package com.logonbox.vpn.drivers.linux;

import com.logonbox.vpn.drivers.lib.AbstractUnixAddress;
import com.logonbox.vpn.drivers.lib.NativeComponents;
import com.logonbox.vpn.drivers.lib.util.IpUtil;
import com.logonbox.vpn.drivers.lib.util.OsUtil;
import com.logonbox.vpn.drivers.lib.util.Util;
import java.io.BufferedWriter;
import java.io.IOException;
import java.net.NetworkInterface;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/logonbox/vpn/drivers/linux/AbstractLinuxAddress.class */
public abstract class AbstractLinuxAddress extends AbstractUnixAddress<AbstractLinuxPlatformService> {
    private static final String NFT_COMMAND = "nft";
    private static final String TABLE_PREFIX = "logonbox-vpn-";
    public static final String TABLE_AUTO = "auto";
    public static final String TABLE_OFF = "off";
    protected Set<String> addresses;
    private static final Logger LOG = LoggerFactory.getLogger(AbstractLinuxAddress.class);
    private boolean haveSetFirewall;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractLinuxAddress(String str, String str2, AbstractLinuxPlatformService abstractLinuxPlatformService) {
        super(str, str2, abstractLinuxPlatformService);
        this.addresses = new LinkedHashSet();
        this.haveSetFirewall = calcFirewallSet();
    }

    public void addAddress(String str) throws IOException {
        if (this.addresses.contains(str)) {
            throw new IllegalStateException(String.format("Interface %s already has address %s", shortName(), str));
        }
        if (this.addresses.size() > 0 && Util.isNotBlank(peer())) {
            throw new IllegalStateException(String.format("Interface %s is configured to have a single peer %s, so cannot add a second address %s", shortName(), peer(), str));
        }
        if (Util.isNotBlank(peer())) {
            this.commands.privileged().logged().result(new String[]{"ip", "address", "add", "dev", nativeName(), str, "peer", peer()});
        } else {
            this.commands.privileged().logged().result(new String[]{"ip", "address", "add", "dev", nativeName(), str});
        }
        this.addresses.add(str);
    }

    public void delete() throws IOException {
        if (this.haveSetFirewall) {
            removeFirewall();
        }
        String table = table();
        int fWMark = getFWMark("table");
        if ((Util.isBlank(table) || table.equals(TABLE_AUTO)) && fWMark > 0) {
            while (commandOutputMatches(".*lookup " + fWMark + ".*", "ip", "-4", "rule", "show")) {
                this.commands.privileged().logged().result(new String[]{"ip", "-4", "rule", "delete", "table", String.valueOf(fWMark)});
            }
            while (commandOutputMatches(".*from all lookup main suppress_prefixlength 0.*", "ip", "-4", "rule", "show")) {
                this.commands.privileged().logged().result(new String[]{"ip", "-4", "rule", "delete", "table", "main", "suppress_prefixlength", "0"});
            }
            while (commandOutputMatches(".*lookup " + fWMark + ".*", "ip", "-6", "rule", "show")) {
                this.commands.privileged().logged().result(new String[]{"ip", "-6", "rule", "delete", "table", String.valueOf(fWMark)});
            }
            while (commandOutputMatches(".*from all lookup main suppress_prefixlength 0.*", "ip", "-6", "rule", "show")) {
                this.commands.privileged().logged().result(new String[]{"ip", "-6", "rule", "delete", "table", "main", "suppress_prefixlength", "0"});
            }
        }
        onDelete();
    }

    protected abstract void onDelete() throws IOException;

    public String displayName() {
        try {
            NetworkInterface byName = getByName(nativeName());
            return byName == null ? "Unknown" : byName.getDisplayName();
        } catch (IOException e) {
            return "Unknown";
        }
    }

    public void down() throws IOException {
        if (this.haveSetFirewall) {
            removeFirewall();
        }
        setRoutes(new ArrayList());
    }

    public Set<String> getAddresses() {
        return this.addresses;
    }

    public String getMac() {
        try {
            NetworkInterface byName = getByName(nativeName());
            if (byName == null) {
                return null;
            }
            return IpUtil.toIEEE802(byName.getHardwareAddress());
        } catch (IOException e) {
            return null;
        }
    }

