package com.jadaptive.nodal.core.linux;

import com.jadaptive.nodal.core.lib.AbstractUnixDesktopPlatformService;
import com.jadaptive.nodal.core.lib.NATMode;
import com.jadaptive.nodal.core.lib.NativeComponents;
import com.jadaptive.nodal.core.lib.NetworkInterfaceInfo;
import com.jadaptive.nodal.core.lib.PlatformService;
import com.jadaptive.nodal.core.lib.StartRequest;
import com.jadaptive.nodal.core.lib.SystemContext;
import com.jadaptive.nodal.core.lib.VpnAdapter;
import com.jadaptive.nodal.core.lib.VpnConfiguration;
import com.jadaptive.nodal.core.lib.util.OsUtil;
import com.sshtools.liftlib.ElevatedClosure;
import com.sshtools.liftlib.commands.SystemCommands;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.Serializable;
import java.io.UncheckedIOException;
import java.net.InterfaceAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/jadaptive/nodal/core/linux/AbstractLinuxPlatformService.class */
public abstract class AbstractLinuxPlatformService extends AbstractUnixDesktopPlatformService<AbstractLinuxAddress> {
    private static final String POSTROUTING_VPN = "POSTROUTING_VPN";
    private static final String POSTROUTING = "POSTROUTING";
    private static final String SNAT = "SNAT";
    private static final String MASQUERADE = "MASQUERADE";
    private static final String INTERFACE_PREFIX = "wg";
    private static final Logger LOG = LoggerFactory.getLogger(AbstractLinuxPlatformService.class);
    static Object lock = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/jadaptive/nodal/core/linux/AbstractLinuxPlatformService$IpAddressState.class */
    public enum IpAddressState {
        HEADER,
        IP,
        MAC
    }

    /* loaded from: input_file:com/jadaptive/nodal/core/linux/AbstractLinuxPlatformService$SetIpForwarding.class */
    public static final class SetIpForwarding implements ElevatedClosure<Serializable, Serializable> {
        private String path;
        private boolean enable;

        public SetIpForwarding() {
        }

        SetIpForwarding(String str, boolean z) {
            this.path = str;
            this.enable = z;
        }

        public Serializable call(ElevatedClosure<Serializable, Serializable> elevatedClosure) throws Exception {
            try {
                BufferedWriter newBufferedWriter = Files.newBufferedWriter(Paths.get(this.path, new String[0]), new OpenOption[0]);
                try {
                    newBufferedWriter.write(this.enable ? "1" : "0");
                    if (newBufferedWriter != null) {
                        newBufferedWriter.close();
                    }
                    return null;
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    public AbstractLinuxPlatformService(SystemContext systemContext) {
        super(INTERFACE_PREFIX, systemContext);
    }

    public final List<AbstractLinuxAddress> addresses() {
        String mac;
        ArrayList arrayList = new ArrayList();
        AbstractLinuxAddress abstractLinuxAddress = null;
        try {
            IpAddressState ipAddressState = IpAddressState.HEADER;
            for (String str : context().commands().output(new String[]{"ip", "address"})) {
                if (!str.startsWith(" ")) {
                    String trim = str.split(":")[1].trim();
                    AbstractLinuxAddress createAddress = createAddress(nativeNameToInterfaceName(trim).orElse(trim), trim);
                    abstractLinuxAddress = createAddress;
                    arrayList.add(createAddress);
                    ipAddressState = IpAddressState.MAC;
                } else if (abstractLinuxAddress != null) {
                    String trim2 = str.trim();
                    if (ipAddressState == IpAddressState.MAC) {
                        String[] split = trim2.split("\\s+");
                        if (split.length > 1 && (mac = abstractLinuxAddress.getMac()) != null && !mac.equals(split[1])) {
                            throw new IllegalStateException("Unexpected MAC.");
                        }
                        ipAddressState = IpAddressState.IP;
                    } else if (ipAddressState == IpAddressState.IP && trim2.startsWith("inet ")) {
                        String[] split2 = trim2.split("\\s+");
                        if (split2.length > 1) {
                            abstractLinuxAddress.getAddresses().add(split2[1]);
                        }
                        ipAddressState = IpAddressState.HEADER;
                    }
                } else {
                    continue;
                }
            }
        } catch (IOException e) {
            if (!Boolean.getBoolean("hypersocket.development")) {
                throw new IllegalStateException("Failed to get network devices.", e);
            }
        }
        return arrayList;
    }

