package org.apache.commons.ssl;

import java.io.IOException;
import java.io.PrintStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.lang.time.DateUtils;

/* loaded from: classes2.dex */
public class SSL {
    private static final String[] DEFAULT_CIPHERS;
    private static final String[] KNOWN_PROTOCOLS = {"TLSv1", "SSLv3", "SSLv2", "SSLv2Hello"};
    public static final SortedSet KNOWN_PROTOCOLS_SET;
    public static final String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
    public static final String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
    public static final String SSL_RSA_WITH_3DES_EDE_CBC_SHA = "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
    public static final String SSL_RSA_WITH_RC4_128_SHA = "SSL_RSA_WITH_RC4_128_SHA";
    private static final String[] SUPPORTED_CIPHERS;
    public static final SortedSet SUPPORTED_CIPHERS_SET;
    public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
    public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
    public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
    public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
    public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
    public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
    private X509Certificate[] currentClientChain;
    private X509Certificate[] currentServerChain;
    protected final boolean usingSystemProperties;
    private Object sslContext = null;
    private int initCount = 0;
    private SSLSocketFactory socketFactory = null;
    private SSLServerSocketFactory serverSocketFactory = null;
    private HostnameVerifier hostnameVerifier = HostnameVerifier.DEFAULT;
    private boolean checkHostname = true;
    private final ArrayList allowedNames = new ArrayList();
    private boolean checkCRL = true;
    private boolean checkExpiry = true;
    private boolean useClientMode = false;
    private boolean useClientModeDefault = true;
    private int soTimeout = DateUtils.MILLIS_IN_DAY;
    private int connectTimeout = DateUtils.MILLIS_IN_HOUR;
    private TrustChain trustChain = null;
    private KeyMaterial keyMaterial = null;
    private String[] enabledCiphers = null;
    private String[] enabledProtocols = null;
    private String defaultProtocol = "TLS";
    private boolean wantClientAuth = true;
    private boolean needClientAuth = false;
    private SSLWrapperFactory sslWrapperFactory = SSLWrapperFactory.NO_WRAP;

