package com.android.internal.net.ipsec.ike;

import android.annotation.SuppressLint;
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.icu.text.DateFormat;
import android.net.ConnectivityManager;
import android.net.IpSecManager;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkRequest;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionParams;
import android.net.ipsec.ike.IkeSaProposal;
import android.net.ipsec.ike.IkeSessionCallback;
import android.net.ipsec.ike.IkeSessionConfiguration;
import android.net.ipsec.ike.IkeSessionConnectionInfo;
import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.TransportModeChildSessionParams;
import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.InvalidKeException;
import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.PowerManager;
import android.os.SystemClock;
import android.system.ErrnoException;
import android.util.LongSparseArray;
import android.util.Pair;
import android.util.SparseArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.EapAuthenticator;
import com.android.internal.net.eap.IEapCallback;
import com.android.internal.net.ipsec.ike.AbstractSessionStateMachine;
import com.android.internal.net.ipsec.ike.ChildSessionStateMachine;
import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler;
import com.android.internal.net.ipsec.ike.SaRecord;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
import com.android.internal.net.ipsec.ike.ike3gpp.Ike3gppExtensionExchange;
import com.android.internal.net.ipsec.ike.keepalive.IkeNattKeepalive;
import com.android.internal.net.ipsec.ike.message.IkeAuthDigitalSignPayload;
import com.android.internal.net.ipsec.ike.message.IkeAuthPayload;
import com.android.internal.net.ipsec.ike.message.IkeAuthPskPayload;
import com.android.internal.net.ipsec.ike.message.IkeCertPayload;
import com.android.internal.net.ipsec.ike.message.IkeCertX509CertPayload;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
import com.android.internal.net.ipsec.ike.message.IkeDeletePayload;
import com.android.internal.net.ipsec.ike.message.IkeEapPayload;
import com.android.internal.net.ipsec.ike.message.IkeHeader;
import com.android.internal.net.ipsec.ike.message.IkeIdPayload;
import com.android.internal.net.ipsec.ike.message.IkeInformationalPayload;
import com.android.internal.net.ipsec.ike.message.IkeKePayload;
import com.android.internal.net.ipsec.ike.message.IkeMessage;
import com.android.internal.net.ipsec.ike.message.IkeNoncePayload;
import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
import com.android.internal.net.ipsec.ike.message.IkePayload;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
import com.android.internal.net.ipsec.ike.message.IkeVendorPayload;
import com.android.internal.net.ipsec.ike.net.IkeDefaultNetworkCallback;
import com.android.internal.net.ipsec.ike.net.IkeLocalAddressGenerator;
import com.android.internal.net.ipsec.ike.net.IkeNetworkCallbackBase;
import com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater;
import com.android.internal.net.ipsec.ike.net.IkeSpecificNetworkCallback;
import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver;
import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
import com.android.internal.net.ipsec.ike.utils.IpSecSpiGenerator;
import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import com.android.internal.net.ipsec.ike.utils.Retransmitter;
import com.android.internal.net.ipsec.ike.utils.State;
import com.android.internal.net.utils.build.SdkLevel;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine.class */
public class IkeSessionStateMachine extends AbstractSessionStateMachine implements IkeNetworkUpdater {
    static final String TAG = "IkeSessionStateMachine";

    @VisibleForTesting
    static final String BUSY_WAKE_LOCK_TAG = "mBusyWakeLock";
    private static final Object IKE_SESSION_LOCK = new Object();

    @GuardedBy({"IKE_SESSION_LOCK"})
    private static final HashMap<Context, Set<IkeSessionStateMachine>> sContextToIkeSmMap = new HashMap<>();
    private static final IkeAlarmReceiver sIkeAlarmReceiver = new IkeAlarmReceiver();
    private static final IntentFilter sIntentFilter = new IntentFilter();
    private static final AtomicInteger sIkeSessionIdGenerator;

    @VisibleForTesting
    static final String BUNDLE_KEY_IKE_REMOTE_SPI = "BUNDLE_KEY_IKE_REMOTE_SPI";

    @VisibleForTesting
    static final String BUNDLE_KEY_CHILD_REMOTE_SPI = "BUNDLE_KEY_CHILD_REMOTE_SPI";

    @VisibleForTesting
    static final int DEFAULT_FRAGMENT_SIZE = 1280;

    @VisibleForTesting
    static final long TEMP_FAILURE_RETRY_TIMEOUT_MS;
    static final int MAX_DNS_RESOLUTION_ATTEMPTS = 3;
    public static final int IKE_EXCHANGE_SUBTYPE_INVALID = 0;
    public static final int IKE_EXCHANGE_SUBTYPE_IKE_INIT = 1;
    public static final int IKE_EXCHANGE_SUBTYPE_IKE_AUTH = 2;
    public static final int IKE_EXCHANGE_SUBTYPE_CREATE_CHILD = 3;
    public static final int IKE_EXCHANGE_SUBTYPE_DELETE_IKE = 4;
    public static final int IKE_EXCHANGE_SUBTYPE_DELETE_CHILD = 5;
    public static final int IKE_EXCHANGE_SUBTYPE_REKEY_IKE = 6;
    public static final int IKE_EXCHANGE_SUBTYPE_REKEY_CHILD = 7;
    public static final int IKE_EXCHANGE_SUBTYPE_GENERIC_INFO = 8;
    public static final SparseArray<String> EXCHANGE_SUBTYPE_TO_STRING;
    private static final int CMD_GENERAL_BASE = 300;
    static final int CMD_RECEIVE_IKE_PACKET = 301;
    static final int CMD_RECEIVE_PACKET_INVALID_IKE_SPI = 302;
    static final int CMD_RECEIVE_REQUEST_FOR_CHILD = 303;
    static final int CMD_OUTBOUND_CHILD_PAYLOADS_READY = 304;
    static final int CMD_CHILD_PROCEDURE_FINISHED = 305;
    static final int CMD_HANDLE_FIRST_CHILD_NEGOTIATION = 306;
    static final int CMD_EXECUTE_LOCAL_REQ = 307;
    public static final int CMD_RETRANSMIT = 308;
    static final int CMD_EAP_START_EAP_AUTH = 309;
    static final int CMD_EAP_OUTBOUND_MSG_READY = 310;
    static final int CMD_EAP_ERRORED = 311;
    static final int CMD_EAP_FAILED = 312;
    static final int CMD_EAP_FINISH_EAP_AUTH = 314;
    static final int CMD_ALARM_FIRED = 315;
    static final int CMD_SEND_KEEPALIVE = 316;
    static final int CMD_KILL_SESSION = 317;
    static final int CMD_SET_NETWORK = 318;
    static final int CMD_FORCE_TRANSITION = 399;
    static final int CMD_IKE_LOCAL_REQUEST_BASE = 400;
    static final int CMD_LOCAL_REQUEST_CREATE_IKE = 401;
    static final int CMD_LOCAL_REQUEST_DELETE_IKE = 402;
    static final int CMD_LOCAL_REQUEST_REKEY_IKE = 403;
    static final int CMD_LOCAL_REQUEST_INFO = 404;
    static final int CMD_LOCAL_REQUEST_DPD = 405;
    static final int CMD_LOCAL_REQUEST_MOBIKE = 406;
    private static final SparseArray<String> CMD_TO_STR;

    @VisibleForTesting
    final IkeSessionParams mIkeSessionParams;

    @VisibleForTesting
    Network mNetwork;
    private IkeNetworkCallbackBase mNetworkCallback;
    private final ConnectivityManager mConnectivityManager;
    private final LongSparseArray<SaRecord.IkeSaRecord> mLocalSpiToIkeSaRecordMap;
    private final SparseArray<ChildSessionStateMachine> mRemoteSpiToChildSessionMap;
    private final int mIkeSessionId;
    private final Context mContext;
    private final IpSecManager mIpSecManager;
    private final AlarmManager mAlarmManager;
    private final IkeLocalRequestScheduler mScheduler;
    private final IkeSessionCallback mIkeSessionCallback;
    private final IkeEapAuthenticatorFactory mEapAuthenticatorFactory;
    private final TempFailureHandler mTempFailHandler;
    private final IkeLocalAddressGenerator mIkeLocalAddressGenerator;

    @VisibleForTesting
    final RandomnessFactory mRandomFactory;
    private final IkeLocalRequestScheduler.LocalRequestFactory mLocalRequestFactory;
    private final IkeSpiGenerator mIkeSpiGenerator;
    private final IpSecSpiGenerator mIpSecSpiGenerator;
    private final PowerManager.WakeLock mBusyWakeLock;

    @VisibleForTesting
    @GuardedBy({"mChildCbToSessions"})
    final HashMap<ChildSessionCallback, ChildSessionStateMachine> mChildCbToSessions;

    @VisibleForTesting
    int mPeerSelectedDhGroup;

    @VisibleForTesting
    IkeSocket mIkeSocket;

    @VisibleForTesting
    InetAddress mLocalAddress;

    @VisibleForTesting
    InetAddress mRemoteAddress;

    @VisibleForTesting
    int mLocalPort;

    @VisibleForTesting
    final List<Inet4Address> mRemoteAddressesV4;

    @VisibleForTesting
    final List<Inet6Address> mRemoteAddressesV6;

    @VisibleForTesting
    boolean mHasCheckedNattSupport;

    @VisibleForTesting
    boolean mSupportNatTraversal;

    @VisibleForTesting
    boolean mLocalNatDetected;

    @VisibleForTesting
    boolean mRemoteNatDetected;

    @VisibleForTesting
    IkeNattKeepalive mIkeNattKeepalive;

    @VisibleForTesting
    boolean mSupportFragment;

    @VisibleForTesting
    boolean mSupportMobike;

    @VisibleForTesting
    Set<Short> mPeerSignatureHashAlgorithms;

    @VisibleForTesting
    IkeSaProposal mSaProposal;

    @VisibleForTesting
    IkeCipher mIkeCipher;

    @VisibleForTesting
    IkeMacIntegrity mIkeIntegrity;

    @VisibleForTesting
    IkeMacPrf mIkePrf;

    @VisibleForTesting
    byte[] mIkeInitRequestBytes;

    @VisibleForTesting
    byte[] mIkeInitResponseBytes;

    @VisibleForTesting
    IkeNoncePayload mIkeInitNoncePayload;

    @VisibleForTesting
    IkeNoncePayload mIkeRespNoncePayload;

    @VisibleForTesting
    List<byte[]> mRemoteVendorIds;

    @VisibleForTesting
    List<Integer> mEnabledExtensions;

    @VisibleForTesting
    IkeIdPayload mInitIdPayload;

    @VisibleForTesting
    IkeIdPayload mRespIdPayload;

    @VisibleForTesting
    List<IkePayload> mFirstChildReqList;
    private ChildSessionParams mFirstChildSessionParams;
    private ChildSessionCallback mFirstChildCallbacks;

    @VisibleForTesting
    SaRecord.IkeSaRecord mCurrentIkeSaRecord;

    @VisibleForTesting
    SaRecord.IkeSaRecord mLocalInitNewIkeSaRecord;

    @VisibleForTesting
    SaRecord.IkeSaRecord mRemoteInitNewIkeSaRecord;

    @VisibleForTesting
    SaRecord.IkeSaRecord mIkeSaRecordSurviving;

    @VisibleForTesting
    SaRecord.IkeSaRecord mIkeSaRecordAwaitingLocalDel;

    @VisibleForTesting
    SaRecord.IkeSaRecord mIkeSaRecordAwaitingRemoteDel;
    private final Ike3gppExtensionExchange mIke3gppExtensionExchange;

    @VisibleForTesting
    final State mKillIkeSessionParent;

    @VisibleForTesting
    final State mInitial;

    @VisibleForTesting
    final State mIdle;

    @VisibleForTesting
    final State mChildProcedureOngoing;

    @VisibleForTesting
    final State mReceiving;

    @VisibleForTesting
    final State mCreateIkeLocalIkeInit;

    @VisibleForTesting
    final State mCreateIkeLocalIkeAuth;

    @VisibleForTesting
    final State mCreateIkeLocalIkeAuthInEap;

    @VisibleForTesting
    final State mCreateIkeLocalIkeAuthPostEap;

    @VisibleForTesting
    final State mRekeyIkeLocalCreate;

    @VisibleForTesting
    final State mSimulRekeyIkeLocalCreate;

    @VisibleForTesting
    final State mSimulRekeyIkeLocalDeleteRemoteDelete;

    @VisibleForTesting
    final State mSimulRekeyIkeLocalDelete;

    @VisibleForTesting
    final State mSimulRekeyIkeRemoteDelete;

    @VisibleForTesting
    final State mRekeyIkeLocalDelete;

    @VisibleForTesting
    final State mRekeyIkeRemoteDelete;

    @VisibleForTesting
    final State mDeleteIkeLocalDelete;

    @VisibleForTesting
    final State mDpdIkeLocalInfo;

    @VisibleForTesting
    final State mMobikeLocalInfo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$BusyState.class */
    public abstract class BusyState extends LocalRequestQueuer {
        private BusyState() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 301:
                    handleReceivedIkePacket(message);
                    return true;
                case 307:
                    IkeSessionStateMachine.this.logWtf("Invalid execute local request command in non-idle state");
                    return false;
                case 308:
                    triggerRetransmit();
                    return true;
                case 315:
                    handleFiredAlarm(message);
                    return true;
                case 318:
                    IkeSessionStateMachine.this.onUnderlyingNetworkUpdated((Network) message.obj);
                    return true;
                case 399:
                    IkeSessionStateMachine.this.transitionTo((State) message.obj);
                    return true;
                default:
                    if (!isLocalRequest(message.what)) {
                        return false;
                    }
                    handleLocalRequest(message.what, (IkeLocalRequestScheduler.LocalRequest) message.obj);
                    return true;
            }
        }

        protected void triggerRetransmit() {
            IkeSessionStateMachine.this.logWtf("Retransmission trigger dropped in state: " + getClass().getSimpleName());
        }

        protected SaRecord.IkeSaRecord getIkeSaRecordForPacket(IkeHeader ikeHeader) {
            return ikeHeader.fromIkeInitiator ? (SaRecord.IkeSaRecord) IkeSessionStateMachine.this.mLocalSpiToIkeSaRecordMap.get(ikeHeader.ikeResponderSpi) : (SaRecord.IkeSaRecord) IkeSessionStateMachine.this.mLocalSpiToIkeSaRecordMap.get(ikeHeader.ikeInitiatorSpi);
        }

        protected void handleReceivedIkePacket(Message message) {
            ReceivedIkePacket receivedIkePacket = (ReceivedIkePacket) message.obj;
            IkeHeader ikeHeader = receivedIkePacket.ikeHeader;
            byte[] bArr = receivedIkePacket.ikePacketBytes;
            SaRecord.IkeSaRecord ikeSaRecordForPacket = getIkeSaRecordForPacket(ikeHeader);
            String str = ikeHeader.isResponseMsg ? "response" : "request";
            if (ikeSaRecordForPacket == null) {
                cleanUpAndQuit(new IllegalStateException("Received an IKE " + str + "but found no matching SA for it"));
                return;
            }
            IkeSessionStateMachine.this.logd("handleReceivedIkePacket: Received an " + ikeHeader.getBasicInfoString() + " on IKE SA with local SPI: " + ikeSaRecordForPacket.getLocalSpi() + ". Packet size: " + bArr.length);
            if (ikeHeader.isResponseMsg) {
                int localRequestMessageId = ikeSaRecordForPacket.getLocalRequestMessageId();
                if (localRequestMessageId - 1 == ikeHeader.messageId) {
                    IkeSessionStateMachine.this.logd("handleReceivedIkePacket: Received re-transmitted response. Discard it.");
                    return;
                }
                IkeMessage.DecodeResult decode = IkeMessage.decode(localRequestMessageId, IkeSessionStateMachine.this.mIkeIntegrity, IkeSessionStateMachine.this.mIkeCipher, ikeSaRecordForPacket, ikeHeader, bArr, ikeSaRecordForPacket.getCollectedFragments(true));
                switch (decode.status) {
                    case 0:
                        ikeSaRecordForPacket.incrementLocalRequestMessageId();
                        ikeSaRecordForPacket.resetCollectedFragments(true);
                        IkeMessage.DecodeResultOk decodeResultOk = (IkeMessage.DecodeResultOk) decode;
                        if (isTempFailure(decodeResultOk.ikeMessage)) {
                            handleTempFailure();
                        } else {
                            IkeSessionStateMachine.this.mTempFailHandler.reset();
                        }
                        handleResponseIkeMessage(decodeResultOk.ikeMessage);
                        return;
                    case 1:
                        ikeSaRecordForPacket.updateCollectedFragments((IkeMessage.DecodeResultPartial) decode, true);
                        return;
                    case 2:
                        IkeException ikeException = ((IkeMessage.DecodeResultError) decode).ikeException;
                        IkeSessionStateMachine.this.logi("handleReceivedIkePacket: Protected error", ikeException);
                        ikeSaRecordForPacket.incrementLocalRequestMessageId();
                        ikeSaRecordForPacket.resetCollectedFragments(true);
                        handleResponseGenericProcessError(ikeSaRecordForPacket, new InvalidSyntaxException("Generic processing error in the received response", ikeException));
                        return;
                    case 3:
                        IkeSessionStateMachine.this.logi("handleReceivedIkePacket: Message authentication or decryption failed on received response. Discard it", ((IkeMessage.DecodeResultError) decode).ikeException);
                        return;
                    default:
                        cleanUpAndQuit(new IllegalStateException("Unrecognized decoding status: " + decode.status));
                        return;
                }
            }
            int remoteRequestMessageId = ikeSaRecordForPacket.getRemoteRequestMessageId();
            if (remoteRequestMessageId - 1 == ikeHeader.messageId) {
                if (!ikeSaRecordForPacket.isRetransmittedRequest(bArr)) {
                    IkeSessionStateMachine.this.logi("handleReceivedIkePacket: Received response with invalid message ID. Discard it.");
                    return;
                }
                if (ikeSaRecordForPacket.getLastSentRespMsgId() != ikeHeader.messageId) {
                    IkeSessionStateMachine.this.logd("Received re-transmitted request " + ikeHeader.messageId + " Original request is still being processed");
                    return;
                }
                IkeSessionStateMachine.this.logd("Received re-transmitted request " + ikeHeader.messageId + " Retransmitting response");
                Iterator<byte[]> it = ikeSaRecordForPacket.getLastSentRespAllPackets().iterator();
                while (it.hasNext()) {
                    IkeSessionStateMachine.this.mIkeSocket.sendIkePacket(it.next(), IkeSessionStateMachine.this.mRemoteAddress);
                }
                return;
            }
            IkeMessage.DecodeResult decode2 = IkeMessage.decode(remoteRequestMessageId, IkeSessionStateMachine.this.mIkeIntegrity, IkeSessionStateMachine.this.mIkeCipher, ikeSaRecordForPacket, ikeHeader, bArr, ikeSaRecordForPacket.getCollectedFragments(false));
            switch (decode2.status) {
                case 0:
                    ikeSaRecordForPacket.incrementRemoteRequestMessageId();
                    ikeSaRecordForPacket.resetCollectedFragments(false);
                    IkeMessage.DecodeResultOk decodeResultOk2 = (IkeMessage.DecodeResultOk) decode2;
                    IkeMessage ikeMessage = decodeResultOk2.ikeMessage;
                    ikeSaRecordForPacket.updateLastReceivedReqFirstPacket(decodeResultOk2.firstPacket);
                    if (ikeMessage.isDpdRequest()) {
                        IkeSessionStateMachine.this.logd("handleReceivedIkePacket: Received DPD request");
                        IkeSessionStateMachine.this.sendEncryptedIkeMessage(ikeSaRecordForPacket, IkeSessionStateMachine.this.buildEncryptedInformationalMessage(ikeSaRecordForPacket, new IkeInformationalPayload[0], true, ikeHeader.messageId));
                        return;
                    }
                    int ikeExchangeSubType = IkeSessionStateMachine.getIkeExchangeSubType(ikeMessage);
                    IkeSessionStateMachine.this.logd("handleReceivedIkePacket: Request exchange subtype: " + IkeSessionStateMachine.EXCHANGE_SUBTYPE_TO_STRING.get(ikeExchangeSubType));
                    if (ikeExchangeSubType != 0 && ikeExchangeSubType != 1 && ikeExchangeSubType != 2) {
                        handleRequestIkeMessage(ikeMessage, ikeExchangeSubType, message);
                        return;
                    } else {
                        IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeHeader.messageId, 7);
                        IkeSessionStateMachine.this.handleIkeFatalError(new InvalidSyntaxException("Cannot handle message with invalid or unexpected IkeExchangeSubType: " + ikeExchangeSubType));
                        return;
                    }
                case 1:
                    ikeSaRecordForPacket.updateCollectedFragments((IkeMessage.DecodeResultPartial) decode2, false);
                    return;
                case 2:
                    IkeMessage.DecodeResultProtectedError decodeResultProtectedError = (IkeMessage.DecodeResultProtectedError) decode2;
                    IkeException ikeException2 = decodeResultProtectedError.ikeException;
                    IkeSessionStateMachine.this.logi("handleReceivedIkePacket: Protected error", decodeResultProtectedError.ikeException);
                    ikeSaRecordForPacket.incrementRemoteRequestMessageId();
                    ikeSaRecordForPacket.resetCollectedFragments(false);
                    ikeSaRecordForPacket.updateLastReceivedReqFirstPacket(decodeResultProtectedError.firstPacket);
                    handleRequestGenericProcessError(ikeSaRecordForPacket, ikeHeader.messageId, (IkeProtocolException) ikeException2);
                    return;
                case 3:
                    IkeSessionStateMachine.this.logi("handleReceivedIkePacket: Message authentication or decryption failed on received request. Discard it", ((IkeMessage.DecodeResultError) decode2).ikeException);
                    return;
                default:
                    cleanUpAndQuit(new IllegalStateException("Unrecognized decoding status: " + decode2.status));
                    return;
            }
        }

