package com.citrix.sdk.ssl.androidnative;

import com.citrix.sdk.ssl.androidnative.SslsdkConfig;
import defpackage.AbstractC0788Go;
import defpackage.AbstractC6663mI;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.SocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.params.HttpParams;

/* compiled from: PG */
/* loaded from: classes.dex */
public class CitrixSSLSocketFactory extends SSLSocketFactory implements LayeredSocketFactory, SocketFactory {

    /* renamed from: a, reason: collision with root package name */
    public static SslsdkConfig.c f2827a = SslsdkConfig.c.SSLSDK_OPEN;
    public static volatile int b = -2;
    public static volatile CitrixSSLSocketFactory c = null;
    public static SslsdkConfig.c l;
    public static final String p;
    public static final String q;
    public static HashMap<String, d> s;
    public SslsdkConfig.d g;
    public int d = 0;
    public boolean e = true;
    public boolean f = true;
    public SslsdkConfig.a h = SslsdkConfig.a.CHAIN_BUILD_SERVER_OR_OS;
    public com.citrix.sdk.ssl.b i = null;
    public boolean j = false;
    public SslsdkConfig.b k = SslsdkConfig.b.CIPHER_ALL;
    public final ArrayList<X509KeyManager> m = new ArrayList<>();
    public ArrayList<byte[]> n = new ArrayList<>();
    public ArrayList<X509TrustManager> o = new ArrayList<>();

    @Deprecated
    public X509HostnameVerifier r = null;

    static {
        StringBuilder sb = new StringBuilder();
        sb.append(System.getProperty("java.home"));
        sb.append(File.separator);
        sb.append("lib");
        sb.append(File.separator);
        sb.append("security");
        p = AbstractC0788Go.a(sb, File.separator, "jssecacerts");
        StringBuilder sb2 = new StringBuilder();
        sb2.append(System.getProperty("java.home"));
        sb2.append(File.separator);
        sb2.append("lib");
        sb2.append(File.separator);
        sb2.append("security");
        q = AbstractC0788Go.a(sb2, File.separator, "cacerts");
        s = new HashMap<>(512);
    }

    public CitrixSSLSocketFactory() {
        this.g = l == SslsdkConfig.c.SSLSDK_SP_800_52 ? SslsdkConfig.d.MUST_CHECK : SslsdkConfig.d.NO_CHECK;
    }

    public static synchronized d a(SslsdkConfig sslsdkConfig, CitrixSSLSocket citrixSSLSocket) {
        d dVar;
        String str;
        synchronized (CitrixSSLSocketFactory.class) {
            long a2 = citrixSSLSocket.a();
            byte[] nativeGetSessionID = nativeGetSessionID(a2);
            String str2 = new String(nativeGetSessionID);
            dVar = s.get(str2);
            if (dVar == null) {
                dVar = new d(nativeGetSessionID, nativeGetPeerCerts(a2), sslsdkConfig, citrixSSLSocket);
                s.put(str2, dVar);
                if (e.f2836a) {
                    str = "Session added, java-side cache has " + s.size();
                    e.a(str);
                }
            } else {
                dVar.a(sslsdkConfig, citrixSSLSocket);
                if (e.f2836a) {
                    str = "Session reused, java-side cache has " + s.size();
                    e.a(str);
                }
            }
        }
        return dVar;
    }

    private Socket a(Socket socket, SslsdkConfig sslsdkConfig) throws IOException {
        return a(socket, sslsdkConfig, true);
    }

    private Socket a(Socket socket, SslsdkConfig sslsdkConfig, boolean z) throws IOException {
        if (b != 0) {
            throw new com.citrix.sdk.ssl.a("SSLSDK is not initialized");
        }
        CitrixSSLSocket citrixSSLSocket = new CitrixSSLSocket(socket, sslsdkConfig, this.j, this);
        if (z) {
            citrixSSLSocket.startHandshake();
        }
        return citrixSSLSocket;
    }

    public static KeyStore a(String str, String str2, String str3) {
        File file;
        try {
            file = new File(str);
        } catch (Throwable unused) {
            e.c("Exception while opening Android CA store [" + str + "] Returning empty");
        }
        if (!file.exists()) {
            e.b("CA keystore at [" + str + "] does NOT exist!");
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(str2);
        FileInputStream fileInputStream = new FileInputStream(file);
        keyStore.load(fileInputStream, str3 != null ? str3.toCharArray() : null);
        fileInputStream.close();
        if (e.f2836a) {
            e.a("Loaded old-style keystore (" + keyStore.size() + " entries) at: " + str);
        }
        return keyStore;
    }

    public static synchronized void a(int i, Object[] objArr) {
        synchronized (CitrixSSLSocketFactory.class) {
            a(i, objArr, f2827a);
        }
    }

