package com.centrify.agent.samsung.knox.firewall;

import com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager;
import com.centrify.agent.samsung.knox.KnoxNotificationUtils;
import com.centrify.agent.samsung.knox.KnoxProviderUtils;
import com.centrify.agent.samsung.knox.agent.Knox1Manager;
import com.centrify.agent.samsung.utils.LogUtil;
import com.sec.enterprise.knox.ContainerFirewallPolicy;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public final class KnoxFirewallPolicyManager extends AbstractKnoxPolicyManager<Knox1Manager> {
    public KnoxFirewallPolicyManager(Knox1Manager knox1Manager) {
        super(knox1Manager);
    }

    private List<String> findNotContainedRoles(List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet(list2);
        for (String str : list) {
            if (!hashSet.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private boolean isSameList(List<String> list, List<String> list2) {
        if (list == null && list2 != null) {
            return false;
        }
        if (list != null && list2 == null) {
            return false;
        }
        HashSet hashSet = new HashSet(list);
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            if (!hashSet.contains(it.next())) {
                return false;
            }
        }
        HashSet hashSet2 = new HashSet(list2);
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            if (!hashSet2.contains(it2.next())) {
                return false;
            }
        }
        return true;
    }

    private void printList(String str, List<String> list) {
        LogUtil.debug(this.TAG, str);
        if (list == null) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            LogUtil.debug(this.TAG, it.next());
        }
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public void applyPolicy() {
        LogUtil.info(this.TAG, "Attempt to apply firewall policy.");
        KnoxFirewallPolicy knoxFirewallPolicy = (KnoxFirewallPolicy) getPolicy();
        try {
            ContainerFirewallPolicy containerFirewallPolicy = getKnoxManger().getEnterpriseContainerManager().getContainerFirewallPolicy();
            int i = 0;
            HashMap hashMap = new HashMap();
            boolean z = true;
            boolean z2 = true;
            List<String> iptablesAllowRules = containerFirewallPolicy.getIptablesAllowRules();
            List<String> findNotContainedRoles = findNotContainedRoles(iptablesAllowRules, knoxFirewallPolicy.getAllowRules());
            List<String> findNotContainedRoles2 = findNotContainedRoles(knoxFirewallPolicy.getAllowRules(), iptablesAllowRules);
            if (findNotContainedRoles.size() > 0) {
                z = containerFirewallPolicy.removeIptablesAllowRules(findNotContainedRoles);
                printList("remove AllowRules", findNotContainedRoles);
                LogUtil.debug(this.TAG, "actuall remove allow rule: return " + z);
            }
            if (findNotContainedRoles2.size() > 0) {
                z2 = containerFirewallPolicy.addIptablesAllowRules(findNotContainedRoles2);
                printList("add AllowRules:", findNotContainedRoles2);
                LogUtil.debug(this.TAG, "actuall add allow rule: return " + z2);
            }
            LogUtil.info(this.TAG, "Set IP table allow rules " + Arrays.toString(knoxFirewallPolicy.getAllowRules().toArray()) + ", result=" + (z && z2));
            hashMap.put("knox_firewall_allow_rules", Boolean.valueOf(z && z2));
            int i2 = 0 + 1;
            if (z && z2) {
                i = 0 + 1;
            }
            boolean z3 = true;
            boolean z4 = true;
            List<String> iptablesDenyRules = containerFirewallPolicy.getIptablesDenyRules();
            List<String> findNotContainedRoles3 = findNotContainedRoles(iptablesDenyRules, knoxFirewallPolicy.getDenyRules());
            List<String> findNotContainedRoles4 = findNotContainedRoles(knoxFirewallPolicy.getDenyRules(), iptablesDenyRules);
            if (findNotContainedRoles3.size() > 0) {
                z3 = containerFirewallPolicy.removeIptablesDenyRules(findNotContainedRoles3);
                printList("removeDenyRules:", findNotContainedRoles3);
                LogUtil.debug(this.TAG, "actuall remove rule: return " + z3);
            }
            if (findNotContainedRoles4.size() > 0) {
                z4 = containerFirewallPolicy.addIptablesDenyRules(findNotContainedRoles4);
                printList("addDenyRules:", findNotContainedRoles4);
                LogUtil.debug(this.TAG, "actuall add rule: return " + z4);
            }
            LogUtil.info(this.TAG, "Set IP table deny rules " + Arrays.toString(knoxFirewallPolicy.getDenyRules().toArray()) + ", result=" + (z3 && z4));
            hashMap.put("knox_firewall_deny_rules", Boolean.valueOf(z3 && z4));
            int i3 = i2 + 1;
            if (z3 && z4) {
                i++;
            }
            boolean z5 = true;
            boolean z6 = true;
            List<String> iptablesRedirectExceptionsRules = containerFirewallPolicy.getIptablesRedirectExceptionsRules();
            List<String> findNotContainedRoles5 = findNotContainedRoles(iptablesRedirectExceptionsRules, knoxFirewallPolicy.getRedirectExceptionsRules());
