package com.dropbox.core.http;

import androidx.work.Data;
import com.dropbox.core.util.IOUtil;
import com.dropbox.core.util.c;
import com.dropbox.core.util.e;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class SSLConfig {

    /* renamed from: f, reason: collision with root package name */
    private static a f4555f;
    private static final X509TrustManager a = e();
    private static final SSLSocketFactory b = d();

    /* renamed from: c, reason: collision with root package name */
    private static final String[] f4552c = {"TLSv1.2"};

    /* renamed from: d, reason: collision with root package name */
    private static final String[] f4553d = {"TLSv1.1"};

    /* renamed from: e, reason: collision with root package name */
    private static final String[] f4554e = {"TLSv1"};

    /* renamed from: g, reason: collision with root package name */
    private static final HashSet<String> f4556g = new HashSet<>(Arrays.asList("SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA", "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA", "SSL_ECDHE_RSA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA", "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_AES_256_GCM_SHA384", "SSL_RSA_WITH_AES_256_CBC_SHA256", "SSL_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_AES_128_GCM_SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-RC4-SHA", "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "AES256-GCM-SHA384", "AES256-SHA256", "AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA256", "AES128-SHA"));

    /* loaded from: classes2.dex */
    public static final class LoadException extends Exception {
        private static final long serialVersionUID = 0;

        public LoadException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class a {
        private final String[] a;
        private final String[] b;

        public a(String[] strArr, String[] strArr2) {
            this.a = strArr;
            this.b = strArr2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class b extends SSLSocketFactory {
        private final SSLSocketFactory a;

        public b(SSLSocketFactory sSLSocketFactory) {
            this.a = sSLSocketFactory;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i2) throws IOException {
            Socket createSocket = this.a.createSocket(str, i2);
            SSLConfig.j((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i2, InetAddress inetAddress, int i3) throws IOException {
            Socket createSocket = this.a.createSocket(str, i2, inetAddress, i3);
            SSLConfig.j((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i2) throws IOException {
            Socket createSocket = this.a.createSocket(inetAddress, i2);
            SSLConfig.j((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i2, InetAddress inetAddress2, int i3) throws IOException {
            Socket createSocket = this.a.createSocket(inetAddress, i2, inetAddress2, i3);
            SSLConfig.j((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i2, boolean z) throws IOException {
            Socket createSocket = this.a.createSocket(socket, str, i2, z);
            SSLConfig.j((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.a.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.a.getSupportedCipherSuites();
        }
    }

    public static void b(HttpsURLConnection httpsURLConnection) throws SSLException {
        httpsURLConnection.setSSLSocketFactory(b);
    }

    private static SSLContext c(TrustManager[] trustManagerArr) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                sSLContext.init(null, trustManagerArr, null);
                return sSLContext;
            } catch (KeyManagementException e2) {
                throw c.a("Couldn't initialize SSLContext", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw c.a("Couldn't create SSLContext", e3);
        }
    }

    private static SSLSocketFactory d() {
        return new b(c(new TrustManager[]{a}).getSocketFactory());
    }

    private static X509TrustManager e() {
        return f(k("/com/dropbox/core/trusted-certs.raw"));
    }

    private static X509TrustManager f(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            try {
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 1) {
                    throw new AssertionError("More than 1 TrustManager created.");
                }
                if (trustManagers[0] instanceof X509TrustManager) {
                    return (X509TrustManager) trustManagers[0];
                }
                throw new AssertionError("TrustManager not of type X509: " + trustManagers[0].getClass());
            } catch (KeyStoreException e2) {
                throw c.a("Unable to initialize TrustManagerFactory with key store", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw c.a("Unable to create TrustManagerFactory", e3);
        }
    }

    private static List<X509Certificate> g(CertificateFactory certificateFactory, InputStream inputStream) throws IOException, LoadException, CertificateException {
        ArrayList arrayList = new ArrayList();
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        byte[] bArr = new byte[Data.MAX_DATA_BYTES];
        while (true) {
            int readUnsignedShort = dataInputStream.readUnsignedShort();
            if (readUnsignedShort == 0) {
                if (dataInputStream.read() < 0) {
                    return arrayList;
                }
                throw new LoadException("Found data after after zero-length header.", null);
            }
            if (readUnsignedShort > 10240) {
                throw new LoadException("Invalid length for certificate entry: " + readUnsignedShort, null);
            }
            dataInputStream.readFully(bArr, 0, readUnsignedShort);
            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr, 0, readUnsignedShort)));
        }
    }

    private static String[] h(String[] strArr) {
        a aVar = f4555f;
        if (aVar != null && Arrays.equals(aVar.a, strArr)) {
            return aVar.b;
        }
        ArrayList arrayList = new ArrayList(f4556g.size());
        for (String str : strArr) {
            if (f4556g.contains(str)) {
                arrayList.add(str);
            }
        }
        String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
        f4555f = new a(strArr, strArr2);
        return strArr2;
    }

    private static String[] i(String[] strArr) throws SSLException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (String str : strArr) {
            if (str.equals("TLSv1.2")) {
                z = true;
            } else if (str.equals("TLSv1.1")) {
                z2 = true;
            } else if (str.equals("TLSv1")) {
                z3 = true;
            }
        }
        if (z) {
            return f4552c;
        }
        if (z2) {
            return f4553d;
        }
        if (z3) {
            return f4554e;
        }
        throw new SSLException("Socket's available protocols doesn't overlap with our allowed protocols: " + e.i(strArr) + ".");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void j(SSLSocket sSLSocket) throws SSLException {
        sSLSocket.setEnabledProtocols(i(sSLSocket.getEnabledProtocols()));
        sSLSocket.setEnabledCipherSuites(h(sSLSocket.getEnabledCipherSuites()));
    }

    private static KeyStore k(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, new char[0]);
            InputStream resourceAsStream = SSLConfig.class.getResourceAsStream(str);
            try {
                if (resourceAsStream == null) {
                    throw new AssertionError("Couldn't find resource \"" + str + "\"");
                }
                try {
                    try {
                        l(keyStore, resourceAsStream);
                        return keyStore;
                    } catch (KeyStoreException e2) {
                        throw c.a("Error loading from \"" + str + "\"", e2);
                    }
                } catch (LoadException e3) {
                    throw c.a("Error loading from \"" + str + "\"", e3);
                } catch (IOException e4) {
                    throw c.a("Error loading from \"" + str + "\"", e4);
                }
            } finally {
                IOUtil.a(resourceAsStream);
            }
        } catch (IOException e5) {
            throw c.a("Couldn't initialize KeyStore", e5);
        } catch (KeyStoreException e6) {
            throw c.a("Couldn't initialize KeyStore", e6);
        } catch (NoSuchAlgorithmException e7) {
            throw c.a("Couldn't initialize KeyStore", e7);
        } catch (CertificateException e8) {
            throw c.a("Couldn't initialize KeyStore", e8);
        }
    }

    private static void l(KeyStore keyStore, InputStream inputStream) throws IOException, LoadException, KeyStoreException {
        try {
            try {
                for (X509Certificate x509Certificate : g(CertificateFactory.getInstance("X.509"), inputStream)) {
                    try {
                        keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
                    } catch (KeyStoreException e2) {
                        throw new LoadException("Error loading certificate: " + e2.getMessage(), e2);
                    }
                }
            } catch (CertificateException e3) {
                throw new LoadException("Error loading certificate: " + e3.getMessage(), e3);
            }
        } catch (CertificateException e4) {
            throw c.a("Couldn't initialize X.509 CertificateFactory", e4);
        }
    }
}