    @Deprecated
    public static synchronized void a(int i, Object[] objArr, SslsdkConfig.c cVar) {
        synchronized (CitrixSSLSocketFactory.class) {
            if (e.f2836a) {
                e.a("calling CitrixSSLSocketFactory.setupSSLSDK2 with table " + i);
            }
            if (b == 0) {
                if (e.f2836a) {
                    e.a("SSLSDK was already initialized so terminating first...");
                }
                nativeTerminate();
                b = -2;
            }
            if (objArr == null) {
                if (e.f2836a) {
                    e.a("No CAs provided. Using system keystore");
                }
                objArr = d();
                if (objArr == null) {
                    e.c("SSLSDK could not initialize! No system CA store");
                    throw new RuntimeException("No system CA store!");
                }
            } else if (e.f2836a) {
                e.a("Using " + objArr.length + " custom CAs provided");
            }
            try {
                l = cVar;
                b = nativeInitNative(i, objArr, cVar.ordinal());
                if (b != 0) {
                    throw new RuntimeException("SSLSDK could not initialize. Status is " + b);
                }
                StringBuilder sb = new StringBuilder();
                sb.append("Current FIPS status is ");
                sb.append(c() == 1 ? "ENABLED" : "DISABLED");
                e.b(sb.toString());
            } catch (Throwable th) {
                e.c("SSLSDK could not initialize due to unexpected exception! Rethrowing RT from " + th);
                AbstractC6663mI.f4063a.a(th, System.err);
                throw new RuntimeException(th);
            }
        }
    }

    public static void a(boolean z) {
        e.f2836a = z;
        nativeEnableDebug(z);
    }

    public static synchronized void a(byte[] bArr) {
        synchronized (CitrixSSLSocketFactory.class) {
            s.remove(new String(bArr));
            if (e.f2836a) {
                e.a("Session removed, java-side cache has " + s.size());
            }
        }
    }

    public static void b(int i) {
        a(i, (Object[]) null, f2827a);
    }

    public static boolean b() {
        return b == 0;
    }

    public static int c() {
        int nativeGetFIPSMode;
        synchronized (CitrixSSLSocketFactory.class) {
            if (!b()) {
                if (e.f2836a) {
                    e.a("calling getFIPSMode without initializing. Auto-init...");
                }
                b(0);
            }
            nativeGetFIPSMode = nativeGetFIPSMode();
        }
        return nativeGetFIPSMode;
    }

    public static boolean c(int i) {
        boolean nativeSetFIPSMode;
        synchronized (CitrixSSLSocketFactory.class) {
            if (!b()) {
                if (e.f2836a) {
                    e.a("calling setFIPSMode without initializing. Auto-init...");
                }
                b(0);
            }
            nativeSetFIPSMode = nativeSetFIPSMode(i);
        }
        return nativeSetFIPSMode;
    }

    public static Object[] d() {
        KeyStore a2;
        try {
            a2 = KeyStore.getInstance("AndroidCAStore");
            a2.load(null, null);
            e.b("Loaded Android ICS+ keystore. Implementation provided by " + a2.getProvider().getName());
        } catch (Throwable th) {
            e.b("Loading Android ICS+ keystore fails with: " + th);
            a2 = a("/data/system/security/cacerts.bks", "BKS", (String) null);
            if (a2 == null) {
                a2 = a(System.getProperty("javax.net.ssl.trustStore", p), System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()), System.getProperty("javax.net.ssl.trustStorePassword", null));
            }
            if (a2 == null) {
                a2 = a(System.getProperty("javax.net.ssl.trustStore", q), System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()), System.getProperty("javax.net.ssl.trustStorePassword", null));
            }
        }
        if (a2 == null) {
            e.c("a keystore with Android CAs could not be loaded!");
            return null;
        }
        try {
            if (e.f2836a) {
                e.a("Adding certs from keystore...");
            }
            Enumeration<String> aliases = a2.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    arrayList.add(a2.getCertificate(nextElement).getEncoded());
                } catch (CertificateEncodingException e) {
                    e.c("*** could not add cert with alias: [" + nextElement + "] due to ex: " + e.getMessage());
                }
            }
            if (e.f2836a) {
                e.a("Added " + arrayList.size() + " certificates.");
            }
            return arrayList.toArray();
        } catch (Throwable th2) {
            e.c("Problem getting CAs: " + th2);
            AbstractC6663mI.f4063a.a(th2, System.err);
            return null;
        }
    }

    private SslsdkConfig e() throws SSLException {
        SslsdkConfig sslsdkConfig = new SslsdkConfig(this.d);
        sslsdkConfig.a(this.k);
        sslsdkConfig.a(this.g);
        sslsdkConfig.a(this.h);
        com.citrix.sdk.ssl.b bVar = this.i;
        if (bVar != null) {
            sslsdkConfig.a(bVar);
        }
        if (this.n.size() > 0) {
            Iterator<byte[]> it = this.n.iterator();
            while (it.hasNext()) {
                sslsdkConfig.nativePolicyAddCA(it.next());
            }
        }
        sslsdkConfig.a(this.f);
        return sslsdkConfig;
    }

    public static native void nativeEnableDebug(boolean z);

    public static native int nativeGetFIPSMode();

    public static native byte[][] nativeGetPeerCerts(long j);

    public static native byte[] nativeGetSessionID(long j);

    public static native int nativeInitNative(long j, Object[] objArr, int i);

