILURE == lastFailureCode) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, TAG, "VPN configuration failed");
            if (this.countVpnRequest == 0) {
                this.networkInterceptor = null;
                initialize();
                this.countVpnRequest++;
                return;
            }
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, TAG, "Network interceptor failed with code: " + lastFailureCode);
    }

    private synchronized void handleInitializedState() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "handleInterceptorStateChange state is INITIALIZED :: ");
        if (Build.VERSION.SDK_INT >= 21) {
            configureNetworkInterceptor(createNetworkInterceptorConfig(), true);
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Unable to configure NI on Android OS < Lollipop");
            this.networkInterceptor.disable();
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleInterceptorStateChange(NetworkInterceptor.State state) {
        if (state == NetworkInterceptor.State.INITIALIZED) {
            handleInitializedState();
        } else if (state == NetworkInterceptor.State.CONFIGURED) {
            handleConfiguredState();
        } else if (state == NetworkInterceptor.State.DISABLED) {
            handleDisabledState();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleUDPFlowData(NetworkFlow networkFlow, ByteBuffer byteBuffer) {
        this.networkFlowMap.put(Short.valueOf(Helper.getTransactionId(byteBuffer)), networkFlow);
        byteBuffer.rewind();
        ByteBuffer appendEDNS = this.ednsData.appendEDNS(byteBuffer);
        appendEDNS.rewind();
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Creating byte array from edns packet");
        int limit = appendEDNS.limit();
        byte[] bArr = new byte[limit];
        appendEDNS.get(bArr);
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "DNS Query Length::" + limit + "  ::DNS Query:: " + Helper.byteToHex(bArr));
        ByteBuffer wrap = ByteBuffer.wrap(this.dnsCryptHelper.encrypt(bArr));
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Received encrypted packet; Sending it to resolver");
        this.selectSocketChannel.writeBuffer(wrap);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initSocketChannel() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Init SocketChannel");
        try {
            SelectSocketChannel selectSocketChannel = new SelectSocketChannel(4096, this, this.publicNetworkMonitor);
            this.selectSocketChannel = selectSocketChannel;
            selectSocketChannel.initialize(InetAddress.getByName(getUmbrellaResolverIps()[0]), this.dnsCryptHelper.getActivePort());
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Completed configuration of socket channel.");
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, TAG, "failed to init proxy channel " + e);
        }
    }

    private synchronized void initialize() {
        AppLog.Severity severity = AppLog.Severity.DBG_INFO;
        String str = TAG;
        StringBuilder sb = new StringBuilder();
        sb.append("initialize invoked and the state is ");
        sb.append(this.networkInterceptor == null ? "DISABLED" : this.networkInterceptor.getState());
        AppLog.logDebugMessage(severity, str, sb.toString());
        if (this.networkInterceptor != null && this.networkInterceptor.getState() != NetworkInterceptor.State.DISABLED) {
            if (this.configureNetworkInterceptorScheduledFuture != null && !this.configureNetworkInterceptorScheduledFuture.isDone() && !this.configureNetworkInterceptorScheduledFuture.isCancelled()) {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Cancelling existing reconfiguration request");
                this.configureNetworkInterceptorScheduledFuture.cancel(true);
            }
            if (this.networkInterceptor.getState() == NetworkInterceptor.State.CONFIGURED) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Scheduling reconfiguration request for 3s from now");
                this.configureNetworkInterceptorScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.3
                    @Override // java.lang.Runnable
                    public void run() {
                        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Reconfiguring network interceptor.");
                        NetworkInterceptorCB networkInterceptorCB = NetworkInterceptorCB.this;
                        networkInterceptorCB.configureNetworkInterceptor(networkInterceptorCB.createNetworkInterceptorConfig(), false);
                    }
                }, 3L, TimeUnit.SECONDS);
            }
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Initializing network interceptor");
        this.networkInterceptor = new NetworkInterceptor(this.context, this);
        initSocketChannel();
        if (this.networkInterceptor.initialize()) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_WARN, TAG, "Successfully inited network interceptor.");
        } else {
            AppLog.logDebugMessage(AppLog.Severity.DBG_WARN, TAG, "Unable to init network interceptor.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeNI() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "initializeNI invoked" + this.dnsCryptInitSuccessful);
        if (this.publicNetworkMonitor.isOnline()) {
            if (!this.dnsCryptInitSuccessful) {
                initializeUmbrellaNative();
            }
            initialize();
        }
    }

