package com.google.android.libraries.privacy.ppn.krypton;

import android.content.Context;
import android.net.IpSecAlgorithm;
import android.net.IpSecManager;
import android.net.IpSecTransform;
import android.net.Network;
import android.os.ParcelFileDescriptor;
import android.system.Os;
import android.system.OsConstants;
import defpackage.iuf;
import defpackage.nek;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.Arrays;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class KryptonIpSecHelperImpl implements KryptonIpSecHelper {
    private final Context context;
    private final IpSecManager ipSecManager;

    public KryptonIpSecHelperImpl(Context context) {
        this.context = context;
        this.ipSecManager = (IpSecManager) context.getSystemService("ipsec");
    }

    private IpSecTransform buildTransform(InetAddress inetAddress, IpSecManager.SecurityParameterIndex securityParameterIndex, byte[] bArr) {
        return new IpSecTransform.Builder(this.context).setAuthenticatedEncryption(new IpSecAlgorithm("rfc4106(gcm(aes))", bArr)).buildTransportModeTransform(inetAddress, securityParameterIndex);
    }

    private static InetAddress getDestinationAddress(Network network, String str) {
        return network.getByName(str);
    }

    private static byte[] getKeyingMaterial(nek nekVar, nek nekVar2) {
        byte[] r = nekVar.r();
        byte[] r2 = nekVar2.r();
        int length = r.length;
        int length2 = r2.length;
        byte[] copyOf = Arrays.copyOf(r, length + length2);
        System.arraycopy(r2, 0, copyOf, length, length2);
        return copyOf;
    }

    private static InetAddress getLocalAddress(Network network, InetAddress inetAddress) {
        FileDescriptor socket = Os.socket(inetAddress instanceof Inet4Address ? OsConstants.AF_INET : OsConstants.AF_INET6, OsConstants.SOCK_DGRAM, OsConstants.IPPROTO_UDP);
        network.bindSocket(socket);
        Os.connect(socket, inetAddress, 443);
        InetSocketAddress inetSocketAddress = (InetSocketAddress) Os.getsockname(socket);
        Os.close(socket);
        return inetSocketAddress.getAddress();
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.KryptonIpSecHelper
    public void removeTransformFromFd(int i) {
        try {
            this.ipSecManager.removeTransportModeTransforms(ParcelFileDescriptor.fromFd(i).getFileDescriptor());
        } catch (IOException e) {
            throw new KryptonException("Error encountered when removing transform from fd.", e);
        }
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.KryptonIpSecHelper
    public void transformFd(iuf iufVar) {
        try {
            ParcelFileDescriptor fromFd = ParcelFileDescriptor.fromFd(iufVar.h);
            Network fromNetworkHandle = Network.fromNetworkHandle(iufVar.g);
            try {
                InetAddress destinationAddress = getDestinationAddress(fromNetworkHandle, iufVar.i);
                try {
                    InetAddress localAddress = getLocalAddress(fromNetworkHandle, destinationAddress);
                    try {
                        IpSecManager.SecurityParameterIndex allocateSecurityParameterIndex = this.ipSecManager.allocateSecurityParameterIndex(destinationAddress, iufVar.e);
                        IpSecManager.SecurityParameterIndex allocateSecurityParameterIndex2 = this.ipSecManager.allocateSecurityParameterIndex(localAddress, iufVar.f);
                        IpSecTransform buildTransform = buildTransform(destinationAddress, allocateSecurityParameterIndex, getKeyingMaterial(iufVar.a, iufVar.c));
                        this.ipSecManager.applyTransportModeTransform(fromFd.getFileDescriptor(), 0, buildTransform(localAddress, allocateSecurityParameterIndex2, getKeyingMaterial(iufVar.b, iufVar.d)));
                        this.ipSecManager.applyTransportModeTransform(fromFd.getFileDescriptor(), 1, buildTransform);
                    } catch (IpSecManager.ResourceUnavailableException | IpSecManager.SpiUnavailableException | IOException e) {
                        throw new KryptonException("Unable to apply IPSec transforms to fd.", e);
                    }
                } catch (Exception e2) {
                    throw new KryptonException("Unable to get local address for transform.", e2);
                }
            } catch (UnknownHostException e3) {
                throw new KryptonException("Unable to resolve destination address for transform.", e3);
            }
        } catch (IOException e4) {
            throw new KryptonException("Unable to create ParcelFileDescriptor to transform.", e4);
        }
    }
}
