package net.soti.mobicontrol.knox.policy;

import b7.q;
import com.google.android.gms.common.internal.ImagesContract;
import com.samsung.android.knox.AppIdentity;
import com.samsung.android.knox.net.firewall.DomainFilterRule;
import com.samsung.android.knox.net.firewall.Firewall;
import com.samsung.android.knox.net.firewall.FirewallResponse;
import com.samsung.android.knox.net.firewall.FirewallRule;
import h6.n;
import i6.o;
import i6.p;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import kotlin.jvm.internal.h;
import net.soti.mobicontrol.packager.b1;
import net.soti.mobicontrol.script.javascriptengine.hostobject.wifi.WifiHostObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: classes2.dex */
public final class Knox33ContainerFirewallPolicy implements ContainerFirewallPolicy {
    private static final int ADDRESS_HOST = 0;
    private static final int ADDRESS_PORT = 1;
    private static final int ADDRESS_POSITION = 0;
    private static final int APPLICATION_POSITION = 2;
    public static final Companion Companion = new Companion(null);
    private static final Logger LOGGER;
    private static final int NETWORK_INTERFACE_POSITION_ALLOW = 2;
    private static final int NETWORK_INTERFACE_POSITION_OTHER = 3;
    private static final int PORT_LOCATION_POSITION = 1;
    private static final int TARGET_ADDRESS_POSITION = 1;
    private final Firewall firewall;

    /* loaded from: classes2.dex */
    public static final class Companion {

        /* loaded from: classes2.dex */
        public /* synthetic */ class WhenMappings {
            public static final /* synthetic */ int[] $EnumSwitchMapping$0;

            static {
                int[] iArr = new int[FirewallRule.RuleType.values().length];
                try {
                    iArr[FirewallRule.RuleType.ALLOW.ordinal()] = 1;
                } catch (NoSuchFieldError unused) {
                }
                try {
                    iArr[FirewallRule.RuleType.DENY.ordinal()] = 2;
                } catch (NoSuchFieldError unused2) {
                }
                try {
                    iArr[FirewallRule.RuleType.REDIRECT.ordinal()] = 3;
                } catch (NoSuchFieldError unused3) {
                }
                try {
                    iArr[FirewallRule.RuleType.REDIRECT_EXCEPTION.ordinal()] = 4;
                } catch (NoSuchFieldError unused4) {
                }
                $EnumSwitchMapping$0 = iArr;
            }
        }

        private Companion() {
        }

        public /* synthetic */ Companion(h hVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final boolean isResponseHasNoErrors(FirewallResponse[] firewallResponseArr) {
            List<FirewallResponse> l10;
            l10 = p.l(Arrays.copyOf(firewallResponseArr, firewallResponseArr.length));
            for (FirewallResponse firewallResponse : l10) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall response: result {}, message {}", firewallResponse.getResult(), firewallResponse.getMessage());
            }
            if (l10.isEmpty()) {
                return true;
            }
            Iterator it = l10.iterator();
            while (it.hasNext()) {
                if (((FirewallResponse) it.next()).getResult() == FirewallResponse.Result.FAILED) {
                    return false;
                }
            }
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void logFilteredUrls(List<String> list) {
            Iterator<T> it = list.iterator();
            while (it.hasNext()) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall filtered url: url={}", (String) it.next());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void logIncomingRules(FirewallRule.RuleType ruleType, List<String> list, boolean z10) {
            Iterator<T> it = list.iterator();
            while (it.hasNext()) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall incoming rule: is adding={} ruleType={} rule={}", Boolean.valueOf(z10), ruleType, (String) it.next());
            }
        }

        private final n<String, String> parseAddress(String str) {
            List p02;
            p02 = q.p0(str, new String[]{b1.f26934f}, false, 0, 6, null);
            return new n<>(p02.get(0), p02.get(1));
        }

        private final void parseAllowRule(FirewallRule firewallRule, String[] strArr) {
            firewallRule.setPortLocation(parsePortLocation(strArr[1]));
            firewallRule.setNetworkInterface(parseNetworkInterface(strArr[2]));
        }

        private final void parseDenyRule(FirewallRule firewallRule, String[] strArr) {
            firewallRule.setPortLocation(parsePortLocation(strArr[1]));
            AppIdentity appIdentity = new AppIdentity();
            appIdentity.setPackageName(strArr[2]);
            firewallRule.setApplication(appIdentity);
            firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
        }