    private void initializeUmbrellaNative() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Initializing Umbrella Native");
        DNSCryptHelper dNSCryptHelper = DNSCryptHelper.getInstance();
        this.dnsCryptHelper = dNSCryptHelper;
        dNSCryptHelper.addObserver(this);
        this.dnsCryptInitSuccessful = this.dnsCryptHelper.initDNSCrypt();
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Completed initing DNSCrypt. Status: " + this.dnsCryptInitSuccessful);
        if (this.dnsCryptInitSuccessful) {
            cancelDnsCryptCertFetch();
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Scheduling refresh certs to run 30 min from now.");
        this.dnsCryptRefreshCertScheduledFuture = this.singleThreadedScheduledExecutorService.scheduleWithFixedDelay(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.2
            @Override // java.lang.Runnable
            public void run() {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Refreshing certs");
                NetworkInterceptorCB.this.dnsCryptHelper.refreshCerts();
            }
        }, 30L, 30L, TimeUnit.MINUTES);
    }

    private List<String> mergeDomains(Collection<String> collection, List<String> list) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Merging domains from network interface and sync response");
        if (list == null) {
            AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Sync response is empty and hence not merging whitelisted domains");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            arrayList.addAll(collection);
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Merging sync white liisted domains");
        arrayList.addAll(list);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleClosedFlowCleaner() {
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Scheduling network flow map cleaner");
        ScheduledFuture scheduledFuture = this.networkFlowMapCleanerScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.networkFlowMapCleanerScheduledFuture.isCancelled()) {
            this.networkFlowMapCleanerScheduledFuture.cancel(true);
        }
        this.networkFlowMapCleanerScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(this.networkFlowMapCleaner, 2L, TimeUnit.MINUTES);
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Scheduled network flow map cleaner");
    }

    private void scheduleUmbrellaResolverScheduler(final long j, final TimeUnit timeUnit) {
        this.checkUmbrellaResolverScheduledFuture = this.singleThreadedScheduledExecutorService.schedule(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.7
            @Override // java.lang.Runnable
            public void run() {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Scheduling checkIfUmbrellaResolverReachable for :" + j + " " + timeUnit);
                NetworkInterceptorCB.this.checkIfUmbrellaResolverReachable();
            }
        }, j, timeUnit);
    }

    private void setDnsServersAndRoutes(NetworkInterceptorConfig.Standalone.Builder builder) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Configuring DNS servers");
        List<String> ipv4DNSServers = NetworkUtils.getIpv4DNSServers(this.context, this.publicNetworkMonitor.getConnectedNetwork());
        if (ipv4DNSServers != null && !ipv4DNSServers.isEmpty()) {
            for (String str : ipv4DNSServers) {
                builder.addDnsServer(str).addIncludeRoute(new NetworkInterceptorConfig.Subnet(str, 32));
            }
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "IPv4 DNS Server Unavailable");
        for (String str2 : getUmbrellaResolverIps()) {
            builder.addDnsServer(str2).addIncludeRoute(new NetworkInterceptorConfig.Subnet(str2, 32));
        }
    }

    private void setWhitelistedDomains(NetworkInterceptorConfig.Builder builder, List<String> list) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Configuring whitelisting");
        if (list == null || list.isEmpty()) {
            return;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "Setting whitelisted domains: " + Arrays.toString(list.toArray()));
        builder.excludeDnsQueries(list);
    }

    @Override // com.cisco.umbrella.tnd.TNDHandler.TndCallback
    public void backoff(boolean z, boolean z2) {
        if (z2) {
            cleanup();
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Backoff. Disabling NI.");
            UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        } else if (z) {
            this.isBehindVA.set(true);
            if (this.publicNetworkMonitor.isOnline()) {
                initialize();
            }
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Backoff. Network is behind VA.");
        }
    }

    @Override // com.cisco.umbrella.tnd.TNDHandler.TndCallback
    public void continueProtection() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Continue Protection  - isOnline - " + this.publicNetworkMonitor.isOnline());
        this.isBehindVA.set(false);
        cancelDnsCryptCertFetch();
        if (this.dnsCryptInitSuccessful) {
            initializeNI();
        } else {
            cancelUmbrellaResolverScheduler();
            this.dnsCryptFetchCertRetryScheduledFuture = this.singleThreadedScheduledExecutorService.scheduleWithFixedDelay(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.9
                @Override // java.lang.Runnable
                public void run() {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Scheduling the timer to retry the certificate fetch");
                    NetworkInterceptorCB.this.initializeNI();
                }
            }, 0L, 30L, TimeUnit.SECONDS);
        }
    }

