package com.centrify.agent.samsung.knox.firewall;

import android.app.enterprise.FirewallPolicy;
import android.support.annotation.NonNull;
import com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager;
import com.centrify.agent.samsung.knox.KnoxNotificationUtils;
import com.centrify.agent.samsung.knox.KnoxProviderUtils;
import com.centrify.agent.samsung.knox.agent.Knox2Manager;
import com.centrify.agent.samsung.utils.LogUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public final class Knox2FirewallPolicyManager extends AbstractKnoxPolicyManager<Knox2Manager> {
    boolean addResult;
    boolean removeResult;
    HashMap<String, Boolean> statusDetails;
    int successCount;
    int total;

    public Knox2FirewallPolicyManager(@NonNull Knox2Manager knox2Manager) {
        super(knox2Manager);
        this.statusDetails = new HashMap<>();
        this.removeResult = true;
        this.addResult = true;
    }

    private void appliPolicyForKnox2(KnoxFirewallPolicy knoxFirewallPolicy, FirewallPolicy firewallPolicy) {
        List<String> iptablesAllowRules = firewallPolicy.getIptablesAllowRules();
        List<String> findNotContainedRoles = findNotContainedRoles(iptablesAllowRules, knoxFirewallPolicy.getAllowRules());
        List<String> findNotContainedRoles2 = findNotContainedRoles(knoxFirewallPolicy.getAllowRules(), iptablesAllowRules);
        if (findNotContainedRoles.size() > 0) {
            this.removeResult = firewallPolicy.removeIptablesAllowRules(findNotContainedRoles);
            printList("remove AllowRules", findNotContainedRoles);
            LogUtil.debug(this.TAG, "actuall remove allow rule: return " + this.removeResult);
        }
        if (findNotContainedRoles2.size() > 0) {
            this.addResult = firewallPolicy.addIptablesAllowRules(findNotContainedRoles2);
            printList("add AllowRules:", findNotContainedRoles2);
            LogUtil.debug(this.TAG, "actuall add allow rule: return " + this.addResult);
        }
        LogUtil.info(this.TAG, "Set IP table allow rules " + Arrays.toString(knoxFirewallPolicy.getAllowRules().toArray()) + ", result=" + (this.removeResult && this.addResult));
        this.statusDetails.put("knox_firewall_allow_rules", Boolean.valueOf(this.removeResult && this.addResult));
        this.total++;
        if (this.removeResult && this.addResult) {
            this.successCount++;
        }
        this.removeResult = true;
        this.addResult = true;
        List<String> iptablesDenyRules = firewallPolicy.getIptablesDenyRules();
        List<String> findNotContainedRoles3 = findNotContainedRoles(iptablesDenyRules, knoxFirewallPolicy.getDenyRules());
        List<String> findNotContainedRoles4 = findNotContainedRoles(knoxFirewallPolicy.getDenyRules(), iptablesDenyRules);
        if (findNotContainedRoles3.size() > 0) {
            this.removeResult = firewallPolicy.removeIptablesDenyRules(findNotContainedRoles3);
            printList("removeDenyRules:", findNotContainedRoles3);
            LogUtil.debug(this.TAG, "actuall remove rule: return " + this.removeResult);
        }
        if (findNotContainedRoles4.size() > 0) {
            this.addResult = firewallPolicy.addIptablesDenyRules(findNotContainedRoles4);
            printList("addDenyRules:", findNotContainedRoles4);
            LogUtil.debug(this.TAG, "actuall add rule: return " + this.addResult);
        }
        LogUtil.info(this.TAG, "Set IP table deny rules " + Arrays.toString(knoxFirewallPolicy.getDenyRules().toArray()) + ", result=" + (this.removeResult && this.addResult));
        this.statusDetails.put("knox_firewall_deny_rules", Boolean.valueOf(this.removeResult && this.addResult));
        this.total++;
        if (this.removeResult && this.addResult) {
            this.successCount++;
        }
        this.removeResult = true;
        this.addResult = true;
        List<String> iptablesRedirectExceptionsRules = firewallPolicy.getIptablesRedirectExceptionsRules();
        List<String> findNotContainedRoles5 = findNotContainedRoles(iptablesRedirectExceptionsRules, knoxFirewallPolicy.getRedirectExceptionsRules());
        List<String> findNotContainedRoles6 = findNotContainedRoles(knoxFirewallPolicy.getRedirectExceptionsRules(), iptablesRedirectExceptionsRules);
        if (findNotContainedRoles5.size() > 0) {
            this.removeResult = firewallPolicy.removeIptablesRedirectExceptionsRules(findNotContainedRoles5);
            printList("removeRedirectRules:", findNotContainedRoles5);
