package com.huawei.intelligent.persist.cloud.http;

import android.content.Context;
import android.os.Build;
import com.huawei.intelligent.c.e.a;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public class HiboardSSLSocketFactory extends SSLSocketFactory {
    private static final String KEY_TYPE = "bks";
    private static final String TAG = "HiboardSSLSocketFactory";
    private static final String TRUST_FILE = "hiboard.keystore";
    private static final String TRUST_MANAGER_TYPE = "X509";
    private SSLContext sslContext;

    /* loaded from: classes2.dex */
    private static final class MyX509TrustManager implements X509TrustManager {
        private static ArrayList<X509TrustManager> m509TrustManager = new ArrayList<>();

        MyX509TrustManager(Context context) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(HiboardSSLSocketFactory.TRUST_MANAGER_TYPE);
                trustManagerFactory.init((KeyStore) null);
                addTrustManager(trustManagerFactory.getTrustManagers());
                if (m509TrustManager.isEmpty()) {
                    throw new CertificateException("Couldn't find a X509TrustManager!");
                }
            } catch (KeyStoreException e) {
                a.e(HiboardSSLSocketFactory.TAG, "MyX509TrustManager KeyStoreException");
            } catch (NoSuchAlgorithmException e2) {
                a.e(HiboardSSLSocketFactory.TAG, "MyX509TrustManager NoSuchAlgorithmException");
            } catch (CertificateException e3) {
                a.e(HiboardSSLSocketFactory.TAG, "MyX509TrustManager CertificateException");
            }
        }

        private void addTrustManager(TrustManager[] trustManagerArr) {
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= trustManagerArr.length) {
                    return;
                }
                if (trustManagerArr[i2] instanceof X509TrustManager) {
                    m509TrustManager.add((X509TrustManager) trustManagerArr[i2]);
                }
                i = i2 + 1;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                m509TrustManager.get(0).checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                a.e(HiboardSSLSocketFactory.TAG, "checkClientTrusted CertificateException");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            a.b(HiboardSSLSocketFactory.TAG, "checkServerTrusted");
            m509TrustManager.get(0).checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ArrayList arrayList = new ArrayList();
            int size = m509TrustManager.size();
            for (int i = 0; i < size; i++) {
                arrayList.addAll(Arrays.asList(m509TrustManager.get(i).getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
    }

    public HiboardSSLSocketFactory(KeyStore keyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super(keyStore);
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(null, new TrustManager[]{new MyX509TrustManager(com.huawei.intelligent.a.a.a())}, new SecureRandom());
    }

    private static void setEnableSafeCipherSuites(SSLSocket sSLSocket) {
        String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
        ArrayList arrayList = new ArrayList();
        for (String str : enabledCipherSuites) {
            String upperCase = str.toUpperCase(Locale.ENGLISH);
            if (!upperCase.contains("NULL") && !upperCase.contains("LOW") && !upperCase.contains("MD5") && !upperCase.contains("EXP") && !upperCase.contains("SRP") && !upperCase.contains("DSS") && !upperCase.contains("PSK") && !upperCase.contains("RC4") && !upperCase.contains("DES")) {
                arrayList.add(str);
            }
        }
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    private void setEnabledProtocols(SSLSocket sSLSocket) {
        if (sSLSocket == null || Build.VERSION.SDK_INT < 16) {
            return;
        }
        sSLSocket.setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        Socket createSocket = this.sslContext.getSocketFactory().createSocket();
        if (createSocket == null || !(createSocket instanceof SSLSocket)) {
            return null;
        }
        setEnabledProtocols((SSLSocket) createSocket);
        setEnableSafeCipherSuites((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        Socket createSocket = this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        if (createSocket == null || !(createSocket instanceof SSLSocket)) {
            return null;
        }
        setEnabledProtocols((SSLSocket) createSocket);
        setEnableSafeCipherSuites((SSLSocket) createSocket);
        return createSocket;
    }
}
