package e.a.a.d.o.l;

import b0.m.c.h;
import com.cloudflare.app.vpnservice.CloudflareVpnService;
import com.cloudflare.app.vpnservice.exceptions.SecurityException;
import com.cloudflare.app.vpnservice.resolvers.overtls.EmptySocketResponseException;
import e.a.a.d.i.j;
import e.a.a.d.o.g;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.security.cert.CertificateException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import kotlin.TypeCastException;

/* compiled from: TlsSocketCallHandler.kt */
/* loaded from: classes.dex */
public final class c extends g<Socket> {

    /* renamed from: e, reason: collision with root package name */
    public final String f442e;
    public final j f;
    public final e.a.a.d.g g;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public c(j jVar, e.a.a.d.g gVar) {
        super(jVar);
        h.f(jVar, "dnsIpProvider");
        h.f(gVar, "vpnServiceMediator");
        this.f = jVar;
        this.g = gVar;
        this.f442e = "tls";
    }

    @Override // e.a.a.d.o.g
    public void a(Socket socket, e.a.a.d.n.a aVar) {
        Socket socket2 = socket;
        h.f(socket2, "socket");
        h.f(aVar, "dnsCallData");
        byte[] bArr = aVar.g;
        h.f(socket2, "$this$makeDnsCall");
        h.f(bArr, "udpPacketData");
        OutputStream outputStream = socket2.getOutputStream();
        h.b(outputStream, "outputStream");
        int length = bArr.length;
        outputStream.write((length >>> 8) & 255);
        outputStream.write((length >>> 0) & 255);
        outputStream.write(bArr);
        outputStream.flush();
    }

    @Override // e.a.a.d.o.g
    public String b() {
        return this.f442e;
    }

    @Override // e.a.a.d.o.g
    public Socket d() {
        InetAddress a = this.f.a();
        Socket createSocket = SSLSocketFactory.getDefault().createSocket();
        if (createSocket == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocket");
        }
        SSLSocket sSLSocket = (SSLSocket) createSocket;
        sSLSocket.bind(new InetSocketAddress(0));
        CloudflareVpnService cloudflareVpnService = this.g.c;
        if (cloudflareVpnService != null) {
            cloudflareVpnService.protect(sSLSocket);
        }
        f0.a.a.d.a("resolver address " + a, new Object[0]);
        sSLSocket.connect(new InetSocketAddress(a, 853), 4800);
        try {
            sSLSocket.startHandshake();
            if (HttpsURLConnection.getDefaultHostnameVerifier().verify("cloudflare-dns.com", sSLSocket.getSession())) {
                return sSLSocket;
            }
            throw new SecurityException("Hostname is unverified", null, 2, null);
        } catch (Exception e2) {
            if ((e2 instanceof SSLHandshakeException) || (e2 instanceof CertificateException)) {
                throw new SecurityException("Untrusted certificate", e2);
            }
            throw e2;
        }
    }

    @Override // e.a.a.d.o.g
    public byte[] e(Socket socket) {
        Socket socket2 = socket;
        h.f(socket2, "socket");
        h.f(socket2, "$this$readDnsMsg");
        byte[] bArr = new byte[2];
        socket2.getInputStream().read(bArr);
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        h.b(wrap, "ByteBuffer.wrap(it)");
        int i = wrap.getShort() & 65535;
        byte[] bArr2 = new byte[i];
        socket2.getInputStream().read(bArr2);
        if (i == 0) {
            throw new EmptySocketResponseException();
        }
        return bArr2;
    }

    @Override // e.a.a.d.o.g
    public boolean f(Throwable th) {
        h.f(th, "throwable");
        return (th instanceof SSLException) || (th instanceof EmptySocketResponseException);
    }
}