        private final FirewallRule parseFirewallRule(FirewallRule.RuleType ruleType, String str) {
            List p02;
            FirewallRule firewallRule = new FirewallRule(ruleType, Firewall.AddressType.IPV4);
            p02 = q.p0(str, new String[]{";"}, false, 0, 6, null);
            String[] strArr = (String[]) p02.toArray(new String[0]);
            n<String, String> parseAddress = parseAddress(strArr[0]);
            firewallRule.setIpAddress(parseAddress.c());
            firewallRule.setPortNumber(parseAddress.d());
            int i10 = WhenMappings.$EnumSwitchMapping$0[ruleType.ordinal()];
            if (i10 == 1) {
                parseAllowRule(firewallRule, strArr);
            } else if (i10 == 2) {
                parseDenyRule(firewallRule, strArr);
            } else if (i10 == 3) {
                parseRedirectRule(firewallRule, strArr);
            } else if (i10 != 4) {
                Knox33ContainerFirewallPolicy.LOGGER.error("Unknown rule type! {}", ruleType);
            }
            return firewallRule;
        }

        private final Firewall.NetworkInterface parseNetworkInterface(String str) {
            int hashCode = str.hashCode();
            if (hashCode != 42) {
                if (hashCode != 3076010) {
                    if (hashCode == 3649301 && str.equals(WifiHostObject.JAVASCRIPT_CLASS_NAME)) {
                        return Firewall.NetworkInterface.WIFI_DATA_ONLY;
                    }
                } else if (str.equals("data")) {
                    return Firewall.NetworkInterface.MOBILE_DATA_ONLY;
                }
            } else if (str.equals(Marker.ANY_MARKER)) {
                return Firewall.NetworkInterface.ALL_NETWORKS;
            }
            Knox33ContainerFirewallPolicy.LOGGER.error("Unknown network interface: {}", str);
            return Firewall.NetworkInterface.ALL_NETWORKS;
        }

        private final Firewall.PortLocation parsePortLocation(String str) {
            int hashCode = str.hashCode();
            if (hashCode != -934610874) {
                if (hashCode != 42) {
                    if (hashCode == 103145323 && str.equals(ImagesContract.LOCAL)) {
                        return Firewall.PortLocation.LOCAL;
                    }
                } else if (str.equals(Marker.ANY_MARKER)) {
                    return Firewall.PortLocation.ALL;
                }
            } else if (str.equals("remote")) {
                return Firewall.PortLocation.REMOTE;
            }
            Knox33ContainerFirewallPolicy.LOGGER.error("Unknown port location: {}", str);
            return Firewall.PortLocation.ALL;
        }

        private final void parseRedirectRule(FirewallRule firewallRule, String[] strArr) {
            n<String, String> parseAddress = parseAddress(strArr[1]);
            firewallRule.setTargetIpAddress(parseAddress.c());
            firewallRule.setTargetPortNumber(parseAddress.d());
            AppIdentity appIdentity = new AppIdentity();
            appIdentity.setPackageName(strArr[2]);
            firewallRule.setApplication(appIdentity);
            firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final FirewallRule[] parseRules(FirewallRule.RuleType ruleType, List<String> list) {
            int s10;
            s10 = i6.q.s(list, 10);
            ArrayList arrayList = new ArrayList(s10);
            Iterator<T> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(Knox33ContainerFirewallPolicy.Companion.parseFirewallRule(ruleType, (String) it.next()));
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("Parsed KNOX firewall rule: type {}, {}", ruleType, (FirewallRule) it2.next());
            }
            return (FirewallRule[]) arrayList.toArray(new FirewallRule[0]);
        }
    }

    static {
        Logger logger = LoggerFactory.getLogger((Class<?>) Knox33ContainerFirewallPolicy.class);
        kotlin.jvm.internal.n.f(logger, "getLogger(...)");
        LOGGER = logger;
    }

