package com.clover.http;

import android.os.Build;
import android.util.Log;
import com.clover.common2.CommonActivity;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.params.HttpParams;

/* loaded from: classes.dex */
public class CloverSSLSocketFactory extends SSLSocketFactory {
    private static final String WEAK_PROTO_SSLV3 = "SSLv3";
    private static final String STRONG_CIPHER1 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
    private static final String[] STRONG_CIPHERS1 = {STRONG_CIPHER1};
    private static final String STRONG_CIPHER2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
    private static final String[] STRONG_CIPHERS2 = {STRONG_CIPHER2};
    private static final String STRONG_PROTO1 = "TLSv1.2";
    private static final String[] STRONG_PROTOS1 = {STRONG_PROTO1};
    private static final String STRONG_PROTO2 = "TLSv1";
    private static final String[] STRONG_PROTOS2 = {STRONG_PROTO2};

    public CloverSSLSocketFactory(KeyStore keyStore, String str, KeyStore keyStore2) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super("TLS", keyStore, str, keyStore2, null, null);
        setHostnameVerifier(STRICT_HOSTNAME_VERIFIER);
    }

    private void injectHostname(Socket socket, String str) {
        try {
            Field declaredField = InetAddress.class.getDeclaredField("hostName");
            declaredField.setAccessible(true);
            declaredField.set(socket.getInetAddress(), str);
        } catch (Exception e) {
            Log.d(CommonActivity.CLOVER_CONNECTOR, "injectHostname had exception: " + e.toString());
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i, InetAddress inetAddress, int i2, HttpParams httpParams) throws IOException {
        if (socket instanceof SSLSocket) {
            try {
                socket.getClass().getMethod("setHostname", String.class).invoke(socket, str);
                Log.d(CommonActivity.CLOVER_CONNECTOR, "SNI enabled");
            } catch (Exception e) {
                Log.d(CommonActivity.CLOVER_CONNECTOR, "SNI not usable...", e);
            }
        }
        return super.connectSocket(socket, str, i, inetAddress, i2, httpParams);
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        SSLSocket sSLSocket = (SSLSocket) super.createSocket();
        List asList = Arrays.asList(sSLSocket.getSupportedProtocols());
        if ("Clover".equals(Build.MANUFACTURER) && "C100".equals(Build.MODEL) && !asList.contains(WEAK_PROTO_SSLV3)) {
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
        } else if (asList.contains(STRONG_PROTO1)) {
            sSLSocket.setEnabledProtocols(STRONG_PROTOS1);
        } else {
            sSLSocket.setEnabledProtocols(STRONG_PROTOS2);
        }
        if (Arrays.asList(sSLSocket.getSupportedCipherSuites()).contains(STRONG_CIPHER1)) {
            sSLSocket.setEnabledCipherSuites(STRONG_CIPHERS1);
        } else {
            sSLSocket.setEnabledCipherSuites(STRONG_CIPHERS2);
        }
        return sSLSocket;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        if (Build.VERSION.SDK_INT < 24) {
            injectHostname(socket, str);
        }
        return socket;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) {
        if (!super.isSecure(socket)) {
            return false;
        }
        SSLSession session = ((SSLSocket) socket).getSession();
        if (session.getCipherSuite().contains("ECDHE_RSA_WITH_AES_256") && session.getProtocol().contains(STRONG_PROTO2)) {
            return true;
        }
        Log.e(CommonActivity.CLOVER_CONNECTOR, "Cipher or protocol not strong enough: " + session.getCipherSuite() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + session.getProtocol());
        return false;
    }
}