        private boolean isTempFailure(IkeMessage ikeMessage) {
            Iterator it = ikeMessage.getPayloadListForType(41, IkeNotifyPayload.class).iterator();
            while (it.hasNext()) {
                if (((IkeNotifyPayload) it.next()).notifyType == 43) {
                    return true;
                }
            }
            return false;
        }

        protected void handleTempFailure() {
            IkeSessionStateMachine.this.handleIkeFatalError(new InvalidSyntaxException("Received unexpected TEMPORARY_FAILURE"));
        }

        protected void handleGenericInfoRequest(IkeMessage ikeMessage) {
            try {
                ArrayList arrayList = new ArrayList();
                for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                    switch (ikePayload.payloadType) {
                        case 41:
                            IkeNotifyPayload ikeNotifyPayload = (IkeNotifyPayload) ikePayload;
                            if (ikeNotifyPayload.notifyType == 16401) {
                                arrayList.add(IkeNotifyPayload.handleCookie2AndGenerateCopy(ikeNotifyPayload));
                                break;
                            } else {
                                break;
                            }
                        case 47:
                            break;
                        default:
                            IkeSessionStateMachine.this.logw("Received unexpected payload in an INFORMATIONAL request. Payload type: " + ikePayload.payloadType);
                            break;
                    }
                }
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(IkeSessionStateMachine.this.buildEncryptedInformationalMessage((IkeInformationalPayload[]) arrayList.toArray(new IkeInformationalPayload[arrayList.size()]), true, ikeMessage.ikeHeader.messageId));
            } catch (InvalidSyntaxException e) {
                IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 7);
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            cleanUpAndQuit(new IllegalStateException("Do not support handling an encrypted request: " + i));
        }

        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            cleanUpAndQuit(new IllegalStateException("Do not support handling an encrypted response"));
        }

        protected void handleRequestGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, int i, IkeProtocolException ikeProtocolException) {
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(ikeSaRecord, IkeSessionStateMachine.this.buildEncryptedInformationalMessage(ikeSaRecord, new IkeInformationalPayload[]{ikeProtocolException.buildNotifyPayload()}, true, i));
            if (ikeProtocolException.getErrorType() == 7) {
                IkeSessionStateMachine.this.handleIkeFatalError(ikeProtocolException);
            }
        }

        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            cleanUpAndQuit(new IllegalStateException("Do not support handling generic processing error of encrypted response"));
        }

        protected List<IkePayload> handle3gppRespAndExtractNonError3gppPayloads(int i, List<IkePayload> list) throws InvalidSyntaxException {
            List<IkePayload> extract3gppResponsePayloads = IkeSessionStateMachine.this.mIke3gppExtensionExchange.extract3gppResponsePayloads(i, list);
            IkeSessionStateMachine.this.mIke3gppExtensionExchange.handle3gppResponsePayloads(i, extract3gppResponsePayloads);
            ArrayList arrayList = new ArrayList();
            for (IkePayload ikePayload : extract3gppResponsePayloads) {
                if ((ikePayload instanceof IkeNotifyPayload) && ((IkeNotifyPayload) ikePayload).isErrorNotify()) {
                    arrayList.add(ikePayload);
                }
            }
            extract3gppResponsePayloads.removeAll(arrayList);
            return extract3gppResponsePayloads;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$ChildOutboundData.class */
    private static class ChildOutboundData {
        public final int exchangeType;
        public final boolean isResp;
        public final List<IkePayload> payloadList;
        public final ChildSessionStateMachine childSession;

        ChildOutboundData(int i, boolean z, List<IkePayload> list, ChildSessionStateMachine childSessionStateMachine) {
            this.exchangeType = i;
            this.isResp = z;
            this.payloadList = list;
            this.childSession = childSessionStateMachine;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$ChildProcedureOngoing.class */
    class ChildProcedureOngoing extends DeleteBase {
        private ChildSessionStateMachine mChildInLocalProcedure;
        private Set<ChildSessionStateMachine> mChildInRemoteProcedures;
        private IkeLocalRequestScheduler.ChildLocalRequest mLocalRequestOngoing;
        private int mLastInboundRequestMsgId;
        private List<IkePayload> mOutboundRespPayloads;
        private Set<ChildSessionStateMachine> mAwaitingChildResponse;
        private EncryptedRetransmitter mRetransmitter;

        ChildProcedureOngoing() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mChildInLocalProcedure = null;
            this.mChildInRemoteProcedures = new HashSet();
            this.mLocalRequestOngoing = null;
            this.mLastInboundRequestMsgId = 0;
            this.mOutboundRespPayloads = new LinkedList();
            this.mAwaitingChildResponse = new HashSet();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 303:
                    handleRequestIkeMessage((IkeMessage) message.obj, message.arg1, null);
                    return true;
                case 304:
                    ChildOutboundData childOutboundData = (ChildOutboundData) message.obj;
                    int i = childOutboundData.exchangeType;
                    List<IkePayload> list = childOutboundData.payloadList;
                    if (childOutboundData.isResp) {
                        handleOutboundResponse(i, list, childOutboundData.childSession);
                        return true;
                    }
                    handleOutboundRequest(i, list);
                    return true;
                case 305:
                    ChildSessionStateMachine childSessionStateMachine = (ChildSessionStateMachine) message.obj;
                    if (this.mChildInLocalProcedure == childSessionStateMachine) {
                        this.mChildInLocalProcedure = null;
                        this.mLocalRequestOngoing = null;
                    }
                    this.mChildInRemoteProcedures.remove(childSessionStateMachine);
                    transitionToIdleIfAllProceduresDone();
                    return true;
                case 306:
                    FirstChildNegotiationData firstChildNegotiationData = (FirstChildNegotiationData) message.obj;
                    this.mChildInLocalProcedure = getChildSession(firstChildNegotiationData.childSessionCallback);
                    if (this.mChildInLocalProcedure == null) {
                        cleanUpAndQuit(new IllegalStateException("First child not found."));
                        return true;
                    }
                    this.mChildInLocalProcedure.handleFirstChildExchange(firstChildNegotiationData.reqPayloads, firstChildNegotiationData.respPayloads, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, getEncapSocketOrNull(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mSaProposal.getDhGroupTransforms()[0].id, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkD());
                    return true;
                case 307:
                    executeLocalRequest((IkeLocalRequestScheduler.ChildLocalRequest) message.obj);
                    return true;
                case 308:
                case 309:
                case 310:
                case 311:
                case 312:
                case 313:
                case 314:
                case 315:
                case 316:
                default:
                    return super.processStateMessage(message);
                case 317:
                    if (this.mChildInLocalProcedure != null) {
                        return false;
                    }
                    IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
                    return false;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleTempFailure() {
            IkeSessionStateMachine.this.mTempFailHandler.handleTempFailure();
        }

        private void transitionToIdleIfAllProceduresDone() {
            if (this.mChildInLocalProcedure == null && this.mChildInRemoteProcedures.isEmpty()) {
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            }
        }

        private ChildSessionStateMachine getChildSession(IkeLocalRequestScheduler.ChildLocalRequest childLocalRequest) {
            return childLocalRequest.childSessionCallback == null ? (ChildSessionStateMachine) IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.get(childLocalRequest.remoteSpi) : getChildSession(childLocalRequest.childSessionCallback);
        }

        private ChildSessionStateMachine getChildSession(ChildSessionCallback childSessionCallback) {
            ChildSessionStateMachine childSessionStateMachine;
            synchronized (IkeSessionStateMachine.this.mChildCbToSessions) {
                childSessionStateMachine = IkeSessionStateMachine.this.mChildCbToSessions.get(childSessionCallback);
            }
            return childSessionStateMachine;
        }

        private IpSecManager.UdpEncapsulationSocket getEncapSocketOrNull() {
            if (IkeSessionStateMachine.this.mIkeSocket instanceof IkeUdpEncapSocket) {
                return ((IkeUdpEncapSocket) IkeSessionStateMachine.this.mIkeSocket).getUdpEncapsulationSocket();
            }
            return null;
        }

        private void executeLocalRequest(IkeLocalRequestScheduler.ChildLocalRequest childLocalRequest) {
            childLocalRequest.releaseWakeLock();
            this.mChildInLocalProcedure = getChildSession(childLocalRequest);
            this.mLocalRequestOngoing = childLocalRequest;
            if (this.mChildInLocalProcedure == null) {
                IkeSessionStateMachine.this.logd("Child state machine not found for local request: " + childLocalRequest.procedureType + " Creation of Child Session may have been failed.");
                transitionToIdleIfAllProceduresDone();
                return;
            }
            switch (childLocalRequest.procedureType) {
                case 1:
                    this.mChildInLocalProcedure.createChildSession(IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, getEncapSocketOrNull(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mSaProposal.getDhGroupTransforms()[0].id, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkD());
                    return;
                case 2:
                    this.mChildInLocalProcedure.deleteChildSession();
                    return;
                case 3:
                    this.mChildInLocalProcedure.rekeyChildSession();
                    return;
                case 4:
                    this.mChildInLocalProcedure.rekeyChildSessionForMobike(IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, getEncapSocketOrNull());
                    return;
                default:
                    cleanUpAndQuit(new IllegalStateException("Invalid Child procedure type: " + childLocalRequest.procedureType));
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            this.mLastInboundRequestMsgId = ikeMessage.ikeHeader.messageId;
            switch (i) {
                case 3:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 35);
                    break;
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                case 5:
                    handleInboundDeleteChildRequest(ikeMessage);
                    break;
                case 6:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 43);
                    break;
                case 7:
                    handleInboundRekeyChildRequest(ikeMessage);
                    break;
                case 8:
                    handleGenericInfoRequest(ikeMessage);
                    break;
                default:
                    cleanUpAndQuit(new IllegalStateException("Invalid IKE exchange subtype: " + i));
                    return;
            }
            transitionToIdleIfAllProceduresDone();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            this.mRetransmitter.stopRetransmitting();
            LinkedList linkedList = new LinkedList();
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 43:
                        linkedList.add(ikePayload);
                        break;
                }
            }
            LinkedList linkedList2 = new LinkedList();
            linkedList2.addAll(ikeMessage.ikePayloadList);
            linkedList2.removeAll(linkedList);
            this.mChildInLocalProcedure.receiveResponse(ikeMessage.ikeHeader.exchangeType, linkedList2);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            this.mRetransmitter.stopRetransmitting();
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
        }

        private void handleInboundDeleteChildRequest(IkeMessage ikeMessage) {
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 41:
                        IkeSessionStateMachine.this.logw("Unexpected or unknown notification: " + ((IkeNotifyPayload) ikePayload).notifyType);
                        break;
                    case 42:
                        IkeDeletePayload ikeDeletePayload = (IkeDeletePayload) ikePayload;
                        for (int i : ikeDeletePayload.spisToDelete) {
                            ChildSessionStateMachine childSessionStateMachine = (ChildSessionStateMachine) IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.get(i);
                            if (childSessionStateMachine == null) {
                                IkeSessionStateMachine.this.logw("Child SA not found with received SPI: " + i);
                            } else if (hashSet.add(Integer.valueOf(i))) {
                                if (!hashMap.containsKey(childSessionStateMachine)) {
                                    hashMap.put(childSessionStateMachine, new LinkedList());
                                }
                                List list = (List) hashMap.get(childSessionStateMachine);
                                if (!list.contains(ikeDeletePayload)) {
                                    list.add(ikeDeletePayload);
                                }
                            } else {
                                IkeSessionStateMachine.this.logw("Received repeated Child SPI: " + i);
                            }
                        }
                        break;
                    case 43:
                    case 47:
                        break;
                    case 44:
                    case 45:
                    case 46:
                    default:
                        IkeSessionStateMachine.this.logw("Unexpected payload types found: " + ikePayload.payloadType);
                        break;
                }
            }
            if (hashMap.isEmpty()) {
                IkeSessionStateMachine.this.logd("No Child SA is found for this request.");
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(IkeSessionStateMachine.this.buildEncryptedInformationalMessage(new IkeInformationalPayload[0], true, ikeMessage.ikeHeader.messageId));
                return;
            }
            for (ChildSessionStateMachine childSessionStateMachine2 : hashMap.keySet()) {
                childSessionStateMachine2.receiveRequest(5, 37, (List) hashMap.get(childSessionStateMachine2));
                this.mAwaitingChildResponse.add(childSessionStateMachine2);
                this.mChildInRemoteProcedures.add(childSessionStateMachine2);
            }
        }

        private void handleInboundRekeyChildRequest(IkeMessage ikeMessage) {
            LinkedList linkedList = new LinkedList();
            ChildSessionStateMachine childSessionStateMachine = null;
            HashSet hashSet = new HashSet();
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 41:
                        IkeNotifyPayload ikeNotifyPayload = (IkeNotifyPayload) ikePayload;
                        if (16393 != ikeNotifyPayload.notifyType) {
                            break;
                        } else {
                            int i = ikeNotifyPayload.spi;
                            if (((ChildSessionStateMachine) IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.get(i)) == null) {
                                hashSet.add(Integer.valueOf(i));
                                IkeSessionStateMachine.this.logw("Child SA not found with received SPI: " + i);
                                break;
                            } else if (childSessionStateMachine == null) {
                                childSessionStateMachine = (ChildSessionStateMachine) IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.get(i);
                                break;
                            } else {
                                IkeSessionStateMachine.this.logw("More than one Notify-Rekey Payload found with SPI: " + i);
                                linkedList.add(ikeNotifyPayload);
                                break;
                            }
                        }
                    case 43:
                        linkedList.add(ikePayload);
                        break;
                }
            }
            if (childSessionStateMachine != null) {
                LinkedList linkedList2 = new LinkedList();
                linkedList2.addAll(ikeMessage.ikePayloadList);
                linkedList2.removeAll(linkedList);
                this.mAwaitingChildResponse.add(childSessionStateMachine);
                this.mChildInRemoteProcedures.add(childSessionStateMachine);
                childSessionStateMachine.receiveRequest(7, ikeMessage.ikeHeader.exchangeType, linkedList2);
                return;
            }
            IkeInformationalPayload[] ikeInformationalPayloadArr = new IkeInformationalPayload[hashSet.size()];
            int i2 = 0;
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                int i3 = i2;
                i2++;
                ikeInformationalPayloadArr[i3] = new IkeNotifyPayload(3, ((Integer) it.next()).intValue(), 44, new byte[0]);
            }
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(IkeSessionStateMachine.this.mCurrentIkeSaRecord, IkeSessionStateMachine.this.buildEncryptedNotificationMessage(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeInformationalPayloadArr, 37, true, ikeMessage.ikeHeader.messageId));
        }

        private void handleOutboundRequest(int i, List<IkePayload> list) {
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, new IkeMessage(new IkeHeader(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi(), 46, i, false, IkeSessionStateMachine.this.mCurrentIkeSaRecord.isLocalInit, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getLocalRequestMessageId()), list));
        }

        private void handleOutboundResponse(int i, List<IkePayload> list, ChildSessionStateMachine childSessionStateMachine) {
            this.mOutboundRespPayloads.addAll(list);
            this.mAwaitingChildResponse.remove(childSessionStateMachine);
            if (this.mAwaitingChildResponse.isEmpty()) {
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(new IkeMessage(new IkeHeader(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi(), 46, i, true, IkeSessionStateMachine.this.mCurrentIkeSaRecord.isLocalInit, this.mLastInboundRequestMsgId), this.mOutboundRespPayloads));
                this.mOutboundRespPayloads.clear();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$ChildSessionSmCallback.class */
    public class ChildSessionSmCallback implements ChildSessionStateMachine.IChildSessionSmCallback {
        ChildSessionSmCallback() {
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onChildSaCreated(int i, ChildSessionStateMachine childSessionStateMachine) {
            IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.put(i, childSessionStateMachine);
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onChildSaDeleted(int i) {
            IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.remove(i);
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void scheduleRetryLocalRequest(IkeLocalRequestScheduler.ChildLocalRequest childLocalRequest) {
            IkeSessionStateMachine.this.scheduleRetry(childLocalRequest);
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onOutboundPayloadsReady(int i, boolean z, List<IkePayload> list, ChildSessionStateMachine childSessionStateMachine) {
            IkeSessionStateMachine.this.sendMessage(304, new ChildOutboundData(i, z, list, childSessionStateMachine));
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onProcedureFinished(ChildSessionStateMachine childSessionStateMachine) {
            if (IkeSessionStateMachine.this.getHandler() == null) {
                return;
            }
            IkeSessionStateMachine.this.sendMessage(305, childSessionStateMachine);
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onChildSessionClosed(ChildSessionCallback childSessionCallback) {
            synchronized (IkeSessionStateMachine.this.mChildCbToSessions) {
                IkeSessionStateMachine.this.mChildCbToSessions.remove(childSessionCallback);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback
        public void onFatalIkeSessionError(boolean z) {
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeAuth.class */
    class CreateIkeLocalIkeAuth extends CreateIkeLocalIkeAuthBase {
        private boolean mUseEap;

