package org.eu.mayrhofer.channel;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.util.LinkedList;
import java.util.StringTokenizer;
import org.apache.commons.codec.binary.Hex;
import org.apache.log4j.Logger;
import org.xmlpull.v1.XmlPullParser;

/* loaded from: input_file:org/eu/mayrhofer/channel/IPSecConnection_Racoon.class */
class IPSecConnection_Racoon implements IPSecConnection {
    private static Logger logger;
    private String remoteHost = null;
    private String remoteNetwork;
    public static final int RUNNING = 1;
    public static final int STANDBY = 0;
    public static final int DEACTIVATED = -1;
    static Class class$org$eu$mayrhofer$channel$IPSecConnection_Racoon;

    @Override // org.eu.mayrhofer.channel.SecureChannel
    public boolean init(String str, boolean z) {
        return !z ? init(str, null, 0) : init(str, "0.0.0.0", 0);
    }

    @Override // org.eu.mayrhofer.channel.IPSecConnection
    public boolean init(String str, String str2, int i) {
        if (this.remoteHost != null) {
            logger.error(new StringBuffer().append("Can not initialize connection with remote '").append(str).append("', already initialized with '").append(this.remoteHost).append("'").toString());
            return false;
        }
        this.remoteHost = str;
        if (str2 != null) {
            this.remoteNetwork = new StringBuffer().append(str2).append("/").append(i).toString();
        } else {
            this.remoteNetwork = null;
        }
        logger.info(new StringBuffer().append("Initialized with remote '").append(this.remoteHost).append("', network '").append(this.remoteNetwork).append("'").toString());
        return true;
    }

    @Override // org.eu.mayrhofer.channel.SecureChannel
    public boolean start(byte[] bArr, boolean z) {
        return start(bArr, null, z);
    }

    @Override // org.eu.mayrhofer.channel.IPSecConnection
    public boolean start(String str, boolean z) {
        throw new RuntimeException("CA authentication currently not supported with Racoon");
    }