    public Knox33ContainerFirewallPolicy(Firewall firewall) {
        kotlin.jvm.internal.n.g(firewall, "firewall");
        this.firewall = firewall;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesAllowRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.ALLOW;
        companion.logIncomingRules(ruleType, rules, true);
        FirewallResponse[] addRules = this.firewall.addRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(addRules, "addRules(...)");
        return companion.isResponseHasNoErrors(addRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesDenyRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.DENY;
        companion.logIncomingRules(ruleType, rules, true);
        FirewallResponse[] addRules = this.firewall.addRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(addRules, "addRules(...)");
        return companion.isResponseHasNoErrors(addRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRedirectExceptionsRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT_EXCEPTION;
        companion.logIncomingRules(ruleType, rules, true);
        FirewallResponse[] addRules = this.firewall.addRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(addRules, "addRules(...)");
        return companion.isResponseHasNoErrors(addRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRerouteRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT;
        companion.logIncomingRules(ruleType, rules, true);
        FirewallResponse[] addRules = this.firewall.addRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(addRules, "addRules(...)");
        return companion.isResponseHasNoErrors(addRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesAllowRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.ALLOW;
        companion.logIncomingRules(ruleType, rules, false);
        FirewallResponse[] removeRules = this.firewall.removeRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(removeRules, "removeRules(...)");
        return companion.isResponseHasNoErrors(removeRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesDenyRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.DENY;
        companion.logIncomingRules(ruleType, rules, false);
        FirewallResponse[] removeRules = this.firewall.removeRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(removeRules, "removeRules(...)");
        return companion.isResponseHasNoErrors(removeRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRedirectExceptionsRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT_EXCEPTION;
        companion.logIncomingRules(ruleType, rules, false);
        FirewallResponse[] removeRules = this.firewall.removeRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(removeRules, "removeRules(...)");
        return companion.isResponseHasNoErrors(removeRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRerouteRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT;
        companion.logIncomingRules(ruleType, rules, false);
        FirewallResponse[] removeRules = this.firewall.removeRules(companion.parseRules(ruleType, rules));
        kotlin.jvm.internal.n.f(removeRules, "removeRules(...)");
        return companion.isResponseHasNoErrors(removeRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesOption(boolean z10) {
        LOGGER.debug("Ip tables option enabled={}", Boolean.valueOf(z10));
        return this.firewall.enableFirewall(z10).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesRerouteRules(List<String> rules) {
        kotlin.jvm.internal.n.g(rules, "rules");
        Companion companion = Companion;
        FirewallResponse[] clearRules = this.firewall.clearRules(4);
        kotlin.jvm.internal.n.f(clearRules, "clearRules(...)");
        if (companion.isResponseHasNoErrors(clearRules)) {
            FirewallResponse[] addRules = this.firewall.addRules(companion.parseRules(FirewallRule.RuleType.REDIRECT, rules));
            kotlin.jvm.internal.n.f(addRules, "addRules(...)");
            if (companion.isResponseHasNoErrors(addRules)) {
                return true;
            }
        }
        return false;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterEnabled(boolean z10) {
        LOGGER.debug("Url filters enabled={}", Boolean.valueOf(z10));
        return this.firewall.enableDomainFilterOnIptables(z10).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterList(List<String> urls) {
        List<String> e10;
        boolean z10;
        List<DomainFilterRule> e11;
        kotlin.jvm.internal.n.g(urls, "urls");
        Companion companion = Companion;
        companion.logFilteredUrls(urls);
        Firewall firewall = this.firewall;
        e10 = o.e(Marker.ANY_MARKER);
        List<DomainFilterRule> domainFilterRules = firewall.getDomainFilterRules(e10);
        kotlin.jvm.internal.n.d(domainFilterRules);
        if (!domainFilterRules.isEmpty()) {
            FirewallResponse[] removeDomainFilterRules = this.firewall.removeDomainFilterRules(domainFilterRules);
            kotlin.jvm.internal.n.f(removeDomainFilterRules, "removeDomainFilterRules(...)");
            z10 = companion.isResponseHasNoErrors(removeDomainFilterRules);
        } else {
            z10 = true;
        }
        if (!(!urls.isEmpty())) {
            return z10;
        }
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(Marker.ANY_MARKER);
        DomainFilterRule domainFilterRule = new DomainFilterRule(appIdentity);
        domainFilterRule.setDenyDomains(urls);
        Firewall firewall2 = this.firewall;
        e11 = o.e(domainFilterRule);
        FirewallResponse[] addDomainFilterRules = firewall2.addDomainFilterRules(e11);
        kotlin.jvm.internal.n.f(addDomainFilterRules, "addDomainFilterRules(...)");
        return z10 & companion.isResponseHasNoErrors(addDomainFilterRules);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterReportEnabled(boolean z10) {
        LOGGER.debug("Url filter report enabled={}", Boolean.valueOf(z10));
        return this.firewall.enableDomainFilterReport(z10).getResult() == FirewallResponse.Result.SUCCESS;
    }
}
