package org.dmfs.dav;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

/* loaded from: classes.dex */
public class ai implements LayeredSocketFactory {
    public static final z a = new z();
    private static final String[] b = {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"};
    private static final String[] c = {"TLSv1", "SSLv3"};
    private static final String[] f = {"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"};
    private static final String[] g = {"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5"};
    private static final String[] h = {"SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5"};
    private static final String[] i = {"SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"};
    private String[] d;
    private String[] e;
    private SSLContext j;
    private final aa k;
    private KeyManager[] l;
    private X509HostnameVerifier m;
    private boolean n;

    public ai(KeyStore keyStore) {
        this(keyStore, null, a);
    }

    private ai(KeyStore keyStore, aa aaVar, AbstractVerifier abstractVerifier) {
        this.j = null;
        this.n = false;
        this.k = aaVar;
        b(keyStore);
        this.m = abstractVerifier;
    }

    public ai(aa aaVar) {
        this(null, aaVar, a);
    }

    private void a(String str, SSLSocket sSLSocket) {
        if (this.m == null) {
            return;
        }
        try {
            this.m.verify(str, sSLSocket);
        } catch (ah e) {
            throw new ah("host name mismatch", str, (X509Certificate) sSLSocket.getSession().getPeerCertificates()[0], e.getCause());
        }
    }

    private String[] a(SSLSocket sSLSocket, boolean z) {
        if (this.e != null) {
            return this.e;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(sSLSocket.getSupportedCipherSuites()));
        Collection<?> asList = Arrays.asList(z ? i : h);
        ArrayList arrayList2 = new ArrayList(arrayList.size());
        Collections.addAll(arrayList2, z ? g : f);
        arrayList2.retainAll(arrayList);
        arrayList.removeAll(arrayList2);
        arrayList.removeAll(asList);
        arrayList2.addAll(arrayList);
        this.e = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
        return this.e;
    }

    private String[] b(SSLSocket sSLSocket, boolean z) {
        if (this.d != null) {
            return this.d;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(sSLSocket.getSupportedProtocols()));
        String[] strArr = z ? c : b;
        ArrayList arrayList2 = new ArrayList(strArr.length);
        Collections.addAll(arrayList2, strArr);
        arrayList2.retainAll(arrayList);
        this.d = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
        return this.d;
    }

    private SSLContext c() {
        if (this.j == null) {
            try {
                this.j = SSLContext.getInstance("TLS");
                this.j.init(this.l, new TrustManager[]{this.k}, null);
            } catch (KeyManagementException e) {
                throw new SSLException("can't create SSLContext", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SSLException("can't create SSLContext", e2);
            }
        }
        return this.j;
    }

    public final void a() {
        this.n = true;
        this.e = null;
        this.d = null;
    }

    public final void a(KeyStore keyStore) {
        this.k.a(keyStore);
    }

    public final void a(X509HostnameVerifier x509HostnameVerifier) {
        this.m = x509HostnameVerifier;
    }

    public final aa b() {
        return this.k;
    }

    public final void b(KeyStore keyStore) {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, null);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (KeyStoreException e) {
                org.dmfs.e.a.e("org.dmfs.dav.SSLSocketFactory", "can't setup key manager", e);
            } catch (NoSuchAlgorithmException e2) {
                org.dmfs.e.a.e("org.dmfs.dav.SSLSocketFactory", "can't setup key manager", e2);
            } catch (UnrecoverableKeyException e3) {
                org.dmfs.e.a.e("org.dmfs.dav.SSLSocketFactory", "can't setup key manager", e3);
            }
        }
        this.l = keyManagerArr;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i2, InetAddress inetAddress, int i3, HttpParams httpParams) {
        InetSocketAddress inetSocketAddress = new InetSocketAddress(str, i2);
        SSLSocket sSLSocket = (SSLSocket) (socket != null ? socket : createSocket());
        if (inetAddress != null || i3 > 0) {
            if (i3 < 0) {
                i3 = 0;
            }
            sSLSocket.bind(new InetSocketAddress(inetAddress, i3));
        }
        try {
            aj.a(str, sSLSocket);
        } catch (Exception e) {
            org.dmfs.e.a.e("org.dmfs.dav.SSLSocketFactory", "can't set SNI host name", e);
        }
        sSLSocket.setEnabledCipherSuites(a(sSLSocket, this.n));
        sSLSocket.setEnabledProtocols(b(sSLSocket, this.n));
        int connectionTimeout = HttpConnectionParams.getConnectionTimeout(httpParams);
        int soTimeout = HttpConnectionParams.getSoTimeout(httpParams);
        sSLSocket.connect(inetSocketAddress, connectionTimeout);
        sSLSocket.setSoTimeout(soTimeout);
        a(str, sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() {
        return c().getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i2, boolean z) {
        SSLSocket sSLSocket = (SSLSocket) c().getSocketFactory().createSocket(socket, str, i2, z);
        try {
            aj.a(str, sSLSocket);
        } catch (Exception e) {
            org.dmfs.e.a.e("org.dmfs.dav.SSLSocketFactory", "can't set SNI host name", e);
        }
        sSLSocket.setEnabledCipherSuites(a(sSLSocket, this.n));
        sSLSocket.setEnabledProtocols(b(sSLSocket, this.n));
        if (this.m != null) {
            sSLSocket.startHandshake();
            a(str, sSLSocket);
        }
        return sSLSocket;
    }

    public boolean equals(Object obj) {
        return obj != null && obj.getClass().equals(ai.class);
    }

    public int hashCode() {
        return ai.class.hashCode();
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) {
        return true;
    }
}