    static {
        TreeSet treeSet = new TreeSet(Collections.reverseOrder());
        treeSet.addAll(Arrays.asList(KNOWN_PROTOCOLS));
        KNOWN_PROTOCOLS_SET = Collections.unmodifiableSortedSet(treeSet);
        SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        TreeSet treeSet2 = new TreeSet();
        SUPPORTED_CIPHERS = sSLSocketFactory.getSupportedCipherSuites();
        DEFAULT_CIPHERS = sSLSocketFactory.getDefaultCipherSuites();
        Arrays.sort(SUPPORTED_CIPHERS);
        Arrays.sort(DEFAULT_CIPHERS);
        treeSet2.addAll(Arrays.asList(SUPPORTED_CIPHERS));
        SUPPORTED_CIPHERS_SET = Collections.unmodifiableSortedSet(treeSet2);
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x007f  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00b7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public SSL() {
        /*
            r8 = this;
            r8.<init>()
            r0 = 0
            r8.sslContext = r0
            r1 = 0
            r8.initCount = r1
            r8.socketFactory = r0
            r8.serverSocketFactory = r0
            org.apache.commons.ssl.HostnameVerifier r2 = org.apache.commons.ssl.HostnameVerifier.DEFAULT
            r8.hostnameVerifier = r2
            r2 = 1
            r8.checkHostname = r2
            java.util.ArrayList r3 = new java.util.ArrayList
            r3.<init>()
            r8.allowedNames = r3
            r8.checkCRL = r2
            r8.checkExpiry = r2
            r8.useClientMode = r1
            r8.useClientModeDefault = r2
            r3 = 86400000(0x5265c00, float:7.82218E-36)
            r8.soTimeout = r3
            r3 = 3600000(0x36ee80, float:5.044674E-39)
            r8.connectTimeout = r3
            r8.trustChain = r0
            r8.keyMaterial = r0
            r8.enabledCiphers = r0
            r8.enabledProtocols = r0
            java.lang.String r0 = "TLS"
            r8.defaultProtocol = r0
            r8.wantClientAuth = r2
            r8.needClientAuth = r1
            org.apache.commons.ssl.SSLWrapperFactory r0 = org.apache.commons.ssl.SSLWrapperFactory.NO_WRAP
            r8.sslWrapperFactory = r0
            java.util.Properties r0 = java.lang.System.getProperties()
            java.lang.String r3 = "javax.net.ssl.keyStore"
            boolean r4 = r0.containsKey(r3)
            java.lang.String r5 = "javax.net.ssl.trustStore"
            boolean r0 = r0.containsKey(r5)
            java.lang.String r6 = ""
            if (r4 == 0) goto L7c
            java.lang.String r3 = java.lang.System.getProperty(r3)
            java.lang.String r4 = "javax.net.ssl.keyStorePassword"
            java.lang.String r4 = java.lang.System.getProperty(r4)
            if (r4 == 0) goto L62
            goto L63
        L62:
            r4 = r6
        L63:
            java.io.File r7 = new java.io.File
            r7.<init>(r3)
            boolean r7 = r7.exists()
            if (r7 == 0) goto L7c
            org.apache.commons.ssl.KeyMaterial r7 = new org.apache.commons.ssl.KeyMaterial
            char[] r4 = r4.toCharArray()
            r7.<init>(r3, r4)
            r8.setKeyMaterial(r7)
            r3 = 1
            goto L7d
        L7c:
            r3 = 0
        L7d:
            if (r0 == 0) goto Lb4
            java.lang.String r0 = java.lang.System.getProperty(r5)
            java.lang.String r4 = "javax.net.ssl.trustStorePassword"
            java.lang.String r4 = java.lang.System.getProperty(r4)
            if (r4 != 0) goto L8d
            r5 = 1
            goto L8e
        L8d:
            r5 = 0
        L8e:
            if (r5 == 0) goto L91
            r4 = r6
        L91:
            java.io.File r6 = new java.io.File
            r6.<init>(r0)
            boolean r6 = r6.exists()
            if (r6 == 0) goto Lb4
            org.apache.commons.ssl.TrustMaterial r1 = new org.apache.commons.ssl.TrustMaterial     // Catch: java.security.GeneralSecurityException -> La6
            char[] r3 = r4.toCharArray()     // Catch: java.security.GeneralSecurityException -> La6
            r1.<init>(r0, r3)     // Catch: java.security.GeneralSecurityException -> La6
            goto Lae
        La6:
            r1 = move-exception
            if (r5 == 0) goto Lb3
            org.apache.commons.ssl.TrustMaterial r1 = new org.apache.commons.ssl.TrustMaterial
            r1.<init>(r0)
        Lae:
            r8.setTrustMaterial(r1)
            r1 = 1
            goto Lb5
        Lb3:
            throw r1
        Lb4:
            r2 = r3
        Lb5:
            if (r1 != 0) goto Lbc
            org.apache.commons.ssl.TrustMaterial r0 = org.apache.commons.ssl.TrustMaterial.DEFAULT
            r8.setTrustMaterial(r0)
        Lbc:
            r8.usingSystemProperties = r2
            r8.useStrongCiphers()
            r8.dirtyAndReloadIfYoung()
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.commons.ssl.SSL.<init>():void");
    }

    private static void addCipher(List list, String str, boolean z) {
        boolean z2;
        if (str == null || !SUPPORTED_CIPHERS_SET.contains(str)) {
            z2 = false;
        } else {
            if (list != null) {
                list.add(str);
            }
            z2 = true;
        }
        if (z) {
            PrintStream printStream = System.out;
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str);
            stringBuffer.append(":\t");
            stringBuffer.append(z2);
            printStream.println(stringBuffer.toString());
        }
    }

    private void dirty() {
        this.sslContext = null;
        this.socketFactory = null;
        this.serverSocketFactory = null;
    }

    private void dirtyAndReloadIfYoung() {
        dirty();
        int i = this.initCount;
        if (i < 0 || i > 5) {
            return;
        }
        init();
    }