        CreateIkeLocalIkeAuth() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            try {
                super.enterState();
                this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildIkeAuthReq());
                this.mUseEap = 3 == IkeSessionStateMachine.this.mIkeSessionParams.getLocalAuthConfig().mAuthMethod;
            } catch (IpSecManager.ResourceUnavailableException | IpSecManager.SpiUnavailableException e) {
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 318:
                    IkeSessionStateMachine.this.logWtf("Received SET_NETWORK cmd in " + IkeSessionStateMachine.this.getCurrentState().getName());
                    return false;
                default:
                    return super.processStateMessage(message);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                int i = ikeMessage.ikeHeader.exchangeType;
                if (i != 35) {
                    throw new InvalidSyntaxException("Expected EXCHANGE_TYPE_IKE_AUTH but received: " + i);
                }
                validateIkeAuthResp(ikeMessage);
                List<IkePayload> extractChildPayloadsFromMessage = extractChildPayloadsFromMessage(this.mRetransmitter.getMessage());
                if (this.mUseEap) {
                    IkeSessionStateMachine.this.mFirstChildReqList = extractChildPayloadsFromMessage;
                    IkeEapPayload ikeEapPayload = (IkeEapPayload) ikeMessage.getPayloadForType(48, IkeEapPayload.class);
                    if (ikeEapPayload == null) {
                        throw new AuthenticationFailedException("Missing EAP payload");
                    }
                    IkeSessionStateMachine.this.deferMessage(IkeSessionStateMachine.this.obtainMessage(309, ikeEapPayload));
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mCreateIkeLocalIkeAuthInEap);
                } else {
                    if (IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(2)) {
                        setUpMobilityHandling();
                    }
                    notifyIkeSessionSetup(ikeMessage);
                    performFirstChildNegotiation(extractChildPayloadsFromMessage, extractChildPayloadsFromMessage(ikeMessage));
                }
            } catch (IkeException e) {
                if (!this.mUseEap) {
                    IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
                }
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            this.mRetransmitter.stopRetransmitting();
            if (!this.mUseEap) {
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
            }
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
        }

        private IkeMessage buildIkeAuthReq() throws IpSecManager.SpiUnavailableException, IpSecManager.ResourceUnavailableException {
            LinkedList linkedList = new LinkedList();
            IkeSessionStateMachine.this.mInitIdPayload = new IkeIdPayload(true, IkeSessionStateMachine.this.mIkeSessionParams.getLocalIdentification());
            IkeIdPayload ikeIdPayload = new IkeIdPayload(false, IkeSessionStateMachine.this.mIkeSessionParams.getRemoteIdentification());
            linkedList.add(IkeSessionStateMachine.this.mInitIdPayload);
            linkedList.add(ikeIdPayload);
            if (IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(1)) {
                linkedList.add(new IkeNotifyPayload(IkeNotifyPayload.NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION));
            }
            if (IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(2)) {
                linkedList.add(new IkeNotifyPayload(16396));
            }
            IkeSessionParams.IkeAuthConfig localAuthConfig = IkeSessionStateMachine.this.mIkeSessionParams.getLocalAuthConfig();
            switch (localAuthConfig.mAuthMethod) {
                case 1:
                    linkedList.add(new IkeAuthPskPayload(((IkeSessionParams.IkeAuthPskConfig) localAuthConfig).mPsk, IkeSessionStateMachine.this.mIkeInitRequestBytes, IkeSessionStateMachine.this.mCurrentIkeSaRecord.nonceResponder, IkeSessionStateMachine.this.mInitIdPayload.getEncodedPayloadBody(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkPi()));
                    break;
                case 2:
                    IkeSessionParams.IkeAuthDigitalSignLocalConfig ikeAuthDigitalSignLocalConfig = (IkeSessionParams.IkeAuthDigitalSignLocalConfig) IkeSessionStateMachine.this.mIkeSessionParams.getLocalAuthConfig();
                    linkedList.add(new IkeCertX509CertPayload(ikeAuthDigitalSignLocalConfig.getClientEndCertificate()));
                    Iterator<X509Certificate> it = ikeAuthDigitalSignLocalConfig.mIntermediateCerts.iterator();
                    while (it.hasNext()) {
                        linkedList.add(new IkeCertX509CertPayload(it.next()));
                    }
                    linkedList.add(new IkeAuthDigitalSignPayload(IkeAuthDigitalSignPayload.SIGNATURE_ALGO_RSA_SHA2_512, ikeAuthDigitalSignLocalConfig.mPrivateKey, IkeSessionStateMachine.this.mIkeInitRequestBytes, IkeSessionStateMachine.this.mCurrentIkeSaRecord.nonceResponder, IkeSessionStateMachine.this.mInitIdPayload.getEncodedPayloadBody(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkPi()));
                    break;
                case 3:
                    break;
                default:
                    cleanUpAndQuit(new IllegalArgumentException("Unrecognized authentication method: " + localAuthConfig.mAuthMethod));
                    break;
            }
            linkedList.addAll(ChildSessionStateMachine.CreateChildSaHelper.getInitChildCreateReqPayloads(IkeSessionStateMachine.this.mRandomFactory, IkeSessionStateMachine.this.mIpSecSpiGenerator, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mFirstChildSessionParams, true));
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(ChildSessionStateMachine.CreateChildSaHelper.getConfigAttributes(IkeSessionStateMachine.this.mFirstChildSessionParams)));
            arrayList.addAll(Arrays.asList(IkeSessionStateMachine.this.mIkeSessionParams.getConfigurationAttributesInternal()));
            arrayList.add(new IkeConfigPayload.ConfigAttributeAppVersion());
            linkedList.add(new IkeConfigPayload(false, (List<IkeConfigPayload.ConfigAttribute>) arrayList));
            linkedList.addAll(IkeSessionStateMachine.this.mIke3gppExtensionExchange.getRequestPayloads(2));
            return buildIkeAuthReqMessage(linkedList);
        }

        private void validateIkeAuthResp(IkeMessage ikeMessage) throws IkeException {
            IkeAuthPayload ikeAuthPayload = null;
            LinkedList linkedList = new LinkedList();
            List<IkePayload> handle3gppRespAndExtractNonError3gppPayloads = handle3gppRespAndExtractNonError3gppPayloads(2, ikeMessage.ikePayloadList);
            ArrayList<IkePayload> arrayList = new ArrayList(ikeMessage.ikePayloadList);
            arrayList.removeAll(handle3gppRespAndExtractNonError3gppPayloads);
            for (IkePayload ikePayload : arrayList) {
                switch (ikePayload.payloadType) {
                    case 33:
                    case 44:
                    case 45:
                    case 47:
                    case 48:
                        break;
                    case 34:
                    case 35:
                    case 38:
                    case 40:
                    case 42:
                    case 43:
                    case 46:
                    default:
                        IkeSessionStateMachine.this.logw("Received unexpected payload in IKE AUTH response. Payload type: " + ikePayload.payloadType);
                        break;
                    case 36:
                        IkeSessionStateMachine.this.mRespIdPayload = (IkeIdPayload) ikePayload;
                        if (!IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(0) && !IkeSessionStateMachine.this.mIkeSessionParams.getRemoteIdentification().equals(IkeSessionStateMachine.this.mRespIdPayload.ikeId)) {
                            throw new AuthenticationFailedException("Unrecognized Responder Identification.");
                        }
                        break;
                    case 37:
                        linkedList.add((IkeCertPayload) ikePayload);
                        break;
                    case 39:
                        ikeAuthPayload = (IkeAuthPayload) ikePayload;
                        break;
                    case 41:
                        handleNotifyInLastAuthResp((IkeNotifyPayload) ikePayload, (IkeAuthPayload) ikeMessage.getPayloadForType(39, IkeAuthPayload.class));
                        break;
                }
            }
            if (ikeAuthPayload == null && IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(1)) {
                return;
            }
            if (ikeAuthPayload == null || IkeSessionStateMachine.this.mRespIdPayload == null) {
                throw new AuthenticationFailedException("ID-Responder or Auth payload is missing.");
            }
            authenticate(ikeAuthPayload, IkeSessionStateMachine.this.mRespIdPayload, linkedList);
        }

        private void authenticate(IkeAuthPayload ikeAuthPayload, IkeIdPayload ikeIdPayload, List<IkeCertPayload> list) throws AuthenticationFailedException {
            switch (IkeSessionStateMachine.this.mIkeSessionParams.getRemoteAuthConfig().mAuthMethod) {
                case 1:
                    authenticatePsk(((IkeSessionParams.IkeAuthPskConfig) IkeSessionStateMachine.this.mIkeSessionParams.getRemoteAuthConfig()).mPsk, ikeAuthPayload, ikeIdPayload);
                    return;
                case 2:
                    authenticateDigitalSignature(list, ((IkeSessionParams.IkeAuthDigitalSignRemoteConfig) IkeSessionStateMachine.this.mIkeSessionParams.getRemoteAuthConfig()).mTrustAnchor, ikeAuthPayload, ikeIdPayload);
                    return;
                default:
                    cleanUpAndQuit(new IllegalArgumentException("Unrecognized auth method: " + ikeAuthPayload.authMethod));
                    return;
            }
        }

        private void authenticateDigitalSignature(List<IkeCertPayload> list, TrustAnchor trustAnchor, IkeAuthPayload ikeAuthPayload, IkeIdPayload ikeIdPayload) throws AuthenticationFailedException {
            if (ikeAuthPayload.authMethod != 1 && ikeAuthPayload.authMethod != 14) {
                throw new AuthenticationFailedException("Expected the remote/server to use digital-signature-based authentication but they used: " + ikeAuthPayload.authMethod);
            }
            X509Certificate x509Certificate = null;
            LinkedList linkedList = new LinkedList();
            Iterator<IkeCertPayload> it = list.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate2 = ((IkeCertX509CertPayload) it.next()).certificate;
                if (x509Certificate == null) {
                    x509Certificate = x509Certificate2;
                }
                linkedList.add(x509Certificate2);
            }
            if (x509Certificate == null) {
                throw new AuthenticationFailedException("The remote/server failed to provide a end certificate");
            }
            ikeIdPayload.validateEndCertIdOrThrow(x509Certificate);
            IkeCertPayload.validateCertificates(x509Certificate, linkedList, null, trustAnchor == null ? null : Collections.singleton(trustAnchor));
            ((IkeAuthDigitalSignPayload) ikeAuthPayload).verifyInboundSignature(x509Certificate, IkeSessionStateMachine.this.mIkeInitResponseBytes, IkeSessionStateMachine.this.mCurrentIkeSaRecord.nonceInitiator, ikeIdPayload.getEncodedPayloadBody(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkPr());
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            this.mRetransmitter.stopRetransmitting();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeAuthBase.class */
    public abstract class CreateIkeLocalIkeAuthBase extends DeleteBase {
        protected Retransmitter mRetransmitter;

        CreateIkeLocalIkeAuthBase() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            getIkeSaRecordForPacket(ikeMessage.ikeHeader).updateLastReceivedReqFirstPacket(null);
            IkeSessionStateMachine.this.deferMessage(message);
        }

        protected IkeMessage buildIkeAuthReqMessage(List<IkePayload> list) {
            return new IkeMessage(new IkeHeader(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi(), 46, 35, false, true, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getLocalRequestMessageId()), list);
        }

        protected void authenticatePsk(byte[] bArr, IkeAuthPayload ikeAuthPayload, IkeIdPayload ikeIdPayload) throws AuthenticationFailedException {
            if (ikeAuthPayload.authMethod != 2) {
                throw new AuthenticationFailedException("Expected the remote/server to use PSK-based authentication but they used: " + ikeAuthPayload.authMethod);
            }
            ((IkeAuthPskPayload) ikeAuthPayload).verifyInboundSignature(bArr, IkeSessionStateMachine.this.mIkeInitResponseBytes, IkeSessionStateMachine.this.mCurrentIkeSaRecord.nonceInitiator, ikeIdPayload.getEncodedPayloadBody(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkPr());
        }

        protected List<IkePayload> extractChildPayloadsFromMessage(IkeMessage ikeMessage) throws InvalidSyntaxException {
            LinkedList linkedList = new LinkedList();
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 33:
                    case 44:
                    case 45:
                    case 47:
                        linkedList.add(ikePayload);
                        break;
                    case 41:
                        if (((IkeNotifyPayload) ikePayload).isNewChildSaNotify()) {
                            linkedList.add(ikePayload);
                            break;
                        } else {
                            break;
                        }
                }
            }
            return linkedList;
        }

        protected void performFirstChildNegotiation(List<IkePayload> list, List<IkePayload> list2) {
            list.add(IkeSessionStateMachine.this.mIkeInitNoncePayload);
            list2.add(IkeSessionStateMachine.this.mIkeRespNoncePayload);
            IkeSessionStateMachine.this.deferMessage(IkeSessionStateMachine.this.obtainMessage(306, new FirstChildNegotiationData(IkeSessionStateMachine.this.mFirstChildSessionParams, IkeSessionStateMachine.this.mFirstChildCallbacks, list, list2)));
            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mChildProcedureOngoing);
        }

        @SuppressLint({"NewApi"})
        protected IkeSessionConfiguration buildIkeSessionConfiguration(IkeMessage ikeMessage) {
            IkeConfigPayload ikeConfigPayload = (IkeConfigPayload) ikeMessage.getPayloadForType(47, IkeConfigPayload.class);
            if (ikeConfigPayload == null) {
                IkeSessionStateMachine.this.logi("No config payload in ikeMessage.");
            } else if (ikeConfigPayload.configType != 2) {
                IkeSessionStateMachine.this.logi("Unexpected config payload. Config Type: " + ikeConfigPayload.configType);
                ikeConfigPayload = null;
            }
            return new IkeSessionConfiguration(new IkeSessionConnectionInfo(IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, IkeSessionStateMachine.this.mNetwork), ikeConfigPayload, IkeSessionStateMachine.this.mRemoteVendorIds, IkeSessionStateMachine.this.mEnabledExtensions);
        }

        protected void notifyIkeSessionSetup(IkeMessage ikeMessage) {
            IkeSessionConfiguration buildIkeSessionConfiguration = buildIkeSessionConfiguration(ikeMessage);
            IkeSessionStateMachine.this.executeUserCallback(() -> {
                IkeSessionStateMachine.this.mIkeSessionCallback.onOpened(buildIkeSessionConfiguration);
            });
        }

        protected void handleNotifyInLastAuthResp(IkeNotifyPayload ikeNotifyPayload, IkeAuthPayload ikeAuthPayload) throws IkeException {
            if (ikeNotifyPayload.isErrorNotify()) {
                if (!ikeNotifyPayload.isNewChildSaNotify() || ikeAuthPayload == null) {
                    throw ikeNotifyPayload.validateAndBuildIkeException();
                }
            } else {
                if (ikeNotifyPayload.isNewChildSaNotify()) {
                    return;
                }
                if (!IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(2) || ikeNotifyPayload.notifyType != 16396) {
                    IkeSessionStateMachine.this.logw("Received unknown or unexpected status notifications with notify type: " + ikeNotifyPayload.notifyType);
                } else {
                    IkeSessionStateMachine.this.mSupportMobike = true;
                    IkeSessionStateMachine.this.mEnabledExtensions.add(2);
                }
            }
        }

        protected void setUpMobilityHandling() throws IkeException {
            try {
                if (IkeSessionStateMachine.this.mIkeSessionParams.getConfiguredNetwork() != null) {
                    NetworkRequest build = new NetworkRequest.Builder().clearCapabilities().build();
                    IkeSessionStateMachine.this.mNetworkCallback = new IkeSpecificNetworkCallback(IkeSessionStateMachine.this, IkeSessionStateMachine.this.mNetwork, IkeSessionStateMachine.this.mLocalAddress);
                    IkeSessionStateMachine.this.mConnectivityManager.registerNetworkCallback(build, IkeSessionStateMachine.this.mNetworkCallback, IkeSessionStateMachine.this.getHandler());
                } else {
                    IkeSessionStateMachine.this.mNetworkCallback = new IkeDefaultNetworkCallback(IkeSessionStateMachine.this, IkeSessionStateMachine.this.mNetwork, IkeSessionStateMachine.this.mLocalAddress);
                    IkeSessionStateMachine.this.mConnectivityManager.registerDefaultNetworkCallback(IkeSessionStateMachine.this.mNetworkCallback, IkeSessionStateMachine.this.getHandler());
                }
                if (IkeSessionStateMachine.this.mHasCheckedNattSupport && IkeSessionStateMachine.this.mSupportNatTraversal && IkeSessionStateMachine.this.mIkeSocket.getIkeServerPort() != 4500) {
                    IkeSessionStateMachine.this.getAndSwitchToIkeSocket(IkeSessionStateMachine.this.mIkeSocket instanceof IkeUdp4Socket, true);
                }
            } catch (RuntimeException e) {
                throw new IkeInternalException("Error while registering NetworkCallback", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeAuthInEap.class */
    public class CreateIkeLocalIkeAuthInEap extends CreateIkeLocalIkeAuthBase {
        private EapAuthenticator mEapAuthenticator;

        /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeAuthInEap$IkeEapCallback.class */
        private class IkeEapCallback implements IEapCallback {
            private IkeEapCallback() {
            }

            @Override // com.android.internal.net.eap.IEapCallback
            public void onSuccess(byte[] bArr, byte[] bArr2) {
                IkeSessionStateMachine.this.sendMessage(314, bArr);
            }

            @Override // com.android.internal.net.eap.IEapCallback
            public void onFail() {
                IkeSessionStateMachine.this.sendMessage(312);
            }

            @Override // com.android.internal.net.eap.IEapCallback
            public void onResponse(byte[] bArr) {
                IkeSessionStateMachine.this.sendMessage(310, bArr);
            }

            @Override // com.android.internal.net.eap.IEapCallback
            public void onError(Throwable th) {
                IkeSessionStateMachine.this.sendMessage(311, th);
            }
        }

        CreateIkeLocalIkeAuthInEap() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mEapAuthenticator = IkeSessionStateMachine.this.mEapAuthenticatorFactory.newEapAuthenticator(IkeSessionStateMachine.this.getHandler().getLooper(), new IkeEapCallback(), IkeSessionStateMachine.this.mContext, ((IkeSessionParams.IkeAuthEapConfig) IkeSessionStateMachine.this.mIkeSessionParams.getLocalAuthConfig()).mEapConfig, IkeSessionStateMachine.this.mRandomFactory);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 309:
                    this.mEapAuthenticator.processEapMessage(((IkeEapPayload) message.obj).eapMessage);
                    return true;
                case 310:
                    this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildIkeAuthReqMessage(Arrays.asList(new IkeEapPayload((byte[]) message.obj))));
                    return true;
                case 311:
                    IkeSessionStateMachine.this.handleIkeFatalError(new AuthenticationFailedException((Throwable) message.obj));
                    return true;
                case 312:
                    IkeSessionStateMachine.this.handleIkeFatalError(new AuthenticationFailedException("EAP Authentication Failed"));
                    return true;
                case 313:
                case 315:
                case 316:
                case 317:
                default:
                    return super.processStateMessage(message);
                case 314:
                    IkeSessionStateMachine.this.deferMessage(message);
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mCreateIkeLocalIkeAuthPostEap);
                    return true;
                case 318:
                    IkeSessionStateMachine.this.logWtf("Received SET_NETWORK cmd in " + IkeSessionStateMachine.this.getCurrentState().getName());
                    return false;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                this.mRetransmitter.stopRetransmitting();
                int i = ikeMessage.ikeHeader.exchangeType;
                if (i != 35) {
                    throw new InvalidSyntaxException("Expected EXCHANGE_TYPE_IKE_AUTH but received: " + i);
                }
                List<IkePayload> handle3gppRespAndExtractNonError3gppPayloads = handle3gppRespAndExtractNonError3gppPayloads(2, ikeMessage.ikePayloadList);
                ArrayList<IkePayload> arrayList = new ArrayList(ikeMessage.ikePayloadList);
                arrayList.removeAll(handle3gppRespAndExtractNonError3gppPayloads);
                IkeEapPayload ikeEapPayload = null;
                for (IkePayload ikePayload : arrayList) {
                    switch (ikePayload.payloadType) {
                        case 41:
                            IkeNotifyPayload ikeNotifyPayload = (IkeNotifyPayload) ikePayload;
                            if (ikeNotifyPayload.isErrorNotify()) {
                                throw ikeNotifyPayload.validateAndBuildIkeException();
                            }
                            IkeSessionStateMachine.this.logw("Received unknown or unexpected status notifications with notify type: " + ikeNotifyPayload.notifyType);
                            break;
                        case 48:
                            ikeEapPayload = (IkeEapPayload) ikePayload;
                            break;
                        default:
                            IkeSessionStateMachine.this.logw("Received unexpected payload in IKE AUTH response. Payload type: " + ikePayload.payloadType);
                            break;
                    }
                }
                if (ikeEapPayload == null) {
                    throw new AuthenticationFailedException("EAP Payload is missing.");
                }
                this.mEapAuthenticator.processEapMessage(ikeEapPayload.eapMessage);
            } catch (IkeProtocolException e) {
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            this.mRetransmitter.stopRetransmitting();
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeAuthPostEap.class */
    class CreateIkeLocalIkeAuthPostEap extends CreateIkeLocalIkeAuthBase {
        private byte[] mEapMsk;

