package l7;

import d8.j;
import d8.k;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import k.h3;
import o7.i;

/* loaded from: classes.dex */
public final class e implements k7.b {
    public static final p8.b f;

    /* renamed from: a, reason: collision with root package name */
    public final SSLSocketFactory f5599a;

    /* renamed from: b, reason: collision with root package name */
    public final HostnameVerifier f5600b;

    /* renamed from: c, reason: collision with root package name */
    public final String[] f5601c;

    /* renamed from: d, reason: collision with root package name */
    public final String[] f5602d;

    /* renamed from: e, reason: collision with root package name */
    public final h3 f5603e;

    static {
        Collections.unmodifiableList(Arrays.asList(Pattern.compile("^(TLS|SSL)_(NULL|ECDH_anon|DH_anon|DH_anon_EXPORT|DHE_RSA_EXPORT|DHE_DSS_EXPORT|DSS_EXPORT|DH_DSS_EXPORT|DH_RSA_EXPORT|RSA_EXPORT|KRB5_EXPORT)_(.*)", 2), Pattern.compile("^(TLS|SSL)_(.*)_WITH_(NULL|DES_CBC|DES40_CBC|DES_CBC_40|3DES_EDE_CBC|RC4_128|RC4_40|RC2_CBC_40)_(.*)", 2)));
        f = p8.c.c(e.class);
    }

    public e(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, a aVar) {
        Objects.requireNonNull(sSLSocketFactory, "SSL socket factory");
        this.f5599a = sSLSocketFactory;
        this.f5601c = strArr;
        this.f5602d = strArr2;
        this.f5600b = aVar;
        this.f5603e = new h3(4, f);
    }

    public static void d(Socket socket, InetSocketAddress inetSocketAddress, k kVar) {
        p8.b bVar = f;
        if (bVar.isDebugEnabled()) {
            bVar.debug("Connecting socket to {} with timeout {}", inetSocketAddress, kVar);
        }
        try {
            AccessController.doPrivileged(new k7.c(socket, inetSocketAddress, kVar, 1));
        } catch (PrivilegedActionException e6) {
            d8.b.a("method contract violation only checked exceptions are wrapped: " + e6.getCause(), e6.getCause() instanceof IOException);
            throw ((IOException) e6.getCause());
        }
    }

    public static e f() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            return new e(sSLContext.getSocketFactory(), null, null, new a(i7.c.a()));
        } catch (KeyManagementException | NoSuchAlgorithmException e6) {
            throw new IllegalStateException(e6.getMessage(), e6);
        }
    }

    @Override // k7.a
    public final Socket a(Socket socket, i iVar, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, k kVar, Object obj, w7.d dVar) {
        Objects.requireNonNull(iVar, "HTTP host");
        if (inetSocketAddress2 != null) {
            socket.bind(inetSocketAddress2);
        }
        try {
            d(socket, inetSocketAddress, kVar);
            boolean z2 = socket instanceof SSLSocket;
            b8.a aVar = iVar.f6268c;
            if (z2) {
                e((SSLSocket) socket, aVar.f1244b, obj);
                return socket;
            }
            String str = aVar.f1244b;
            SSLSocket sSLSocket = (SSLSocket) this.f5599a.createSocket(socket, str, inetSocketAddress.getPort(), true);
            e(sSLSocket, str, obj);
            return sSLSocket;
        } catch (IOException e6) {
            a8.b.a(socket);
            throw e6;
        }
    }

    @Override // k7.a
    public final Socket b(j jVar, Socket socket, i iVar, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, w7.d dVar) {
        k h9 = jVar != null ? k.h(jVar.f2739b, jVar.f2740c) : null;
        return a(socket, iVar, inetSocketAddress, inetSocketAddress2, h9, h9, dVar);
    }