    public boolean isIpForwardingEnabledOnSystem() {
        Path path = Paths.get("/proc/sys/net/ipv4/ip_forward", new String[0]);
        Path path2 = Paths.get("/proc/sys/net/ipv6/conf/all/forwarding", new String[0]);
        return ((Files.exists(path, new LinkOption[0]) && isEnabled(path)) || !Files.exists(path, new LinkOption[0])) && ((Files.exists(path, new LinkOption[0]) && isEnabled(path2)) || !Files.exists(path2, new LinkOption[0]));
    }

    public boolean isValidNativeInterfaceName(String str) {
        return (str.length() >= 16 || str.matches(".*\\s+.*") || str.contains(" ") || str.contains("/")) ? false : true;
    }

    public final void runHook(VpnConfiguration vpnConfiguration, VpnAdapter vpnAdapter, String... strArr) throws IOException {
        runHookViaPipeToShell(vpnConfiguration, vpnAdapter, new String[]{OsUtil.getPathOfCommandInPathOrFail("bash").toString(), "-c", String.join(" ; ", strArr).trim()});
    }

    /* JADX WARN: Finally extract failed */
    public void setNat(String str, Optional<NATMode> optional) throws IOException {
        Optional<NATMode> nat = getNat(str);
        if (Objects.equals(nat.orElse(null), optional.orElse(null))) {
            return;
        }
        LOG.info("Removing existing MASQUERADE/SNAT rules for {}", str);
        SystemCommands privileged = this.context.commands().privileged();
        try {
            NetworkInterfaceInfo networkInterfaceInfo = (NetworkInterfaceInfo) getBestLocalNic().orElseThrow(() -> {
                return new IOException("Local NIC could not be determined.");
            });
            if (nat.isPresent()) {
                NATMode.SNAT snat = (NATMode) nat.get();
                if (snat instanceof NATMode.SNAT) {
                    for (NetworkInterface networkInterface : snat.to()) {
                        for (String str2 : NATMode.SNAT.toIpv4Addresses(networkInterface)) {
                            LOG.info("Removing SNAT rules for {} to {} using {}", new Object[]{str, networkInterface.getName(), str2});
                            privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-o", str, "-i", networkInterface.getName(), "-j", SNAT, "--to-source", str2});
                        }
                    }
                    for (String str3 : NATMode.SNAT.toIpv4Addresses(networkInterfaceInfo)) {
                        LOG.info("Removing SNAT rules for {} to {} using {}", new Object[]{str, networkInterfaceInfo.getName(), str3});
                        privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-i", str, "-j", SNAT, "--to-source", str3});
                    }
                } else {
                    if (!(snat instanceof NATMode.MASQUERADE)) {
                        throw new UnsupportedOperationException(snat.getClass().getName());
                    }
                    NATMode.MASQUERADE masquerade = (NATMode.MASQUERADE) snat;
                    if (masquerade.out().isEmpty()) {
                        LOG.info("Removing MASQ rules for {} to {}", str, networkInterfaceInfo.getName());
                        privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-i", networkInterfaceInfo.getName(), "-j", MASQUERADE, "-o", str});
                        privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-i", str, "-j", MASQUERADE});
                    } else {
                        for (NetworkInterface networkInterface2 : masquerade.out()) {
                            LOG.info("Removing MASQ rules for {} to {}", networkInterface2.getName(), str);
                            privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-i", networkInterface2.getName(), "-j", MASQUERADE, "-o", str});
                        }
                        LOG.info("Removing MASQ rules for {}", str);
                        privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING_VPN, "-i", str, "-j", MASQUERADE, "*"});
                    }
                }
            }
            if (optional.isEmpty()) {
                LOG.info("Reverting to full routed mode.");
            } else {
                NATMode.SNAT snat2 = (NATMode) optional.get();
                if (snat2 instanceof NATMode.SNAT) {
                    for (NetworkInterface networkInterface3 : snat2.to()) {