        CreateIkeLocalIkeAuthPostEap() {
            super();
            this.mEapMsk = new byte[0];
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 314:
                    this.mEapMsk = (byte[]) message.obj;
                    this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildIkeAuthReqMessage(Arrays.asList(new IkeAuthPskPayload(this.mEapMsk, IkeSessionStateMachine.this.mIkeInitRequestBytes, IkeSessionStateMachine.this.mCurrentIkeSaRecord.nonceResponder, IkeSessionStateMachine.this.mInitIdPayload.getEncodedPayloadBody(), IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkPi()))));
                    return true;
                case 318:
                    IkeSessionStateMachine.this.logWtf("Received SET_NETWORK cmd in " + IkeSessionStateMachine.this.getCurrentState().getName());
                    return false;
                default:
                    return super.processStateMessage(message);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                int i = ikeMessage.ikeHeader.exchangeType;
                if (i != 35) {
                    throw new InvalidSyntaxException("Expected EXCHANGE_TYPE_IKE_AUTH but received: " + i);
                }
                validateIkeAuthRespPostEap(ikeMessage);
                if (IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(2)) {
                    setUpMobilityHandling();
                }
                notifyIkeSessionSetup(ikeMessage);
                performFirstChildNegotiation(IkeSessionStateMachine.this.mFirstChildReqList, extractChildPayloadsFromMessage(ikeMessage));
            } catch (IkeException e) {
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            this.mRetransmitter.stopRetransmitting();
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
        }

        private void validateIkeAuthRespPostEap(IkeMessage ikeMessage) throws IkeException {
            IkeAuthPayload ikeAuthPayload = null;
            List<IkePayload> handle3gppRespAndExtractNonError3gppPayloads = handle3gppRespAndExtractNonError3gppPayloads(2, ikeMessage.ikePayloadList);
            ArrayList<IkePayload> arrayList = new ArrayList(ikeMessage.ikePayloadList);
            arrayList.removeAll(handle3gppRespAndExtractNonError3gppPayloads);
            for (IkePayload ikePayload : arrayList) {
                switch (ikePayload.payloadType) {
                    case 33:
                    case 44:
                    case 45:
                    case 47:
                        break;
                    case 34:
                    case 35:
                    case 36:
                    case 37:
                    case 38:
                    case 40:
                    case 42:
                    case 43:
                    case 46:
                    default:
                        IkeSessionStateMachine.this.logw("Received unexpected payload in IKE AUTH response. Payload type: " + ikePayload.payloadType);
                        break;
                    case 39:
                        ikeAuthPayload = (IkeAuthPayload) ikePayload;
                        break;
                    case 41:
                        handleNotifyInLastAuthResp((IkeNotifyPayload) ikePayload, (IkeAuthPayload) ikeMessage.getPayloadForType(39, IkeAuthPayload.class));
                        break;
                }
            }
            if (ikeAuthPayload == null) {
                throw new AuthenticationFailedException("Post-EAP Auth payload missing.");
            }
            authenticatePsk(this.mEapMsk, ikeAuthPayload, IkeSessionStateMachine.this.mRespIdPayload);
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            this.mRetransmitter.stopRetransmitting();
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeInit.class */
    public class CreateIkeLocalIkeInit extends BusyState {
        private IkeSecurityParameterIndex mLocalIkeSpiResource;
        private IkeSecurityParameterIndex mRemoteIkeSpiResource;
        private Retransmitter mRetransmitter;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeLocalIkeInit$UnencryptedRetransmitter.class */
        public class UnencryptedRetransmitter extends Retransmitter {
            private UnencryptedRetransmitter(IkeMessage ikeMessage) {
                super(IkeSessionStateMachine.this.getHandler(), ikeMessage, IkeSessionStateMachine.this.mIkeSessionParams.getRetransmissionTimeoutsMillis());
                retransmit();
            }

            @Override // com.android.internal.net.ipsec.ike.utils.Retransmitter
            public void send(IkeMessage ikeMessage) {
                IkeSessionStateMachine.this.mIkeSocket.sendIkePacket(ikeMessage.encode(), IkeSessionStateMachine.this.mRemoteAddress);
            }

            @Override // com.android.internal.net.ipsec.ike.utils.Retransmitter
            public void handleRetransmissionFailure() {
                IkeSessionStateMachine.this.handleIkeFatalError(new IOException("Retransmitting IKE INIT request failure"));
            }
        }

        public CreateIkeLocalIkeInit() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            try {
                sendRequest(buildIkeInitReq());
            } catch (IOException e) {
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        private void sendRequest(IkeMessage ikeMessage) {
            IkeSessionStateMachine.this.mIkeSocket.registerIke(ikeMessage.ikeHeader.ikeInitiatorSpi, IkeSessionStateMachine.this);
            IkeSessionStateMachine.this.mIkeInitRequestBytes = ikeMessage.encode();
            IkeSessionStateMachine.this.mIkeInitNoncePayload = (IkeNoncePayload) ikeMessage.getPayloadForType(40, IkeNoncePayload.class);
            if (this.mRetransmitter != null) {
                this.mRetransmitter.stopRetransmitting();
            }
            this.mRetransmitter = new UnencryptedRetransmitter(ikeMessage);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 301:
                    handleReceivedIkePacket(message);
                    return true;
                case 318:
                    IkeSessionStateMachine.this.logWtf("Received SET_NETWORK cmd in " + IkeSessionStateMachine.this.getCurrentState().getName());
                    return false;
                default:
                    return super.processStateMessage(message);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleReceivedIkePacket(Message message) {
            ReceivedIkePacket receivedIkePacket = (ReceivedIkePacket) message.obj;
            IkeHeader ikeHeader = receivedIkePacket.ikeHeader;
            byte[] bArr = receivedIkePacket.ikePacketBytes;
            IkeSessionStateMachine.this.logd("handleReceivedIkePacket: Received an " + ikeHeader.getBasicInfoString() + ". Packet size: " + bArr.length);
            if (!ikeHeader.isResponseMsg) {
                IkeSessionStateMachine.this.logi("Received a request while waiting for IKE_INIT response. Discard it.");
                return;
            }
            IkeMessage.DecodeResult decode = IkeMessage.decode(0, ikeHeader, bArr);
            switch (decode.status) {
                case 0:
                    handleResponseIkeMessage(((IkeMessage.DecodeResultOk) decode).ikeMessage);
                    IkeSessionStateMachine.this.mIkeInitResponseBytes = bArr;
                    if (IkeSessionStateMachine.this.mCurrentIkeSaRecord == null) {
                        return;
                    }
                    IkeSessionStateMachine.this.mCurrentIkeSaRecord.incrementLocalRequestMessageId();
                    return;
                case 1:
                case 2:
                    cleanUpAndQuit(new IllegalStateException("Unexpected decoding status: " + decode.status));
                    return;
                case 3:
                    IkeSessionStateMachine.this.logi("Discard unencrypted response with syntax error", ((IkeMessage.DecodeResultError) decode).ikeException);
                    return;
                default:
                    cleanUpAndQuit(new IllegalStateException("Invalid decoding status: " + decode.status));
                    return;
            }
        }

        private IkeNotifyPayload getNotifyCookie(IkeMessage ikeMessage) {
            for (IkeNotifyPayload ikeNotifyPayload : ikeMessage.getPayloadListForType(41, IkeNotifyPayload.class)) {
                if (ikeNotifyPayload.notifyType == 16390) {
                    return ikeNotifyPayload;
                }
            }
            return null;
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                try {
                    int i = ikeMessage.ikeHeader.exchangeType;
                    if (i != 34) {
                        throw new InvalidSyntaxException("Expected EXCHANGE_TYPE_IKE_SA_INIT but received: " + i);
                    }
                    IkeNotifyPayload notifyCookie = getNotifyCookie(ikeMessage);
                    if (notifyCookie != null) {
                        sendRequest(buildReqWithCookie(this.mRetransmitter.getMessage(), IkeNotifyPayload.handleCookieAndGenerateCopy(notifyCookie)));
                        if (0 == 0 && 1 == 0) {
                            if (this.mLocalIkeSpiResource != null) {
                                this.mLocalIkeSpiResource.close();
                                this.mLocalIkeSpiResource = null;
                            }
                            if (this.mRemoteIkeSpiResource != null) {
                                this.mRemoteIkeSpiResource.close();
                                this.mRemoteIkeSpiResource = null;
                                return;
                            }
                            return;
                        }
                        return;
                    }
                    validateIkeInitResp(this.mRetransmitter.getMessage(), ikeMessage);
                    IkeSessionStateMachine.this.mCurrentIkeSaRecord = SaRecord.IkeSaRecord.makeFirstIkeSaRecord(this.mRetransmitter.getMessage(), ikeMessage, this.mLocalIkeSpiResource, this.mRemoteIkeSpiResource, IkeSessionStateMachine.this.mIkePrf, IkeSessionStateMachine.this.mIkeIntegrity == null ? 0 : IkeSessionStateMachine.this.mIkeIntegrity.getKeyLength(), IkeSessionStateMachine.this.mIkeCipher.getKeyLength(), IkeSessionStateMachine.this.buildSaLifetimeAlarmScheduler(this.mRemoteIkeSpiResource.getSpi()));
                    IkeSessionStateMachine.this.addIkeSaRecord(IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mCreateIkeLocalIkeAuth);
                    if (1 == 0 && 0 == 0) {
                        if (this.mLocalIkeSpiResource != null) {
                            this.mLocalIkeSpiResource.close();
                            this.mLocalIkeSpiResource = null;
                        }
                        if (this.mRemoteIkeSpiResource != null) {
                            this.mRemoteIkeSpiResource.close();
                            this.mRemoteIkeSpiResource = null;
                        }
                    }
                } catch (IkeProtocolException | IOException | GeneralSecurityException e) {
                    if (e instanceof InvalidKeException) {
                        int dhGroup = ((InvalidKeException) e).getDhGroup();
                        boolean z = true;
                        for (IkeSaProposal ikeSaProposal : IkeSessionStateMachine.this.mIkeSessionParams.getSaProposalsInternal()) {
                            z &= ikeSaProposal.getDhGroups().contains(Integer.valueOf(dhGroup));
                        }
                        if (z) {
                            IkeSessionStateMachine.this.mPeerSelectedDhGroup = dhGroup;
                            IkeSessionStateMachine.this.mIkeSocket.unregisterIke(this.mRetransmitter.getMessage().ikeHeader.ikeInitiatorSpi);
                            IkeSessionStateMachine.this.mIkeInitRequestBytes = null;
                            IkeSessionStateMachine.this.mIkeInitNoncePayload = null;
                            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mInitial);
                            IkeSessionStateMachine.this.openSession();
                            if (0 == 0 && 0 == 0) {
                                if (this.mLocalIkeSpiResource != null) {
                                    this.mLocalIkeSpiResource.close();
                                    this.mLocalIkeSpiResource = null;
                                }
                                if (this.mRemoteIkeSpiResource != null) {
                                    this.mRemoteIkeSpiResource.close();
                                    this.mRemoteIkeSpiResource = null;
                                    return;
                                }
                                return;
                            }
                            return;
                        }
                    }
                    IkeSessionStateMachine.this.handleIkeFatalError(e);
                    if (0 == 0 && 0 == 0) {
                        if (this.mLocalIkeSpiResource != null) {
                            this.mLocalIkeSpiResource.close();
                            this.mLocalIkeSpiResource = null;
                        }
                        if (this.mRemoteIkeSpiResource != null) {
                            this.mRemoteIkeSpiResource.close();
                            this.mRemoteIkeSpiResource = null;
                        }
                    }
                }
            } catch (Throwable th) {
                if (0 == 0 && 0 == 0) {
                    if (this.mLocalIkeSpiResource != null) {
                        this.mLocalIkeSpiResource.close();
                        this.mLocalIkeSpiResource = null;
                    }
                    if (this.mRemoteIkeSpiResource != null) {
                        this.mRemoteIkeSpiResource.close();
                        this.mRemoteIkeSpiResource = null;
                    }
                }
                throw th;
            }
        }

        private IkeMessage buildIkeInitReq() throws IOException {
            this.mLocalIkeSpiResource = IkeSessionStateMachine.this.mIkeSpiGenerator.allocateSpi(IkeSessionStateMachine.this.mLocalAddress);
            long spi = this.mLocalIkeSpiResource.getSpi();
            List<IkePayload> ikeInitSaRequestPayloads = CreateIkeSaHelper.getIkeInitSaRequestPayloads(IkeSessionStateMachine.this.mIkeSessionParams.getSaProposalsInternal(), IkeSessionStateMachine.this.mPeerSelectedDhGroup, spi, 0L, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, IkeSessionStateMachine.this.mLocalPort, IkeSessionStateMachine.this.mIkeSocket.getIkeServerPort(), IkeSessionStateMachine.this.mRandomFactory, IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(2));
            ikeInitSaRequestPayloads.add(new IkeNotifyPayload(IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED));
            ByteBuffer allocate = ByteBuffer.allocate(IkeAuthDigitalSignPayload.ALL_SIGNATURE_ALGO_TYPES.length * 2);
            for (short s : IkeAuthDigitalSignPayload.ALL_SIGNATURE_ALGO_TYPES) {
                allocate.putShort(s);
            }
            ikeInitSaRequestPayloads.add(new IkeNotifyPayload(IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS, allocate.array()));
            return new IkeMessage(new IkeHeader(spi, 0L, 33, 34, false, true, 0), ikeInitSaRequestPayloads);
        }

        private IkeMessage buildReqWithCookie(IkeMessage ikeMessage, IkeNotifyPayload ikeNotifyPayload) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(ikeNotifyPayload);
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                if (!(ikePayload instanceof IkeNotifyPayload) || ((IkeNotifyPayload) ikePayload).notifyType != 16390) {
                    arrayList.add(ikePayload);
                }
            }
            IkeHeader ikeHeader = ikeMessage.ikeHeader;
            return new IkeMessage(new IkeHeader(ikeHeader.ikeInitiatorSpi, ikeHeader.ikeResponderSpi, 41, 34, false, true, 0), arrayList);
        }

        private void validateIkeInitResp(IkeMessage ikeMessage, IkeMessage ikeMessage2) throws IkeProtocolException, IOException {
            this.mRemoteIkeSpiResource = IkeSessionStateMachine.this.mIkeSpiGenerator.allocateSpi(IkeSessionStateMachine.this.mRemoteAddress, ikeMessage2.ikeHeader.ikeResponderSpi);
            IkeSaPayload ikeSaPayload = null;
            IkeKePayload ikeKePayload = null;
            LinkedList linkedList = new LinkedList();
            IkeNotifyPayload ikeNotifyPayload = null;
            boolean z = false;
            for (IkePayload ikePayload : ikeMessage2.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 33:
                        ikeSaPayload = (IkeSaPayload) ikePayload;
                        break;
                    case 34:
                        ikeKePayload = (IkeKePayload) ikePayload;
                        break;
                    case 35:
                    case 36:
                    case 37:
                    case 39:
                    case 42:
                    default:
                        IkeSessionStateMachine.this.logw("Received unexpected payload in IKE INIT response. Payload type: " + ikePayload.payloadType);
                        break;
                    case 38:
                        break;
                    case 40:
                        z = true;
                        IkeSessionStateMachine.this.mIkeRespNoncePayload = (IkeNoncePayload) ikePayload;
                        break;
                    case 41:
                        IkeNotifyPayload ikeNotifyPayload2 = (IkeNotifyPayload) ikePayload;
                        if (ikeNotifyPayload2.isErrorNotify()) {
                            throw ikeNotifyPayload2.validateAndBuildIkeException();
                        }
                        switch (ikeNotifyPayload2.notifyType) {
                            case 16388:
                                linkedList.add(ikeNotifyPayload2);
                                break;
                            case 16389:
                                if (ikeNotifyPayload != null) {
                                    throw new InvalidSyntaxException("More than one NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP found");
                                }
                                ikeNotifyPayload = ikeNotifyPayload2;
                                break;
                            case IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED /* 16430 */:
                                IkeSessionStateMachine.this.mSupportFragment = true;
                                IkeSessionStateMachine.this.mEnabledExtensions.add(1);
                                break;
                            case IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS /* 16431 */:
                                IkeSessionStateMachine.this.mPeerSignatureHashAlgorithms = IkeAuthDigitalSignPayload.getSignatureHashAlgorithmsFromIkeNotifyPayload(ikeNotifyPayload2);
                                break;
                            default:
                                IkeSessionStateMachine.this.logw("Received unknown or unexpected status notifications with notify type: " + ikeNotifyPayload2.notifyType);
                                break;
                        }
                    case 43:
                        IkeSessionStateMachine.this.mRemoteVendorIds.add(((IkeVendorPayload) ikePayload).vendorId);
                        break;
                }
            }
            if (ikeSaPayload == null || ikeKePayload == null || !z) {
                throw new InvalidSyntaxException("SA, KE, or Nonce payload missing.");
            }
            IkeSessionStateMachine.this.mSaProposal = IkeSaPayload.getVerifiedNegotiatedIkeProposalPair((IkeSaPayload) ikeMessage.getPayloadForType(33, IkeSaPayload.class), ikeSaPayload, IkeSessionStateMachine.this.mIkeSpiGenerator, IkeSessionStateMachine.this.mRemoteAddress).second.saProposal;
            IkeSessionStateMachine.this.mIkeCipher = IkeCipher.create(IkeSessionStateMachine.this.mSaProposal.getEncryptionTransforms()[0]);
            if (!IkeSessionStateMachine.this.mIkeCipher.isAead()) {
                IkeSessionStateMachine.this.mIkeIntegrity = IkeMacIntegrity.create(IkeSessionStateMachine.this.mSaProposal.getIntegrityTransforms()[0]);
            }
            IkeSessionStateMachine.this.mIkePrf = IkeMacPrf.create(IkeSessionStateMachine.this.mSaProposal.getPrfTransforms()[0]);
            if (((IkeKePayload) ikeMessage.getPayloadForType(34, IkeKePayload.class)).dhGroup != ikeKePayload.dhGroup && ikeKePayload.dhGroup != IkeSessionStateMachine.this.mPeerSelectedDhGroup) {
                throw new InvalidSyntaxException("Received KE payload with mismatched DH group.");
            }
            if (ikeMessage.hasNotifyPayload(16388)) {
                handleNatDetection(ikeMessage2, linkedList, ikeNotifyPayload);
            }
        }

        private void handleNatDetection(IkeMessage ikeMessage, List<IkeNotifyPayload> list, IkeNotifyPayload ikeNotifyPayload) throws InvalidSyntaxException, IOException {
            IkeSessionStateMachine.this.mHasCheckedNattSupport = true;
            if (!IkeSessionStateMachine.this.didPeerIncludeNattDetectionPayloads(list, ikeNotifyPayload)) {
                IkeSessionStateMachine.this.mSupportNatTraversal = false;
                return;
            }
            IkeSessionStateMachine.this.mSupportNatTraversal = true;
            long j = ikeMessage.ikeHeader.ikeInitiatorSpi;
            IkeSessionStateMachine.this.updateLocalAndRemoteNatDetected(j, ikeMessage.ikeHeader.ikeResponderSpi, list, ikeNotifyPayload);
            if (IkeSessionStateMachine.this.mLocalNatDetected || IkeSessionStateMachine.this.mRemoteNatDetected) {
                IkeSessionStateMachine.this.logd("Switching to send to remote port 4500 if it's not already");
                boolean z = IkeSessionStateMachine.this.mRemoteAddress instanceof Inet4Address;
                try {
                    IkeSocket ikeSocket = IkeSessionStateMachine.this.getIkeSocket(z, true);
                    if (ikeSocket == IkeSessionStateMachine.this.mIkeSocket) {
                        return;
                    }
                    switchToIkeSocket(j, ikeSocket);
                    IkeSessionStateMachine.this.mLocalPort = IkeSessionStateMachine.this.mIkeSocket.getLocalPort();
                    if (z) {
                        IkeSessionStateMachine.this.mIkeNattKeepalive = IkeSessionStateMachine.this.buildAndStartNattKeepalive();
                    }
                } catch (IpSecManager.ResourceUnavailableException | ErrnoException | IOException e) {
                    IkeSessionStateMachine.this.handleIkeFatalError(e);
                }
            }
        }

        private void switchToIkeSocket(long j, IkeSocket ikeSocket) {
            IkeSessionStateMachine.this.migrateSpiToIkeSocket(j, IkeSessionStateMachine.this.mIkeSocket, ikeSocket);
            IkeSessionStateMachine.this.mIkeSocket.releaseReference(IkeSessionStateMachine.this);
            IkeSessionStateMachine.this.mIkeSocket = ikeSocket;
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            super.exitState();
            if (this.mRetransmitter != null) {
                this.mRetransmitter.stopRetransmitting();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$CreateIkeSaHelper.class */
    public static class CreateIkeSaHelper {
        private CreateIkeSaHelper() {
        }

        public static List<IkePayload> getIkeInitSaRequestPayloads(IkeSaProposal[] ikeSaProposalArr, int i, long j, long j2, InetAddress inetAddress, InetAddress inetAddress2, int i2, int i3, RandomnessFactory randomnessFactory, boolean z) throws IOException {
            List<IkePayload> createIkeSaPayloads = getCreateIkeSaPayloads(i, IkeSaPayload.createInitialIkeSaPayload(ikeSaProposalArr), randomnessFactory);
            if (inetAddress2 instanceof Inet4Address) {
                IkeSessionStateMachine.addNatDetectionPayloadsToList(createIkeSaPayloads, inetAddress, inetAddress2, i2, i3, j, j2);
            }
            return createIkeSaPayloads;
        }

        public static List<IkePayload> getRekeyIkeSaRequestPayloads(IkeSaProposal[] ikeSaProposalArr, IkeSpiGenerator ikeSpiGenerator, InetAddress inetAddress, RandomnessFactory randomnessFactory) throws IOException {
            if (inetAddress == null) {
                throw new IllegalArgumentException("Local address was null for rekey");
            }
            return getCreateIkeSaPayloads(ikeSaProposalArr[0].getDhGroupTransforms()[0].id, IkeSaPayload.createRekeyIkeSaRequestPayload(ikeSaProposalArr, ikeSpiGenerator, inetAddress), randomnessFactory);
        }

        public static List<IkePayload> getRekeyIkeSaResponsePayloads(byte b, IkeSaProposal ikeSaProposal, IkeSpiGenerator ikeSpiGenerator, InetAddress inetAddress, RandomnessFactory randomnessFactory) throws IOException {
            if (inetAddress == null) {
                throw new IllegalArgumentException("Local address was null for rekey");
            }
            return getCreateIkeSaPayloads(ikeSaProposal.getDhGroupTransforms()[0].id, IkeSaPayload.createRekeyIkeSaResponsePayload(b, ikeSaProposal, ikeSpiGenerator, inetAddress), randomnessFactory);
        }

        private static List<IkePayload> getCreateIkeSaPayloads(int i, IkeSaPayload ikeSaPayload, RandomnessFactory randomnessFactory) throws IOException {
            if (ikeSaPayload.proposalList.size() == 0) {
                throw new IllegalArgumentException("Invalid SA proposal list - was empty");
            }
            ArrayList arrayList = new ArrayList(3);
            arrayList.add(ikeSaPayload);
            arrayList.add(IkeKePayload.createOutboundKePayload(i, randomnessFactory));
            arrayList.add(new IkeNoncePayload(randomnessFactory));
            return arrayList;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$DeleteBase.class */
    private abstract class DeleteBase extends DeleteResponderBase {
        private DeleteBase() {
            super();
        }

        protected void validateIkeDeleteResp(IkeMessage ikeMessage, SaRecord.IkeSaRecord ikeSaRecord) throws InvalidSyntaxException {
            if (ikeSaRecord != getIkeSaRecordForPacket(ikeMessage.ikeHeader)) {
                throw new IllegalStateException("Response received on incorrect SA");
            }
            if (ikeMessage.ikeHeader.exchangeType != 37) {
                throw new InvalidSyntaxException("Invalid exchange type; expected INFORMATIONAL, but got: " + ikeMessage.ikeHeader.exchangeType);
            }
            if (!ikeMessage.ikePayloadList.isEmpty()) {
                throw new InvalidSyntaxException("Unexpected payloads - IKE Delete response should be empty.");
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$DeleteIkeLocalDelete.class */
    class DeleteIkeLocalDelete extends DeleteBase {
        private Retransmitter mRetransmitter;

        DeleteIkeLocalDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                default:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 43);
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                validateIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                IkeSessionStateMachine.this.executeUserCallback(() -> {
                    IkeSessionStateMachine.this.mIkeSessionCallback.onClosed();
                });
                IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                IkeSessionStateMachine.this.mCurrentIkeSaRecord.close();
                IkeSessionStateMachine.this.mCurrentIkeSaRecord = null;
                IkeSessionStateMachine.this.quitNow();
            } catch (InvalidSyntaxException e) {
                handleResponseGenericProcessError(IkeSessionStateMachine.this.mCurrentIkeSaRecord, e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            IkeSessionStateMachine.this.loge("Invalid syntax on IKE Delete response. Shutting down anyways", invalidSyntaxException);
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
            IkeSessionStateMachine.this.quitNow();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            this.mRetransmitter.stopRetransmitting();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$DeleteResponderBase.class */
    public abstract class DeleteResponderBase extends BusyState {
        private DeleteResponderBase() {
            super();
        }

        protected IkeMessage buildIkeDeleteResp(IkeMessage ikeMessage, SaRecord.IkeSaRecord ikeSaRecord) {
            return IkeSessionStateMachine.this.buildEncryptedInformationalMessage(ikeSaRecord, new IkeInformationalPayload[0], true, ikeMessage.ikeHeader.messageId);
        }

        protected void validateIkeDeleteReq(IkeMessage ikeMessage, SaRecord.IkeSaRecord ikeSaRecord) throws InvalidSyntaxException {
            if (ikeSaRecord != getIkeSaRecordForPacket(ikeMessage.ikeHeader)) {
                throw new InvalidSyntaxException("Delete request received in wrong SA");
            }
        }

        protected void handleDeleteSessionRequest(IkeMessage ikeMessage) {
            try {
                validateIkeDeleteReq(ikeMessage, IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                IkeMessage buildIkeDeleteResp = buildIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                IkeSessionStateMachine.this.executeUserCallback(() -> {
                    IkeSessionStateMachine.this.mIkeSessionCallback.onClosed();
                });
                IkeSessionStateMachine.this.sendEncryptedIkeMessage(IkeSessionStateMachine.this.mCurrentIkeSaRecord, buildIkeDeleteResp);
                IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mCurrentIkeSaRecord);
                IkeSessionStateMachine.this.mCurrentIkeSaRecord.close();
                IkeSessionStateMachine.this.mCurrentIkeSaRecord = null;
                IkeSessionStateMachine.this.quitNow();
            } catch (InvalidSyntaxException e) {
                cleanUpAndQuit(new IllegalStateException(e));
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$DpdIkeLocalInfo.class */
    class DpdIkeLocalInfo extends DeleteBase {
        private Retransmitter mRetransmitter;

        DpdIkeLocalInfo() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, IkeSessionStateMachine.this.buildEncryptedInformationalMessage(new IkeInformationalPayload[0], false, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getLocalRequestMessageId()));
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                case 8:
                    handleGenericInfoRequest(ikeMessage);
                    return;
                default:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 43);
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            if (ikeMessage.ikeHeader.exchangeType == 37) {
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            } else {
                handleResponseGenericProcessError(IkeSessionStateMachine.this.mCurrentIkeSaRecord, new InvalidSyntaxException("Invalid exchange type; expected INFORMATIONAL, but got: " + ikeMessage.ikeHeader.exchangeType));
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            IkeSessionStateMachine.this.loge("Invalid syntax on IKE DPD response.", invalidSyntaxException);
            IkeSessionStateMachine.this.handleIkeFatalError(invalidSyntaxException);
            IkeSessionStateMachine.this.quitNow();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            this.mRetransmitter.stopRetransmitting();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$EncryptedRetransmitter.class */
    public class EncryptedRetransmitter extends Retransmitter {
        private final SaRecord.IkeSaRecord mIkeSaRecord;

        @VisibleForTesting
        EncryptedRetransmitter(IkeSessionStateMachine ikeSessionStateMachine, IkeMessage ikeMessage) {
            this(ikeSessionStateMachine.mCurrentIkeSaRecord, ikeMessage);
        }

        private EncryptedRetransmitter(SaRecord.IkeSaRecord ikeSaRecord, IkeMessage ikeMessage) {
            super(IkeSessionStateMachine.this.getHandler(), ikeMessage, IkeSessionStateMachine.this.mIkeSessionParams.getRetransmissionTimeoutsMillis());
            this.mIkeSaRecord = ikeSaRecord;
            retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.utils.Retransmitter
        public void send(IkeMessage ikeMessage) {
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(this.mIkeSaRecord, ikeMessage);
        }

        @Override // com.android.internal.net.ipsec.ike.utils.Retransmitter
        public void handleRetransmissionFailure() {
            IkeSessionStateMachine.this.handleIkeFatalError(new IOException("Retransmitting failure"));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$ExceptionHandler.class */
    public abstract class ExceptionHandler extends AbstractSessionStateMachine.ExceptionHandlerBase {
        ExceptionHandler() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        protected void cleanUpAndQuit(RuntimeException runtimeException) {
            IkeSessionStateMachine.this.closeAllSaRecords(false);
            IkeSessionStateMachine.this.executeUserCallback(() -> {
                IkeSessionStateMachine.this.mIkeSessionCallback.onClosedWithException(new IkeInternalException(runtimeException));
            });
            IkeSessionStateMachine.this.logWtf("Unexpected exception in " + IkeSessionStateMachine.this.getCurrentState().getName(), runtimeException);
            IkeSessionStateMachine.this.quitNow();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        protected String getCmdString(int i) {
            return (String) IkeSessionStateMachine.CMD_TO_STR.get(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$FirstChildNegotiationData.class */
    public static class FirstChildNegotiationData {
        public final ChildSessionParams childSessionParams;
        public final ChildSessionCallback childSessionCallback;
        public final List<IkePayload> reqPayloads;
        public final List<IkePayload> respPayloads;

        FirstChildNegotiationData(ChildSessionParams childSessionParams, ChildSessionCallback childSessionCallback, List<IkePayload> list, List<IkePayload> list2) {
            this.childSessionParams = childSessionParams;
            this.childSessionCallback = childSessionCallback;
            this.reqPayloads = list;
            this.respPayloads = list2;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$Idle.class */
    class Idle extends LocalRequestQueuer {
        private PendingIntent mDpdIntent;

        Idle() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            if (!IkeSessionStateMachine.this.mScheduler.readyForNextProcedure()) {
                IkeSessionStateMachine.this.mBusyWakeLock.release();
            }
            if (this.mDpdIntent == null) {
                long remoteSpi = IkeSessionStateMachine.this.mCurrentIkeSaRecord.getRemoteSpi();
                this.mDpdIntent = IkeSessionStateMachine.buildIkeAlarmIntent(IkeSessionStateMachine.this.mContext, IkeAlarmReceiver.ACTION_DPD, IkeSessionStateMachine.this.getIntentIdentifier(remoteSpi), IkeSessionStateMachine.this.getIntentIkeSmMsg(405, remoteSpi));
            }
            long millis = TimeUnit.SECONDS.toMillis(IkeSessionStateMachine.this.mIkeSessionParams.getDpdDelaySeconds());
            IkeSessionStateMachine.this.mAlarmManager.setExactAndAllowWhileIdle(2, SystemClock.elapsedRealtime() + millis, this.mDpdIntent);
            IkeSessionStateMachine.this.logd("DPD Alarm scheduled with DPD delay: " + millis + DateFormat.MINUTE_SECOND);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            IkeSessionStateMachine.this.mAlarmManager.cancel(this.mDpdIntent);
            IkeSessionStateMachine.this.logd("DPD Alarm canceled");
            IkeSessionStateMachine.this.mBusyWakeLock.acquire();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 301:
                    IkeSessionStateMachine.this.deferMessage(message);
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mReceiving);
                    return true;
                case 307:
                    executeLocalRequest((IkeLocalRequestScheduler.LocalRequest) message.obj, message);
                    return true;
                case 315:
                    handleFiredAlarm(message);
                    return true;
                case 317:
                    IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
                    return false;
                case 318:
                    IkeSessionStateMachine.this.onUnderlyingNetworkUpdated((Network) message.obj);
                    return true;
                case 399:
                    IkeSessionStateMachine.this.transitionTo((State) message.obj);
                    return true;
                default:
                    if (!isLocalRequest(message.what)) {
                        return false;
                    }
                    handleLocalRequest(message.what, (IkeLocalRequestScheduler.LocalRequest) message.obj);
                    IkeSessionStateMachine.this.mScheduler.readyForNextProcedure();
                    return true;
            }
        }

        private void executeLocalRequest(IkeLocalRequestScheduler.LocalRequest localRequest, Message message) {
            localRequest.releaseWakeLock();
            if (!isRequestForCurrentSa(localRequest)) {
                IkeSessionStateMachine.this.logd("Request is for a deleted SA. Ignore it.");
                IkeSessionStateMachine.this.mScheduler.readyForNextProcedure();
                return;
            }
            switch (localRequest.procedureType) {
                case 1:
                case 2:
                case 3:
                case 4:
                    IkeSessionStateMachine.this.deferMessage(message);
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mChildProcedureOngoing);
                    return;
                case 402:
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mDeleteIkeLocalDelete);
                    return;
                case 403:
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mRekeyIkeLocalCreate);
                    return;
                case 405:
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mDpdIkeLocalInfo);
                    return;
                case 406:
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mMobikeLocalInfo);
                    return;
                default:
                    cleanUpAndQuit(new IllegalStateException("Invalid local request procedure type: " + localRequest.procedureType));
                    return;
            }
        }

        private boolean isRequestForCurrentSa(IkeLocalRequestScheduler.LocalRequest localRequest) {
            if (localRequest.isChildRequest()) {
                IkeLocalRequestScheduler.ChildLocalRequest childLocalRequest = (IkeLocalRequestScheduler.ChildLocalRequest) localRequest;
                return childLocalRequest.remoteSpi == IkeLocalRequestScheduler.SPI_NOT_INCLUDED || IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.get(childLocalRequest.remoteSpi) != null;
            }
            IkeLocalRequestScheduler.IkeLocalRequest ikeLocalRequest = (IkeLocalRequestScheduler.IkeLocalRequest) localRequest;
            return ikeLocalRequest.remoteSpi == ((long) IkeLocalRequestScheduler.SPI_NOT_INCLUDED) || ikeLocalRequest.remoteSpi == IkeSessionStateMachine.this.mCurrentIkeSaRecord.getRemoteSpi();
        }
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$IkeExchangeSubType.class */
    @interface IkeExchangeSubType {
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$Initial.class */
    class Initial extends ExceptionHandler {
        Initial() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            try {
                IkeSessionStateMachine.this.resolveAndSetAvailableRemoteAddresses();
                IkeSessionStateMachine.this.setRemoteAddress();
                boolean z = IkeSessionStateMachine.this.mRemoteAddress instanceof Inet4Address;
                IkeSessionStateMachine.this.mIkeSocket = IkeSessionStateMachine.this.getIkeSocket(z, IkeSessionStateMachine.this.mIkeSessionParams.hasIkeOption(3));
                IkeSessionStateMachine.this.mLocalPort = IkeSessionStateMachine.this.mIkeSocket.getLocalPort();
                IkeSessionStateMachine.this.mLocalAddress = IkeSessionStateMachine.this.mIkeLocalAddressGenerator.generateLocalAddress(IkeSessionStateMachine.this.mNetwork, z, IkeSessionStateMachine.this.mRemoteAddress, IkeSessionStateMachine.this.mIkeSocket.getIkeServerPort());
                if (IkeSessionStateMachine.this.mIkeSocket instanceof IkeUdpEncapSocket) {
                    IkeSessionStateMachine.this.mIkeNattKeepalive = IkeSessionStateMachine.this.buildAndStartNattKeepalive();
                }
            } catch (IpSecManager.ResourceUnavailableException | ErrnoException | IOException e) {
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 399:
                    IkeSessionStateMachine.this.transitionTo((State) message.obj);
                    return true;
                case 401:
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mCreateIkeLocalIkeInit);
                    return true;
                default:
                    return false;
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$KillIkeSessionParent.class */
    class KillIkeSessionParent extends ExceptionHandler {
        KillIkeSessionParent() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 317:
                    IkeSessionStateMachine.this.closeAllSaRecords(false);
                    IkeSessionStateMachine.this.executeUserCallback(() -> {
                        IkeSessionStateMachine.this.mIkeSessionCallback.onClosed();
                    });
                    IkeSessionStateMachine.this.quitNow();
                    return true;
                default:
                    return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$LocalRequestQueuer.class */
    public abstract class LocalRequestQueuer extends ExceptionHandler {
        private LocalRequestQueuer() {
            super();
        }

        protected void handleLocalRequest(int i, IkeLocalRequestScheduler.LocalRequest localRequest) {
            switch (i) {
                case 1:
                case 2:
                case 3:
                case 4:
                    IkeLocalRequestScheduler.ChildLocalRequest childLocalRequest = (IkeLocalRequestScheduler.ChildLocalRequest) localRequest;
                    if (childLocalRequest.procedureType != i) {
                        cleanUpAndQuit(new IllegalArgumentException("ChildLocalRequest procedure type was invalid"));
                    }
                    IkeSessionStateMachine.this.mScheduler.addRequest(childLocalRequest);
                    return;
                case 402:
                case 403:
                case 404:
                case 405:
                case 406:
                    IkeSessionStateMachine.this.mScheduler.addRequest(localRequest);
                    return;
                default:
                    cleanUpAndQuit(new IllegalStateException("Unknown local request passed to handleLocalRequest"));
                    return;
            }
        }

        protected boolean isLocalRequest(int i) {
            if (i < 400 || i >= 500) {
                return i >= 0 && i < 100;
            }
            return true;
        }

        protected void handleFiredAlarm(Message message) {
            switch (message.arg2) {
                case 2:
                case 3:
                    enqueueLocalRequestSynchronously(IkeSessionStateMachine.this.mLocalRequestFactory.getChildLocalRequest(message.arg2, ((Bundle) message.obj).getInt(IkeSessionStateMachine.BUNDLE_KEY_CHILD_REMOTE_SPI)));
                    return;
                case 316:
                    if (IkeSessionStateMachine.this.mIkeNattKeepalive != null) {
                        IkeSessionStateMachine.this.mIkeNattKeepalive.onAlarmFired();
                        return;
                    }
                    return;
                case 402:
                case 403:
                case 405:
                    enqueueLocalRequestSynchronously(IkeSessionStateMachine.this.mLocalRequestFactory.getIkeLocalRequest(message.arg2, ((Bundle) message.obj).getLong(IkeSessionStateMachine.BUNDLE_KEY_IKE_REMOTE_SPI)));
                    return;
                default:
                    IkeSessionStateMachine.this.logWtf("Invalid alarm action: " + message.arg2);
                    return;
            }
        }

        private void enqueueLocalRequestSynchronously(IkeLocalRequestScheduler.LocalRequest localRequest) {
            IkeSessionStateMachine.this.getHandler().dispatchMessage(IkeSessionStateMachine.this.obtainMessage(localRequest.procedureType, localRequest));
        }

        protected IkeMessage buildIkeDeleteReq(SaRecord.IkeSaRecord ikeSaRecord) {
            return IkeSessionStateMachine.this.buildEncryptedInformationalMessage(ikeSaRecord, new IkeInformationalPayload[]{new IkeDeletePayload()}, false, ikeSaRecord.getLocalRequestMessageId());
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$MobikeLocalInfo.class */
    class MobikeLocalInfo extends DeleteBase {
        private Retransmitter mRetransmitter;