    public boolean hasAddress(String str) {
        return this.addresses.contains(str);
    }

    public void removeAddress(String str) throws IOException {
        if (!this.addresses.contains(str)) {
            throw new IllegalStateException(String.format("Interface %s not not have address %s", shortName(), str));
        }
        if (this.addresses.size() > 0 && Util.isNotBlank(peer())) {
            throw new IllegalStateException(String.format("Interface %s is configured to have a single peer %s, so cannot add a second address %s", shortName(), peer(), str));
        }
        this.commands.privileged().logged().result(new String[]{"ip", "address", "del", str, "dev", nativeName()});
        this.addresses.remove(str);
    }

    public void setAddresses(String... strArr) {
        List asList = Arrays.asList(strArr);
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (!hasAddress(str)) {
                try {
                    addAddress(str);
                } catch (Exception e) {
                    arrayList.add(e);
                }
            }
        }
        Iterator it = new ArrayList(this.addresses).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (!asList.contains(str2)) {
                try {
                    removeAddress(str2);
                } catch (Exception e2) {
                    arrayList.add(e2);
                }
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        Exception exc = (Exception) arrayList.get(0);
        if (!(exc instanceof RuntimeException)) {
            throw new IllegalArgumentException("Failed to set addresses.", exc);
        }
        throw ((RuntimeException) exc);
    }

    public void setRoutes(Collection<String> collection) throws IOException {
        HashSet hashSet = new HashSet();
        Iterator it = this.commands.privileged().output(new String[]{"ip", "route", "show", "dev", nativeName()}).iterator();
        while (it.hasNext()) {
            String[] split = ((String) it.next()).split("\\s+");
            if (split.length > 0) {
                hashSet.add(split[0]);
                if (!collection.contains(split[0])) {
                    LOG.info("Removing route {} for {}", split[0], shortName());
                    this.commands.privileged().logged().result(new String[]{"ip", "route", "del", split[0], "dev", nativeName()});
                }
            }
        }
        for (String str : collection) {
            if (!hashSet.contains(str)) {
                addRoute(str);
            }
        }
    }

    public String toString() {
        return "Ip [name=" + name() + ", addresses=" + String.valueOf(this.addresses) + ", peer=" + peer() + "]";
    }

    public void up() throws IOException {
        if (getMtu() > 0) {
            this.commands.privileged().logged().result(new String[]{"ip", "link", "set", "mtu", String.valueOf(getMtu()), "up", "dev", nativeName()});
            return;
        }
        int i = 0;
        if (0 == 0) {
            Iterator it = this.commands.privileged().output(new String[]{"ip", "route", "show", "default"}).iterator();
            if (it.hasNext()) {
                StringTokenizer stringTokenizer = new StringTokenizer((String) it.next());
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    if (stringTokenizer.nextToken().equals("dev")) {
                        Iterator it2 = this.commands.privileged().output(new String[]{"ip", "link", "show", "dev", stringTokenizer.nextToken()}).iterator();
                        if (it2.hasNext()) {
                            StringTokenizer stringTokenizer2 = new StringTokenizer((String) it2.next());
                            while (true) {
                                if (!stringTokenizer2.hasMoreTokens()) {
                                    break;
                                } else if (stringTokenizer2.nextToken().equals("mtu")) {
                                    i = Integer.parseInt(stringTokenizer2.nextToken());
                                    break;
                                }
                            }
                        }
                    }
                }
            }
        }
        if (i == 0) {
            i = 1500;
        }
        this.commands.privileged().logged().result(new String[]{"ip", "link", "set", "mtu", String.valueOf(i - 80), "up", "dev", nativeName()});
    }