            List<String> findNotContainedRoles6 = findNotContainedRoles(knoxFirewallPolicy.getRedirectExceptionsRules(), iptablesRedirectExceptionsRules);
            if (findNotContainedRoles5.size() > 0) {
                z5 = containerFirewallPolicy.removeIptablesRedirectExceptionsRules(findNotContainedRoles5);
                printList("removeRedirectRules:", findNotContainedRoles5);
                LogUtil.debug(this.TAG, "actuall remove rule: return " + z5);
            }
            if (findNotContainedRoles6.size() > 0) {
                z6 = containerFirewallPolicy.addIptablesRedirectExceptionsRules(findNotContainedRoles6);
                printList("addRedirectRules:", findNotContainedRoles6);
                LogUtil.debug(this.TAG, "actuall add rule: return " + z6);
            }
            LogUtil.info(this.TAG, "Set redirect exceptions rules " + Arrays.toString(knoxFirewallPolicy.getRedirectExceptionsRules().toArray()) + ", result=" + (z5 && z6));
            hashMap.put("knox_firewall_redirect_ex_rules", Boolean.valueOf(z5 && z6));
            int i4 = i3 + 1;
            if (z5 && z6) {
                i++;
            }
            boolean z7 = true;
            boolean z8 = true;
            List<String> iptablesRerouteRules = containerFirewallPolicy.getIptablesRerouteRules();
            List<String> findNotContainedRoles7 = findNotContainedRoles(iptablesRerouteRules, knoxFirewallPolicy.getRerouteRules());
            List<String> findNotContainedRoles8 = findNotContainedRoles(knoxFirewallPolicy.getRerouteRules(), iptablesRerouteRules);
            if (findNotContainedRoles7.size() > 0) {
                z7 = containerFirewallPolicy.removeIptablesRerouteRules(findNotContainedRoles7);
                printList("removeRerouteRules:", findNotContainedRoles7);
                LogUtil.debug(this.TAG, "actuall remove rule: return " + z7);
            }
            if (findNotContainedRoles8.size() > 0) {
                z8 = containerFirewallPolicy.addIptablesRerouteRules(findNotContainedRoles8);
                printList("addRerouteRules:", findNotContainedRoles8);
                LogUtil.debug(this.TAG, "actuall add rule: return " + z8);
            }
            LogUtil.info(this.TAG, "Set reroute rules " + Arrays.toString(knoxFirewallPolicy.getRerouteRules().toArray()) + ", result=" + (z7 && z8));
            hashMap.put("knox_firewall_reroute_rules", Boolean.valueOf(z7 && z8));
            int i5 = i4 + 1;
            if (z7 && z8) {
                i++;
            }
            if (findNotContainedRoles2.size() + findNotContainedRoles.size() + findNotContainedRoles4.size() + findNotContainedRoles3.size() + findNotContainedRoles8.size() + findNotContainedRoles7.size() + findNotContainedRoles6.size() + findNotContainedRoles5.size() > 0) {
                LogUtil.info(this.TAG, "Set IP table options true, result=" + containerFirewallPolicy.setIptablesOption(true));
            }
            boolean z9 = true;
            if (!isSameList(containerFirewallPolicy.getURLFilterList(), knoxFirewallPolicy.getUrlFilterList())) {
                z9 = containerFirewallPolicy.setURLFilterList(knoxFirewallPolicy.getUrlFilterList());
                printList("setURLFilterList:", knoxFirewallPolicy.getUrlFilterList());
            }
            LogUtil.info(this.TAG, "Set url filter list " + Arrays.toString(knoxFirewallPolicy.getUrlFilterList().toArray()) + ", result=" + z9);
            hashMap.put("knox_firewall_url_filtering", Boolean.valueOf(z9));
            int i6 = i5 + 1;
            if (z9) {
                i++;
            }
            boolean z10 = true;
            if (containerFirewallPolicy.getURLFilterEnabled() != (knoxFirewallPolicy.getUrlFilterList().size() > 0)) {
                z10 = containerFirewallPolicy.setURLFilterEnabled(knoxFirewallPolicy.getUrlFilterList().size() > 0);
                LogUtil.debug(this.TAG, "actually setURLFilterEnabled:" + (knoxFirewallPolicy.getUrlFilterList().size() > 0));
            }
            LogUtil.info(this.TAG, "Set url filter list enabled " + (knoxFirewallPolicy.getUrlFilterList().size() > 0 ? "true" : "false") + ", result=" + z10);
            boolean z11 = true;
            if (containerFirewallPolicy.getURLFilterReportEnabled() != knoxFirewallPolicy.isUrlFilterReportEnabled()) {
                z11 = containerFirewallPolicy.setURLFilterReportEnabled(knoxFirewallPolicy.isUrlFilterReportEnabled());
                LogUtil.debug(this.TAG, "actually setURLFilterReportEnabled:" + knoxFirewallPolicy.isUrlFilterReportEnabled());
            }
            LogUtil.info(this.TAG, "Set url filter report enabled to " + knoxFirewallPolicy.isUrlFilterReportEnabled() + ", result=" + z11);
            hashMap.put("knox_firewall_url_filtering_report", Boolean.valueOf(z11));
            int i7 = i6 + 1;
            if (z11) {
                i++;
            }
            knoxFirewallPolicy.setPolicyApplied(true);
            KnoxNotificationUtils.notify("knox_firewall", i7, i, hashMap);
        } catch (SecurityException e) {
            LogUtil.warning(this.TAG, "Failed to apply firewall policy. \n" + e);
            KnoxNotificationUtils.notify("knox_firewall", false);
        }
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public void loadPolicy() {
        setPolicy(new KnoxFirewallPolicy(KnoxProviderUtils.getFirewallPolicies()));
    }
}