        MobikeLocalInfo() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            if (IkeSessionStateMachine.this.mSupportMobike) {
                IkeSessionStateMachine.this.logd("MOBIKE mobility event");
                this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildUpdateSaAddressesReq());
            } else {
                IkeSessionStateMachine.this.logd("non-MOBIKE mobility event");
                migrateAllChildSAs();
                notifyConnectionInfoChanged();
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            }
        }

        private boolean needNatDetection() {
            return IkeSessionStateMachine.this.mRemoteAddress instanceof Inet4Address ? !IkeSessionStateMachine.this.mHasCheckedNattSupport || IkeSessionStateMachine.this.mSupportNatTraversal : IkeSessionStateMachine.this.mLocalNatDetected || IkeSessionStateMachine.this.mRemoteNatDetected;
        }

        private IkeMessage buildUpdateSaAddressesReq() {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new IkeNotifyPayload(16400));
            if (needNatDetection()) {
                IkeSessionStateMachine.addNatDetectionPayloadsToList(arrayList, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, IkeSessionStateMachine.this.mLocalPort, IkeSessionStateMachine.this.mIkeSocket.getIkeServerPort(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi());
            }
            return IkeSessionStateMachine.this.buildEncryptedInformationalMessage(IkeSessionStateMachine.this.mCurrentIkeSaRecord, (IkeInformationalPayload[]) arrayList.toArray(new IkeInformationalPayload[arrayList.size()]), false, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getLocalRequestMessageId());
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            super.exitState();
            if (this.mRetransmitter != null) {
                this.mRetransmitter.stopRetransmitting();
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        public void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                default:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 43);
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        public void handleResponseIkeMessage(IkeMessage ikeMessage) {
            this.mRetransmitter.stopRetransmitting();
            try {
                validateResp(ikeMessage);
                migrateAllChildSAs();
                notifyConnectionInfoChanged();
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            } catch (IkeException | IOException e) {
                IkeSessionStateMachine.this.handleIkeFatalError(e);
            }
        }

        private void validateResp(IkeMessage ikeMessage) throws IkeException, IOException {
            if (ikeMessage.ikeHeader.exchangeType != 37) {
                throw new InvalidSyntaxException("Invalid exchange type; expected INFORMATIONAL, but got: " + ikeMessage.ikeHeader.exchangeType);
            }
            ArrayList arrayList = new ArrayList();
            IkeNotifyPayload ikeNotifyPayload = null;
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 41:
                        IkeNotifyPayload ikeNotifyPayload2 = (IkeNotifyPayload) ikePayload;
                        if (ikeNotifyPayload2.isErrorNotify()) {
                            throw ikeNotifyPayload2.validateAndBuildIkeException();
                        }
                        switch (ikeNotifyPayload2.notifyType) {
                            case 16388:
                                arrayList.add(ikeNotifyPayload2);
                                break;
                            case 16389:
                                if (ikeNotifyPayload != null) {
                                    throw new InvalidSyntaxException("More than one NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP found");
                                }
                                ikeNotifyPayload = ikeNotifyPayload2;
                                break;
                            default:
                                IkeSessionStateMachine.this.logw("Received unknown or unexpected status notifications with notify type: " + ikeNotifyPayload2.notifyType);
                                break;
                        }
                    default:
                        IkeSessionStateMachine.this.logw("Unexpected payload types found: " + ikePayload.payloadType);
                        break;
                }
            }
            if (this.mRetransmitter.getMessage().hasNotifyPayload(16388)) {
                handleNatDetection(ikeMessage, arrayList, ikeNotifyPayload);
            }
        }

        private void handleNatDetection(IkeMessage ikeMessage, List<IkeNotifyPayload> list, IkeNotifyPayload ikeNotifyPayload) throws IkeException {
            if (!IkeSessionStateMachine.this.didPeerIncludeNattDetectionPayloads(list, ikeNotifyPayload)) {
                if (IkeSessionStateMachine.this.mHasCheckedNattSupport) {
                    return;
                }
                IkeSessionStateMachine.this.mHasCheckedNattSupport = true;
                IkeSessionStateMachine.this.mSupportNatTraversal = false;
                return;
            }
            if (!IkeSessionStateMachine.this.mHasCheckedNattSupport) {
                IkeSessionStateMachine.this.mHasCheckedNattSupport = true;
                IkeSessionStateMachine.this.mSupportNatTraversal = true;
            }
            IkeSessionStateMachine.this.updateLocalAndRemoteNatDetected(ikeMessage.ikeHeader.ikeInitiatorSpi, ikeMessage.ikeHeader.ikeResponderSpi, list, ikeNotifyPayload);
            if (IkeSessionStateMachine.this.mLocalNatDetected || IkeSessionStateMachine.this.mRemoteNatDetected) {
                if (IkeSessionStateMachine.this.mRemoteAddress instanceof Inet6Address) {
                    throw new IkeInternalException(new UnsupportedOperationException("An IPv6 NAT is detected."));
                }
                IkeSessionStateMachine.this.logd("Switching to send to remote port 4500 if it's not already");
                IkeSessionStateMachine.this.getAndSwitchToIkeSocket(IkeSessionStateMachine.this.mRemoteAddress instanceof Inet4Address, true);
            }
        }

        private void migrateAllChildSAs() {
            for (int i = 0; i < IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.size(); i++) {
                IkeSessionStateMachine.this.sendMessage(4, IkeSessionStateMachine.this.mLocalRequestFactory.getChildLocalRequest(4, IkeSessionStateMachine.this.mRemoteSpiToChildSessionMap.keyAt(i)));
            }
        }

        @SuppressLint({"NewApi"})
        private void notifyConnectionInfoChanged() {
            IkeSessionConnectionInfo ikeSessionConnectionInfo = new IkeSessionConnectionInfo(IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRemoteAddress, IkeSessionStateMachine.this.mNetwork);
            IkeSessionStateMachine.this.executeUserCallback(() -> {
                IkeSessionStateMachine.this.mIkeSessionCallback.onIkeSessionConnectionInfoChanged(ikeSessionConnectionInfo);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$ReceivedIkePacket.class */
    public static class ReceivedIkePacket {
        public final IkeHeader ikeHeader;
        public final byte[] ikePacketBytes;

        ReceivedIkePacket(IkeHeader ikeHeader, byte[] bArr) {
            this.ikeHeader = ikeHeader;
            this.ikePacketBytes = bArr;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$Receiving.class */
    class Receiving extends RekeyIkeHandlerBase {
        private boolean mProcedureFinished;

        Receiving() {
            super();
            this.mProcedureFinished = true;
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mProcedureFinished = true;
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleReceivedIkePacket(Message message) {
            super.handleReceivedIkePacket(message);
            if (this.mProcedureFinished) {
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 3:
                case 5:
                case 7:
                    IkeSessionStateMachine.this.deferMessage(IkeSessionStateMachine.this.obtainMessage(303, i, 0, ikeMessage));
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mChildProcedureOngoing);
                    this.mProcedureFinished = false;
                    return;
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                case 6:
                    try {
                        validateIkeRekeyReq(ikeMessage);
                        IkeMessage ikeMessage2 = new IkeMessage(new IkeHeader(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi(), 46, 36, true, IkeSessionStateMachine.this.mCurrentIkeSaRecord.isLocalInit, ikeMessage.ikeHeader.messageId), CreateIkeSaHelper.getRekeyIkeSaResponsePayloads(((IkeSaPayload) ikeMessage.getPayloadForType(33, IkeSaPayload.class)).getNegotiatedProposalNumber(IkeSessionStateMachine.this.mSaProposal), IkeSessionStateMachine.this.mSaProposal, IkeSessionStateMachine.this.mIkeSpiGenerator, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRandomFactory));
                        IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord = validateAndBuildIkeSa(ikeMessage, ikeMessage2, false);
                        IkeSessionStateMachine.this.sendEncryptedIkeMessage(ikeMessage2);
                        IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mRekeyIkeRemoteDelete);
                        this.mProcedureFinished = false;
                        return;
                    } catch (IkeProtocolException e) {
                        handleRekeyCreationFailure(ikeMessage.ikeHeader.messageId, e);
                        return;
                    } catch (IOException e2) {
                        handleRekeyCreationFailure(ikeMessage.ikeHeader.messageId, new NoValidProposalChosenException("IKE SPI allocation collided - they reused an SPI.", e2));
                        return;
                    } catch (GeneralSecurityException e3) {
                        handleRekeyCreationFailure(ikeMessage.ikeHeader.messageId, new NoValidProposalChosenException("Error in building new IKE SA", e3));
                        return;
                    }
                case 8:
                    handleGenericInfoRequest(ikeMessage);
                    return;
                default:
                    return;
            }
        }

        private void handleRekeyCreationFailure(int i, IkeProtocolException ikeProtocolException) {
            IkeSessionStateMachine.this.loge("Received invalid Rekey IKE request. Reject with error notification", ikeProtocolException);
            IkeSessionStateMachine.this.buildAndSendNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, i, ikeProtocolException.buildNotifyPayload());
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$RekeyIkeDeleteBase.class */
    private abstract class RekeyIkeDeleteBase extends DeleteBase {
        private RekeyIkeDeleteBase() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 301:
                    ReceivedIkePacket receivedIkePacket = (ReceivedIkePacket) message.obj;
                    IkeHeader ikeHeader = receivedIkePacket.ikeHeader;
                    SaRecord.IkeSaRecord ikeSaRecordForPacket = getIkeSaRecordForPacket(ikeHeader);
                    boolean z = false;
                    if (ikeSaRecordForPacket != null && IkeSessionStateMachine.this.mIkeSaRecordSurviving == ikeSaRecordForPacket) {
                        IkeMessage.DecodeResult decode = IkeMessage.decode(ikeHeader.isResponseMsg ? ikeSaRecordForPacket.getLocalRequestMessageId() : ikeSaRecordForPacket.getRemoteRequestMessageId(), IkeSessionStateMachine.this.mIkeIntegrity, IkeSessionStateMachine.this.mIkeCipher, ikeSaRecordForPacket, ikeHeader, receivedIkePacket.ikePacketBytes, ikeSaRecordForPacket.getCollectedFragments(ikeHeader.isResponseMsg));
                        z = decode.status == 2 || decode.status == 0 || decode.status == 1;
                    }
                    if (!z) {
                        handleReceivedIkePacket(message);
                        return true;
                    }
                    State state = IkeSessionStateMachine.this.mIdle;
                    if (ikeHeader.isResponseMsg || ikeSaRecordForPacket.getRemoteRequestMessageId() - ikeHeader.messageId != 0) {
                        state = IkeSessionStateMachine.this.mDeleteIkeLocalDelete;
                    } else {
                        IkeSessionStateMachine.this.deferMessage(message);
                    }
                    finishRekey();
                    IkeSessionStateMachine.this.transitionTo(state);
                    return true;
                default:
                    return super.processStateMessage(message);
            }
        }

        protected void finishRekey() {
            IkeSessionStateMachine.this.mCurrentIkeSaRecord = IkeSessionStateMachine.this.mIkeSaRecordSurviving;
            IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord = null;
            IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord = null;
            IkeSessionStateMachine.this.mIkeSaRecordSurviving = null;
            if (IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel != null) {
                IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel);
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel.close();
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel = null;
            }
            if (IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel != null) {
                IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel);
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel.close();
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel = null;
            }
            synchronized (IkeSessionStateMachine.this.mChildCbToSessions) {
                Iterator<ChildSessionStateMachine> it = IkeSessionStateMachine.this.mChildCbToSessions.values().iterator();
                while (it.hasNext()) {
                    it.next().setSkD(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getSkD());
                }
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$RekeyIkeHandlerBase.class */
    private abstract class RekeyIkeHandlerBase extends DeleteBase {
        private RekeyIkeHandlerBase() {
            super();
        }

        private void validateIkeRekeyCommon(IkeMessage ikeMessage) throws InvalidSyntaxException {
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            for (IkePayload ikePayload : ikeMessage.ikePayloadList) {
                switch (ikePayload.payloadType) {
                    case 33:
                        z = true;
                        break;
                    case 34:
                        z2 = true;
                        break;
                    case 35:
                    case 36:
                    case 37:
                    case 38:
                    case 39:
                    case 42:
                    default:
                        IkeSessionStateMachine.this.logw("Received unexpected payload in IKE REKEY request. Payload type: " + ikePayload.payloadType);
                        break;
                    case 40:
                        z3 = true;
                        break;
                    case 41:
                    case 43:
                        break;
                }
            }
            if (!z || !z2 || !z3) {
                throw new InvalidSyntaxException("SA, KE or Nonce payload missing.");
            }
        }

        @VisibleForTesting
        void validateIkeRekeyReq(IkeMessage ikeMessage) throws InvalidSyntaxException {
            for (IkeNotifyPayload ikeNotifyPayload : ikeMessage.getPayloadListForType(41, IkeNotifyPayload.class)) {
                if (ikeNotifyPayload.isErrorNotify()) {
                    IkeSessionStateMachine.this.logw("Error notifications invalid in request: " + ikeNotifyPayload.notifyType);
                }
            }
            validateIkeRekeyCommon(ikeMessage);
        }

        @VisibleForTesting
        void validateIkeRekeyResp(IkeMessage ikeMessage, IkeMessage ikeMessage2) throws InvalidSyntaxException {
            int i = ikeMessage2.ikeHeader.exchangeType;
            if (i != 36 && i != 37) {
                throw new InvalidSyntaxException("Expected Rekey response (CREATE_CHILD_SA or INFORMATIONAL) but received: " + i);
            }
            Iterator it = ikeMessage2.getPayloadListForType(41, IkeNotifyPayload.class).iterator();
            while (it.hasNext()) {
                if (((IkeNotifyPayload) it.next()).isErrorNotify()) {
                    return;
                }
            }
            validateIkeRekeyCommon(ikeMessage2);
            if (((IkeKePayload) ikeMessage.getPayloadForType(34, IkeKePayload.class)).dhGroup != ((IkeKePayload) ikeMessage2.getPayloadForType(34, IkeKePayload.class)).dhGroup) {
                throw new InvalidSyntaxException("Received KE payload with mismatched DH group.");
            }
        }

        protected boolean handleErrorNotifyIfExists(IkeMessage ikeMessage, boolean z) {
            IkeNotifyPayload ikeNotifyPayload = null;
            IkeNotifyPayload ikeNotifyPayload2 = null;
            IkeNotifyPayload ikeNotifyPayload3 = null;
            for (IkeNotifyPayload ikeNotifyPayload4 : ikeMessage.getPayloadListForType(41, IkeNotifyPayload.class)) {
                if (ikeNotifyPayload4.isErrorNotify()) {
                    if (ikeNotifyPayload3 == null) {
                        ikeNotifyPayload3 = ikeNotifyPayload4;
                    }
                    if (7 == ikeNotifyPayload4.notifyType) {
                        ikeNotifyPayload = ikeNotifyPayload4;
                    } else if (43 == ikeNotifyPayload4.notifyType) {
                        ikeNotifyPayload2 = ikeNotifyPayload4;
                    }
                }
            }
            if (ikeNotifyPayload3 == null) {
                return false;
            }
            if (ikeNotifyPayload != null) {
                try {
                    IkeSessionStateMachine.this.handleIkeFatalError(ikeNotifyPayload.validateAndBuildIkeException());
                    return true;
                } catch (InvalidSyntaxException e) {
                    IkeSessionStateMachine.this.handleIkeFatalError(e);
                    return true;
                }
            }
            if (ikeNotifyPayload2 != null) {
                IkeSessionStateMachine.this.loge("Received TEMPORARY_FAILURE for rekey IKE. Already handled during decoding.");
            } else {
                IkeSessionStateMachine.this.loge("Received error notification: " + ikeNotifyPayload3.notifyType + " for rekey IKE. Schedule a retry");
                if (!z) {
                    IkeSessionStateMachine.this.mCurrentIkeSaRecord.rescheduleRekey(AbstractSessionStateMachine.RETRY_INTERVAL_MS);
                }
            }
            if (z) {
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mRekeyIkeRemoteDelete);
                return true;
            }
            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            return true;
        }

        protected SaRecord.IkeSaRecord validateAndBuildIkeSa(IkeMessage ikeMessage, IkeMessage ikeMessage2, boolean z) throws IkeProtocolException, GeneralSecurityException, IOException {
            InetAddress inetAddress = z ? IkeSessionStateMachine.this.mLocalAddress : IkeSessionStateMachine.this.mRemoteAddress;
            InetAddress inetAddress2 = z ? IkeSessionStateMachine.this.mRemoteAddress : IkeSessionStateMachine.this.mLocalAddress;
            Pair<IkeSaPayload.IkeProposal, IkeSaPayload.IkeProposal> pair = null;
            try {
                pair = IkeSaPayload.getVerifiedNegotiatedIkeProposalPair((IkeSaPayload) ikeMessage.getPayloadForType(33, IkeSaPayload.class), (IkeSaPayload) ikeMessage2.getPayloadForType(33, IkeSaPayload.class), IkeSessionStateMachine.this.mIkeSpiGenerator, IkeSessionStateMachine.this.mRemoteAddress);
                IkeSaPayload.IkeProposal ikeProposal = pair.first;
                IkeSaPayload.IkeProposal ikeProposal2 = pair.second;
                IkeMacIntegrity ikeMacIntegrity = null;
                IkeCipher create = IkeCipher.create(ikeProposal2.saProposal.getEncryptionTransforms()[0]);
                if (!create.isAead()) {
                    ikeMacIntegrity = IkeMacIntegrity.create(ikeProposal2.saProposal.getIntegrityTransforms()[0]);
                }
                IkeMacPrf create2 = IkeMacPrf.create(ikeProposal2.saProposal.getPrfTransforms()[0]);
                SaRecord.IkeSaRecord makeRekeyedIkeSaRecord = SaRecord.IkeSaRecord.makeRekeyedIkeSaRecord(IkeSessionStateMachine.this.mCurrentIkeSaRecord, IkeSessionStateMachine.this.mIkePrf, ikeMessage, ikeMessage2, ikeProposal.getIkeSpiResource(), ikeProposal2.getIkeSpiResource(), create2, ikeMacIntegrity == null ? 0 : ikeMacIntegrity.getKeyLength(), create.getKeyLength(), z, IkeSessionStateMachine.this.buildSaLifetimeAlarmScheduler(z ? ikeProposal2.getIkeSpiResource().getSpi() : ikeProposal.getIkeSpiResource().getSpi()));
                IkeSessionStateMachine.this.addIkeSaRecord(makeRekeyedIkeSaRecord);
                IkeSessionStateMachine.this.mIkeCipher = create;
                IkeSessionStateMachine.this.mIkePrf = create2;
                IkeSessionStateMachine.this.mIkeIntegrity = ikeMacIntegrity;
                return makeRekeyedIkeSaRecord;
            } catch (IkeProtocolException | IOException | GeneralSecurityException e) {
                if (pair != null) {
                    pair.first.getIkeSpiResource().close();
                    pair.second.getIkeSpiResource().close();
                }
                throw e;
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$RekeyIkeLocalCreate.class */
    class RekeyIkeLocalCreate extends RekeyIkeHandlerBase {
        protected Retransmitter mRetransmitter;

        RekeyIkeLocalCreate() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            try {
                this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, buildIkeRekeyReq());
            } catch (IOException e) {
                IkeSessionStateMachine.this.loge("Fail to assign IKE SPI for rekey. Schedule a retry.", e);
                IkeSessionStateMachine.this.mCurrentIkeSaRecord.rescheduleRekey(AbstractSessionStateMachine.RETRY_INTERVAL_MS);
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleTempFailure() {
            IkeSessionStateMachine.this.mTempFailHandler.handleTempFailure();
            IkeSessionStateMachine.this.mCurrentIkeSaRecord.rescheduleRekey(AbstractSessionStateMachine.RETRY_INTERVAL_MS);
        }

        private IkeMessage buildIkeRekeyReq() throws IOException {
            return new IkeMessage(new IkeHeader(IkeSessionStateMachine.this.mCurrentIkeSaRecord.getInitiatorSpi(), IkeSessionStateMachine.this.mCurrentIkeSaRecord.getResponderSpi(), 46, 36, false, IkeSessionStateMachine.this.mCurrentIkeSaRecord.isLocalInit, IkeSessionStateMachine.this.mCurrentIkeSaRecord.getLocalRequestMessageId()), CreateIkeSaHelper.getRekeyIkeSaRequestPayloads(new IkeSaProposal[]{IkeSessionStateMachine.this.mSaProposal}, IkeSessionStateMachine.this.mIkeSpiGenerator, IkeSessionStateMachine.this.mLocalAddress, IkeSessionStateMachine.this.mRandomFactory));
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    handleDeleteSessionRequest(ikeMessage);
                    return;
                case 8:
                    handleGenericInfoRequest(ikeMessage);
                    return;
                default:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mCurrentIkeSaRecord, ikeMessage.ikeHeader.messageId, 43);
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                validateIkeRekeyResp(this.mRetransmitter.getMessage(), ikeMessage);
                if (!handleErrorNotifyIfExists(ikeMessage, false)) {
                    IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord = validateAndBuildIkeSa(this.mRetransmitter.getMessage(), ikeMessage, true);
                    IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mRekeyIkeLocalDelete);
                }
                this.mRetransmitter.stopRetransmitting();
            } catch (IkeProtocolException e) {
                if (e instanceof InvalidSyntaxException) {
                    handleProcessRespOrSaCreationFailureAndQuit(e);
                } else {
                    handleProcessRespOrSaCreationFailureAndQuit(new InvalidSyntaxException("Error in processing IKE Rekey-Create response", e));
                }
            } catch (IOException | GeneralSecurityException e2) {
                handleProcessRespOrSaCreationFailureAndQuit(new IkeInternalException("Error in creating a new IKE SA during rekey", e2));
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            handleProcessRespOrSaCreationFailureAndQuit(invalidSyntaxException);
        }

        private void handleProcessRespOrSaCreationFailureAndQuit(IkeException ikeException) {
            this.mRetransmitter.stopRetransmitting();
            IkeSessionStateMachine.this.sendEncryptedIkeMessage(buildIkeDeleteReq(IkeSessionStateMachine.this.mCurrentIkeSaRecord));
            IkeSessionStateMachine.this.handleIkeFatalError(ikeException);
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$RekeyIkeLocalDelete.class */
    class RekeyIkeLocalDelete extends SimulRekeyIkeLocalDelete {
        private Retransmitter mRetransmitter;

        RekeyIkeLocalDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.SimulRekeyIkeLocalDelete, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            IkeSessionStateMachine.this.mIkeSaRecordSurviving = IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord;
            IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel = IkeSessionStateMachine.this.mCurrentIkeSaRecord;
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel, buildIkeDeleteReq(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel));
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.SimulRekeyIkeLocalDelete, com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            this.mRetransmitter.stopRetransmitting();
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$RekeyIkeRemoteDelete.class */
    class RekeyIkeRemoteDelete extends SimulRekeyIkeRemoteDelete {
        RekeyIkeRemoteDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            IkeSessionStateMachine.this.mIkeSaRecordSurviving = IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord;
            IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel = IkeSessionStateMachine.this.mCurrentIkeSaRecord;
            IkeSessionStateMachine.this.sendMessageDelayed(101, AbstractSessionStateMachine.REKEY_DELETE_TIMEOUT_MS);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.RekeyIkeDeleteBase, com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            if (message.what != 101) {
                return super.processStateMessage(message);
            }
            finishRekey();
            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            return true;
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            IkeSessionStateMachine.this.removeMessages(101);
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$SimulRekeyIkeLocalCreate.class */
    class SimulRekeyIkeLocalCreate extends RekeyIkeLocalCreate {
        SimulRekeyIkeLocalCreate() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.RekeyIkeLocalCreate, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this, null);
        }

        public IkeMessage buildRequest() {
            throw new UnsupportedOperationException("Do not support sending request in " + IkeSessionStateMachine.this.getCurrentState().getName());
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState, com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public boolean processStateMessage(Message message) {
            switch (message.what) {
                case 301:
                    if (IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord == getIkeSaRecordForPacket(((ReceivedIkePacket) message.obj).ikeHeader)) {
                        IkeSessionStateMachine.this.deferMessage(message);
                        return true;
                    }
                    handleReceivedIkePacket(message);
                    return true;
                default:
                    return super.processStateMessage(message);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.RekeyIkeLocalCreate, com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    IkeSessionStateMachine.this.deferMessage(message);
                    return;
                default:
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.RekeyIkeLocalCreate, com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                validateIkeRekeyResp(this.mRetransmitter.getMessage(), ikeMessage);
                IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord = validateAndBuildIkeSa(this.mRetransmitter.getMessage(), ikeMessage, true);
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mSimulRekeyIkeLocalDeleteRemoteDelete);
            } catch (IkeProtocolException e) {
            } catch (IOException e2) {
            } catch (GeneralSecurityException e3) {
            }
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$SimulRekeyIkeLocalDelete.class */
    class SimulRekeyIkeLocalDelete extends RekeyIkeDeleteBase {
        private Retransmitter mRetransmitter;

        SimulRekeyIkeLocalDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel, null);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel, ikeMessage.ikeHeader.messageId, 43);
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                validateIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel);
                finishRekey();
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            } catch (InvalidSyntaxException e) {
                IkeSessionStateMachine.this.loge("Invalid syntax on IKE Delete response. Shutting down old IKE SA and finishing rekey", e);
                finishRekey();
                IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
            } catch (IllegalStateException e2) {
                cleanUpAndQuit(e2);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            if (IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel != ikeSaRecord) {
                cleanUpAndQuit(new IllegalStateException("Delete response received on incorrect SA"));
                return;
            }
            IkeSessionStateMachine.this.loge("Invalid syntax on IKE Delete response. Shutting down old IKE SA and finishing rekey", invalidSyntaxException);
            finishRekey();
            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$SimulRekeyIkeLocalDeleteRemoteDelete.class */
    class SimulRekeyIkeLocalDeleteRemoteDelete extends RekeyIkeDeleteBase {
        private Retransmitter mRetransmitter;

        SimulRekeyIkeLocalDeleteRemoteDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void enterState() {
            if (IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord.compareTo(IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord) > 0) {
                IkeSessionStateMachine.this.mIkeSaRecordSurviving = IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord;
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel = IkeSessionStateMachine.this.mCurrentIkeSaRecord;
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel = IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord;
            } else {
                IkeSessionStateMachine.this.mIkeSaRecordSurviving = IkeSessionStateMachine.this.mRemoteInitNewIkeSaRecord;
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel = IkeSessionStateMachine.this.mLocalInitNewIkeSaRecord;
                IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel = IkeSessionStateMachine.this.mCurrentIkeSaRecord;
            }
            this.mRetransmitter = new EncryptedRetransmitter(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel, buildIkeDeleteReq(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel));
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void triggerRetransmit() {
            this.mRetransmitter.retransmit();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            getIkeSaRecordForPacket(ikeMessage.ikeHeader);
            switch (i) {
                case 4:
                    try {
                        validateIkeDeleteReq(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel);
                        buildIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel);
                        IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel);
                        IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mSimulRekeyIkeLocalDelete);
                        return;
                    } catch (InvalidSyntaxException e) {
                        IkeSessionStateMachine.this.logd("Validation failed for delete request", e);
                        return;
                    }
                default:
                    return;
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
            try {
                validateIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel);
                finishDeleteIkeSaAwaitingLocalDel();
            } catch (InvalidSyntaxException e) {
                IkeSessionStateMachine.this.loge("Invalid syntax on IKE Delete response. Shutting down anyways", e);
                finishDeleteIkeSaAwaitingLocalDel();
            } catch (IllegalStateException e2) {
                cleanUpAndQuit(e2);
            }
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleResponseGenericProcessError(SaRecord.IkeSaRecord ikeSaRecord, InvalidSyntaxException invalidSyntaxException) {
            if (IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel != ikeSaRecord) {
                cleanUpAndQuit(new IllegalStateException("Delete response received on incorrect SA"));
            } else {
                IkeSessionStateMachine.this.loge("Invalid syntax on IKE Delete response. Shutting down anyways", invalidSyntaxException);
                finishDeleteIkeSaAwaitingLocalDel();
            }
        }

        private void finishDeleteIkeSaAwaitingLocalDel() {
            this.mRetransmitter.stopRetransmitting();
            IkeSessionStateMachine.this.removeIkeSaRecord(IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel);
            IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel.close();
            IkeSessionStateMachine.this.mIkeSaRecordAwaitingLocalDel = null;
            IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mSimulRekeyIkeRemoteDelete);
        }

        @Override // com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.ExceptionHandlerBase
        public void exitState() {
            finishRekey();
            this.mRetransmitter.stopRetransmitting();
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$SimulRekeyIkeRemoteDelete.class */
    class SimulRekeyIkeRemoteDelete extends RekeyIkeDeleteBase {
        SimulRekeyIkeRemoteDelete() {
            super();
        }

        @Override // com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BusyState
        protected void handleRequestIkeMessage(IkeMessage ikeMessage, int i, Message message) {
            switch (i) {
                case 4:
                    try {
                        validateIkeDeleteReq(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel);
                        IkeSessionStateMachine.this.sendEncryptedIkeMessage(IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel, buildIkeDeleteResp(ikeMessage, IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel));
                        finishRekey();
                        IkeSessionStateMachine.this.transitionTo(IkeSessionStateMachine.this.mIdle);
                        return;
                    } catch (InvalidSyntaxException e) {
                        cleanUpAndQuit(new IllegalStateException(e));
                        return;
                    }
                default:
                    IkeSessionStateMachine.this.buildAndSendErrorNotificationResponse(IkeSessionStateMachine.this.mIkeSaRecordAwaitingRemoteDel, ikeMessage.ikeHeader.messageId, 43);
                    return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/IkeSessionStateMachine$TempFailureHandler.class */
    public class TempFailureHandler extends Handler {
        private static final int TEMP_FAILURE_RETRY_TIMEOUT = 1;
        private boolean mTempFailureReceived;

        TempFailureHandler(Looper looper) {
            super(looper);
            this.mTempFailureReceived = false;
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            if (message.what != 1) {
                IkeSessionStateMachine.this.logWtf("Unknown message.what: " + message.what);
                return;
            }
            IOException iOException = new IOException("Kept receiving TEMPORARY_FAILURE error. State information is out of sync.");
            IkeSessionStateMachine.this.executeUserCallback(() -> {
                IkeSessionStateMachine.this.mIkeSessionCallback.onClosedWithException(new IkeInternalException(iOException));
            });
            IkeSessionStateMachine.this.loge("Fatal error", iOException);
            IkeSessionStateMachine.this.closeAllSaRecords(false);
            IkeSessionStateMachine.this.quitNow();
        }

        public void handleTempFailure() {
            IkeSessionStateMachine.this.logd("TempFailureHandler: Receive TEMPORARY FAILURE");
            if (this.mTempFailureReceived) {
                return;
            }
            sendEmptyMessageDelayed(1, IkeSessionStateMachine.TEMP_FAILURE_RETRY_TIMEOUT_MS);
            this.mTempFailureReceived = true;
        }

        public void reset() {
            IkeSessionStateMachine.this.logd("TempFailureHandler: Reset Temporary failure retry timeout");
            removeMessages(1);
            this.mTempFailureReceived = false;
        }
    }

    @VisibleForTesting
    public IkeSessionStateMachine(Looper looper, Context context, IpSecManager ipSecManager, ConnectivityManager connectivityManager, IkeSessionParams ikeSessionParams, ChildSessionParams childSessionParams, Executor executor, IkeSessionCallback ikeSessionCallback, ChildSessionCallback childSessionCallback, IkeEapAuthenticatorFactory ikeEapAuthenticatorFactory, IkeLocalAddressGenerator ikeLocalAddressGenerator, IkeLocalRequestScheduler.LocalRequestFactory localRequestFactory) {
        super(TAG, looper, executor);
        this.mChildCbToSessions = new HashMap<>();
        this.mRemoteAddressesV4 = new ArrayList();
        this.mRemoteAddressesV6 = new ArrayList();
        this.mRemoteVendorIds = new ArrayList();
        this.mEnabledExtensions = new ArrayList();
        this.mKillIkeSessionParent = new KillIkeSessionParent();
        this.mInitial = new Initial();
        this.mIdle = new Idle();
        this.mChildProcedureOngoing = new ChildProcedureOngoing();
        this.mReceiving = new Receiving();
        this.mCreateIkeLocalIkeInit = new CreateIkeLocalIkeInit();
        this.mCreateIkeLocalIkeAuth = new CreateIkeLocalIkeAuth();
        this.mCreateIkeLocalIkeAuthInEap = new CreateIkeLocalIkeAuthInEap();
        this.mCreateIkeLocalIkeAuthPostEap = new CreateIkeLocalIkeAuthPostEap();
        this.mRekeyIkeLocalCreate = new RekeyIkeLocalCreate();
        this.mSimulRekeyIkeLocalCreate = new SimulRekeyIkeLocalCreate();
        this.mSimulRekeyIkeLocalDeleteRemoteDelete = new SimulRekeyIkeLocalDeleteRemoteDelete();
        this.mSimulRekeyIkeLocalDelete = new SimulRekeyIkeLocalDelete();
        this.mSimulRekeyIkeRemoteDelete = new SimulRekeyIkeRemoteDelete();
        this.mRekeyIkeLocalDelete = new RekeyIkeLocalDelete();
        this.mRekeyIkeRemoteDelete = new RekeyIkeRemoteDelete();
        this.mDeleteIkeLocalDelete = new DeleteIkeLocalDelete();
        this.mDpdIkeLocalInfo = new DpdIkeLocalInfo();
        this.mMobikeLocalInfo = new MobikeLocalInfo();
        if (ikeSessionParams.hasIkeOption(2)) {
            if (childSessionParams instanceof TransportModeChildSessionParams) {
                throw new IllegalArgumentException("Transport Mode SAs not supported when MOBIKE is enabled");
            }
            if (!SdkLevel.isAtLeastS()) {
                throw new IllegalStateException("MOBIKE only supported for S+");
            }
        }
        synchronized (IKE_SESSION_LOCK) {
            if (!sContextToIkeSmMap.containsKey(context)) {
                context.registerReceiver(sIkeAlarmReceiver, sIntentFilter, null, new Handler(looper));
                sContextToIkeSmMap.put(context, new HashSet());
            }
            sContextToIkeSmMap.get(context).add(this);
        }
        this.mBusyWakeLock = ((PowerManager) context.getSystemService(PowerManager.class)).newWakeLock(1, "IkeSessionStateMachinemBusyWakeLock");
        this.mBusyWakeLock.setReferenceCounted(false);
        this.mIkeSessionId = sIkeSessionIdGenerator.getAndIncrement();
        sIkeAlarmReceiver.registerIkeSession(this.mIkeSessionId, getHandler());
        this.mIkeSessionParams = ikeSessionParams;
        this.mConnectivityManager = connectivityManager;
        if (this.mIkeSessionParams.getConfiguredNetwork() != null) {
            this.mNetwork = this.mIkeSessionParams.getConfiguredNetwork();
        } else {
            this.mNetwork = connectivityManager.getActiveNetwork();
            if (this.mNetwork == null) {
                throw new IllegalStateException("No active default network found");
            }
        }
        this.mEapAuthenticatorFactory = ikeEapAuthenticatorFactory;
        this.mIkeLocalAddressGenerator = ikeLocalAddressGenerator;
        this.mLocalRequestFactory = localRequestFactory;
        this.mPeerSelectedDhGroup = this.mIkeSessionParams.getSaProposals().get(0).getDhGroupTransforms()[0].id;
        this.mTempFailHandler = new TempFailureHandler(looper);
        this.mLocalSpiToIkeSaRecordMap = new LongSparseArray<>(3);
        this.mRemoteSpiToChildSessionMap = new SparseArray<>();
        this.mContext = context;
        this.mIpSecManager = ipSecManager;
        this.mAlarmManager = (AlarmManager) context.getSystemService("alarm");
        this.mRandomFactory = new RandomnessFactory(this.mContext, this.mNetwork);
        this.mIkeSpiGenerator = new IkeSpiGenerator(this.mRandomFactory);
        this.mIpSecSpiGenerator = new IpSecSpiGenerator(this.mIpSecManager, this.mRandomFactory);
        this.mIkeSessionCallback = ikeSessionCallback;
        this.mFirstChildSessionParams = childSessionParams;
        this.mFirstChildCallbacks = childSessionCallback;
        registerChildSessionCallback(childSessionParams, childSessionCallback, true);
        this.mIke3gppExtensionExchange = new Ike3gppExtensionExchange(this.mIkeSessionParams.getIke3gppExtension(), this.mUserCbExecutor);
        addState(this.mKillIkeSessionParent);
        addState(this.mInitial, this.mKillIkeSessionParent);
        addState(this.mCreateIkeLocalIkeInit, this.mKillIkeSessionParent);
        addState(this.mCreateIkeLocalIkeAuth, this.mKillIkeSessionParent);
        addState(this.mCreateIkeLocalIkeAuthInEap, this.mKillIkeSessionParent);
        addState(this.mCreateIkeLocalIkeAuthPostEap, this.mKillIkeSessionParent);
        addState(this.mIdle, this.mKillIkeSessionParent);
        addState(this.mChildProcedureOngoing, this.mKillIkeSessionParent);
        addState(this.mReceiving, this.mKillIkeSessionParent);
        addState(this.mRekeyIkeLocalCreate, this.mKillIkeSessionParent);
        addState(this.mSimulRekeyIkeLocalCreate, this.mRekeyIkeLocalCreate);
        addState(this.mSimulRekeyIkeLocalDeleteRemoteDelete, this.mKillIkeSessionParent);
        addState(this.mSimulRekeyIkeLocalDelete, this.mSimulRekeyIkeLocalDeleteRemoteDelete);
        addState(this.mSimulRekeyIkeRemoteDelete, this.mSimulRekeyIkeLocalDeleteRemoteDelete);
        addState(this.mRekeyIkeLocalDelete, this.mKillIkeSessionParent);
        addState(this.mRekeyIkeRemoteDelete, this.mKillIkeSessionParent);
        addState(this.mDeleteIkeLocalDelete, this.mKillIkeSessionParent);
        addState(this.mDpdIkeLocalInfo, this.mKillIkeSessionParent);
        addState(this.mMobikeLocalInfo, this.mKillIkeSessionParent);
        setInitialState(this.mInitial);
        this.mScheduler = new IkeLocalRequestScheduler(localRequest -> {
            sendMessageAtFrontOfQueue(307, localRequest);
        }, this.mContext);
        this.mBusyWakeLock.acquire();
        start();
    }

    public IkeSessionStateMachine(Looper looper, Context context, IpSecManager ipSecManager, IkeSessionParams ikeSessionParams, ChildSessionParams childSessionParams, Executor executor, IkeSessionCallback ikeSessionCallback, ChildSessionCallback childSessionCallback) {
        this(looper, context, ipSecManager, (ConnectivityManager) context.getSystemService(ConnectivityManager.class), ikeSessionParams, childSessionParams, executor, ikeSessionCallback, childSessionCallback, new IkeEapAuthenticatorFactory(), new IkeLocalAddressGenerator(), new IkeLocalRequestScheduler.LocalRequestFactory());
    }

    private boolean hasChildSessionCallback(ChildSessionCallback childSessionCallback) {
        boolean containsKey;
        synchronized (this.mChildCbToSessions) {
            containsKey = this.mChildCbToSessions.containsKey(childSessionCallback);
        }
        return containsKey;
    }

    @VisibleForTesting
    void registerChildSessionCallback(ChildSessionParams childSessionParams, ChildSessionCallback childSessionCallback, boolean z) {
        synchronized (this.mChildCbToSessions) {
            if (!z) {
                if (getCurrentState() == null) {
                    throw new IllegalStateException("Request rejected because IKE Session is being closed. ");
                }
            }
            this.mChildCbToSessions.put(childSessionCallback, ChildSessionStateMachineFactory.makeChildSessionStateMachine(getHandler().getLooper(), this.mContext, this.mIkeSessionId, this.mAlarmManager, this.mRandomFactory, this.mIpSecSpiGenerator, childSessionParams, this.mUserCbExecutor, childSessionCallback, new ChildSessionSmCallback()));
        }
    }

    public void openSession() {
        sendMessage(401, this.mLocalRequestFactory.getIkeLocalRequest(401));
    }

    public void openChildSession(ChildSessionParams childSessionParams, ChildSessionCallback childSessionCallback) {
        if (childSessionCallback == null) {
            throw new IllegalArgumentException("Child Session Callback must be provided");
        }
        if (hasChildSessionCallback(childSessionCallback)) {
            throw new IllegalArgumentException("Child Session Callback handle already registered");
        }
        if (this.mIkeSessionParams.hasIkeOption(2) && (childSessionParams instanceof TransportModeChildSessionParams)) {
            throw new IllegalArgumentException("Transport Mode SAs not supported when MOBIKE is enabled");
        }
        registerChildSessionCallback(childSessionParams, childSessionCallback, false);
        sendMessage(1, this.mLocalRequestFactory.getChildLocalRequest(1, childSessionCallback, childSessionParams));
    }

    public void closeChildSession(ChildSessionCallback childSessionCallback) {
        if (childSessionCallback == null) {
            throw new IllegalArgumentException("Child Session Callback must be provided");
        }
        if (!hasChildSessionCallback(childSessionCallback)) {
            throw new IllegalArgumentException("Child Session Callback handle not registered");
        }
        sendMessage(2, this.mLocalRequestFactory.getChildLocalRequest(2, childSessionCallback, null));
    }

    public void closeSession() {
        sendMessage(402, this.mLocalRequestFactory.getIkeLocalRequest(402));
    }

    public void killSession() {
        sendMessage(317);
    }

    public void setNetwork(Network network) {
        if (network == null) {
            throw new IllegalArgumentException("network must not be null");
        }
        if (!this.mIkeSessionParams.hasIkeOption(2)) {
            throw new IllegalStateException("IKE_OPTION_MOBIKE is not set");
        }
        if (this.mIkeSessionParams.getConfiguredNetwork() == null) {
            throw new IllegalStateException("setNetwork() requires this IkeSession to be configured to use caller-specified network instead of default network");
        }
        sendMessage(318, network);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleRetry(IkeLocalRequestScheduler.LocalRequest localRequest) {
        sendMessageDelayed(localRequest.procedureType, localRequest, RETRY_INTERVAL_MS);
    }

    private void switchToIkeSocket(IkeSocket ikeSocket) {
        if (this.mIkeNattKeepalive != null) {
            this.mIkeNattKeepalive.stop();
            this.mIkeNattKeepalive = null;
        }
        migrateSpiToIkeSocket(this.mCurrentIkeSaRecord.getLocalSpi(), this.mIkeSocket, ikeSocket);
        if (this.mLocalInitNewIkeSaRecord != null) {
            migrateSpiToIkeSocket(this.mLocalInitNewIkeSaRecord.getLocalSpi(), this.mIkeSocket, ikeSocket);
        }
        if (this.mRemoteInitNewIkeSaRecord != null) {
            migrateSpiToIkeSocket(this.mRemoteInitNewIkeSaRecord.getLocalSpi(), this.mIkeSocket, ikeSocket);
        }
        this.mIkeSocket.releaseReference(this);
        this.mIkeSocket = ikeSocket;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public IkeSocket getIkeSocket(boolean z, boolean z2) throws ErrnoException, IOException, IpSecManager.ResourceUnavailableException {
        IkeSocketConfig ikeSocketConfig = new IkeSocketConfig(this.mNetwork, this.mIkeSessionParams.getDscp());
        return z2 ? z ? IkeUdpEncapSocket.getIkeUdpEncapSocket(ikeSocketConfig, this.mIpSecManager, this, getHandler().getLooper()) : IkeUdp6WithEncapPortSocket.getIkeUdpEncapSocket(ikeSocketConfig, this, getHandler()) : z ? IkeUdp4Socket.getInstance(ikeSocketConfig, this, getHandler()) : IkeUdp6Socket.getInstance(ikeSocketConfig, this, getHandler());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getAndSwitchToIkeSocket(boolean z, boolean z2) {
        try {
            IkeSocket ikeSocket = getIkeSocket(z, z2);
            if (ikeSocket == this.mIkeSocket) {
                return;
            }
            switchToIkeSocket(ikeSocket);
            if (z && z2) {
                this.mIkeNattKeepalive = buildAndStartNattKeepalive();
            }
            this.mLocalPort = this.mIkeSocket.getLocalPort();
        } catch (IpSecManager.ResourceUnavailableException | ErrnoException | IOException e) {
            handleIkeFatalError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void migrateSpiToIkeSocket(long j, IkeSocket ikeSocket, IkeSocket ikeSocket2) {
        ikeSocket2.registerIke(j, this);
        ikeSocket.unregisterIke(j);
    }