                        for (String str4 : NATMode.SNAT.toIpv4Addresses(networkInterface3)) {
                            LOG.info("Adding SNAT rules for {} to {} using {}", new Object[]{str, networkInterface3.getName(), str4});
                            privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-o", str, "-i", networkInterface3.getName(), "-j", SNAT, "--to-source", str4});
                        }
                    }
                    for (String str5 : NATMode.SNAT.toIpv4Addresses(networkInterfaceInfo)) {
                        LOG.info("Adding SNAT rules for {} to {} using {}", new Object[]{str, networkInterfaceInfo.getName(), str5});
                        privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-i", str, "-j", SNAT, "--to-source", str5});
                    }
                } else {
                    if (!(snat2 instanceof NATMode.MASQUERADE)) {
                        throw new UnsupportedOperationException(snat2.getClass().getName());
                    }
                    NATMode.MASQUERADE masquerade2 = (NATMode.MASQUERADE) snat2;
                    if (masquerade2.out().isEmpty()) {
                        LOG.info("Adding MASQUERADE rules for {} to {}", str, networkInterfaceInfo.getName());
                        privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-j", MASQUERADE, "-i", str});
                        privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-j", MASQUERADE, "-i", networkInterfaceInfo.getName(), "-o", str});
                    } else {
                        for (NetworkInterface networkInterface4 : masquerade2.out()) {
                            LOG.info("Adding MASQUERADE rules for {} to {}", networkInterface4.getName(), str);
                            privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-i", networkInterface4.getName(), "-j", MASQUERADE, "-o", str});
                        }
                        LOG.info("Adding MASQUERADE rules for {}", str);
                        privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING_VPN, "-i", str, "-j", MASQUERADE});
                    }
                }
            }
            boolean z = false;
            boolean z2 = false;
            Iterator it = privileged.output(new String[]{"iptables", "-t", "nat", "-L", POSTROUTING, "-v", "-n"}).stream().skip(2L).toList().iterator();
            if (it.hasNext()) {
                z = true;
            }
            Iterator it2 = privileged.output(new String[]{"iptables", "-t", "nat", "-L", POSTROUTING_VPN, "-v", "-n"}).stream().skip(2L).toList().iterator();
            if (it2.hasNext()) {
                z2 = true;
            }
            if (z != z2) {
                if (z2) {
                    LOG.info("Adding POSTROUTING -> POSTROUTING_VPN rule");
                    privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING, "-j", POSTROUTING_VPN});
                } else {
                    LOG.info("Removing POSTROUTING -> POSTROUTING_VPN rule");
                    privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING, "-j", POSTROUTING_VPN});
                }
            }
        } catch (Throwable th) {
            boolean z3 = false;
            boolean z4 = false;
            Iterator it3 = privileged.output(new String[]{"iptables", "-t", "nat", "-L", POSTROUTING, "-v", "-n"}).stream().skip(2L).toList().iterator();
            if (it3.hasNext()) {
                z3 = true;
            }
            Iterator it4 = privileged.output(new String[]{"iptables", "-t", "nat", "-L", POSTROUTING_VPN, "-v", "-n"}).stream().skip(2L).toList().iterator();
            if (it4.hasNext()) {
                z4 = true;
            }
            if (z3 != z4) {
                if (z4) {
                    LOG.info("Adding POSTROUTING -> POSTROUTING_VPN rule");
                    privileged.run(new String[]{"iptables", "-t", "nat", "-A", POSTROUTING, "-j", POSTROUTING_VPN});
                } else {
                    LOG.info("Removing POSTROUTING -> POSTROUTING_VPN rule");
                    privileged.run(new String[]{"iptables", "-t", "nat", "-D", POSTROUTING, "-j", POSTROUTING_VPN});
                }
            }
            throw th;
        }
    }

