package com.trend.iwss.jscan.runtime;

import com.trend.iwss.jscan.runtime.MethodRefMatcher;
import com.trend.iwss.jscan.runtime.PolicyRuntime;
import java.io.File;
import java.net.DatagramPacket;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.util.StringTokenizer;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public final class NetworkPolicyRuntime extends PolicyRuntime {
    public static final String CFG_NETWORK_BIND_ENABLE = "bind_enable";
    public static final String CFG_NETWORK_CONNECT_EXCLUDED_DOMAINS_LIST = "connect_ex_dom_list";
    public static final String CFG_NETWORK_CONNECT_INCLUDED_DOMAINS_LIST = "connect_in_dom_list";
    public static final String CFG_NETWORK_CONNECT_OTHER_BOOL = "connect_other";
    public static final String CFG_NETWORK_CONNECT_SOURCE_BOOL = "connect_src";
    public static final String CLASS_INETADDRESS = "java.net.InetAddress";
    public static final String CLASS_INETSOCKETADDRESS = "java.net.InetSocketAddress";
    public static final Factory FACT;
    public static final String FULLCLASSPATH;
    public static final String LOCALHOST_NAME = "localhost";
    public static final String LOOPBACK_IPADDR = "127.0.0.1";
    public static final MethodRefMatcher.Set MATCHERS;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_INIT_I;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_RECEIVE;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_SEND;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_BIND;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_INIT;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_INIT_I;
    public static final MethodRefMatcher MATCH_SOCKET_INIT_INETADDR;
    public static final MethodRefMatcher MATCH_SOCKET_INIT_STRING;
    public static final MethodRefMatcher MATCH_URL_CONNECTION_CONNECT;
    public static final MethodRefMatcher MATCH_URL_CONNECTION_INIT;
    public static final MethodRefMatcher MATCH_URL_INIT;
    public static final MethodRefMatcher MATCH_URL_OPEN;
    public static final String METH_INETSOCKETADDRESS_GETADDRESS = "getAddress";
    public static final String METH_INETSOCKETADDRESS_GETHOSTNAME = "getHostName";
    public static final String NAME = "Network";
    public static final String PROP_PREFIX = "net";
    public static final String URL_PROTOCOL_FILE = "file";
    public static final String URL_PROTOCOL_FTP = "ftp";
    public static final String URL_PROTOCOL_JAR = "jar";
    static /* synthetic */ Class class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime;
    private boolean m_connectToOriginEnabled;
    private boolean m_connectToOtherEnabled;
    private boolean m_localBindEnabled;
    private String m_originHost;
    private InetAddress m_originInetAddress;
    private String m_originURI;
    private String m_otherDomainsExceptions;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class Factory extends PolicyRuntime.Factory {
        Factory(String str) {
            super(str);
        }

        @Override // com.trend.iwss.jscan.runtime.PolicyRuntime.Factory
        PolicyRuntime make(Session session) {
            return new NetworkPolicyRuntime(session);
        }
    }

    static {
        Class cls = class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime;
        if (cls == null) {
            cls = class$("com.trend.iwss.jscan.runtime.NetworkPolicyRuntime");
            class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime = cls;
        }
        FULLCLASSPATH = PolicyRuntime.classNameSlashNotation(cls);
        FACT = new Factory(NAME);
        MethodRefMatcher.Set set = new MethodRefMatcher.Set("java/net/");
        MATCHERS = set;
        MATCH_SERVER_SOCKET_INIT = set.make("java/net/ServerSocket", "<init>");
        MATCH_SERVER_SOCKET_INIT_I = MATCHERS.make("java/net/ServerSocket", "<init>", "(I*");
        MATCH_SERVER_SOCKET_BIND = MATCHERS.make("java/net/ServerSocket", "bind", "(Ljava/net/SocketAddress;*");
        MATCH_SOCKET_INIT_INETADDR = MATCHERS.make("java/net/Socket", "<init>", "(Ljava/net/InetAddress;*");
        MATCH_SOCKET_INIT_STRING = MATCHERS.make("java/net/Socket", "<init>", "(Ljava/lang/String;*");
        MATCH_DATAGRAM_SOCKET_INIT_I = MATCHERS.make("java/net/DatagramSocket", "<init>", "(I*");
        MATCH_DATAGRAM_SOCKET_SEND = MATCHERS.make("java/net/DatagramSocket", "send");
        MATCH_DATAGRAM_SOCKET_RECEIVE = MATCHERS.make("java/net/DatagramSocket", "receive");
        MATCH_URL_CONNECTION_INIT = MATCHERS.make("java/net/URLConnection", "<init>");
        MATCH_URL_CONNECTION_CONNECT = MATCHERS.make("java/net/URLConnection", "connect");
        MATCH_URL_INIT = MATCHERS.make("java/net/URL", "<init>");
        MATCH_URL_OPEN = MATCHERS.make("java/net/URL", new String[]{"openConnection", "openStream", "getContent"});
    }