            LogUtil.debug(this.TAG, "actuall remove rule: return " + this.removeResult);
        }
        if (findNotContainedRoles6.size() > 0) {
            this.addResult = firewallPolicy.addIptablesRedirectExceptionsRules(findNotContainedRoles6);
            printList("addRedirectRules:", findNotContainedRoles6);
            LogUtil.debug(this.TAG, "actuall add rule: return " + this.addResult);
        }
        LogUtil.info(this.TAG, "Set redirect exceptions rules " + Arrays.toString(knoxFirewallPolicy.getRedirectExceptionsRules().toArray()) + ", result=" + (this.removeResult && this.addResult));
        this.statusDetails.put("knox_firewall_redirect_ex_rules", Boolean.valueOf(this.removeResult && this.addResult));
        this.total++;
        if (this.removeResult && this.addResult) {
            this.successCount++;
        }
        this.removeResult = true;
        this.addResult = true;
        List<String> iptablesRerouteRules = firewallPolicy.getIptablesRerouteRules();
        List<String> findNotContainedRoles7 = findNotContainedRoles(iptablesRerouteRules, knoxFirewallPolicy.getRerouteRules());
        List<String> findNotContainedRoles8 = findNotContainedRoles(knoxFirewallPolicy.getRerouteRules(), iptablesRerouteRules);
        if (findNotContainedRoles7.size() > 0) {
            this.removeResult = firewallPolicy.removeIptablesRerouteRules(findNotContainedRoles7);
            printList("removeRerouteRules:", findNotContainedRoles7);
            LogUtil.debug(this.TAG, "actuall remove rule: return " + this.removeResult);
        }
        if (findNotContainedRoles8.size() > 0) {
            this.addResult = firewallPolicy.addIptablesRerouteRules(findNotContainedRoles8);
            printList("addRerouteRules:", findNotContainedRoles8);
            LogUtil.debug(this.TAG, "actuall add rule: return " + this.addResult);
        }
        LogUtil.info(this.TAG, "Set reroute rules " + Arrays.toString(knoxFirewallPolicy.getRerouteRules().toArray()) + ", result=" + (this.removeResult && this.addResult));
        this.statusDetails.put("knox_firewall_reroute_rules", Boolean.valueOf(this.removeResult && this.addResult));
        this.total++;
        if (this.removeResult && this.addResult) {
            this.successCount++;
        }
        if (findNotContainedRoles2.size() + findNotContainedRoles.size() + findNotContainedRoles4.size() + findNotContainedRoles3.size() + findNotContainedRoles8.size() + findNotContainedRoles7.size() + findNotContainedRoles6.size() + findNotContainedRoles5.size() > 0) {
            LogUtil.info(this.TAG, "Set IP table options true, result=" + firewallPolicy.setIptablesOption(true));
        }
        boolean z = true;
        if (!isSameList(firewallPolicy.getURLFilterList(), knoxFirewallPolicy.getUrlFilterList())) {
            z = firewallPolicy.setURLFilterList(knoxFirewallPolicy.getUrlFilterList());
            printList("setURLFilterList:", knoxFirewallPolicy.getUrlFilterList());
        }
        LogUtil.info(this.TAG, "Set url filter list " + Arrays.toString(knoxFirewallPolicy.getUrlFilterList().toArray()) + ", result=" + z);
        this.statusDetails.put("knox_firewall_url_filtering", Boolean.valueOf(z));
        this.total++;
        if (z) {
            this.successCount++;
        }
        boolean z2 = true;
        if (firewallPolicy.getURLFilterEnabled() != (knoxFirewallPolicy.getUrlFilterList().size() > 0)) {
            z2 = firewallPolicy.setURLFilterEnabled(knoxFirewallPolicy.getUrlFilterList().size() > 0);
            LogUtil.debug(this.TAG, "actually setURLFilterEnabled:" + (knoxFirewallPolicy.getUrlFilterList().size() > 0));
        }
        LogUtil.info(this.TAG, "Set url filter list enabled " + (knoxFirewallPolicy.getUrlFilterList().size() > 0 ? "true" : "false") + ", result=" + z2);
        boolean z3 = true;
        if (firewallPolicy.getURLFilterReportEnabled() != knoxFirewallPolicy.isUrlFilterReportEnabled()) {
            z3 = firewallPolicy.setURLFilterReportEnabled(knoxFirewallPolicy.isUrlFilterReportEnabled());
            LogUtil.debug(this.TAG, "actually setURLFilterReportEnabled:" + knoxFirewallPolicy.isUrlFilterReportEnabled());
        }
        LogUtil.info(this.TAG, "Set url filter report enabled to " + knoxFirewallPolicy.isUrlFilterReportEnabled() + ", result=" + z3);
        this.statusDetails.put("knox_firewall_url_filtering_report", Boolean.valueOf(z3));
        this.total++;
        if (z3) {
            this.successCount++;
        }
    }