    private void init() {
        this.socketFactory = null;
        this.serverSocketFactory = null;
        this.sslContext = JavaImpl.init(this, this.trustChain, this.keyMaterial);
        this.initCount++;
    }

    private void initThrowRuntime() {
        try {
            init();
        } catch (IOException e) {
            throw JavaImpl.newRuntimeException(e);
        } catch (GeneralSecurityException e2) {
            throw JavaImpl.newRuntimeException(e2);
        }
    }

    public static void main(String[] strArr) {
        for (int i = 0; i < SUPPORTED_CIPHERS.length; i++) {
            System.out.println(SUPPORTED_CIPHERS[i]);
        }
        System.out.println();
        System.out.println("----------------------------------------------");
        addCipher(null, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, true);
        addCipher(null, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, true);
        addCipher(null, SSL_RSA_WITH_3DES_EDE_CBC_SHA, true);
        addCipher(null, SSL_RSA_WITH_RC4_128_SHA, true);
        addCipher(null, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, true);
        addCipher(null, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, true);
        addCipher(null, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true);
        addCipher(null, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true);
        addCipher(null, TLS_RSA_WITH_AES_128_CBC_SHA, true);
        addCipher(null, TLS_RSA_WITH_AES_256_CBC_SHA, true);
    }

    public void addAllowedName(String str) {
        this.allowedNames.add(str);
    }

    public void addAllowedNames(Collection collection) {
        this.allowedNames.addAll(collection);
    }

    public void addTrustMaterial(TrustChain trustChain) {
        if (this.trustChain == null || trustChain == TrustMaterial.TRUST_ALL) {
            this.trustChain = trustChain;
        } else {
            this.trustChain.addTrustMaterial(trustChain);
        }
        dirtyAndReloadIfYoung();
    }

    public void clearAllowedNames() {
        this.allowedNames.clear();
    }

    public ServerSocket createServerSocket() {
        return getSSLWrapperFactory().wrap(JavaImpl.createServerSocket(this), this);
    }

    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) getSSLServerSocketFactory().createServerSocket(i, i2, inetAddress);
        doPreConnectServerSocketStuff(sSLServerSocket);
        return getSSLWrapperFactory().wrap(sSLServerSocket, this);
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, int i3) {
        return this.sslWrapperFactory.wrap(JavaImpl.createSocket(this, str, i, inetAddress, i2, i3 == 0 ? getConnectTimeout() : i3));
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        SSLSocket sSLSocket = (SSLSocket) getSSLSocketFactory().createSocket(socket, str, i, z);
        doPreConnectSocketStuff(sSLSocket);
        doPostConnectSocketStuff(sSLSocket, str);
        return this.sslWrapperFactory.wrap(sSLSocket);
    }

    public SSLSocket createSocket() {
        return this.sslWrapperFactory.wrap(JavaImpl.createSocket(this));
    }

    public void doPostConnectSocketStuff(SSLSocket sSLSocket, String str) {
        if (this.checkHostname) {
            String[] strArr = new String[this.allowedNames.size() + 1];
            strArr[0] = str;
            Iterator it = this.allowedNames.iterator();
            int i = 1;
            while (it.hasNext()) {
                strArr[i] = (String) it.next();
                i++;
            }
            this.hostnameVerifier.check(strArr, sSLSocket);
        }
    }

    public void doPreConnectServerSocketStuff(SSLServerSocket sSLServerSocket) {
        int i = this.soTimeout;
        if (i > 0) {
            sSLServerSocket.setSoTimeout(i);
        }
        String[] strArr = this.enabledProtocols;
        if (strArr != null) {
            JavaImpl.setEnabledProtocols(sSLServerSocket, strArr);
        }
        String[] strArr2 = this.enabledCiphers;
        if (strArr2 != null) {
            sSLServerSocket.setEnabledCipherSuites(strArr2);
        }
        boolean z = this.wantClientAuth;
        if (!z) {
            JavaImpl.setWantClientAuth(sSLServerSocket, z);
        }
        boolean z2 = this.needClientAuth;
        if (!z2) {
            sSLServerSocket.setNeedClientAuth(z2);
        }
        boolean z3 = this.wantClientAuth;
        if (z3) {
            JavaImpl.setWantClientAuth(sSLServerSocket, z3);
        }
        boolean z4 = this.needClientAuth;
        if (z4) {
            sSLServerSocket.setNeedClientAuth(z4);
        }
    }

