package net.soti.mobicontrol.knox.policy;

import android.support.v4.util.Pair;
import com.google.android.gms.common.internal.ImagesContract;
import com.samsung.android.knox.AppIdentity;
import com.samsung.android.knox.net.firewall.DomainFilterRule;
import com.samsung.android.knox.net.firewall.Firewall;
import com.samsung.android.knox.net.firewall.FirewallResponse;
import com.samsung.android.knox.net.firewall.FirewallRule;
import io.reactivex.Observable;
import io.reactivex.functions.Consumer;
import io.reactivex.functions.Function;
import io.reactivex.functions.Predicate;
import java.util.Collections;
import java.util.List;
import net.soti.mobicontrol.packager.PackageScriptExecutionRecorder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: classes4.dex */
public class Knox33ContainerFirewallPolicy implements ContainerFirewallPolicy {
    private static final int ADDRESS_HOST = 0;
    private static final int ADDRESS_PORT = 1;
    private static final int ADDRESS_POSITION = 0;
    private static final int APPLICATION_POSITION = 2;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Knox33ContainerFirewallPolicy.class);
    private static final int NETWORK_INTERFACE_POSITION_ALLOW = 2;
    private static final int NETWORK_INTERFACE_POSITION_OTHER = 3;
    private static final int PORT_LOCATION_POSITION = 1;
    private static final int TARGET_ADDRESS_POSITION = 1;
    private final Firewall firewall;

    public Knox33ContainerFirewallPolicy(Firewall firewall) {
        this.firewall = firewall;
    }

    private static boolean isResponseHasNoErrors(FirewallResponse[] firewallResponseArr) {
        return Observable.fromArray(firewallResponseArr).doOnNext(new Consumer() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$c34qrCSdVymUG_QGsHsTm0osBvU
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall response: result {}, message {}", r1.getResult(), ((FirewallResponse) obj).getMessage());
            }
        }).filter(new Predicate() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$KWI2TFzcqMn50_rf65W_teMEHlo
            @Override // io.reactivex.functions.Predicate
            public final boolean test(Object obj) {
                return Knox33ContainerFirewallPolicy.lambda$isResponseHasNoErrors$5((FirewallResponse) obj);
            }
        }).count().blockingGet().longValue() == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$isResponseHasNoErrors$5(FirewallResponse firewallResponse) throws Exception {
        return firewallResponse.getResult() == FirewallResponse.Result.FAILED;
    }

    private static void logFilteredUrls(List<String> list) {
        Observable.fromIterable(list).doOnNext(new Consumer() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$hOES0YoTM0xYvm4KtU5Clrra2-g
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall filtered url: url={}", (String) obj);
            }
        }).blockingSubscribe();
    }

    private static void logIncomingRules(final FirewallRule.RuleType ruleType, List<String> list, final boolean z) {
        Observable.fromIterable(list).doOnNext(new Consumer() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$l04V_Uq9VxSEBsnhyVVsiW5_ckU
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("KNOX Firewall incoming rule: is adding={} ruleType={} rule={}", Boolean.valueOf(z), ruleType, (String) obj);
            }
        }).blockingSubscribe();
    }

    private static Pair<String, String> parseAddress(String str) {
        String[] split = str.split(PackageScriptExecutionRecorder.SCRIPT_RECORD_DELIMITER_REGEX);
        return Pair.create(split[0], split[1]);
    }

    private static void parseAllowRule(FirewallRule firewallRule, String[] strArr) {
        firewallRule.setPortLocation(parsePortLocation(strArr[1]));
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[2]));
    }