    private boolean start(byte[] bArr, String str, boolean z) {
        if (this.remoteHost == null) {
            logger.error("Can not start connection, remoteHost not yet set");
            return false;
        }
        logger.debug(new StringBuffer().append("Trying to create ").append(z ? "persistent" : "temporary").append(" ipsec connection to host ").append(this.remoteHost).append(this.remoteNetwork != null ? new StringBuffer().append(" to remote network ").append(this.remoteNetwork).toString() : XmlPullParser.NO_NAMESPACE).toString());
        File file = new File(new StringBuffer().append("/etc/racoon/remote/").append(this.remoteHost).append(".conf").toString());
        if (file.exists()) {
            logger.error(new StringBuffer().append("Unable to create IPSec connection to ").append(this.remoteHost).append(": ").append(file).append(" already exists.").toString());
            return false;
        }
        File file2 = new File("/etc/racoon/psk.txt");
        if (!file2.exists() || !file2.canWrite()) {
            logger.error(new StringBuffer().append("Unable to create IPSec connection to ").append(this.remoteHost).append(": ").append(file2).append(" does not exist or is not writable.").toString());
            return false;
        }
        File file3 = new File("/etc/racoon/psk.tmp");
        if (file3.exists()) {
            logger.error(new StringBuffer().append("Unable to create IPSec connection to ").append(this.remoteHost).append(": ").append(file3).append(" already exists.").toString());
            return false;
        }
        try {
            logger.info(new StringBuffer().append("Creating config file ").append(file).toString());
            if (!file.createNewFile()) {
                logger.error(new StringBuffer().append("Unable to create IPSec connection to ").append(this.remoteHost).append(": ").append(file).append(" could not be created.").toString());
                return false;
            }
            logger.debug(new StringBuffer().append("Creating temporary file ").append(file3).toString());
            if (!file3.createNewFile()) {
                logger.error(new StringBuffer().append("Unable to create IPSec connection to ").append(this.remoteHost).append(": ").append(file3).append(" could not be created.").toString());
                file.delete();
                return false;
            }
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
            bufferedWriter.write(new StringBuffer().append("remote ").append(this.remoteHost).append("\n").toString());
            bufferedWriter.write("{\n");
            bufferedWriter.write("    exchange_mode main,aggressive;\n");
            bufferedWriter.write("    doi ipsec_doi;\n");
            bufferedWriter.write("    situation identity_only;\n");
            bufferedWriter.write("    my_identifier address;\n");
            bufferedWriter.write("    nonce_size 16;\n");
            bufferedWriter.write("    lifetime time 1 hour;\n");
            bufferedWriter.write("    initial_contact on;\n");
            bufferedWriter.write("    proposal_check obey;\n");
            bufferedWriter.write("    generate_policy off;\n");
            bufferedWriter.write("    #nat_traversal on;\n");
            bufferedWriter.write("    proposal {\n");
            bufferedWriter.write("        encryption_algorithm 3des;\n");
            bufferedWriter.write("        hash_algorithm sha1;\n");
            bufferedWriter.write("        authentication_method pre_shared_key;\n");
            bufferedWriter.write("        dh_group modp1536;\n");
            bufferedWriter.write("    }\n");
            bufferedWriter.write("}\n");
            bufferedWriter.flush();
            bufferedWriter.close();
            if (bArr != null) {
                BufferedWriter bufferedWriter2 = new BufferedWriter(new FileWriter(file3));
                BufferedReader bufferedReader = new BufferedReader(new FileReader(file2));
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    if (!readLine.startsWith(this.remoteHost)) {
                        bufferedWriter2.write(new StringBuffer().append(readLine).append("\n").toString());
                    }
                }
                bufferedReader.close();
                bufferedWriter2.write(new StringBuffer().append(this.remoteHost).append(" ").append(new String(Hex.encodeHex(bArr))).append("\n").toString());
                bufferedWriter2.flush();
                bufferedWriter2.close();
                file3.renameTo(file2);
            }
            try {
                Command.executeCommand(new String[]{"chmod", "0600", file2.getCanonicalPath()}, null, null);
                Command.executeCommand(new String[]{"killall", "-HUP", "racoon"}, null, null);
                logger.info("Creating security policy entries for each of the local IP addresses");
                LinkedList allLocalIps = Helper.getAllLocalIps();
                while (allLocalIps.size() > 0) {
                    String str2 = (String) allLocalIps.removeFirst();
                    Command.executeCommand(new String[]{"/usr/sbin/setkey", "-c"}, this.remoteNetwork == null ? new StringBuffer().append("spdadd ").append(this.remoteHost).append(" ").append(str2).append(" any -P in ipsec esp/transport//use;\n").append("spdadd ").append(str2).append(" ").append(this.remoteHost).append(" any -P out ipsec esp/transport//use;\n").toString() : new StringBuffer().append("spdadd ").append(this.remoteNetwork).append(" ").append(str2).append(" any -P in ipsec esp/tunnel/").append(this.remoteHost).append("-").append(str2).append("/require;\n").append("spdadd ").append(str2).append(" ").append(this.remoteNetwork).append(" any -P out ipsec esp/tunnel/").append(str2).append("-").append(this.remoteHost).append("/require;\n").toString(), null);
                }
                logger.info(new StringBuffer().append("Established connection to ").append(this.remoteHost).toString());
            } catch (ExitCodeException e) {
                logger.error(new StringBuffer().append("Command failed: ").append(e).toString());
            }
            return true;
        } catch (IOException e2) {
            logger.error(new StringBuffer().append("Could not get list of local addresses: ").append(e2).toString());
            if (file.exists()) {
                file.delete();
            }
            if (file3.exists()) {
                file3.delete();
            }
            try {
                Command.executeCommand(new String[]{"killall", "-HUP", "racoon"}, null, null);
                return false;
            } catch (Exception e3) {
                return false;
            }
        }
    }

    @Override // org.eu.mayrhofer.channel.SecureChannel
    public boolean stop() {
        if (this.remoteHost == null) {
            logger.error("Unable to stop IPSec connection, it has not been initialized yet (don't know which host to act on)");
            return false;
        }
        File file = new File(new StringBuffer().append("/etc/racoon/remote/").append(this.remoteHost).append(".conf").toString());
        if (!file.exists()) {
            logger.error(new StringBuffer().append("Unable to stop IPSec connection to ").append(this.remoteHost).append(": ").append(file).append(" does not exists.").toString());
            return false;
        }
        if (!file.delete()) {
            logger.error(new StringBuffer().append("Unable to stop IPSec connection to ").append(this.remoteHost).append(": ").append(file).append(" could not be deleted.").toString());
            return false;
        }
        try {
            Command.executeCommand(new String[]{"killall", "-HUP", "racoon"}, null, null);
            logger.info("Deleting security policy entries for each of the local IP addresses");
            LinkedList allLocalIps = Helper.getAllLocalIps();
            while (allLocalIps.size() > 0) {
                String str = (String) allLocalIps.removeFirst();
                System.out.println(Command.executeCommand(new String[]{"/usr/sbin/setkey", "-c"}, this.remoteNetwork == null ? new StringBuffer().append("spddelete ").append(this.remoteHost).append(" ").append(str).append(" any -P in;\n").append("spddelete ").append(str).append(" ").append(this.remoteHost).append(" any -P out;\n").toString() : new StringBuffer().append("spddelete ").append(this.remoteNetwork).append(" ").append(str).append(" any -P in;\n").append("spddelete ").append(str).append(" ").append(this.remoteNetwork).append(" any -P out;\n").toString(), null));
            }
            Command.executeCommand(new String[]{"/usr/sbin/setkey", "-F"}, null, null);
            return !isEstablished();
        } catch (IOException e) {
            logger.error(new StringBuffer().append("Could not execute command: ").append(e).toString());
            return false;
        } catch (ExitCodeException e2) {
            logger.error(new StringBuffer().append("Could not execute command: ").append(e2).toString());
            return false;
        }
    }