    NetworkPolicyRuntime(Session session) {
        super(NAME, PROP_PREFIX, session);
        String strProp = getStrProp(PolicyRuntime.CFG_JSCAN_SESSION_ORIGIN_URI, null);
        this.m_originURI = strProp;
        String hostFromURI = getHostFromURI(strProp);
        this.m_originHost = hostFromURI;
        this.m_originInetAddress = getInetAddr(hostFromURI);
        this.m_localBindEnabled = getBoolPolicyProp(CFG_NETWORK_BIND_ENABLE, false);
        this.m_connectToOriginEnabled = getBoolPolicyProp(CFG_NETWORK_CONNECT_SOURCE_BOOL, true);
        boolean boolPolicyProp = getBoolPolicyProp(CFG_NETWORK_CONNECT_OTHER_BOOL, false);
        this.m_connectToOtherEnabled = boolPolicyProp;
        this.m_otherDomainsExceptions = getStrPolicyProp(boolPolicyProp ? CFG_NETWORK_CONNECT_EXCLUDED_DOMAINS_LIST : CFG_NETWORK_CONNECT_INCLUDED_DOMAINS_LIST, "");
    }

    private boolean allow(String str, InetAddress inetAddress) {
        return matchOrigin(str, inetAddress) ? this.m_connectToOriginEnabled : this.m_connectToOtherEnabled ? !matchList(str, inetAddress, this.m_otherDomainsExceptions) : matchList(str, inetAddress, this.m_otherDomainsExceptions);
    }

    private boolean allowHostName(String str) {
        return allow(str, getInetAddr(str));
    }

    private boolean allowInetAddr(InetAddress inetAddress) {
        return allow(getHostNameFromInetAddr(inetAddress), inetAddress);
    }

    private void checkInetSocketAddr(Object obj) {
        String invokeStringGetter = PolicyRuntime.invokeStringGetter(obj, CLASS_INETSOCKETADDRESS, METH_INETSOCKETADDRESS_GETHOSTNAME);
        Object invokeZeroArgMethod = PolicyRuntime.invokeZeroArgMethod(obj, CLASS_INETSOCKETADDRESS, METH_INETSOCKETADDRESS_GETADDRESS, CLASS_INETADDRESS);
        if (invokeStringGetter == null && invokeZeroArgMethod == null) {
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL_UNSPEC);
        } else {
            if (allow(invokeStringGetter, (InetAddress) invokeZeroArgMethod)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, obj.toString());
        }
    }

    private void checkURL(URL url, CallContext callContext) {
        if (isLocalFileProtocol(url)) {
            PolicyRuntime.preFilter(callContext, FileIOPolicyRuntime.FACT);
        } else {
            if (allowHostName(url.getHost())) {
                return;
            }
            stopAction(Msgs.A_CONNECT, url.toString());
        }
    }

    static /* synthetic */ Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    private static URL fileUrlFromJarUrl(URL url) {
        String file = url.getFile();
        int indexOf = file.indexOf("!/");
        if (-1 != indexOf) {
            file = file.substring(0, indexOf);
        }
        try {
            return new URL(file);
        } catch (MalformedURLException unused) {
            return null;
        }
    }

    public static String getFileProtocolFilename(URL url) {
        if (url == null) {
            return null;
        }
        String protocol = url.getProtocol();
        if ("file".equalsIgnoreCase(protocol) || URL_PROTOCOL_FTP.equalsIgnoreCase(protocol) || (URL_PROTOCOL_JAR.equalsIgnoreCase(protocol) && (url = fileUrlFromJarUrl(url)) != null && "file".equalsIgnoreCase(url.getProtocol()))) {
            return toNormalFilePath(url.getFile());
        }
        return null;
    }

    private static String getHostAddrFromInetAddr(InetAddress inetAddress) {
        if (inetAddress == null) {
            return null;
        }
        try {
            return inetAddress.getHostAddress();
        } catch (SecurityException unused) {
            return null;
        }
    }

    private static String getHostFromURI(String str) {
        if (str == null) {
            return null;
        }
        try {
            return new URL(str).getHost();
        } catch (Exception unused) {
            return null;
        }
    }

    private static String getHostNameFromInetAddr(InetAddress inetAddress) {
        if (inetAddress == null) {
            return null;
        }
        try {
            return inetAddress.getHostName();
        } catch (SecurityException unused) {
            return null;
        }
    }

    private static InetAddress getInetAddr(String str) {
        if (str == null) {
            return null;
        }
        try {
            return InetAddress.getByName(str);
        } catch (SecurityException | UnknownHostException unused) {
            return null;
        }
    }

    private static InetAddress getLocalhostInetAddr() {
        try {
            return InetAddress.getLocalHost();
        } catch (SecurityException | UnknownHostException unused) {
            return null;
        }
    }

    public static boolean isFileProtocol(URL url) {
        return getFileProtocolFilename(url) != null;
    }

    public static boolean isLocal(URL url) {
        if (url == null) {
            return false;
        }
        if (URL_PROTOCOL_JAR.equalsIgnoreCase(url.getProtocol()) && (url = fileUrlFromJarUrl(url)) == null) {
            return false;
        }
        String host = url.getHost();
        if (host == null || "localhost".equalsIgnoreCase(host) || LOOPBACK_IPADDR.equalsIgnoreCase(host)) {
            return true;
        }
        InetAddress localhostInetAddr = getLocalhostInetAddr();
        if (localhostInetAddr == null) {
            return false;
        }
        return host.equals(localhostInetAddr.getHostName());
    }

