package ru.softlab.mobile.plugins.widget;

import android.content.Context;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: NetworkService.java */
/* loaded from: classes2.dex */
class TLSSocketFactory extends SSLSocketFactory {
    private ArrayList<Certificate> PINNED_CERTS;
    private final SSLCertificateChecker checker;
    private final SSLSocketFactory mSSLSocketFactory;
    private final boolean needCheckSSL;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TLSSocketFactory(Context context) throws GeneralSecurityException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        loadSSLCertsFromKeyStore();
        this.needCheckSSL = context.getResources().getBoolean(ResourcesProvider.getResourceByName(context, "needCheckSSL", "bool"));
        this.checker = SSLCertificateChecker.getInstance(context);
        sSLContext.init(null, getPinnedTrustManagers(), null);
        this.mSSLSocketFactory = sSLContext.getSocketFactory();
    }

    private Socket enableTLS(Socket socket) {
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
        }
        return socket;
    }

    private TrustManager[] getPinnedTrustManagers() throws IOException {
        if (this.PINNED_CERTS == null && this.needCheckSSL) {
            throw new IOException("You must add at least 1 certificate in order to pin to certificates");
        }
        try {
            final X509TrustManager x509TrustManager = getX509TrustManager();
            return new TrustManager[]{new X509TrustManager() { // from class: ru.softlab.mobile.plugins.widget.TLSSocketFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    X509TrustManager x509TrustManager2 = x509TrustManager;
                    if (x509TrustManager2 == null) {
                        return;
                    }
                    x509TrustManager2.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    X509TrustManager x509TrustManager2 = x509TrustManager;
                    if (x509TrustManager2 == null) {
                        return;
                    }
                    try {
                        x509TrustManager2.checkServerTrusted(x509CertificateArr, str);
                    } catch (Exception e) {
                        if (!TLSSocketFactory.this.needCheckSSL || !TLSSocketFactory.this.checker.checkCertificates(x509CertificateArr)) {
                            throw e;
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    X509TrustManager x509TrustManager2 = x509TrustManager;
                    return x509TrustManager2 == null ? new X509Certificate[0] : x509TrustManager2.getAcceptedIssuers();
                }
            }};
        } catch (GeneralSecurityException e) {
            throw new IOException("Security exception configuring SSL trust managers", e);
        }
    }

    private X509TrustManager getX509TrustManager() throws IOException, GeneralSecurityException {
        if (!this.needCheckSSL) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < this.PINNED_CERTS.size(); i++) {
            keyStore.setCertificateEntry("CA" + i, this.PINNED_CERTS.get(i));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private void loadSSLCertsFromKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            addCert(((KeyStore.TrustedCertificateEntry) keyStore.getEntry(aliases.nextElement(), null)).getTrustedCertificate());
        }
    }

    public void addCert(Certificate certificate) {
        if (this.PINNED_CERTS == null) {
            this.PINNED_CERTS = new ArrayList<>();
        }
        this.PINNED_CERTS.add(certificate);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return enableTLS(this.mSSLSocketFactory.createSocket(str, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return enableTLS(this.mSSLSocketFactory.createSocket(str, i, inetAddress, i2));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return enableTLS(this.mSSLSocketFactory.createSocket(inetAddress, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return enableTLS(this.mSSLSocketFactory.createSocket(inetAddress, i, inetAddress2, i2));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return enableTLS(this.mSSLSocketFactory.createSocket(socket, str, i, z));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return this.mSSLSocketFactory.getDefaultCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return this.mSSLSocketFactory.getSupportedCipherSuites();
    }
}