    public void doPreConnectSocketStuff(SSLSocket sSLSocket) {
        if (!this.useClientModeDefault) {
            sSLSocket.setUseClientMode(this.useClientMode);
        }
        int i = this.soTimeout;
        if (i > 0) {
            sSLSocket.setSoTimeout(i);
        }
        String[] strArr = this.enabledProtocols;
        if (strArr != null) {
            JavaImpl.setEnabledProtocols(sSLSocket, strArr);
        }
        String[] strArr2 = this.enabledCiphers;
        if (strArr2 != null) {
            sSLSocket.setEnabledCipherSuites(strArr2);
        }
    }

    public List getAllowedNames() {
        return Collections.unmodifiableList(this.allowedNames);
    }

    public X509Certificate[] getAssociatedCertificateChain() {
        KeyMaterial keyMaterial = this.keyMaterial;
        if (keyMaterial != null) {
            return keyMaterial.getAssociatedCertificateChain();
        }
        return null;
    }

    public boolean getCheckCRL() {
        return this.checkCRL;
    }

    public boolean getCheckExpiry() {
        return this.checkExpiry;
    }

    public boolean getCheckHostname() {
        return this.checkHostname;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public X509Certificate[] getCurrentClientChain() {
        return this.currentClientChain;
    }

    public X509Certificate[] getCurrentServerChain() {
        return this.currentServerChain;
    }

    public String[] getDefaultCipherSuites() {
        return getSSLSocketFactory().getDefaultCipherSuites();
    }

    public String getDefaultProtocol() {
        return this.defaultProtocol;
    }

    public String[] getEnabledCiphers() {
        String[] strArr = this.enabledCiphers;
        return strArr != null ? strArr : getDefaultCipherSuites();
    }

    public String[] getEnabledProtocols() {
        String[] strArr = this.enabledProtocols;
        return strArr != null ? strArr : KNOWN_PROTOCOLS;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public boolean getNeedClientAuth() {
        return this.needClientAuth;
    }

    public SSLContext getSSLContext() {
        Object sSLContextAsObject = getSSLContextAsObject();
        if (!JavaImpl.isJava13()) {
            return (SSLContext) sSLContextAsObject;
        }
        try {
            return (SSLContext) sSLContextAsObject;
        } catch (ClassCastException e) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("When using Java13 SSL, you must call SSL.getSSLContextAsObject() - ");
            stringBuffer.append(e);
            throw new ClassCastException(stringBuffer.toString());
        }
    }

    public Object getSSLContextAsObject() {
        if (this.sslContext == null) {
            init();
        }
        return this.sslContext;
    }

    public SSLServerSocketFactory getSSLServerSocketFactory() {
        if (this.sslContext == null) {
            initThrowRuntime();
        }
        if (this.serverSocketFactory == null) {
            this.serverSocketFactory = JavaImpl.getSSLServerSocketFactory(this.sslContext);
        }
        return this.serverSocketFactory;
    }

    public SSLSocketFactory getSSLSocketFactory() {
        if (this.sslContext == null) {
            initThrowRuntime();
        }
        if (this.socketFactory == null) {
            this.socketFactory = JavaImpl.getSSLSocketFactory(this.sslContext);
        }
        return this.socketFactory;
    }

    public SSLWrapperFactory getSSLWrapperFactory() {
        return this.sslWrapperFactory;
    }

    public int getSoTimeout() {
        return this.soTimeout;
    }

    public String[] getSupportedCipherSuites() {
        String[] strArr = SUPPORTED_CIPHERS;
        String[] strArr2 = new String[strArr.length];
        System.arraycopy(strArr, 0, strArr2, 0, strArr2.length);
        return strArr2;
    }

