package net.soti.mobicontrol.knox.policy;

import com.google.android.gms.common.internal.ImagesContract;
import com.samsung.android.knox.AppIdentity;
import com.samsung.android.knox.net.firewall.DomainFilterRule;
import com.samsung.android.knox.net.firewall.Firewall;
import com.samsung.android.knox.net.firewall.FirewallResponse;
import com.samsung.android.knox.net.firewall.FirewallRule;
import e.a.e0.h;
import e.a.q;
import java.util.Collections;
import java.util.List;
import net.soti.mobicontrol.packager.c1;
import net.soti.mobicontrol.script.javascriptengine.hostobject.wifi.WifiHostObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: classes2.dex */
public class Knox33ContainerFirewallPolicy implements ContainerFirewallPolicy {
    private static final int ADDRESS_HOST = 0;
    private static final int ADDRESS_PORT = 1;
    private static final int ADDRESS_POSITION = 0;
    private static final int APPLICATION_POSITION = 2;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Knox33ContainerFirewallPolicy.class);
    private static final int NETWORK_INTERFACE_POSITION_ALLOW = 2;
    private static final int NETWORK_INTERFACE_POSITION_OTHER = 3;
    private static final int PORT_LOCATION_POSITION = 1;
    private static final int TARGET_ADDRESS_POSITION = 1;
    private final Firewall firewall;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.soti.mobicontrol.knox.policy.Knox33ContainerFirewallPolicy$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType;

        static {
            int[] iArr = new int[FirewallRule.RuleType.values().length];
            $SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType = iArr;
            try {
                iArr[FirewallRule.RuleType.ALLOW.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType[FirewallRule.RuleType.DENY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType[FirewallRule.RuleType.REDIRECT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType[FirewallRule.RuleType.REDIRECT_EXCEPTION.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public Knox33ContainerFirewallPolicy(Firewall firewall) {
        this.firewall = firewall;
    }

    private static boolean isResponseHasNoErrors(FirewallResponse[] firewallResponseArr) {
        return q.H(firewallResponseArr).u(new e.a.e0.e() { // from class: net.soti.mobicontrol.knox.policy.a
            @Override // e.a.e0.e
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall response: result {}, message {}", r1.getResult(), ((FirewallResponse) obj).getMessage());
            }
        }).y(new h() { // from class: net.soti.mobicontrol.knox.policy.b
            @Override // e.a.e0.h
            public final boolean test(Object obj) {
                return Knox33ContainerFirewallPolicy.lambda$isResponseHasNoErrors$5((FirewallResponse) obj);
            }
        }).j().d().longValue() == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$isResponseHasNoErrors$5(FirewallResponse firewallResponse) throws Exception {
        return firewallResponse.getResult() == FirewallResponse.Result.FAILED;
    }

    private static void logFilteredUrls(List<String> list) {
        q.J(list).u(new e.a.e0.e() { // from class: net.soti.mobicontrol.knox.policy.d
            @Override // e.a.e0.e
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall filtered url: url={}", (String) obj);
            }
        }).h();
    }

    private static void logIncomingRules(final FirewallRule.RuleType ruleType, List<String> list, final boolean z) {
        q.J(list).u(new e.a.e0.e() { // from class: net.soti.mobicontrol.knox.policy.e
            @Override // e.a.e0.e
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall incoming rule: is adding={} ruleType={} rule={}", Boolean.valueOf(z), ruleType, (String) obj);
            }
        }).h();
    }

    private static b.i.o.f<String, String> parseAddress(String str) {
        String[] split = str.split(c1.f17158b);
        return b.i.o.f.a(split[0], split[1]);
    }

    private static void parseAllowRule(FirewallRule firewallRule, String[] strArr) {
        firewallRule.setPortLocation(parsePortLocation(strArr[1]));
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[2]));
    }

    private static void parseDenyRule(FirewallRule firewallRule, String[] strArr) {
        firewallRule.setPortLocation(parsePortLocation(strArr[1]));
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(strArr[2]);
        firewallRule.setApplication(appIdentity);
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static FirewallRule parseFirewallRule(FirewallRule.RuleType ruleType, String str) {
        FirewallRule firewallRule = new FirewallRule(ruleType, Firewall.AddressType.IPV4);
        String[] split = str.split(";");
        b.i.o.f<String, String> parseAddress = parseAddress(split[0]);
        firewallRule.setIpAddress(parseAddress.a);
        firewallRule.setPortNumber(parseAddress.f2540b);
        int i2 = AnonymousClass1.$SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType[ruleType.ordinal()];
        if (i2 == 1) {
            parseAllowRule(firewallRule, split);
        } else if (i2 == 2) {
            parseDenyRule(firewallRule, split);
        } else if (i2 == 3) {
            parseRedirectRule(firewallRule, split);
        } else if (i2 != 4) {
            LOGGER.error("Unknown rule type! {}", ruleType);
        }
        return firewallRule;
    }