    private boolean calcFirewallSet() {
        String str = "logonbox-vpn-" + nativeName();
        if (OsUtil.doesCommandExist(NFT_COMMAND)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking if firewall already setup for {} using nft", shortName());
            }
            Iterator it = this.commands.privileged().silentOutput(new String[]{NFT_COMMAND, "list", "ruleset"}).iterator();
            while (it.hasNext()) {
                if (((String) it.next()).startsWith("table ip " + str + "{")) {
                    LOG.info("Firewall is configured using nft");
                    return true;
                }
            }
            return false;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking if firewall already setup for {} using iptables", shortName());
        }
        Iterator it2 = this.commands.privileged().silentOutput(new String[]{"iptables-save"}).iterator();
        while (it2.hasNext()) {
            if (((String) it2.next()).contains("LogonBoxVPN rule for " + nativeName())) {
                LOG.info("Firewall is configured using iptables");
                return true;
            }
        }
        return false;
    }

    private void addDefault(String str) throws IOException {
        int fWMark = getFWMark("table");
        if (fWMark == 0) {
            fWMark = 51820;
            while (true) {
                if (this.commands.privileged().silentOutput(new String[]{"ip", "-4", "route", "show", "table", String.valueOf(fWMark)}).isEmpty() && this.commands.privileged().silentOutput(new String[]{"ip", "-6", "route", "show", "table", String.valueOf(fWMark)}).isEmpty()) {
                    break;
                } else {
                    fWMark++;
                }
            }
            this.commands.privileged().logged().result(new String[]{this.platform.context().nativeComponents().tool(NativeComponents.Tool.WG), "set", name(), "fwmark", String.valueOf(fWMark)});
        }
        String str2 = "-4";
        Object obj = "iptables";
        Object obj2 = "ip";
        if (str.matches(".*:.*")) {
            str2 = "-6";
            obj = "ip6tables";
            obj2 = "ip6";
        }
        this.commands.privileged().logged().result(new String[]{"ip", str2, "route", "add", str, "dev", nativeName(), "table", String.valueOf(fWMark)});
        this.commands.privileged().logged().result(new String[]{"ip", str2, "rule", "add", "not", "fwmark", String.valueOf(fWMark), "table", String.valueOf(fWMark)});
        this.commands.privileged().logged().result(new String[]{"ip", str2, "rule", "add", "table", "main", "suppress_prefixlength", "0"});
        String format = String.format("-m comment --comment \"LogonBoxVPN rule for %s\"", nativeName());
        String str3 = "*raw\n";
        String str4 = "logonbox-vpn-" + nativeName();
        StringBuilder sb = new StringBuilder();
        sb.append(String.format("add table %s %s\n", obj2, str4));
        sb.append(String.format("add chain %s %s preraw { type filter hook prerouting priority -300; }\n", obj2, str4));
        sb.append(String.format("add chain %s %s premangle { type filter hook prerouting priority -150; }\n", obj2, str4));
        sb.append(String.format("add chain %s %s postmangle { type filter hook postrouting priority -150; }\n", obj2, str4));
        Pattern compile = Pattern.compile(".*inet6?\\ ([0-9a-f:.]+)/[0-9]+.*");
        Iterator it = this.commands.privileged().output(new String[]{"ip", "-o", str2, "addr", "show", "dev", nativeName()}).iterator();
        while (it.hasNext()) {
            Matcher matcher = compile.matcher((String) it.next());
            if (matcher.matches()) {
                str3 = str3 + String.format("-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j DROP %s\n", nativeName(), matcher.group(1), format);
                sb.append(String.format("add rule %s %s preraw iifname != \"%s\" %s daddr %s fib saddr type != local drop\n", obj2, str4, nativeName(), obj2, matcher.group(1)));
            }
        }
        String str5 = str3 + String.format("COMMIT\n*mangle\n-I POSTROUTING -m mark --mark %d -p udp -j CONNMARK --save-mark %s\n-I PREROUTING -p udp -j CONNMARK --restore-mark %s\nCOMMIT\n", Integer.valueOf(fWMark), format, format);
        sb.append(String.format("add rule %s %s postmangle meta l4proto udp mark %d ct mark set mark \n", obj2, str4, Integer.valueOf(fWMark)));
        sb.append(String.format("add rule %s %s premangle meta l4proto udp meta mark set ct mark \n", obj2, str4));
        if (str2.equals("-4")) {
            this.commands.privileged().logged().result(new String[]{"sysctl", "-q", "net.ipv4.conf.all.src_valid_mark=1"});
        }
        if (OsUtil.doesCommandExist(NFT_COMMAND)) {
            LOG.info("Updating firewall: {}", sb.toString());
            Path createTempFile = Files.createTempFile("nftvpn", ".fwl", new FileAttribute[0]);
            try {
                BufferedWriter newBufferedWriter = Files.newBufferedWriter(createTempFile, new OpenOption[0]);
                try {
                    newBufferedWriter.write(sb.toString());
                    if (newBufferedWriter != null) {
                        newBufferedWriter.close();
                    }
                    this.commands.privileged().logged().pipeTo(sb.toString(), new String[]{NFT_COMMAND, "-f", createTempFile.toAbsolutePath().toString()});
                    Files.delete(createTempFile);
                } finally {
                }
            } catch (Throwable th) {
                Files.delete(createTempFile);
                throw th;
            }
        } else {
            LOG.info("Updating firewall: {}", str5);
            this.commands.privileged().logged().pipeTo(str5, new String[]{obj + "-restore", "-n"});
        }
        this.haveSetFirewall = true;
    }

