package com.rbuild.mushroom.injector.phcyber.ssl;

import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import app.openconnect.SocketProtect;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class TcpSSLThread extends Thread {
    public static Socket sc;
    public static ServerSocket ss;
    public static SSLSocket st;
    private X509Certificate caCert;
    String caFile;
    TcpRelay inRelay;
    String keyFile;
    String keyPass;
    int listenPort;
    TcpRelay outRelay;
    private String sni;
    private SSLSocketFactory sslSocketFactory;
    String tunnelHost;
    String tunnelName;
    int tunnelPort;
    int sessionid = 0;
    private String[] TLS13_CIPHER_SUITES = {"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_CCM_SHA256", "TLS_AES_256_CCM_8_SHA256"};
    TrustManager[] trustCaCert = {new X509TrustManager() { // from class: com.rbuild.mushroom.injector.phcyber.ssl.TcpSSLThread.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (TcpSSLThread.this.caFile == null || TcpSSLThread.this.caFile.isEmpty()) {
                return;
            }
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException("null or zero-length certificate chain");
            }
            if (str == null || str.length() == 0) {
                throw new IllegalArgumentException("null or zero-length authentication type");
            }
            if (TcpSSLThread.this.caCert == null) {
                throw new CertificateException("Invalid CA cert");
            }
            if (!x509CertificateArr[0].equals(TcpSSLThread.this.caCert)) {
                try {
                    x509CertificateArr[0].verify(TcpSSLThread.this.caCert.getPublicKey());
                } catch (Exception e) {
                    throw new CertificateException("Certificate not trusted", e);
                }
            }
            try {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    x509Certificate.checkValidity();
                }
            } catch (Exception e2) {
                throw new CertificateException("Certificate not trusted. It has expired", e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};

    public TcpSSLThread(String str, int i, String str2, int i2, String str3, String str4, String str5, String str6) {
        FileInputStream fileInputStream;
        Throwable th;
        this.tunnelName = str;
        this.listenPort = i;
        this.tunnelHost = str2;
        this.tunnelPort = i2;
        this.sni = str3;
        this.keyFile = str4;
        this.keyPass = str5;
        this.caFile = str6;
        if (str6 == null || str6.isEmpty()) {
            return;
        }
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(this.caFile);
                try {
                    this.caCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                    fileInputStream.close();
                } catch (Exception unused) {
                    fileInputStream2 = fileInputStream;
                    if (fileInputStream2 != null) {
                        fileInputStream2.close();
                    }
                } catch (Throwable th2) {
                    th = th2;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused2) {
                        }
                    }
                    throw th;
                }
            } catch (IOException unused3) {
            }
        } catch (Exception unused4) {
        } catch (Throwable th3) {
            fileInputStream = null;
            th = th3;
        }
    }