    private static Firewall.NetworkInterface parseNetworkInterface(String str) {
        str.hashCode();
        char c2 = 65535;
        switch (str.hashCode()) {
            case 42:
                if (str.equals(Marker.ANY_MARKER)) {
                    c2 = 0;
                    break;
                }
                break;
            case 3076010:
                if (str.equals("data")) {
                    c2 = 1;
                    break;
                }
                break;
            case 3649301:
                if (str.equals(WifiHostObject.JAVASCRIPT_CLASS_NAME)) {
                    c2 = 2;
                    break;
                }
                break;
        }
        switch (c2) {
            case 0:
                return Firewall.NetworkInterface.ALL_NETWORKS;
            case 1:
                return Firewall.NetworkInterface.MOBILE_DATA_ONLY;
            case 2:
                return Firewall.NetworkInterface.WIFI_DATA_ONLY;
            default:
                LOGGER.error("Unknown network interface: {}", str);
                return Firewall.NetworkInterface.ALL_NETWORKS;
        }
    }

    private static Firewall.PortLocation parsePortLocation(String str) {
        str.hashCode();
        char c2 = 65535;
        switch (str.hashCode()) {
            case -934610874:
                if (str.equals("remote")) {
                    c2 = 0;
                    break;
                }
                break;
            case 42:
                if (str.equals(Marker.ANY_MARKER)) {
                    c2 = 1;
                    break;
                }
                break;
            case 103145323:
                if (str.equals(ImagesContract.LOCAL)) {
                    c2 = 2;
                    break;
                }
                break;
        }
        switch (c2) {
            case 0:
                return Firewall.PortLocation.REMOTE;
            case 1:
                return Firewall.PortLocation.ALL;
            case 2:
                return Firewall.PortLocation.LOCAL;
            default:
                LOGGER.error("Unknown port location: {}", str);
                return Firewall.PortLocation.ALL;
        }
    }

    private static void parseRedirectRule(FirewallRule firewallRule, String[] strArr) {
        b.i.o.f<String, String> parseAddress = parseAddress(strArr[1]);
        firewallRule.setTargetIpAddress(parseAddress.a);
        firewallRule.setTargetPortNumber(parseAddress.f2540b);
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(strArr[2]);
        firewallRule.setApplication(appIdentity);
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
    }

    private static FirewallRule[] parseRules(final FirewallRule.RuleType ruleType, List<String> list) {
        return (FirewallRule[]) ((List) q.J(list).O(new e.a.e0.f() { // from class: net.soti.mobicontrol.knox.policy.c
            @Override // e.a.e0.f
            public final Object apply(Object obj) {
                FirewallRule parseFirewallRule;
                parseFirewallRule = Knox33ContainerFirewallPolicy.parseFirewallRule(FirewallRule.RuleType.this, (String) obj);
                return parseFirewallRule;
            }
        }).u(new e.a.e0.e() { // from class: net.soti.mobicontrol.knox.policy.f
            @Override // e.a.e0.e
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("Parsed KNOX firewall rule: type {}, {}", FirewallRule.RuleType.this, (FirewallRule) obj);
            }
        }).n0().d()).toArray(new FirewallRule[0]);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesAllowRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.ALLOW;
        logIncomingRules(ruleType, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesDenyRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.DENY;
        logIncomingRules(ruleType, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRedirectExceptionsRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT_EXCEPTION;
        logIncomingRules(ruleType, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRerouteRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT;
        logIncomingRules(ruleType, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesAllowRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.ALLOW;
        logIncomingRules(ruleType, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesDenyRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.DENY;
        logIncomingRules(ruleType, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRedirectExceptionsRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT_EXCEPTION;
        logIncomingRules(ruleType, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRerouteRules(List<String> list) {
        FirewallRule.RuleType ruleType = FirewallRule.RuleType.REDIRECT;
        logIncomingRules(ruleType, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(ruleType, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesOption(boolean z) {
        LOGGER.debug("Ip tables option enabled={}", Boolean.valueOf(z));
        return this.firewall.enableFirewall(z).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesRerouteRules(List<String> list) {
        return isResponseHasNoErrors(this.firewall.clearRules(4)) && isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.REDIRECT, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterEnabled(boolean z) {
        LOGGER.debug("Url filters enabled={}", Boolean.valueOf(z));
        return this.firewall.enableDomainFilterOnIptables(z).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterList(List<String> list) {
        logFilteredUrls(list);
        List<DomainFilterRule> domainFilterRules = this.firewall.getDomainFilterRules(Collections.singletonList(Marker.ANY_MARKER));
        boolean isResponseHasNoErrors = !domainFilterRules.isEmpty() ? isResponseHasNoErrors(this.firewall.removeDomainFilterRules(domainFilterRules)) : true;
        if (list.isEmpty()) {
            return isResponseHasNoErrors;
        }
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(Marker.ANY_MARKER);
        DomainFilterRule domainFilterRule = new DomainFilterRule(appIdentity);
        domainFilterRule.setDenyDomains(list);
        return isResponseHasNoErrors & isResponseHasNoErrors(this.firewall.addDomainFilterRules(Collections.singletonList(domainFilterRule)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterReportEnabled(boolean z) {
        LOGGER.debug("Url filter report enabled={}", Boolean.valueOf(z));
        return this.firewall.enableDomainFilterReport(z).getResult() == FirewallResponse.Result.SUCCESS;
    }
}