    @Override // org.eu.mayrhofer.channel.SecureChannel
    public boolean isEstablished() {
        if (this.remoteHost == null) {
            return false;
        }
        try {
            return getConnStatus(this.remoteHost) == 1;
        } catch (IOException e) {
            logger.error(new StringBuffer().append("Could not execute command: ").append(e).toString());
            return false;
        } catch (ExitCodeException e2) {
            logger.error(new StringBuffer().append("Could not execute command: ").append(e2).toString());
            return false;
        }
    }

    @Override // org.eu.mayrhofer.channel.IPSecConnection
    public int importCertificate(String str, String str2, boolean z) {
        return -1;
    }

    public void dispose() {
        if (this.remoteHost != null) {
            stop();
        }
    }

    protected int getConnStatus(String str) throws ExitCodeException, IOException {
        String str2;
        StringTokenizer stringTokenizer = new StringTokenizer(Command.executeCommand(new String[]{"/usr/sbin/setkey", "-D"}, null, null), "\n");
        boolean z = false;
        boolean z2 = false;
        while (stringTokenizer.hasMoreElements() && (!z || !z2)) {
            String nextToken = stringTokenizer.nextToken();
            while (true) {
                str2 = nextToken;
                if (str2 == null || !str2.startsWith("\t") || !stringTokenizer.hasMoreElements()) {
                    break;
                }
                nextToken = stringTokenizer.nextToken();
            }
            if (str2 != null && stringTokenizer.hasMoreElements()) {
                String substring = str2.substring(0, str2.indexOf(32));
                String substring2 = str2.substring(str2.indexOf(32) + 1, str2.length());
                if (!substring.equals("No") || !substring2.equals("SAD entries.")) {
                    logger.debug(new StringBuffer().append("Examining SA from address ").append(substring).append(" to address ").append(substring2).toString());
                    if (stringTokenizer.nextToken().startsWith("\tesp mode=transport")) {
                        String nextToken2 = stringTokenizer.nextToken();
                        if (nextToken2.startsWith("\tE: ")) {
                            String substring3 = nextToken2.substring(4, nextToken2.indexOf(32, 4));
                            String nextToken3 = stringTokenizer.nextToken();
                            if (nextToken3.startsWith("\tA: ")) {
                                logger.debug(new StringBuffer().append("This SA seems to be active, using encryption algorithm ").append(substring3).append(" and authentication algorithm ").append(nextToken3.substring(4, nextToken3.indexOf(32, 4))).toString());
                                String nextToken4 = stringTokenizer.nextToken();
                                String substring4 = nextToken4.substring(nextToken4.indexOf(61, nextToken4.indexOf(61, nextToken4.indexOf(61, nextToken4.indexOf(61) + 1) + 1) + 1) + 1, nextToken4.length());
                                logger.debug(new StringBuffer().append("This SA is in state ").append(substring4).toString());
                                if (substring4.startsWith("mature")) {
                                    if (substring.startsWith(str)) {
                                        logger.debug("Found active incoming SA");
                                        z = true;
                                    }
                                    if (substring2.startsWith(str)) {
                                        logger.debug("Found active outgoing SA");
                                        z2 = true;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        return (z && z2) ? 1 : 0;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$eu$mayrhofer$channel$IPSecConnection_Racoon == null) {
            cls = class$("org.eu.mayrhofer.channel.IPSecConnection_Racoon");
            class$org$eu$mayrhofer$channel$IPSecConnection_Racoon = cls;
        } else {
            cls = class$org$eu$mayrhofer$channel$IPSecConnection_Racoon;
        }
        logger = Logger.getLogger(cls);
    }
}