    @Override // k7.a
    public final Socket c() {
        return new Socket();
    }

    public final void e(SSLSocket sSLSocket, String str, Object obj) {
        String[] strArr;
        x6.e eVar = obj instanceof x6.e ? (x6.e) obj : x6.e.f;
        String[] strArr2 = null;
        String[] strArr3 = this.f5601c;
        if (strArr3 != null) {
            sSLSocket.setEnabledProtocols(strArr3);
        } else {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            x7.a aVar = x7.a.f8583c;
            if (enabledProtocols == null) {
                strArr = null;
            } else {
                ArrayList arrayList = new ArrayList();
                for (String str2 : enabledProtocols) {
                    if (!str2.startsWith("SSL") && !str2.equals(x7.a.f8583c.f8586b) && !str2.equals(x7.a.f8584d.f8586b)) {
                        arrayList.add(str2);
                    }
                }
                if (arrayList.isEmpty()) {
                    arrayList.add(x7.a.f8585e.f8586b);
                }
                strArr = (String[]) arrayList.toArray(new String[0]);
            }
            sSLSocket.setEnabledProtocols(strArr);
        }
        String[] strArr4 = this.f5602d;
        if (strArr4 != null) {
            sSLSocket.setEnabledCipherSuites(strArr4);
        } else {
            String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
            List list = x7.b.f8587a;
            if (enabledCipherSuites != null) {
                ArrayList arrayList2 = new ArrayList();
                for (String str3 : enabledCipherSuites) {
                    Iterator it = x7.b.f8587a.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            if (((Pattern) it.next()).matcher(str3).matches()) {
                                break;
                            }
                        } else {
                            arrayList2.add(str3);
                            break;
                        }
                    }
                }
                strArr2 = !arrayList2.isEmpty() ? (String[]) arrayList2.toArray(new String[0]) : enabledCipherSuites;
            }
            sSLSocket.setEnabledCipherSuites(strArr2);
        }
        k kVar = eVar.f8579b;
        if (kVar != null) {
            sSLSocket.setSoTimeout(kVar.g());
        }
        p8.b bVar = f;
        if (bVar.isDebugEnabled()) {
            bVar.debug("Enabled protocols: {}", (Object) sSLSocket.getEnabledProtocols());
            bVar.debug("Enabled cipher suites: {}", (Object) sSLSocket.getEnabledCipherSuites());
            bVar.debug("Starting handshake ({})", kVar);
        }
        sSLSocket.startHandshake();
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    sSLSocket.startHandshake();
                    session = sSLSocket.getSession();
                }
            }
            if (session == null) {
                throw new SSLHandshakeException("SSL session not available");
            }
            g(str, session);
        } catch (IOException e6) {
            a8.b.a(sSLSocket);
            throw e6;
        }
    }

    public final void g(String str, SSLSession sSLSession) {
        p8.b bVar = (p8.b) this.f5603e.f5013h;
        if (bVar.isDebugEnabled()) {
            bVar.debug("Secure session established");
            bVar.debug(" negotiated protocol: {}", sSLSession.getProtocol());
            bVar.debug(" negotiated cipher suite: {}", sSLSession.getCipherSuite());
            try {
                Certificate certificate = sSLSession.getPeerCertificates()[0];
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    bVar.debug(" peer principal: {}", x509Certificate.getSubjectX500Principal());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add(Objects.toString(list.get(1), null));
                            }
                        }
                        bVar.debug(" peer alternative names: {}", arrayList);
                    }
                    bVar.debug(" issuer principal: {}", x509Certificate.getIssuerX500Principal());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add(Objects.toString(list2.get(1), null));
                            }
                        }
                        bVar.debug(" issuer alternative names: {}", arrayList2);
                    }
                }
            } catch (Exception unused) {
            }
        }
        HostnameVerifier hostnameVerifier = this.f5600b;
        if (hostnameVerifier != null) {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length < 1) {
                throw new SSLPeerUnverifiedException("Peer certificate chain is empty");
            }
            Certificate certificate2 = peerCertificates[0];
            if (!(certificate2 instanceof X509Certificate)) {
                throw new SSLPeerUnverifiedException("Unexpected certificate type: " + certificate2.getType());
            }
            X509Certificate x509Certificate2 = (X509Certificate) certificate2;
            if (hostnameVerifier instanceof d) {
                ((a) ((d) hostnameVerifier)).c(str, x509Certificate2);
                return;
            }
            if (hostnameVerifier.verify(str, sSLSession)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + a.a(x509Certificate2, -1));
        }
    }
}
