package com.labgency.tools.requests.handlers;

import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import com.labgency.hss.HSSAgent;
import com.labgency.hss.l;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.params.HttpParams;

/* loaded from: classes4.dex */
public class f implements LayeredSocketFactory {

    /* renamed from: a, reason: collision with root package name */
    final HostnameVerifier f11297a = new a(this);

    /* renamed from: b, reason: collision with root package name */
    private KeyManagerFactory f11298b;
    private TrustManagerFactory c;

    /* loaded from: classes4.dex */
    class a extends StrictHostnameVerifier {
        a(f fVar) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class b implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ X509TrustManager f11299a;

        b(X509TrustManager x509TrustManager) {
            this.f11299a = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.f11299a.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (x509CertificateArr != null) {
                try {
                    l.a("TlsSniSocketFactory", "checkServerTrusted, authType: " + str);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        l.a("TlsSniSocketFactory", "one cert with DN " + x509Certificate.getSubjectDN());
                    }
                } catch (CertificateExpiredException e8) {
                    l.a("TlsSniSocketFactory", "CertificateExpiredException");
                    if (!f.a(f.this, x509CertificateArr)) {
                        throw e8;
                    }
                    return;
                } catch (CertificateNotYetValidException e9) {
                    l.a("TlsSniSocketFactory", "CertificateNotYetValidException");
                    if (!f.a(f.this, x509CertificateArr)) {
                        throw e9;
                    }
                    return;
                } catch (CertificateException e10) {
                    l.a("TlsSniSocketFactory", "CertificateException " + e10.getMessage());
                    if (e10.getCause() != null) {
                        l.a("TlsSniSocketFactory", "CertificateException cause: " + e10.getCause().getMessage());
                    }
                    if (e10.getCause() != null && "timestamp check failed".equals(e10.getCause().getMessage())) {
                        if (!f.a(f.this, x509CertificateArr)) {
                            throw e10;
                        }
                        return;
                    } else if (e10.getCause() != null && e10.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                        if (!f.a(f.this, x509CertificateArr)) {
                            throw e10;
                        }
                        return;
                    } else {
                        if (e10.getCause() == null || !e10.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                            throw e10;
                        }
                        if (!f.a(f.this, x509CertificateArr)) {
                            throw e10;
                        }
                        return;
                    }
                }
            }
            this.f11299a.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.f11299a.getAcceptedIssuers();
        }
    }

    public f(KeyStore keyStore) {
        this.f11298b = null;
        this.c = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.f11298b = keyManagerFactory;
            keyManagerFactory.init(keyStore, DefaultRequestSettingsHandler.get_hash().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.c = trustManagerFactory;
            trustManagerFactory.init(keyStore);
        } catch (Exception e8) {
            e8.printStackTrace();
            l.b("httpclient", "could not create SSLSocketFactory");
        }
    }

    static /* synthetic */ boolean a(f fVar, X509Certificate[] x509CertificateArr) {
        Objects.requireNonNull(fVar);
        if (HSSAgent.s() <= 0) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                return false;
            }
            long B = HSSAgent.B();
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (x509Certificate.getNotAfter().getTime() < B || x509Certificate.getNotBefore().getTime() > B) {
                return false;
            }
        }
        return true;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i8, InetAddress inetAddress, int i9, HttpParams httpParams) {
        return createSocket(socket, str, i8, true);
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() {
        return SSLSocketFactory.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i8, boolean z8) {
        l.a("TlsSniSocketFactory", "create socket to host: " + str);
        if (z8 && socket != null) {
            socket.close();
        }
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(4000);
        sSLCertificateSocketFactory.setKeyManagers(this.f11298b.getKeyManagers());
        TrustManager[] trustManagers = this.c.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0) {
            sSLCertificateSocketFactory.setTrustManagers(this.c.getTrustManagers());
        } else {
            l.a("TlsSniSocketFactory", "we have " + trustManagers.length + " trust managers");
            sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{new b((X509TrustManager) trustManagers[0])});
        }
        SSLSocket sSLSocket = (SSLSocket) sSLCertificateSocketFactory.createSocket(InetAddress.getByName(str), i8);
        sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
        if (Build.VERSION.SDK_INT >= 17) {
            sSLCertificateSocketFactory.setHostname(sSLSocket, str);
        } else {
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Exception unused) {
            }
        }
        if (this.f11297a.verify(str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException("Cannot verify hostname: " + str);
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) {
        if (socket instanceof SSLSocket) {
            return ((SSLSocket) socket).isConnected();
        }
        return false;
    }
}