    public Optional<String> nativeNameToInterfaceName(String str) {
        return Optional.empty();
    }

    public Optional<String> interfaceNameToNativeName(String str) {
        return Optional.empty();
    }

    public Optional<NATMode> getNat(String str) throws IOException {
        String str2 = null;
        ArrayList arrayList = new ArrayList();
        String str3 = null;
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Iterator it = this.context.commands().privileged().output(new String[]{"iptables", "-t", "nat", "-L", POSTROUTING_VPN, "-v", "-n"}).iterator();
        while (it.hasNext()) {
            String[] split = ((String) it.next()).trim().split("\\s+");
            if (split.length > 6 && split[2].equals(MASQUERADE) && split[5].equals(str) && split[6].equals("*")) {
                str2 = split[5];
            } else if (split.length > 6 && split[2].equals(MASQUERADE) && split[6].equals(str)) {
                arrayList.add(split[5]);
            } else if (split.length > 9 && split[2].equals(SNAT) && split[5].equals(str) && split[6].equals("*")) {
                str3 = split[5];
            } else if (split.length > 9 && split[2].equals(SNAT) && split[6].equals(str)) {
                arrayList2.add(split[5]);
                if (split[9].startsWith(split[9].substring(3))) {
                    arrayList3.add(split[5]);
                }
            }
        }
        return str2 != null ? Optional.of(new NATMode.MASQUERADE((Set) arrayList.stream().map(str4 -> {
            try {
                return NetworkInterface.getByName(str4);
            } catch (SocketException e) {
                throw new UncheckedIOException(e);
            }
        }).collect(Collectors.toSet()))) : str3 != null ? Optional.of(new NATMode.SNAT((Set) arrayList.stream().map(str5 -> {
            try {
                return NetworkInterface.getByName(str5);
            } catch (SocketException e) {
                throw new UncheckedIOException(e);
            }
        }).collect(Collectors.toSet()))) : Optional.empty();
    }

    public void setIpForwardingEnabledOnSystem(boolean z) {
        Path path = Paths.get("/proc/sys/net/ipv4/ip_forward", new String[0]);
        Path path2 = Paths.get("/proc/sys/net/ipv6/conf/all/forwarding", new String[0]);
        boolean exists = Files.exists(path, new LinkOption[0]);
        boolean exists2 = Files.exists(path2, new LinkOption[0]);
        if (!exists && !exists2) {
            super.setIpForwardingEnabledOnSystem(z);
            return;
        }
        if (exists) {
            try {
                this.context.commands().privileged().task(new SetIpForwarding(path.toString(), z));
            } catch (Exception e) {
                throw new IllegalStateException("Failed to change IP forwarding.", e);
            }
        }
        if (exists2) {
            this.context.commands().privileged().task(new SetIpForwarding(path2.toString(), z));
        }
    }

    protected abstract AbstractLinuxAddress createAddress(String str, String str2);

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: createVirtualInetAddress, reason: merged with bridge method [inline-methods] */
    public final AbstractLinuxAddress m2createVirtualInetAddress(NetworkInterface networkInterface) throws IOException {
        AbstractLinuxAddress createAddress = createAddress(nativeNameToInterfaceName(networkInterface.getName()).orElse(networkInterface.getName()), networkInterface.getName());
        Iterator<InterfaceAddress> it = networkInterface.getInterfaceAddresses().iterator();
        while (it.hasNext()) {
            createAddress.getAddresses().add(it.next().getAddress().toString());
        }
        return createAddress;
    }