    public void destroy() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "destroy invoked");
        cleanup();
        UIUpdater.updateUI(EncryptionState.OFF, ProtectionState.OPEN, Constant.NOT_AVAILABLE, Constant.NOT_AVAILABLE);
        ScheduledFuture scheduledFuture = this.dnsCryptRefreshCertScheduledFuture;
        if (scheduledFuture != null && !scheduledFuture.isDone() && !this.dnsCryptRefreshCertScheduledFuture.isCancelled()) {
            this.dnsCryptRefreshCertScheduledFuture.cancel(true);
        }
        ScheduledExecutorService scheduledExecutorService = this.singleThreadedScheduledExecutorService;
        if (scheduledExecutorService != null) {
            scheduledExecutorService.shutdown();
        }
        this.tndHandler.unsubscribe(this);
        IPublicNetworkMonitor iPublicNetworkMonitor = this.publicNetworkMonitor;
        if (iPublicNetworkMonitor != null) {
            iPublicNetworkMonitor.unSubscribe(this.publicNetworkMonitorCallback);
        }
        this.publicNetworkMonitor = null;
        this.configureNetworkInterceptorScheduledFuture = null;
        this.networkFlowMapCleanerScheduledFuture = null;
        this.dnsCryptRefreshCertScheduledFuture = null;
        this.selectSocketChannel = null;
        this.singleThreadedScheduledExecutorService = null;
        DNSCryptHelper dNSCryptHelper = this.dnsCryptHelper;
        if (dNSCryptHelper != null) {
            dNSCryptHelper.deleteObserver(this);
            this.dnsCryptHelper.cleanUp();
        }
        this.dnsCryptHelper = null;
        this.syncHandler = null;
        this.tndHandler = null;
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleFlowClosed(NetworkFlow networkFlow) {
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleFlowData(final NetworkFlow networkFlow, final ByteBuffer byteBuffer) {
        if ((!(this.dnsCryptInitSuccessful && this.isUmbrellaResolverReachable.get()) && this.syncHandler.get().getFailClosedOption()) || !this.publicNetworkMonitor.isOnline() || networkFlow.getProtocol() != NetworkFlow.IPProtocol.UDP || byteBuffer == null || this.selectSocketChannel.getIsReconnecting().booleanValue()) {
            return;
        }
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.5
            @Override // java.lang.Runnable
            public void run() {
                NetworkInterceptorCB.this.handleUDPFlowData(networkFlow, byteBuffer);
            }
        });
    }

    @Override // com.cisco.anyconnect.vpn.interceptor.NetworkInterceptor.INetworkInterceptorCB
    public void handleStateChange(NetworkInterceptor.State state, final NetworkInterceptor.State state2) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "handleStateChange is invoked::" + state + "::" + state2);
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.4
            @Override // java.lang.Runnable
            public void run() {
                NetworkInterceptorCB.this.handleInterceptorStateChange(state2);
            }
        });
    }

    public void initialize(RegistrationData registrationData) {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "initialize invoked with registration data ");
        this.registrationData = registrationData;
        this.ednsData = new EDNSData(registrationData);
    }

    @Override // com.cisco.umbrella.network.SelectSocketChannel.ISelectSocketChannelCB
    public void onDataReceived(final byte[] bArr) {
        this.isPacketReceived.set(true);
        this.isUmbrellaResolverReachable.set(true);
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.8
            @Override // java.lang.Runnable
            public void run() {
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "Data received from the resolver.");
                byte[] decrypt = NetworkInterceptorCB.this.dnsCryptHelper.decrypt(bArr);
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "DNS response size :: " + decrypt.length + " DNS Response:: " + Helper.byteToHex(decrypt));
                ByteBuffer wrap = ByteBuffer.wrap(decrypt);
                NetworkFlow networkFlow = (NetworkFlow) NetworkInterceptorCB.this.networkFlowMap.remove(Short.valueOf(Helper.getTransactionId(wrap)));
                wrap.rewind();
                if (networkFlow == null) {
                    AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "writeData networkFlow is null::");
                } else {
                    AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "writeData is invoked::");
                    networkFlow.writeData(wrap);
                }
            }
        });
    }

    @Override // java.util.Observer
    public void update(Observable observable, Object obj) {
        this.mExecutor.submit(new Runnable() { // from class: com.cisco.umbrella.network.NetworkInterceptorCB.10
            @Override // java.lang.Runnable
            public void run() {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, NetworkInterceptorCB.TAG, "active port changed. init socket channel");
                if (NetworkInterceptorCB.this.selectSocketChannel != null) {
                    NetworkInterceptorCB.this.selectSocketChannel.close();
                }
                NetworkInterceptorCB.this.initSocketChannel();
            }
        });
    }
}