    public TrustChain getTrustChain() {
        return this.trustChain;
    }

    public boolean getUseClientMode() {
        return this.useClientMode;
    }

    public boolean getUseClientModeDefault() {
        return this.useClientModeDefault;
    }

    public boolean getWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setCheckCRL(boolean z) {
        this.checkCRL = z;
    }

    public void setCheckExpiry(boolean z) {
        this.checkExpiry = z;
    }

    public void setCheckHostname(boolean z) {
        this.checkHostname = z;
    }

    public void setConnectTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("connectTimeout must not be negative");
        }
        this.connectTimeout = i;
    }

    public void setCurrentClientChain(X509Certificate[] x509CertificateArr) {
        this.currentClientChain = x509CertificateArr;
    }

    public void setCurrentServerChain(X509Certificate[] x509CertificateArr) {
        this.currentServerChain = x509CertificateArr;
    }

    public void setDefaultProtocol(String str) {
        this.defaultProtocol = str;
        dirty();
    }

    public void setEnabledCiphers(String[] strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        hashSet.removeAll(SUPPORTED_CIPHERS_SET);
        if (hashSet.isEmpty()) {
            this.enabledCiphers = strArr;
            return;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("following ciphers not supported: ");
        stringBuffer.append(hashSet);
        throw new IllegalArgumentException(stringBuffer.toString());
    }

    public void setEnabledProtocols(String[] strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        hashSet.removeAll(KNOWN_PROTOCOLS_SET);
        if (hashSet.isEmpty()) {
            this.enabledProtocols = strArr;
            return;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("following protocols not supported: ");
        stringBuffer.append(hashSet);
        throw new IllegalArgumentException(stringBuffer.toString());
    }

    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        if (hostnameVerifier == null) {
            hostnameVerifier = HostnameVerifier.DEFAULT;
        }
        this.hostnameVerifier = hostnameVerifier;
    }

    public void setKeyMaterial(KeyMaterial keyMaterial) {
        this.keyMaterial = keyMaterial;
        dirtyAndReloadIfYoung();
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public void setSSLWrapperFactory(SSLWrapperFactory sSLWrapperFactory) {
        this.sslWrapperFactory = sSLWrapperFactory;
    }

    public void setSoTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("soTimeout must not be negative");
        }
        this.soTimeout = i;
    }

    public void setTrustMaterial(TrustChain trustChain) {
        this.trustChain = trustChain;
        dirtyAndReloadIfYoung();
    }

    public void setUseClientMode(boolean z) {
        this.useClientModeDefault = false;
        this.useClientMode = z;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public void useDefaultJavaCiphers() {
        String[] enabledCiphers = getEnabledCiphers();
        Arrays.sort(enabledCiphers);
        Arrays.sort(DEFAULT_CIPHERS);
        if (Arrays.equals(DEFAULT_CIPHERS, enabledCiphers)) {
            return;
        }
        setEnabledCiphers(DEFAULT_CIPHERS);
    }

    public void useStrongCiphers() {
        LinkedList linkedList = new LinkedList();
        addCipher(linkedList, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, false);
        addCipher(linkedList, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, false);
        addCipher(linkedList, SSL_RSA_WITH_3DES_EDE_CBC_SHA, false);
        addCipher(linkedList, SSL_RSA_WITH_RC4_128_SHA, false);
        addCipher(linkedList, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, false);
        addCipher(linkedList, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, false);
        addCipher(linkedList, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, false);
        addCipher(linkedList, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, false);
        addCipher(linkedList, TLS_RSA_WITH_AES_128_CBC_SHA, false);
        addCipher(linkedList, TLS_RSA_WITH_AES_256_CBC_SHA, false);
        String[] strArr = new String[linkedList.size()];
        linkedList.toArray(strArr);
        String[] enabledCiphers = getEnabledCiphers();
        if (enabledCiphers == null) {
            setEnabledCiphers(strArr);
        }
        Arrays.sort(strArr);
        Arrays.sort(enabledCiphers);
        if (Arrays.equals(strArr, enabledCiphers)) {
            return;
        }
        setEnabledCiphers(strArr);
    }
}