    private void addRoute(String str) throws IOException {
        String str2 = str.matches(".*:.*") ? "-6" : "-4";
        if (TABLE_OFF.equals(table())) {
            return;
        }
        if (!TABLE_AUTO.equals(table())) {
            this.commands.privileged().logged().result(new String[]{"ip", str2, "route", "add", str, "dev", nativeName(), "table", table()});
            return;
        }
        if (str.endsWith("/0")) {
            addDefault(str);
            return;
        }
        try {
            if (Util.isNotBlank((String) this.commands.privileged().output(new String[]{"ip", str2, "route", "show", "dev", nativeName(), "match", str}).iterator().next())) {
                return;
            }
        } catch (Exception e) {
        }
        LOG.info("Adding route {} to {} for {}", new Object[]{str, shortName(), str2});
        this.commands.privileged().logged().result(new String[]{"ip", str2, "route", "add", str, "dev", nativeName()});
    }

    private boolean commandOutputMatches(String str, String... strArr) throws IOException {
        Iterator it = this.commands.privileged().output(strArr).iterator();
        while (it.hasNext()) {
            if (((String) it.next()).matches(str)) {
                return true;
            }
        }
        return false;
    }

    private int getFWMark(String str) {
        try {
            Collection output = this.commands.privileged().output(new String[]{this.platform.context().nativeComponents().tool(NativeComponents.Tool.WG), "show", nativeName(), "fwmark"});
            if (output.isEmpty()) {
                throw new IOException();
            }
            return Util.parseFwMark((String) output.iterator().next());
        } catch (IOException e) {
            return 0;
        }
    }

    private void removeFirewall() throws IOException {
        try {
            if (OsUtil.doesCommandExist(NFT_COMMAND)) {
                StringBuilder sb = new StringBuilder();
                for (String str : this.commands.privileged().output(new String[]{NFT_COMMAND, "list", "tables"})) {
                    if (str.contains(TABLE_PREFIX)) {
                        sb.append(String.format("%s\n", str));
                    }
                }
                if (sb.length() > 0) {
                    this.commands.privileged().logged().pipeTo(sb.toString(), new String[]{NFT_COMMAND, "-f"});
                }
            }
            if (OsUtil.doesCommandExist("iptables")) {
                for (String str2 : new String[]{"iptables", "ip6tables"}) {
                    StringBuilder sb2 = new StringBuilder();
                    boolean z = false;
                    for (String str3 : this.commands.privileged().output(new String[]{str2 + "-save"})) {
                        if (!str3.startsWith("*") && !str3.equals("COMMIT") && !str3.matches("-A .*-m comment --comment \"LogonBoxVPN rule for " + nativeName() + ".*")) {
                            if (str3.startsWith("-A")) {
                                z = true;
                            }
                            sb2.append(String.format("%s\n", str3.replace("#-A", "-D")));
                        }
                    }
                    if (z) {
                        LOG.info("Updating firewall: {}", sb2.toString());
                        this.commands.privileged().logged().pipeTo(sb2.toString(), new String[]{str2 + "-restore", "-n"});
                    }
                }
            }
        } finally {
            this.haveSetFirewall = false;
        }
    }
}