    private List<String> findNotContainedRoles(List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet(list2);
        for (String str : list) {
            if (!hashSet.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private boolean isSameList(List<String> list, List<String> list2) {
        if (list == null && list2 != null) {
            return false;
        }
        if (list != null && list2 == null) {
            return false;
        }
        HashSet hashSet = new HashSet(list);
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            if (!hashSet.contains(it.next())) {
                return false;
            }
        }
        HashSet hashSet2 = new HashSet(list2);
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            if (!hashSet2.contains(it2.next())) {
                return false;
            }
        }
        return true;
    }

    private void printList(String str, List<String> list) {
        LogUtil.debug(this.TAG, str);
        if (list == null) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            LogUtil.debug(this.TAG, it.next());
        }
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public void applyPolicy() {
        LogUtil.info(this.TAG, "Attempt to apply firewall policy.");
        KnoxFirewallPolicy knoxFirewallPolicy = (KnoxFirewallPolicy) getPolicy();
        try {
            FirewallPolicy firewallPolicy = getKnoxManger().getOldKnoxContainerManager().getFirewallPolicy();
            this.total = 0;
            this.successCount = 0;
            if (this.statusDetails != null) {
                this.statusDetails.clear();
            }
            this.statusDetails = new HashMap<>();
            this.removeResult = true;
            this.addResult = true;
            appliPolicyForKnox2(knoxFirewallPolicy, firewallPolicy);
            knoxFirewallPolicy.setPolicyApplied(true);
            KnoxNotificationUtils.notify("knox_firewall", this.total, this.successCount, this.statusDetails);
        } catch (SecurityException e) {
            LogUtil.warning(this.TAG, "Failed to apply firewall policy. \n" + e);
            KnoxNotificationUtils.notify("knox_firewall", false);
        } catch (Throwable th) {
            LogUtil.error(this.TAG, "applyPolicy", th);
            KnoxNotificationUtils.notify("knox_firewall", false);
        }
    }

    @Override // com.centrify.agent.samsung.knox.AbstractKnoxPolicyManager
    public void loadPolicy() {
        setPolicy(new KnoxFirewallPolicy(KnoxProviderUtils.getFirewallPolicies()));
    }
}
