package com.boxcryptor.java.network;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.secapache.http.HttpHost;
import org.secapache.http.conn.socket.LayeredConnectionSocketFactory;
import org.secapache.http.conn.ssl.TrustStrategy;
import org.secapache.http.protocol.HttpContext;
import org.secapache.http.ssl.SSLContextBuilder;

/* compiled from: DefaultSecureSSLSocketFactory.java */
/* loaded from: classes.dex */
public class g implements LayeredConnectionSocketFactory {
    private static final com.boxcryptor.java.common.b.b a = com.boxcryptor.java.common.b.b.a("http");
    private static final List<String> b = Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
    private static final List<String> c = Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1");
    private static String[] d;
    private static String[] e;
    private SSLSocketFactory f;
    private HostnameVerifier g;

    public g(SSLContext sSLContext, HostnameVerifier hostnameVerifier) {
        this.f = sSLContext.getSocketFactory();
        this.g = hostnameVerifier;
    }

    public static g a(final f fVar, final b bVar) {
        SSLContext sSLContext;
        if (fVar != null) {
            TrustStrategy trustStrategy = new TrustStrategy() { // from class: com.boxcryptor.java.network.g.1
                @Override // org.secapache.http.ssl.TrustStrategy
                public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) {
                    try {
                        if (b.this != null) {
                            b.this.a(x509CertificateArr);
                        }
                        return fVar.a(x509CertificateArr);
                    } catch (CertificateException e2) {
                        g.a.a("verify-cert-chain", e2.getMessage(), e2);
                        return false;
                    }
                }
            };
            try {
                return new g(SSLContextBuilder.create().loadTrustMaterial(trustStrategy).build(), new HostnameVerifier() { // from class: com.boxcryptor.java.network.g.2
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return f.this.a(str);
                    }
                });
            } catch (Exception e2) {
                a.a("create-SecureSSLSocketFactory-SSLVerifier", e2.getMessage(), e2);
            }
        }
        try {
            try {
                sSLContext = SSLContext.getInstance("Default");
            } catch (NoSuchAlgorithmException e3) {
                sSLContext = SSLContext.getInstance("TLS");
            }
            return new g(sSLContext, new c());
        } catch (NoSuchAlgorithmException e4) {
            a.a("create-SecureSSLSocketFactory-default", e4.getMessage(), e4);
            throw new IllegalStateException(e4);
        }
    }

    private static void a(String str, String[] strArr) {
        if (strArr == null) {
            a.b(str, "null");
            return;
        }
        if (strArr.length == 0) {
            a.b(str, "empty");
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (String str2 : strArr) {
            sb.append(str2).append(", ");
        }
        a.b(str, sb.toString().substring(0, sb.length() - 2));
    }

    private void a(SSLSocket sSLSocket) {
        sSLSocket.setEnabledCipherSuites(b(sSLSocket.getEnabledCipherSuites()));
        sSLSocket.setEnabledProtocols(a(sSLSocket.getEnabledProtocols()));
    }

    private void a(SSLSocket sSLSocket, String str) {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    sSLSocket.startHandshake();
                    session = sSLSocket.getSession();
                }
            }
            if (session == null) {
                throw new SSLHandshakeException("SSL session not available");
            }
            if (this.g.verify(str, session)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Host name '" + str + "' does not match the certificate subject provided by the peer (" + ((X509Certificate) session.getPeerCertificates()[0]).getSubjectX500Principal().toString() + ")");
        } catch (IOException e2) {
            try {
                sSLSocket.close();
            } catch (Exception e3) {
            }
            throw e2;
        }
    }

    private static String[] a(String[] strArr) {
        if (e == null) {
            a("system-protocols", strArr);
            if (strArr != null) {
                ArrayList arrayList = new ArrayList();
                for (String str : strArr) {
                    if (c.contains(str)) {
                        arrayList.add(str);
                    }
                }
                if (arrayList.isEmpty()) {
                    a.b("system-protocols", "remove-ssl");
                    for (String str2 : strArr) {
                        if (!str2.startsWith("SSL")) {
                            arrayList.add(str2);
                        }
                    }
                }
                e = new String[arrayList.size()];
                arrayList.toArray(e);
            }
            a("available-protocols", e);
        }
        return e;
    }

    private static String[] b(String[] strArr) {
        if (d == null) {
            a("system-ciphers", strArr);
            if (strArr != null) {
                ArrayList arrayList = new ArrayList();
                for (String str : strArr) {
                    if (b.contains(str)) {
                        arrayList.add(str);
                    }
                }
                if (arrayList.isEmpty()) {
                    a.b("system-ciphers", "reorder");
                    for (String str2 : strArr) {
                        if (str2.contains("AES")) {
                            arrayList.add(str2);
                        }
                    }
                    for (String str3 : strArr) {
                        if (!arrayList.contains(str3)) {
                            arrayList.add(str3);
                        }
                    }
                }
                d = new String[arrayList.size()];
                arrayList.toArray(d);
            }
            a("available-ciphers", d);
        }
        return d;
    }

    @Override // org.secapache.http.conn.socket.ConnectionSocketFactory
    public Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) {
        Socket createSocket = socket != null ? socket : createSocket(httpContext);
        if (inetSocketAddress2 != null) {
            createSocket.bind(inetSocketAddress2);
        }
        if (i > 0) {
            try {
                if (createSocket.getSoTimeout() == 0) {
                    createSocket.setSoTimeout(i);
                }
            } catch (IOException e2) {
                try {
                    createSocket.close();
                } catch (IOException e3) {
                }
                throw e2;
            }
        }
        createSocket.connect(inetSocketAddress, i);
        if (!(createSocket instanceof SSLSocket)) {
            return createLayeredSocket(createSocket, httpHost.getHostName(), inetSocketAddress.getPort(), httpContext);
        }
        SSLSocket sSLSocket = (SSLSocket) createSocket;
        sSLSocket.startHandshake();
        a(sSLSocket, httpHost.getHostName());
        return createSocket;
    }

    @Override // org.secapache.http.conn.socket.LayeredConnectionSocketFactory
    public Socket createLayeredSocket(Socket socket, String str, int i, HttpContext httpContext) {
        SSLSocket sSLSocket = (SSLSocket) this.f.createSocket(socket, str, i, true);
        a(sSLSocket);
        sSLSocket.startHandshake();
        a(sSLSocket, str);
        return sSLSocket;
    }

    @Override // org.secapache.http.conn.socket.ConnectionSocketFactory
    public Socket createSocket(HttpContext httpContext) {
        return SocketFactory.getDefault().createSocket();
    }
}