    public static native boolean nativeSetFIPSMode(int i);

    public static native int nativeSetIdentity(long j, byte[] bArr, byte[] bArr2);

    public static native int nativeTerminate();

    public void a(int i) throws com.citrix.sdk.ssl.a {
        int i2 = i & 143;
        if ((i2 & 128) == 0) {
            i2 &= -2;
        }
        if (i2 == 0) {
            e.b("Invalid protocols [%s] passed to setProtocolVersion!", Integer.valueOf(i2));
            throw new com.citrix.sdk.ssl.a(AbstractC0788Go.a("Invalid protocol ", i2, ". Valid protos are 1=SSL3, 2=TLS10, 4=TLS11, 8=TLS12, 128=ForceSSL3. They can be ORed."));
        }
        this.d = i2;
        if (e.f2836a) {
            StringBuilder a2 = AbstractC0788Go.a("this SocketFactory is using proto mask ");
            a2.append(this.d);
            e.a(a2.toString());
        }
    }

    public void a(KeyManager keyManager) {
        synchronized (this.m) {
            X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
            if (x509KeyManager == null) {
                e.c("Trying to add a null key manager!");
            } else {
                this.m.add(x509KeyManager);
            }
        }
    }

    public void a(X509TrustManager x509TrustManager) {
        this.o.add(x509TrustManager);
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            return;
        }
        for (X509Certificate x509Certificate : acceptedIssuers) {
            try {
                byte[] encoded = x509Certificate.getEncoded();
                if (encoded == null) {
                    e.c("addTrustManager: You are passing a null cert!");
                } else {
                    this.n.add(encoded);
                }
            } catch (Exception unused) {
                e.c("addTrustManager: Cert passed cannot be encoded!");
            }
        }
    }

    public boolean a() {
        return this.e;
    }

    public boolean a(CitrixSSLSocket citrixSSLSocket, long j) throws IOException {
        Iterator<X509KeyManager> it = this.m.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            String chooseClientAlias = next.chooseClientAlias(new String[]{"RSA"}, new Principal[0], citrixSSLSocket);
            if (chooseClientAlias != null) {
                try {
                    X509Certificate[] certificateChain = next.getCertificateChain(chooseClientAlias);
                    citrixSSLSocket.a(nativeSetIdentity(j, certificateChain[0].getEncoded(), next.getPrivateKey(chooseClientAlias).getEncoded()));
                    citrixSSLSocket.a(certificateChain);
                    if (e.f2836a) {
                        e.a("setClientCertFromKMs: chosen alias (" + chooseClientAlias + ") DN: " + certificateChain[0].getSubjectDN().getName());
                    }
                    return true;
                } catch (CertificateEncodingException e) {
                    e.c("Encoding exception on identity with alias " + chooseClientAlias + ": " + e);
                    throw new com.citrix.sdk.ssl.a(e);
                }
            }
        }
        return false;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i, InetAddress inetAddress, int i2, HttpParams httpParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (e.f2836a) {
            Object[] objArr = new Object[3];
            objArr[0] = (socket == null || !socket.isConnected()) ? "NOT" : "already";
            objArr[1] = str;
            objArr[2] = Integer.valueOf(i);
            e.a("connectSocket -- lower %s connected to [%s:%d]", objArr);
        }
        if (socket == null || !socket.isConnected()) {
            socket = PlainSocketFactory.getSocketFactory().connectSocket(socket, str, i, inetAddress, i2, httpParams);
        }
        SslsdkConfig e = e();
        e.a(str);
        return a(socket, e);
    }

    @Override // javax.net.SocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        if (e.f2836a) {
            e.a("createSocket 0 [not connected]");
        }
        return a(new Socket(), e(), false);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        if (e.f2836a) {
            e.a("createSocket 1 to host [" + str + ":" + i + "]");
        }
        Socket socket = new Socket(str, i);
        SslsdkConfig e = e();
        e.a(str);
        return a(socket, e);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        if (e.f2836a) {
            e.a("createSocket 2 to host [" + str + "]");
        }
        Socket socket = new Socket(str, i, inetAddress, i2);
        SslsdkConfig e = e();
        e.a(str);
        return a(socket, e);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        if (e.f2836a) {
            e.a("createSocket 3");
        }
        return a(new Socket(inetAddress, i), e());
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        if (e.f2836a) {
            e.a("createSocket 4");
        }
        return a(new Socket(inetAddress, i, inetAddress2, i2), e());
    }

    @Override // javax.net.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        if (e.f2836a) {
            StringBuilder a2 = AbstractC0788Go.a("createSocket 5 (lower ");
            AbstractC0788Go.b(a2, (socket == null || !socket.isConnected()) ? "NOT" : "already", " connected) to host [", str, ":");
            a2.append(i);
            a2.append("]");
            e.a(a2.toString());
        }
        if (socket == null) {
            socket = new Socket(str, i);
        } else if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(str, i));
        }
        SslsdkConfig e = e();
        e.a(str);
        return a(socket, e);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return new String[0];
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return new String[0];
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) throws IllegalArgumentException {
        return socket instanceof CitrixSSLSocket;
    }
}