    @VisibleForTesting
    void addIkeSaRecord(SaRecord.IkeSaRecord ikeSaRecord) {
        this.mLocalSpiToIkeSaRecordMap.put(ikeSaRecord.getLocalSpi(), ikeSaRecord);
        this.mIkeSocket.registerIke(ikeSaRecord.getLocalSpi(), this);
    }

    @VisibleForTesting
    void removeIkeSaRecord(SaRecord.IkeSaRecord ikeSaRecord) {
        this.mIkeSocket.unregisterIke(ikeSaRecord.getLocalSpi());
        this.mLocalSpiToIkeSaRecordMap.remove(ikeSaRecord.getLocalSpi());
    }

    public void receiveIkePacket(IkeHeader ikeHeader, byte[] bArr) {
        sendMessage(301, new ReceivedIkePacket(ikeHeader, bArr));
    }

    @Override // com.android.internal.net.ipsec.ike.utils.StateMachine
    protected void onQuitting() {
        closeAllSaRecords(true);
        synchronized (this.mChildCbToSessions) {
            Iterator<ChildSessionStateMachine> it = this.mChildCbToSessions.values().iterator();
            while (it.hasNext()) {
                it.next().killSession();
            }
        }
        ChildSessionStateMachine.CreateChildSaHelper.releaseSpiResources(this.mFirstChildReqList);
        if (this.mIkeNattKeepalive != null) {
            this.mIkeNattKeepalive.stop();
        }
        if (this.mIkeSocket != null) {
            this.mIkeSocket.releaseReference(this);
        }
        if (this.mNetworkCallback != null) {
            this.mConnectivityManager.unregisterNetworkCallback(this.mNetworkCallback);
            this.mNetworkCallback = null;
        }
        sIkeAlarmReceiver.unregisterIkeSession(this.mIkeSessionId);
        synchronized (IKE_SESSION_LOCK) {
            Set<IkeSessionStateMachine> set = sContextToIkeSmMap.get(this.mContext);
            set.remove(this);
            if (set.isEmpty()) {
                this.mContext.unregisterReceiver(sIkeAlarmReceiver);
                sContextToIkeSmMap.remove(this.mContext);
            }
        }
        this.mIke3gppExtensionExchange.close();
        this.mBusyWakeLock.release();
        this.mScheduler.releaseAllLocalRequestWakeLocks();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void closeAllSaRecords(boolean z) {
        closeIkeSaRecord(this.mCurrentIkeSaRecord, z);
        closeIkeSaRecord(this.mLocalInitNewIkeSaRecord, z);
        closeIkeSaRecord(this.mRemoteInitNewIkeSaRecord, z);
        this.mCurrentIkeSaRecord = null;
        this.mLocalInitNewIkeSaRecord = null;
        this.mRemoteInitNewIkeSaRecord = null;
    }

    private void closeIkeSaRecord(SaRecord.IkeSaRecord ikeSaRecord, boolean z) {
        if (ikeSaRecord == null) {
            return;
        }
        removeIkeSaRecord(ikeSaRecord);
        ikeSaRecord.close();
        if (z) {
            logWtf("IkeSaRecord with local SPI: " + ikeSaRecord.getLocalSpi() + " is not correctly closed.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleIkeFatalError(Exception exc) {
        IkeException ikeInternalException = exc instanceof IkeException ? (IkeException) exc : new IkeInternalException(exc);
        closeAllSaRecords(false);
        executeUserCallback(() -> {
            this.mIkeSessionCallback.onClosedWithException(ikeInternalException);
        });
        loge("IKE Session fatal error in " + getCurrentState().getName(), ikeInternalException);
        quitNow();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setRemoteAddress() {
        LinkProperties linkProperties = this.mConnectivityManager.getLinkProperties(this.mNetwork);
        if (!this.mRemoteAddressesV6.isEmpty() && linkProperties.hasGlobalIpv6Address()) {
            this.mRemoteAddress = this.mRemoteAddressesV6.get(0);
        } else {
            if (this.mRemoteAddressesV4.isEmpty()) {
                throw new IllegalArgumentException("No valid IPv4 or IPv6 addresses for peer");
            }
            this.mRemoteAddress = this.mRemoteAddressesV4.get(0);
        }
    }

    private String getIntentIdentifier() {
        return "IkeSessionStateMachine_" + this.mIkeSessionId;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getIntentIdentifier(long j) {
        return "IkeSessionStateMachine_" + this.mIkeSessionId + "_" + j;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Message getIntentIkeSmMsg(int i, long j) {
        Bundle bundle = new Bundle();
        bundle.putLong(BUNDLE_KEY_IKE_REMOTE_SPI, j);
        return obtainMessage(315, this.mIkeSessionId, i, bundle);
    }

    @VisibleForTesting
    SaRecord.SaLifetimeAlarmScheduler buildSaLifetimeAlarmScheduler(long j) {
        return new SaRecord.SaLifetimeAlarmScheduler(this.mIkeSessionParams.getHardLifetimeMsInternal(), this.mIkeSessionParams.getSoftLifetimeMsInternal(), buildIkeAlarmIntent(this.mContext, IkeAlarmReceiver.ACTION_DELETE_IKE, getIntentIdentifier(j), getIntentIkeSmMsg(402, j)), buildIkeAlarmIntent(this.mContext, IkeAlarmReceiver.ACTION_REKEY_IKE, getIntentIdentifier(j), getIntentIkeSmMsg(403, j)), this.mAlarmManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PendingIntent buildIkeAlarmIntent(Context context, String str, String str2, Message message) {
        Intent intent = new Intent(str);
        intent.setIdentifier(str2);
        intent.setPackage(context.getPackageName());
        Bundle bundle = new Bundle();
        bundle.putParcelable(IkeAlarmReceiver.PARCELABLE_NAME_IKE_SESSION_MSG, message);
        intent.putExtras(bundle);
        return PendingIntent.getBroadcast(context, 0, intent, 67108864);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int getIkeExchangeSubType(IkeMessage ikeMessage) {
        IkeHeader ikeHeader = ikeMessage.ikeHeader;
        if (ikeHeader.isResponseMsg) {
            throw new IllegalStateException("IKE Exchange subtype invalid for response messages.");
        }
        switch (ikeHeader.exchangeType) {
            case 34:
                return 1;
            case 35:
                return 2;
            case 36:
                IkeSaPayload ikeSaPayload = (IkeSaPayload) ikeMessage.getPayloadForType(33, IkeSaPayload.class);
                if (ikeSaPayload == null) {
                    return 0;
                }
                if (ikeSaPayload.proposalList.get(0).protocolId == 1) {
                    return 6;
                }
                Iterator it = ikeMessage.getPayloadListForType(41, IkeNotifyPayload.class).iterator();
                while (it.hasNext()) {
                    if (((IkeNotifyPayload) it.next()).notifyType == 16393) {
                        return 7;
                    }
                }
                return 3;
            case 37:
                List payloadListForType = ikeMessage.getPayloadListForType(42, IkeDeletePayload.class);
                if (payloadListForType.isEmpty()) {
                    return 8;
                }
                Iterator it2 = payloadListForType.iterator();
                while (it2.hasNext()) {
                    if (((IkeDeletePayload) it2.next()).protocolId == 1) {
                        return 4;
                    }
                }
                return 5;
            default:
                throw new IllegalStateException("Unrecognized exchange type in the validated IKE header: " + ikeHeader.exchangeType);
        }
    }

    @VisibleForTesting
    void sendEncryptedIkeMessage(IkeMessage ikeMessage) {
        sendEncryptedIkeMessage(this.mCurrentIkeSaRecord, ikeMessage);
    }

    @VisibleForTesting
    void sendEncryptedIkeMessage(SaRecord.IkeSaRecord ikeSaRecord, IkeMessage ikeMessage) {
        byte[][] encryptAndEncode = ikeMessage.encryptAndEncode(this.mIkeIntegrity, this.mIkeCipher, ikeSaRecord, this.mSupportFragment, 1280);
        for (byte[] bArr : encryptAndEncode) {
            this.mIkeSocket.sendIkePacket(bArr, this.mRemoteAddress);
        }
        if (ikeMessage.ikeHeader.isResponseMsg) {
            ikeSaRecord.updateLastSentRespAllPackets(Arrays.asList(encryptAndEncode), ikeMessage.ikeHeader.messageId);
        }
    }

    @VisibleForTesting
    void buildAndSendErrorNotificationResponse(SaRecord.IkeSaRecord ikeSaRecord, int i, int i2) {
        buildAndSendNotificationResponse(ikeSaRecord, i, new IkeNotifyPayload(i2));
    }

    @VisibleForTesting
    void buildAndSendNotificationResponse(SaRecord.IkeSaRecord ikeSaRecord, int i, IkeNotifyPayload ikeNotifyPayload) {
        sendEncryptedIkeMessage(ikeSaRecord, buildEncryptedNotificationMessage(ikeSaRecord, new IkeInformationalPayload[]{ikeNotifyPayload}, 37, true, i));
    }

    @VisibleForTesting
    IkeMessage buildEncryptedInformationalMessage(IkeInformationalPayload[] ikeInformationalPayloadArr, boolean z, int i) {
        return buildEncryptedInformationalMessage(this.mCurrentIkeSaRecord, ikeInformationalPayloadArr, z, i);
    }

    @VisibleForTesting
    IkeMessage buildEncryptedInformationalMessage(SaRecord.IkeSaRecord ikeSaRecord, IkeInformationalPayload[] ikeInformationalPayloadArr, boolean z, int i) {
        return buildEncryptedNotificationMessage(ikeSaRecord, ikeInformationalPayloadArr, 37, z, i);
    }

    @VisibleForTesting
    IkeMessage buildEncryptedNotificationMessage(SaRecord.IkeSaRecord ikeSaRecord, IkeInformationalPayload[] ikeInformationalPayloadArr, int i, boolean z, int i2) {
        return new IkeMessage(new IkeHeader(ikeSaRecord.getInitiatorSpi(), ikeSaRecord.getResponderSpi(), 46, i, z, ikeSaRecord.isLocalInit, i2), Arrays.asList(ikeInformationalPayloadArr));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean didPeerIncludeNattDetectionPayloads(List<IkeNotifyPayload> list, IkeNotifyPayload ikeNotifyPayload) throws InvalidSyntaxException {
        if (!list.isEmpty() && ikeNotifyPayload != null) {
            return true;
        }
        if (list.isEmpty() && ikeNotifyPayload == null) {
            return false;
        }
        throw new InvalidSyntaxException("Missing source or destination NAT detection notification");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateLocalAndRemoteNatDetected(long j, long j2, List<IkeNotifyPayload> list, IkeNotifyPayload ikeNotifyPayload) {
        this.mLocalNatDetected = !Arrays.equals(IkeNotifyPayload.generateNatDetectionData(j, j2, this.mLocalAddress, this.mLocalPort), ikeNotifyPayload.notifyData);
        byte[] generateNatDetectionData = IkeNotifyPayload.generateNatDetectionData(j, j2, this.mRemoteAddress, this.mIkeSocket.getIkeServerPort());
        this.mRemoteNatDetected = true;
        Iterator<IkeNotifyPayload> it = list.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(generateNatDetectionData, it.next().notifyData)) {
                this.mRemoteNatDetected = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public IkeNattKeepalive buildAndStartNattKeepalive() throws IOException {
        if (!(this.mIkeSocket instanceof IkeUdpEncapSocket)) {
            throw new IllegalStateException("Cannot start NAT-T keepalive when IKE Session is not using UDP Encap socket");
        }
        IkeNattKeepalive ikeNattKeepalive = new IkeNattKeepalive(this.mContext, this.mConnectivityManager, this.mIkeSessionParams.getNattKeepAliveDelaySeconds(), (Inet4Address) this.mLocalAddress, (Inet4Address) this.mRemoteAddress, ((IkeUdpEncapSocket) this.mIkeSocket).getUdpEncapsulationSocket(), this.mIkeSocket.getIkeSocketConfig().getNetwork(), buildIkeAlarmIntent(this.mContext, IkeAlarmReceiver.ACTION_KEEPALIVE, getIntentIdentifier(), obtainMessage(315, this.mIkeSessionId, 316)));
        ikeNattKeepalive.start();
        return ikeNattKeepalive;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addNatDetectionPayloadsToList(List<IkePayload> list, InetAddress inetAddress, InetAddress inetAddress2, int i, int i2, long j, long j2) {
        list.add(new IkeNotifyPayload(16388, IkeNotifyPayload.generateNatDetectionData(j, j2, inetAddress, i)));
        list.add(new IkeNotifyPayload(16389, IkeNotifyPayload.generateNatDetectionData(j, j2, inetAddress2, i2)));
    }

    @Override // com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater
    public void onUnderlyingNetworkUpdated(Network network) {
        Network network2 = this.mNetwork;
        InetAddress inetAddress = this.mLocalAddress;
        InetAddress inetAddress2 = this.mRemoteAddress;
        this.mNetwork = network;
        if (!this.mNetwork.equals(network2)) {
            try {
                resolveAndSetAvailableRemoteAddresses();
            } catch (IOException e) {
                handleIkeFatalError(e);
                return;
            }
        }
        setRemoteAddress();
        boolean z = this.mRemoteAddress instanceof Inet4Address;
        boolean z2 = this.mHasCheckedNattSupport && this.mSupportNatTraversal;
        try {
            this.mLocalAddress = this.mIkeLocalAddressGenerator.generateLocalAddress(this.mNetwork, z, this.mRemoteAddress, z2 ? 4500 : 500);
            if (this.mNetwork.equals(network2) && this.mLocalAddress.equals(inetAddress) && this.mRemoteAddress.equals(inetAddress2)) {
                logw("onUnderlyingNetworkUpdated: None of network, local or remote address has changed. No action needed here.");
                return;
            }
            if (!this.mNetwork.equals(network2)) {
                getAndSwitchToIkeSocket(z, this.mIkeSessionParams.hasIkeOption(3) || z2);
            }
            this.mNetworkCallback.setNetwork(this.mNetwork);
            this.mNetworkCallback.setAddress(this.mLocalAddress);
            try {
                this.mCurrentIkeSaRecord.migrate(this.mLocalAddress, this.mRemoteAddress);
                if (this.mLocalInitNewIkeSaRecord != null) {
                    this.mLocalInitNewIkeSaRecord.migrate(this.mLocalAddress, this.mRemoteAddress);
                }
                if (this.mRemoteInitNewIkeSaRecord != null) {
                    this.mRemoteInitNewIkeSaRecord.migrate(this.mLocalAddress, this.mRemoteAddress);
                }
                sendMessage(406, this.mLocalRequestFactory.getIkeLocalRequest(406));
            } catch (IOException e2) {
                handleIkeFatalError(e2);
            }
        } catch (ErrnoException | IOException e3) {
            handleIkeFatalError(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void resolveAndSetAvailableRemoteAddresses() throws IOException {
        InetAddress[] inetAddressArr = null;
        String serverHostname = this.mIkeSessionParams.getServerHostname();
        int i = 1;
        while (i <= 3 && inetAddressArr == null) {
            try {
                inetAddressArr = this.mNetwork.getAllByName(serverHostname);
            } catch (UnknownHostException e) {
                logd("Failed to look up host for attempt " + i + ": " + serverHostname + " retrying? " + (i < 3), e);
            }
            i++;
        }
        if (inetAddressArr == null) {
            throw new IOException("DNS resolution for " + serverHostname + " failed after 3 attempts");
        }
        logd("Resolved addresses for peer: " + Arrays.toString(inetAddressArr) + " to replace old addresses: v4=" + this.mRemoteAddressesV4 + " v6=" + this.mRemoteAddressesV6);
        this.mRemoteAddressesV4.clear();
        this.mRemoteAddressesV6.clear();
        for (InetAddress inetAddress : inetAddressArr) {
            if (inetAddress instanceof Inet4Address) {
                this.mRemoteAddressesV4.add((Inet4Address) inetAddress);
            } else {
                this.mRemoteAddressesV6.add((Inet6Address) inetAddress);
            }
        }
    }

    @Override // com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater
    public void onUnderlyingNetworkDied() {
        executeUserCallback(() -> {
            this.mIkeSessionCallback.onError(new IkeNetworkLostException(this.mNetwork));
        });
    }

    static {
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_DELETE_CHILD);
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_DELETE_IKE);
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_DPD);
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_REKEY_CHILD);
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_REKEY_IKE);
        sIntentFilter.addAction(IkeAlarmReceiver.ACTION_KEEPALIVE);
        sIkeSessionIdGenerator = new AtomicInteger();
        TEMP_FAILURE_RETRY_TIMEOUT_MS = TimeUnit.MINUTES.toMillis(5L);
        EXCHANGE_SUBTYPE_TO_STRING = new SparseArray<>();
        EXCHANGE_SUBTYPE_TO_STRING.put(0, "Invalid");
        EXCHANGE_SUBTYPE_TO_STRING.put(1, "IKE INIT");
        EXCHANGE_SUBTYPE_TO_STRING.put(2, "IKE AUTH");
        EXCHANGE_SUBTYPE_TO_STRING.put(3, "Create Child");
        EXCHANGE_SUBTYPE_TO_STRING.put(4, "Delete IKE");
        EXCHANGE_SUBTYPE_TO_STRING.put(5, "Delete Child");
        EXCHANGE_SUBTYPE_TO_STRING.put(6, "Rekey IKE");
        EXCHANGE_SUBTYPE_TO_STRING.put(7, "Rekey Child");
        EXCHANGE_SUBTYPE_TO_STRING.put(8, "Generic Info");
        CMD_TO_STR = new SparseArray<>();
        CMD_TO_STR.put(301, "Rcv packet");
        CMD_TO_STR.put(302, "Rcv invalid IKE SPI");
        CMD_TO_STR.put(303, "Rcv Child request");
        CMD_TO_STR.put(304, "Out child payloads ready");
        CMD_TO_STR.put(305, "Child procedure finished");
        CMD_TO_STR.put(306, "Negotiate first Child");
        CMD_TO_STR.put(307, "Execute local request");
        CMD_TO_STR.put(308, "Retransmit");
        CMD_TO_STR.put(309, "Start EAP");
        CMD_TO_STR.put(310, "EAP outbound msg ready");
        CMD_TO_STR.put(311, "EAP errored");
        CMD_TO_STR.put(312, "EAP failed");
        CMD_TO_STR.put(314, "Finish EAP");
        CMD_TO_STR.put(315, "Alarm Fired");
        CMD_TO_STR.put(318, "Update underlying Network");
        CMD_TO_STR.put(401, "Create IKE");
        CMD_TO_STR.put(402, "Delete IKE");
        CMD_TO_STR.put(403, "Rekey IKE");
        CMD_TO_STR.put(404, "Info");
        CMD_TO_STR.put(405, "DPD");
        CMD_TO_STR.put(406, "MOBIKE migration event");
    }
}