    private static void parseDenyRule(FirewallRule firewallRule, String[] strArr) {
        firewallRule.setPortLocation(parsePortLocation(strArr[1]));
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(strArr[2]);
        firewallRule.setApplication(appIdentity);
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:7:0x0040, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.samsung.android.knox.net.firewall.FirewallRule parseFirewallRule(com.samsung.android.knox.net.firewall.FirewallRule.RuleType r3, java.lang.String r4) {
        /*
            com.samsung.android.knox.net.firewall.FirewallRule r0 = new com.samsung.android.knox.net.firewall.FirewallRule
            com.samsung.android.knox.net.firewall.Firewall$AddressType r1 = com.samsung.android.knox.net.firewall.Firewall.AddressType.IPV4
            r0.<init>(r3, r1)
            java.lang.String r1 = ";"
            java.lang.String[] r4 = r4.split(r1)
            r1 = 0
            r1 = r4[r1]
            android.support.v4.util.Pair r1 = parseAddress(r1)
            F r2 = r1.first
            java.lang.String r2 = (java.lang.String) r2
            r0.setIpAddress(r2)
            S r1 = r1.second
            java.lang.String r1 = (java.lang.String) r1
            r0.setPortNumber(r1)
            int[] r1 = net.soti.mobicontrol.knox.policy.Knox33ContainerFirewallPolicy.AnonymousClass1.$SwitchMap$com$samsung$android$knox$net$firewall$FirewallRule$RuleType
            int r2 = r3.ordinal()
            r1 = r1[r2]
            switch(r1) {
                case 1: goto L3d;
                case 2: goto L39;
                case 3: goto L35;
                case 4: goto L40;
                default: goto L2d;
            }
        L2d:
            org.slf4j.Logger r4 = net.soti.mobicontrol.knox.policy.Knox33ContainerFirewallPolicy.LOGGER
            java.lang.String r1 = "Unknown rule type! {}"
            r4.error(r1, r3)
            goto L40
        L35:
            parseRedirectRule(r0, r4)
            goto L40
        L39:
            parseDenyRule(r0, r4)
            goto L40
        L3d:
            parseAllowRule(r0, r4)
        L40:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.soti.mobicontrol.knox.policy.Knox33ContainerFirewallPolicy.parseFirewallRule(com.samsung.android.knox.net.firewall.FirewallRule$RuleType, java.lang.String):com.samsung.android.knox.net.firewall.FirewallRule");
    }

    private static Firewall.NetworkInterface parseNetworkInterface(String str) {
        char c;
        int hashCode = str.hashCode();
        if (hashCode == 42) {
            if (str.equals(Marker.ANY_MARKER)) {
                c = 0;
            }
            c = 65535;
        } else if (hashCode != 3076010) {
            if (hashCode == 3649301 && str.equals("wifi")) {
                c = 2;
            }
            c = 65535;
        } else {
            if (str.equals("data")) {
                c = 1;
            }
            c = 65535;
        }
        switch (c) {
            case 0:
                return Firewall.NetworkInterface.ALL_NETWORKS;
            case 1:
                return Firewall.NetworkInterface.MOBILE_DATA_ONLY;
            case 2:
                return Firewall.NetworkInterface.WIFI_DATA_ONLY;
            default:
                LOGGER.error("Unknown network interface: {}", str);
                return Firewall.NetworkInterface.ALL_NETWORKS;
        }
    }

    private static Firewall.PortLocation parsePortLocation(String str) {
        char c;
        int hashCode = str.hashCode();
        if (hashCode == -934610874) {
            if (str.equals("remote")) {
                c = 2;
            }
            c = 65535;
        } else if (hashCode != 42) {
            if (hashCode == 103145323 && str.equals(ImagesContract.LOCAL)) {
                c = 1;
            }
            c = 65535;
        } else {
            if (str.equals(Marker.ANY_MARKER)) {
                c = 0;
            }
            c = 65535;
        }
        switch (c) {
            case 0:
                return Firewall.PortLocation.ALL;
            case 1:
                return Firewall.PortLocation.LOCAL;
            case 2:
                return Firewall.PortLocation.REMOTE;
            default:
                LOGGER.error("Unknown port location: {}", str);
                return Firewall.PortLocation.ALL;
        }
    }

    private static void parseRedirectRule(FirewallRule firewallRule, String[] strArr) {
        Pair<String, String> parseAddress = parseAddress(strArr[1]);
        firewallRule.setTargetIpAddress(parseAddress.first);
        firewallRule.setTargetPortNumber(parseAddress.second);
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(strArr[2]);
        firewallRule.setApplication(appIdentity);
        firewallRule.setNetworkInterface(parseNetworkInterface(strArr[3]));
    }

