package o;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;
import org.apache.http.HttpHost;
import org.apache.http.annotation.Contract;
import org.apache.http.annotation.ThreadingBehavior;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

@Contract(threading = ThreadingBehavior.SAFE)
/* loaded from: classes4.dex */
public final class xh2 implements dy0 {

    /* renamed from: ʻ, reason: contains not printable characters */
    public static final List<Pattern> f23277;

    /* renamed from: ˊ, reason: contains not printable characters */
    public final e21 f23278 = o21.m9731(xh2.class);

    /* renamed from: ˋ, reason: contains not printable characters */
    public final SSLSocketFactory f23279;

    /* renamed from: ˎ, reason: contains not printable characters */
    public final HostnameVerifier f23280;

    /* renamed from: ˏ, reason: contains not printable characters */
    public final String[] f23281;

    /* renamed from: ᐝ, reason: contains not printable characters */
    public final String[] f23282;

    static {
        C4852 c4852 = C4852.f25554;
        C5138 c5138 = C5138.f26132;
        ky2 ky2Var = ky2.f17800;
        f23277 = Collections.unmodifiableList(Arrays.asList(Pattern.compile("^(TLS|SSL)_(NULL|ECDH_anon|DH_anon|DH_anon_EXPORT|DHE_RSA_EXPORT|DHE_DSS_EXPORT|DSS_EXPORT|DH_DSS_EXPORT|DH_RSA_EXPORT|RSA_EXPORT|KRB5_EXPORT)_(.*)", 2), Pattern.compile("^(TLS|SSL)_(.*)_WITH_(NULL|DES_CBC|DES40_CBC|DES_CBC_40|3DES_EDE_CBC|RC4_128|RC4_40|RC2_CBC_40)_(.*)", 2)));
    }

    public xh2(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier) {
        C5072.m12776(sSLSocketFactory, "SSL socket factory");
        this.f23279 = sSLSocketFactory;
        this.f23281 = strArr;
        this.f23282 = strArr2;
        this.f23280 = hostnameVerifier;
    }

    @Override // o.u6
    public final Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, nf0 nf0Var) throws IOException {
        C5072.m12776(httpHost, "HTTP host");
        if (inetSocketAddress2 != null) {
            socket.bind(inetSocketAddress2);
        }
        if (i > 0) {
            try {
                if (socket.getSoTimeout() == 0) {
                    socket.setSoTimeout(i);
                }
            } catch (IOException e) {
                try {
                    socket.close();
                } catch (IOException unused) {
                }
                throw e;
            }
        }
        if (this.f23278.isDebugEnabled()) {
            this.f23278.debug("Connecting socket to " + inetSocketAddress + " with timeout " + i);
        }
        socket.connect(inetSocketAddress, i);
        if (!(socket instanceof SSLSocket)) {
            return createLayeredSocket(socket, httpHost.getHostName(), inetSocketAddress.getPort(), nf0Var);
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        this.f23278.debug("Starting handshake");
        sSLSocket.startHandshake();
        m11673(sSLSocket, httpHost.getHostName());
        return socket;
    }

    @Override // o.dy0
    public final Socket createLayeredSocket(Socket socket, String str, int i, nf0 nf0Var) throws IOException {
        boolean z;
        SSLSocket sSLSocket = (SSLSocket) this.f23279.createSocket(socket, str, i, true);
        String[] strArr = this.f23281;
        if (strArr != null) {
            sSLSocket.setEnabledProtocols(strArr);
        } else {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            ArrayList arrayList = new ArrayList(enabledProtocols.length);
            for (String str2 : enabledProtocols) {
                if (!str2.startsWith(zh2.SSL)) {
                    arrayList.add(str2);
                }
            }
            if (!arrayList.isEmpty()) {
                sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
        }
        String[] strArr2 = this.f23282;
        if (strArr2 != null) {
            sSLSocket.setEnabledCipherSuites(strArr2);
        } else {
            String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
            ArrayList arrayList2 = new ArrayList(enabledCipherSuites.length);
            for (String str3 : enabledCipherSuites) {
                Iterator<Pattern> it = f23277.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        z = false;
                        break;
                    }
                    if (it.next().matcher(str3).matches()) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    arrayList2.add(str3);
                }
            }
            if (!arrayList2.isEmpty()) {
                sSLSocket.setEnabledCipherSuites((String[]) arrayList2.toArray(new String[arrayList2.size()]));
            }
        }
        if (this.f23278.isDebugEnabled()) {
            e21 e21Var = this.f23278;
            StringBuilder m6769 = aa1.m6769("Enabled protocols: ");
            m6769.append(Arrays.asList(sSLSocket.getEnabledProtocols()));
            e21Var.debug(m6769.toString());
            e21 e21Var2 = this.f23278;
            StringBuilder m67692 = aa1.m6769("Enabled cipher suites:");
            m67692.append(Arrays.asList(sSLSocket.getEnabledCipherSuites()));
            e21Var2.debug(m67692.toString());
        }
        this.f23278.debug("Starting handshake");
        sSLSocket.startHandshake();
        m11673(sSLSocket, str);
        return sSLSocket;
    }

    @Override // o.u6
    public final Socket createSocket(nf0 nf0Var) throws IOException {
        return SocketFactory.getDefault().createSocket();
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    public final void m11673(SSLSocket sSLSocket, String str) throws IOException {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    sSLSocket.startHandshake();
                    session = sSLSocket.getSession();
                }
            }
            if (session == null) {
                throw new SSLHandshakeException("SSL session not available");
            }
            if (this.f23278.isDebugEnabled()) {
                this.f23278.debug("Secure session established");
                this.f23278.debug(" negotiated protocol: " + session.getProtocol());
                this.f23278.debug(" negotiated cipher suite: " + session.getCipherSuite());
                try {
                    X509Certificate x509Certificate = (X509Certificate) session.getPeerCertificates()[0];
                    X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                    this.f23278.debug(" peer principal: " + subjectX500Principal.toString());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add((String) list.get(1));
                            }
                        }
                        this.f23278.debug(" peer alternative names: " + arrayList);
                    }
                    X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                    this.f23278.debug(" issuer principal: " + issuerX500Principal.toString());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add((String) list2.get(1));
                            }
                        }
                        this.f23278.debug(" issuer alternative names: " + arrayList2);
                    }
                } catch (Exception unused) {
                }
            }
            if (this.f23280.verify(str, session)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + DefaultHostnameVerifier.m13167((X509Certificate) session.getPeerCertificates()[0]));
        } catch (IOException e) {
            try {
                sSLSocket.close();
            } catch (Exception unused2) {
            }
            throw e;
        }
    }
}