    public final Optional<PlatformService.Gateway> defaultGateway() {
        try {
            for (String str : context().commands().privileged().output(new String[]{"ip", "route"})) {
                if (str.startsWith("default via")) {
                    String[] split = str.split("\\s+");
                    if (split.length > 4) {
                        return Optional.of(new PlatformService.Gateway(split[4], split[2]));
                    }
                }
            }
            return Optional.empty();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    protected final void onStart(StartRequest startRequest, VpnAdapter vpnAdapter) throws IOException {
        LOG.info("Creating new table for VPN NAT rules");
        try {
            this.context.commands().privileged().run(new String[]{"iptables", "-t", "nat", "-N", POSTROUTING_VPN});
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.info("Didn't create create new {} table for VPN NAT rules, probably already exists.", POSTROUTING_VPN, e);
            } else {
                LOG.info("Didn't create create new {} table for VPN NAT rules, probably already exists. {}", POSTROUTING_VPN, e.getMessage());
            }
        }
        VpnConfiguration configuration = startRequest.configuration();
        AbstractLinuxAddress findAddress = findAddress(startRequest);
        if (configuration.addresses().size() > 0) {
            findAddress.setAddresses((String) configuration.addresses().get(0));
        }
        Path createTempFile = Files.createTempFile(INTERFACE_PREFIX, ".cfg", new FileAttribute[0]);
        try {
            BufferedWriter newBufferedWriter = Files.newBufferedWriter(createTempFile, new OpenOption[0]);
            try {
                transform(configuration).write(newBufferedWriter);
                if (newBufferedWriter != null) {
                    newBufferedWriter.close();
                }
                BufferedReader newBufferedReader = Files.newBufferedReader(createTempFile);
                while (true) {
                    try {
                        String readLine = newBufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        } else {
                            LOG.info("{}", readLine);
                        }
                    } finally {
                    }
                }
                if (newBufferedReader != null) {
                    newBufferedReader.close();
                }
                LOG.info("Activating Wireguard configuration for {} (in {})", findAddress.shortName(), createTempFile);
                context().commands().privileged().logged().result(new String[]{context().nativeComponents().tool(NativeComponents.Tool.WG), "setconf", findAddress.name(), createTempFile.toString()});
                LOG.info("Activated Wireguard configuration for {}", findAddress.shortName());
                Files.delete(createTempFile);
                Instant ofEpochMilli = Instant.ofEpochMilli(((System.currentTimeMillis() / 1000) - 1) * 1000);
                findAddress.mtu(((Integer) configuration.mtu().or(() -> {
                    return this.context.configuration().defaultMTU();
                }).orElse(0)).intValue());
                LOG.info("Bringing up {}", findAddress.shortName());
                findAddress.up();
                vpnAdapter.attachToInterface(findAddress);
                Optional peer = startRequest.peer();
                if (peer.isPresent() && this.context.configuration().connectTimeout().isPresent()) {
                    waitForFirstHandshake(configuration, vpnAdapter, ofEpochMilli, peer, (Duration) this.context.configuration().connectTimeout().get());
                }
                try {
                    if (configuration.addresses().size() > 0) {
                        dns(configuration, findAddress);
                    }
                    try {
                        LOG.info("Setting routes for {}", findAddress.shortName());
                        addRoutes(vpnAdapter);
                    } catch (IOException | RuntimeException e2) {
                        try {
                            vpnAdapter.close();
                        } catch (Exception e3) {
                        }
                        throw e2;
                    }
                } catch (IOException | RuntimeException e4) {
                    try {
                        vpnAdapter.close();
                    } catch (Exception e5) {
                    }
                    throw e4;
                }
            } finally {
            }
        } catch (Throwable th) {
            Files.delete(createTempFile);
            throw th;
        }
    }

    protected final void runCommand(List<String> list) throws IOException {
        context().commands().privileged().logged().run((String[]) list.toArray(new String[0]));
    }

    private boolean isEnabled(Path path) {
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(path);
            try {
                boolean equals = newBufferedReader.readLine().equals("1");
                if (newBufferedReader != null) {
                    newBufferedReader.close();
                }
                return equals;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