    public static boolean isLocalFileProtocol(URL url) {
        if (url != null && isFileProtocol(url)) {
            return isLocal(url);
        }
        return false;
    }

    private boolean matchList(String str, InetAddress inetAddress, String str2) {
        String hostAddrFromInetAddr = getHostAddrFromInetAddr(inetAddress);
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ";");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.equals("*") || matchToken(nextToken, str) || matchToken(nextToken, hostAddrFromInetAddr)) {
                return true;
            }
        }
        return false;
    }

    private boolean matchOrigin(String str, InetAddress inetAddress) {
        if (this.m_originURI == null) {
            return false;
        }
        if (str == null || !str.equals(this.m_originHost)) {
            return inetAddress != null && inetAddress.equals(this.m_originInetAddress);
        }
        return true;
    }

    private static boolean matchToken(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        return str.startsWith("*.") ? str2.equals(str.substring(2, str.length())) || str2.endsWith(str.substring(1, str.length())) : str.equals(str2);
    }

    public static void postFilter(CallContext callContext) {
        PolicyRuntime.postFilter(callContext, FACT);
    }

    public static void preFilter(CallContext callContext) {
        PolicyRuntime.preFilter(callContext, FACT);
    }

    public static String toNormalFilePath(String str) {
        if (File.separatorChar != '/') {
            str = str.replace(IOUtils.DIR_SEPARATOR_UNIX, File.separatorChar);
        }
        if (str.length() < 3) {
            return str;
        }
        if (str.charAt(2) == '|') {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str.substring(0, 2));
            stringBuffer.append(":");
            stringBuffer.append(str.substring(3, str.length()));
            str = stringBuffer.toString();
        }
        return (str.charAt(0) == File.separatorChar && str.charAt(2) == ':') ? str.substring(1) : str;
    }

    @Override // com.trend.iwss.jscan.runtime.PolicyRuntime
    void _postFilter(CallContext callContext) {
        if (!MATCH_DATAGRAM_SOCKET_RECEIVE.match(callContext)) {
            if (MATCH_URL_INIT.match(callContext)) {
                checkURL((URL) callContext.getTarget(), callContext);
            }
        } else {
            InetAddress address = ((DatagramPacket) callContext.getArg(0).getObjectValue()).getAddress();
            if (allowInetAddr(address)) {
                return;
            }
            stopAction(Msgs.A_RECEIVEDATA, address.toString());
        }
    }

    @Override // com.trend.iwss.jscan.runtime.PolicyRuntime
    void _preFilter(CallContext callContext) {
        Object target;
        URL url;
        if (MATCH_SERVER_SOCKET_INIT_I.match(callContext)) {
            int intValue = callContext.getArg(0).getIntValue();
            if (this.m_localBindEnabled) {
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("");
            stringBuffer.append(intValue);
            stopAction(Msgs.A_BINDLOCAL, stringBuffer.toString());
            return;
        }
        if (MATCH_SERVER_SOCKET_INIT.match(callContext)) {
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL_UNSPEC);
            return;
        }
        if (MATCH_SOCKET_INIT_INETADDR.match(callContext)) {
            InetAddress inetAddress = (InetAddress) callContext.getArg(0).getObjectValue();
            if (allowInetAddr(inetAddress)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, inetAddress.getHostName());
            return;
        }
        if (MATCH_SOCKET_INIT_STRING.match(callContext)) {
            String str = (String) callContext.getArg(0).getObjectValue();
            if (allowHostName(str)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, str);
            return;
        }
        if (MATCH_DATAGRAM_SOCKET_INIT_I.match(callContext)) {
            int intValue2 = callContext.getArg(0).getIntValue();
            if (this.m_localBindEnabled) {
                return;
            }
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append("");
            stringBuffer2.append(intValue2);
            stopAction(Msgs.A_BINDLOCAL, stringBuffer2.toString());
            return;
        }
        if (MATCH_DATAGRAM_SOCKET_SEND.match(callContext)) {
            InetAddress address = ((DatagramPacket) callContext.getArg(0).getObjectValue()).getAddress();
            if (allowInetAddr(address)) {
                return;
            }
            stopAction(Msgs.A_SENDDATA, address.toString());
            return;
        }
        if (MATCH_SERVER_SOCKET_BIND.match(callContext)) {
            checkInetSocketAddr(callContext.getArg(0).getObjectValue());
            return;
        }
        if (MATCH_URL_CONNECTION_INIT.match(callContext)) {
            target = callContext.getArg(0).getObjectValue();
        } else if (MATCH_URL_CONNECTION_CONNECT.match(callContext)) {
            url = ((URLConnection) callContext.getTarget()).getURL();
            checkURL(url, callContext);
        } else if (!MATCH_URL_OPEN.match(callContext)) {
            return;
        } else {
            target = callContext.getTarget();
        }
        url = (URL) target;
        checkURL(url, callContext);
    }
}