    private void setSNIHost(SSLSocketFactory sSLSocketFactory, SSLSocket sSLSocket, String str) {
        if ((sSLSocketFactory instanceof SSLCertificateSocketFactory) && Build.VERSION.SDK_INT >= 17) {
            ((SSLCertificateSocketFactory) sSLSocketFactory).setHostname(sSLSocket, str);
        } else {
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Throwable unused) {
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0037 A[Catch: FileNotFoundException | IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException -> 0x004b, TryCatch #0 {FileNotFoundException | IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException -> 0x004b, blocks: (B:14:0x0007, B:16:0x000d, B:6:0x002e, B:9:0x003b, B:12:0x0037), top: B:13:0x0007 }] */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0036  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final javax.net.ssl.SSLSocketFactory getSocketFactory(java.lang.String r4, java.lang.String r5, int r6) {
        /*
            r3 = this;
            javax.net.ssl.SSLSocketFactory r6 = r3.sslSocketFactory
            if (r6 != 0) goto L4b
            r6 = 0
            if (r4 == 0) goto L2d
            boolean r0 = r4.isEmpty()     // Catch: java.lang.Throwable -> L4b
            if (r0 != 0) goto L2d
            java.lang.String r0 = "X509"
            javax.net.ssl.KeyManagerFactory r0 = javax.net.ssl.KeyManagerFactory.getInstance(r0)     // Catch: java.lang.Throwable -> L4b
            java.lang.String r1 = "PKCS12"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r1)     // Catch: java.lang.Throwable -> L4b
            java.io.FileInputStream r2 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L4b
            r2.<init>(r4)     // Catch: java.lang.Throwable -> L4b
            char[] r4 = r5.toCharArray()     // Catch: java.lang.Throwable -> L4b
            r1.load(r2, r4)     // Catch: java.lang.Throwable -> L4b
            char[] r4 = r5.toCharArray()     // Catch: java.lang.Throwable -> L4b
            r0.init(r1, r4)     // Catch: java.lang.Throwable -> L4b
            goto L2e
        L2d:
            r0 = r6
        L2e:
            java.lang.String r4 = "TLS"
            javax.net.ssl.SSLContext r4 = javax.net.ssl.SSLContext.getInstance(r4)     // Catch: java.lang.Throwable -> L4b
            if (r0 != 0) goto L37
            goto L3b
        L37:
            javax.net.ssl.KeyManager[] r6 = r0.getKeyManagers()     // Catch: java.lang.Throwable -> L4b
        L3b:
            javax.net.ssl.TrustManager[] r5 = r3.trustCaCert     // Catch: java.lang.Throwable -> L4b
            java.security.SecureRandom r0 = new java.security.SecureRandom     // Catch: java.lang.Throwable -> L4b
            r0.<init>()     // Catch: java.lang.Throwable -> L4b
            r4.init(r6, r5, r0)     // Catch: java.lang.Throwable -> L4b
            javax.net.ssl.SSLSocketFactory r4 = r4.getSocketFactory()     // Catch: java.lang.Throwable -> L4b
            r3.sslSocketFactory = r4     // Catch: java.lang.Throwable -> L4b
        L4b:
            javax.net.ssl.SSLSocketFactory r4 = r3.sslSocketFactory
            return r4
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rbuild.mushroom.injector.phcyber.ssl.TcpSSLThread.getSocketFactory(java.lang.String, java.lang.String, int):javax.net.ssl.SSLSocketFactory");
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        try {
            ss = new ServerSocket(this.listenPort, 50, Inet4Address.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 1}));
            while (!isInterrupted()) {
                try {
                    try {
                        Socket accept = ss.accept();
                        sc = accept;
                        SocketProtect.isProtected(accept);
                        this.sessionid++;
                    } catch (SocketException unused) {
                    }
                    try {
                        SSLSocketFactory socketFactory = getSocketFactory(this.keyFile, this.keyPass, this.sessionid);
                        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(this.tunnelHost, this.tunnelPort);
                        st = sSLSocket;
                        setSNIHost(socketFactory, sSLSocket, this.sni.replace("core.mushroom.test", "viber.com"));
                        st.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: com.rbuild.mushroom.injector.phcyber.ssl.TcpSSLThread.2
                            @Override // javax.net.ssl.HandshakeCompletedListener
                            public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                                handshakeCompletedEvent.getCipherSuite();
                                handshakeCompletedEvent.getSession().getProtocol();
                                String peerHost = handshakeCompletedEvent.getSession().getPeerHost();
                                handshakeCompletedEvent.getSession().getPeerPort();
                                if (peerHost != null) {
                                    try {
                                        handshakeCompletedEvent.getPeerPrincipal().toString();
                                    } catch (SSLPeerUnverifiedException unused2) {
                                    }
                                }
                            }
                        });
                        st.setKeepAlive(true);
                        st.startHandshake();
                        SocketProtect.isProtected(st);
                    } catch (Exception unused2) {
                        Socket socket = sc;
                        if (socket != null) {
                            socket.close();
                            return;
                        }
                        return;
                    }
                } catch (IOException unused3) {
                    continue;
                }
                if (sc != null && st != null) {
                    TcpRelay tcpRelay = new TcpRelay(this, sc.getInputStream(), st.getOutputStream(), "client", this.sessionid);
                    TcpRelay tcpRelay2 = new TcpRelay(this, st.getInputStream(), sc.getOutputStream(), "server", this.sessionid);
                    tcpRelay.start();
                    tcpRelay2.start();
                }
                return;
            }
            ss.close();
        } catch (IOException | Exception unused4) {
        }
    }
}
