package com.labgency.tools.requests.handlers;

import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.support.v4.media.e;
import com.labgency.hss.HSSAgent;
import com.labgency.hss.HSSLog;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.params.HttpParams;

@TargetApi(17)
/* loaded from: classes10.dex */
public class TlsSniSocketFactory implements LayeredSocketFactory {

    /* renamed from: a, reason: collision with root package name */
    final HostnameVerifier f10002a = new a();

    /* renamed from: b, reason: collision with root package name */
    private KeyManagerFactory f10003b;

    /* renamed from: c, reason: collision with root package name */
    private TrustManagerFactory f10004c;

    /* loaded from: classes10.dex */
    class a extends StrictHostnameVerifier {
        a() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes10.dex */
    public class b implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ X509TrustManager f10005a;

        b(X509TrustManager x509TrustManager) {
            this.f10005a = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.f10005a.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null) {
                try {
                    HSSLog.d("TlsSniSocketFactory", "checkServerTrusted, authType: " + str);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        HSSLog.d("TlsSniSocketFactory", "one cert with DN " + x509Certificate.getSubjectDN());
                    }
                } catch (CertificateExpiredException e2) {
                    HSSLog.d("TlsSniSocketFactory", "CertificateExpiredException");
                    if (!TlsSniSocketFactory.a(TlsSniSocketFactory.this, x509CertificateArr)) {
                        throw e2;
                    }
                    return;
                } catch (CertificateNotYetValidException e3) {
                    HSSLog.d("TlsSniSocketFactory", "CertificateNotYetValidException");
                    if (!TlsSniSocketFactory.a(TlsSniSocketFactory.this, x509CertificateArr)) {
                        throw e3;
                    }
                    return;
                } catch (CertificateException e4) {
                    StringBuilder a2 = e.a("CertificateException ");
                    a2.append(e4.getMessage());
                    HSSLog.d("TlsSniSocketFactory", a2.toString());
                    if (e4.getCause() != null) {
                        StringBuilder a3 = e.a("CertificateException cause: ");
                        a3.append(e4.getCause().getMessage());
                        HSSLog.d("TlsSniSocketFactory", a3.toString());
                    }
                    if (e4.getCause() != null && "timestamp check failed".equals(e4.getCause().getMessage())) {
                        if (!TlsSniSocketFactory.a(TlsSniSocketFactory.this, x509CertificateArr)) {
                            throw e4;
                        }
                        return;
                    } else if (e4.getCause() != null && e4.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                        if (!TlsSniSocketFactory.a(TlsSniSocketFactory.this, x509CertificateArr)) {
                            throw e4;
                        }
                        return;
                    } else {
                        if (e4.getCause() == null || !e4.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                            throw e4;
                        }
                        if (!TlsSniSocketFactory.a(TlsSniSocketFactory.this, x509CertificateArr)) {
                            throw e4;
                        }
                        return;
                    }
                }
            }
            this.f10005a.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.f10005a.getAcceptedIssuers();
        }
    }

    public TlsSniSocketFactory(KeyStore keyStore) {
        this.f10003b = null;
        this.f10004c = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.f10003b = keyManagerFactory;
            keyManagerFactory.init(keyStore, DefaultRequestSettingsHandler.get_hash().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.f10004c = trustManagerFactory;
            trustManagerFactory.init(keyStore);
        } catch (Exception e2) {
            e2.printStackTrace();
            HSSLog.e("httpclient", "could not create SSLSocketFactory");
        }
    }

    static /* synthetic */ boolean a(TlsSniSocketFactory tlsSniSocketFactory, X509Certificate[] x509CertificateArr) {
        Objects.requireNonNull(tlsSniSocketFactory);
        if (HSSAgent.getClockState() <= 0) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                return false;
            }
            long time = HSSAgent.getTime();
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (x509Certificate.getNotAfter().getTime() < time || x509Certificate.getNotBefore().getTime() > time) {
                return false;
            }
        }
        return true;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i2, InetAddress inetAddress, int i3, HttpParams httpParams) throws IOException {
        return createSocket(socket, str, i2, true);
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        return SSLSocketFactory.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i2, boolean z) throws IOException, UnknownHostException {
        HSSLog.d("TlsSniSocketFactory", "create socket to host: " + str);
        if (z && socket != null) {
            socket.close();
        }
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(4000);
        sSLCertificateSocketFactory.setKeyManagers(this.f10003b.getKeyManagers());
        TrustManager[] trustManagers = this.f10004c.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0) {
            sSLCertificateSocketFactory.setTrustManagers(this.f10004c.getTrustManagers());
        } else {
            StringBuilder a2 = e.a("we have ");
            a2.append(trustManagers.length);
            a2.append(" trust managers");
            HSSLog.d("TlsSniSocketFactory", a2.toString());
            sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{new b((X509TrustManager) trustManagers[0])});
        }
        SSLSocket sSLSocket = (SSLSocket) sSLCertificateSocketFactory.createSocket(InetAddress.getByName(str), i2);
        sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
        sSLCertificateSocketFactory.setHostname(sSLSocket, str);
        if (this.f10002a.verify(str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException(defpackage.a.a("Cannot verify hostname: ", str));
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) throws IllegalArgumentException {
        if (socket instanceof SSLSocket) {
            return ((SSLSocket) socket).isConnected();
        }
        return false;
    }
}
