package com.psiphon3.psiphonlibrary;

import android.content.Context;
import android.os.Build;
import com.psiphon3.psiphonlibrary.Utils;
import com.stericson.RootTools.Command;
import com.stericson.RootTools.RootTools;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.zip.ZipInputStream;

/* loaded from: classes.dex */
public class TransparentProxyConfig {
    static final String BUNDLED_BINARY_DATA_SUBDIRECTORY = "bundled-binaries";
    static final String IPTABLES_BUNDLED_ARM7_BINARIES_SUFFIX = "_arm7.zip";
    static final String IPTABLES_BUNDLED_ARM_BINARIES_SUFFIX = "_arm.zip";
    static final String IPTABLES_BUNDLED_MIPS_BINARIES_SUFFIX = "_mips.zip";
    static final String IPTABLES_BUNDLED_X86_BINARIES_SUFFIX = "_x86.zip";
    static final String IPTABLES_FILENAME = "iptables";
    static int SHELL_COMMAND_TIMEOUT = 2000;
    static final String SYSTEM_BINARY_ALT_PATH = "/system/xbin/";
    static final String SYSTEM_BINARY_PATH = "/system/bin/";

    /* loaded from: classes.dex */
    public class PsiphonTransparentProxyException extends Exception {
        private static final long serialVersionUID = 1;

        public PsiphonTransparentProxyException() {
        }

        public PsiphonTransparentProxyException(String str) {
            super(str);
        }
    }

    private static void doShellCommands(Context context, String... strArr) {
        for (String str : strArr) {
            final StringBuilder sb = new StringBuilder();
            try {
                if (RootTools.getShell(true).add(new Command(0, new String[]{str}) { // from class: com.psiphon3.psiphonlibrary.TransparentProxyConfig.1
                    @Override // com.stericson.RootTools.Command
                    public final void output(int i, String str2) {
                        sb.append(str2);
                        sb.append("\n");
                    }
                }).exitCode(SHELL_COMMAND_TIMEOUT) != 0) {
                    throw new PsiphonTransparentProxyException(String.format(context.getString(R.string.transparent_proxy_command_failed), sb.toString()));
                }
            } catch (Exception e) {
                throw new PsiphonTransparentProxyException(e.getMessage());
            }
        }
    }

    private static boolean extractBundledIpTables(Context context, int i, File file) {
        try {
            ZipInputStream zipInputStream = new ZipInputStream(context.getResources().openRawResource(i));
            zipInputStream.getNextEntry();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            byte[] bArr = new byte[8192];
            while (true) {
                int read = zipInputStream.read(bArr);
                if (read == -1) {
                    fileOutputStream.close();
                    zipInputStream.close();
                    Runtime.getRuntime().exec("chmod 700 " + file.getAbsolutePath()).waitFor();
                    return true;
                }
                fileOutputStream.write(bArr, 0, read);
            }
        } catch (IOException e) {
            Utils.MyLog.e(R.string.TransparentProxyConfig_iptablesExtractFailed, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
            return false;
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            return false;
        }
    }

    private static int getBundledIpTablesResourceForPlatform(Context context) {
        if (Build.CPU_ABI.compareTo("armeabi-v7a") == 0) {
            return R.raw.iptables_arm7;
        }
        if (Build.CPU_ABI.compareTo("armeabi") == 0) {
            return R.raw.iptables_arm;
        }
        if (Build.CPU_ABI.compareTo("x86") == 0) {
            return R.raw.iptables_x86;
        }
        if (Build.CPU_ABI.compareTo("mips") == 0) {
            return R.raw.iptables_mips;
        }
        return 0;
    }

    private static String getIpTables(Context context) {
        return getIpTablesPath(context, IPTABLES_FILENAME);
    }

    private static String getIpTablesPath(Context context, String str) {
        int bundledIpTablesResourceForPlatform = getBundledIpTablesResourceForPlatform(context);
        if (bundledIpTablesResourceForPlatform != 0) {
            File file = new File(context.getDir(BUNDLED_BINARY_DATA_SUBDIRECTORY, 0), str);
            if (file.exists()) {
                return file.getAbsolutePath();
            }
            if (extractBundledIpTables(context, bundledIpTablesResourceForPlatform, file)) {
                return file.getAbsolutePath();
            }
        }
        File file2 = new File(SYSTEM_BINARY_PATH, str);
        if (file2.exists()) {
            return file2.getAbsolutePath();
        }
        File file3 = new File(SYSTEM_BINARY_ALT_PATH, str);
        if (file3.exists()) {
            return file3.getAbsolutePath();
        }
        throw new PsiphonTransparentProxyException(context.getString(R.string.iptables_binary_not_found));
    }

    public static void setupTransparentProxyRouting(Context context) {
        teardownTransparentProxyRouting(context);
        String ipTables = getIpTables(context);
        int i = context.getApplicationInfo().uid;
        try {
            doShellCommands(context, setupTransparentProxyRoutingCommands(ipTables, i, true));
        } catch (PsiphonTransparentProxyException e) {
            teardownTransparentProxyRouting(context);
            doShellCommands(context, setupTransparentProxyRoutingCommands(ipTables, i, false));
        }
    }

    private static String[] setupTransparentProxyRoutingCommands(String str, int i, boolean z) {
        String[] strArr = new String[8];
        strArr[0] = str + " -t nat -N psiphon";
        strArr[1] = str + " -t nat -A psiphon -p udp -m owner ! --uid-owner " + i + " -m udp --dport 53" + (z ? " -j REDIRECT --to-ports " : " -j DNAT --to-destination 127.0.0.1:") + PsiphonData.getPsiphonData().getDnsProxyPort();
        strArr[2] = str + " -t nat -A psiphon -p tcp -m tcp --syn --dport 53" + (z ? " -j REDIRECT --to-ports " : " -j DNAT --to-destination 127.0.0.1:") + PsiphonData.getPsiphonData().getTransparentProxyPort();
        strArr[3] = str + " -t nat -A psiphon -d 192.168.0.0/16 -j RETURN";
        strArr[4] = str + " -t nat -A psiphon -d 172.16.0.0/12 -j RETURN";
        strArr[5] = str + " -t nat -A psiphon -d 10.0.0.0/8 -j RETURN";
        strArr[6] = str + " -t nat -A psiphon -p tcp  ! -d 127.0.0.1 -m owner ! --uid-owner " + i + (z ? " -m tcp --syn -j REDIRECT --to-ports " : " -m tcp --syn -j DNAT --to-destination 127.0.0.1:") + PsiphonData.getPsiphonData().getTransparentProxyPort();
        strArr[7] = str + " -t nat -I OUTPUT -j psiphon";
        return strArr;
    }

    public static void teardownTransparentProxyRouting(Context context) {
        boolean z;
        String ipTables = getIpTables(context);
        try {
            doShellCommands(context, ipTables + " -t nat -F psiphon");
            z = true;
        } catch (PsiphonTransparentProxyException e) {
            z = false;
        }
        if (z) {
            doShellCommands(context, ipTables + " -t nat -F psiphon");
            try {
                doShellCommands(context, ipTables + " -t nat -D OUTPUT -j psiphon");
            } catch (PsiphonTransparentProxyException e2) {
            }
            doShellCommands(context, ipTables + " -t nat -X psiphon");
        }
    }
}