    private static FirewallRule[] parseRules(final FirewallRule.RuleType ruleType, List<String> list) {
        return (FirewallRule[]) ((List) Observable.fromIterable(list).map(new Function() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$xUDW2hok7MUKKnCPL8CKRfoLL0M
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                FirewallRule parseFirewallRule;
                parseFirewallRule = Knox33ContainerFirewallPolicy.parseFirewallRule(FirewallRule.RuleType.this, (String) obj);
                return parseFirewallRule;
            }
        }).doOnNext(new Consumer() { // from class: net.soti.mobicontrol.knox.policy.-$$Lambda$Knox33ContainerFirewallPolicy$41RvnRp_5_U-DkpUXng7e5JuCbo
            @Override // io.reactivex.functions.Consumer
            public final void accept(Object obj) {
                Knox33ContainerFirewallPolicy.LOGGER.debug("Parsed KNOX firewall rule: type {}, {}", FirewallRule.RuleType.this, (FirewallRule) obj);
            }
        }).toList().blockingGet()).toArray(new FirewallRule[0]);
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesAllowRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.ALLOW, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.ALLOW, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesDenyRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.DENY, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.DENY, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRedirectExceptionsRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.REDIRECT_EXCEPTION, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.REDIRECT_EXCEPTION, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean addIptablesRerouteRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.REDIRECT, list, true);
        return isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.REDIRECT, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesAllowRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.ALLOW, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(FirewallRule.RuleType.ALLOW, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesDenyRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.DENY, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(FirewallRule.RuleType.DENY, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRedirectExceptionsRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.REDIRECT_EXCEPTION, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(FirewallRule.RuleType.REDIRECT_EXCEPTION, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean removeIptablesRerouteRules(List<String> list) {
        logIncomingRules(FirewallRule.RuleType.REDIRECT, list, false);
        return isResponseHasNoErrors(this.firewall.removeRules(parseRules(FirewallRule.RuleType.REDIRECT, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesOption(boolean z) {
        LOGGER.debug("Ip tables option enabled={}", Boolean.valueOf(z));
        return this.firewall.enableFirewall(z).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setIptablesRerouteRules(List<String> list) {
        return isResponseHasNoErrors(this.firewall.clearRules(4)) && isResponseHasNoErrors(this.firewall.addRules(parseRules(FirewallRule.RuleType.REDIRECT, list)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterEnabled(boolean z) {
        LOGGER.debug("Url filters enabled={}", Boolean.valueOf(z));
        return this.firewall.enableDomainFilterOnIptables(z).getResult() == FirewallResponse.Result.SUCCESS;
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterList(List<String> list) {
        logFilteredUrls(list);
        List<DomainFilterRule> domainFilterRules = this.firewall.getDomainFilterRules(Collections.singletonList(Marker.ANY_MARKER));
        boolean isResponseHasNoErrors = !domainFilterRules.isEmpty() ? isResponseHasNoErrors(this.firewall.removeDomainFilterRules(domainFilterRules)) : true;
        if (list.isEmpty()) {
            return isResponseHasNoErrors;
        }
        AppIdentity appIdentity = new AppIdentity();
        appIdentity.setPackageName(Marker.ANY_MARKER);
        DomainFilterRule domainFilterRule = new DomainFilterRule(appIdentity);
        domainFilterRule.setDenyDomains(list);
        return isResponseHasNoErrors & isResponseHasNoErrors(this.firewall.addDomainFilterRules(Collections.singletonList(domainFilterRule)));
    }

    @Override // net.soti.mobicontrol.knox.policy.ContainerFirewallPolicy
    public boolean setURLFilterReportEnabled(boolean z) {
        LOGGER.debug("Url filter report enabled={}", Boolean.valueOf(z));
        return this.firewall.enableDomainFilterReport(z).getResult() == FirewallResponse.Result.SUCCESS;
    }
}
