package com.samsung.android.email.common.mail.ssl;

import com.samsung.android.email.sync.exchange.common.cba.SSLCBAClient;
import com.samsung.android.emailcommon.basic.log.EmailLog;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

/* loaded from: classes2.dex */
public class SSLSocketFactoryWrapper extends SSLSocketFactory {
    private static final int ALT_DNS_NAME = 2;
    private static final int ALT_IPA_NAME = 7;
    static final String TAG = "SSLSocketFactoryWrapper";
    private final String[] mDefaultCipherSuites;
    private final SSLSocketFactory mFactory;
    private final int mHandshakeTimeout;
    private final boolean mSecure;

    SSLSocketFactoryWrapper(SSLSocketFactory sSLSocketFactory, boolean z, int i) {
        this.mFactory = sSLSocketFactory;
        this.mSecure = z;
        this.mHandshakeTimeout = i;
        ArrayList arrayList = new ArrayList(Arrays.asList(sSLSocketFactory.getDefaultCipherSuites()));
        HashSet hashSet = new HashSet(arrayList);
        HashSet hashSet2 = new HashSet(Arrays.asList(sSLSocketFactory.getSupportedCipherSuites()));
        for (String str : SSLUtils.getExtendCipherSuiteList()) {
            if (hashSet2.contains(str) && !hashSet.contains(str)) {
                arrayList.add(str);
            }
        }
        String[] strArr = new String[arrayList.size()];
        this.mDefaultCipherSuites = strArr;
        arrayList.toArray(strArr);
    }

    public static List<String> allSubjectAltNames(X509Certificate x509Certificate) {
        List<String> subjectAltNames = getSubjectAltNames(x509Certificate, 7);
        List<String> subjectAltNames2 = getSubjectAltNames(x509Certificate, 2);
        ArrayList arrayList = new ArrayList(subjectAltNames.size() + subjectAltNames2.size());
        arrayList.addAll(subjectAltNames);
        arrayList.addAll(subjectAltNames2);
        return arrayList;
    }

    private void enableCustomCipherSuites(SSLSocket sSLSocket) {
        sSLSocket.setEnabledCipherSuites(this.mDefaultCipherSuites);
    }

    public static SSLSocketFactory getDefault(KeyManager[] keyManagerArr, int i) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSLCBAClient.TLS);
            sSLContext.init(keyManagerArr, null, null);
            return new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), true, i);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            EmailLog.wnf(TAG, "Unable to acquire SSLSocketFactory getDefault ", e);
            return new SSLSocketFactoryWrapper((SSLSocketFactory) SSLSocketFactory.getDefault(), true, i);
        }
    }

    public static SSLSocketFactory getInsecure(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, int i) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSLCBAClient.TLS);
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), false, i);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            EmailLog.wnf(TAG, "Unable to acquire SSLSocketFactory getInsecure ", e);
            return new SSLSocketFactoryWrapper((SSLSocketFactory) SSLSocketFactory.getDefault(), false, i);
        }
    }

    private static List<String> getSubjectAltNames(X509Certificate x509Certificate, int i) {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() >= 2 && (num = (Integer) list.get(0)) != null && num.intValue() == i && (str = (String) list.get(1)) != null) {
                    arrayList.add(str);
                }
            }
            return arrayList;
        } catch (CertificateParsingException unused) {
            return Collections.emptyList();
        }
    }

    public static String hostVerifierLog(String str, SSLSession sSLSession) {
        try {
            X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
            return ("\n    Subject: " + sSLSession.getPeerPrincipal()) + "" + ("\n    subjectAltNames: " + allSubjectAltNames(x509Certificate));
        } catch (Exception unused) {
            return "";
        }
    }

    private void setHandshakeTimeout(SSLSocket sSLSocket, int i) {
        try {
            sSLSocket.getClass().getMethod("setHandshakeTimeout", Integer.TYPE).invoke(sSLSocket, Integer.valueOf(i));
        } catch (Exception e) {
            EmailLog.dnf(TAG, "unable to set handshake timeout", e);
        }
    }

    public static void verifyHostname(Socket socket, String str) throws IOException {
        if (!(socket instanceof SSLSocket)) {
            throw new IllegalArgumentException("Attempt to verify non-SSL socket");
        }
        EmailLog.dnf(TAG, "verifyHostname: " + str);
        SSLSocket sSLSocket = (SSLSocket) socket;
        sSLSocket.startHandshake();
        SSLSession session = sSLSocket.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        EmailLog.dnf(TAG, "using cipherSuite ", session.getCipherSuite());
        if (HttpsURLConnection.getDefaultHostnameVerifier().verify(str, session)) {
            return;
        }
        throw new SSLPeerUnverifiedException("Hostname " + str + " not verified:" + hostVerifierLog(str, session));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        EmailLog.dnf(TAG, "createSocket: ");
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket();
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        EmailLog.dnf(TAG, "createSocket(String host, int port):  host:" + str + " port:" + i);
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(str, i);
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        if (this.mSecure) {
            verifyHostname(sSLSocket, str);
        }
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        EmailLog.dnf(TAG, "createSocket(String host, int port, InetAddress inetAddress, int localPort):  host:" + str + " port:" + i + " inetAddress:" + inetAddress + " localPort:" + i2);
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(str, i, inetAddress, i2);
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        if (this.mSecure) {
            verifyHostname(sSLSocket, str);
        }
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        EmailLog.dnf(TAG, "createSocket(InetAddress inetAddress, int port):  inetAddress:" + inetAddress + " port:" + i);
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(inetAddress, i);
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        EmailLog.dnf(TAG, "createSocket(InetAddress inetAddress, int port, InetAddress inetAddress2, int localPort):  inetAddress:" + inetAddress + " port:" + i + " inetAddress2:" + inetAddress2 + " localPort:" + i2);
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(inetAddress, i, inetAddress2, i2);
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        EmailLog.dnf(TAG, "createSocket(final Socket socket, final String host, final int port, final boolean autoClose):  host:" + str + " port:" + i);
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(socket, str, i, z);
        setHandshakeTimeout(sSLSocket, this.mHandshakeTimeout);
        enableCustomCipherSuites(sSLSocket);
        if (this.mSecure) {
            verifyHostname(sSLSocket, str);
        }
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return (String[]) this.mDefaultCipherSuites.clone();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return this.mFactory.getSupportedCipherSuites();
    }
}
