package at.bitfire.cert4android;

import android.os.Build;
import android.util.Log;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;

/* compiled from: CertTlsSocketFactory.kt */
/* loaded from: classes.dex */
public final class CertTlsSocketFactory extends SSLSocketFactory {
    public static final Companion Companion = new Companion(null);
    private static String[] cipherSuites;
    private static String[] protocols;
    private SSLSocketFactory delegate;

    /* compiled from: CertTlsSocketFactory.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        Object[] array;
        if (Build.VERSION.SDK_INT >= 23) {
            String[] strArr = (String[]) null;
            protocols = strArr;
            cipherSuites = strArr;
            Log.d("cert4android", "Using device default TLS protocols/ciphers");
            return;
        }
        Socket createSocket = SSLSocketFactory.getDefault().createSocket();
        if (!(createSocket instanceof SSLSocket)) {
            createSocket = null;
        }
        SSLSocket sSLSocket = (SSLSocket) createSocket;
        if (sSLSocket != null) {
            SSLSocket sSLSocket2 = sSLSocket;
            Throwable th = (Throwable) null;
            try {
                SSLSocket sSLSocket3 = sSLSocket2;
                try {
                    LinkedList linkedList = new LinkedList();
                    String[] supportedProtocols = sSLSocket3.getSupportedProtocols();
                    Intrinsics.checkExpressionValueIsNotNull(supportedProtocols, "socket.supportedProtocols");
                    ArrayList arrayList = new ArrayList();
                    for (String it : supportedProtocols) {
                        Intrinsics.checkExpressionValueIsNotNull(it, "it");
                        if (!StringsKt.contains(it, "SSL", true)) {
                            arrayList.add(it);
                        }
                    }
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        linkedList.add((String) it2.next());
                    }
                    Log.i("cert4android", "Enabling (only) these TLS protocols: " + CollectionsKt.joinToString$default(linkedList, ", ", null, null, 0, null, null, 62, null));
                    array = linkedList.toArray(new String[0]);
                } catch (IOException unused) {
                    Integer.valueOf(Log.e("cert4android", "Couldn't determine default TLS settings"));
                }
                if (array == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
                }
                protocols = (String[]) array;
                String[] availableCiphers = sSLSocket3.getSupportedCipherSuites();
                StringBuilder sb = new StringBuilder();
                sb.append("Available cipher suites: ");
                Intrinsics.checkExpressionValueIsNotNull(availableCiphers, "availableCiphers");
                sb.append(ArraysKt.joinToString$default(availableCiphers, ", ", null, null, 0, null, null, 62, null));
                Log.i("cert4android", sb.toString());
                LinkedList linkedList2 = new LinkedList();
                String[] enabledCipherSuites = sSLSocket3.getEnabledCipherSuites();
                Intrinsics.checkExpressionValueIsNotNull(enabledCipherSuites, "socket.enabledCipherSuites");
                CollectionsKt.addAll(linkedList2, enabledCipherSuites);
                Log.i("cert4android", "Cipher suites enabled by default: " + CollectionsKt.joinToString$default(linkedList2, ", ", null, null, 0, null, null, 62, null));
                CollectionsKt.addAll(linkedList2, new String[]{"TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"});
                CollectionsKt.retainAll(linkedList2, availableCiphers);
                Log.i("cert4android", "Enabling (only) these TLS ciphers: " + CollectionsKt.joinToString$default(linkedList2, ", ", null, null, 0, null, null, 62, null));
                Object[] array2 = linkedList2.toArray(new String[0]);
                if (array2 == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
                }
                cipherSuites = (String[]) array2;
                Unit unit = Unit.INSTANCE;
            } finally {
                CloseableKt.closeFinally(sSLSocket2, th);
            }
        }
    }

    public CertTlsSocketFactory(KeyManager keyManager, X509TrustManager trustManager) {
        Intrinsics.checkParameterIsNotNull(trustManager, "trustManager");
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManager != null ? new KeyManager[]{keyManager} : null, new X509TrustManager[]{trustManager}, null);
            Intrinsics.checkExpressionValueIsNotNull(sslContext, "sslContext");
            SSLSocketFactory socketFactory = sslContext.getSocketFactory();
            Intrinsics.checkExpressionValueIsNotNull(socketFactory, "sslContext.socketFactory");
            this.delegate = socketFactory;
        } catch (GeneralSecurityException unused) {
            throw new IllegalStateException();
        }
    }

    private final void upgradeTLS(SSLSocket sSLSocket) {
        String[] strArr = protocols;
        if (strArr != null) {
            sSLSocket.setEnabledProtocols(strArr);
        }
        String[] strArr2 = cipherSuites;
        if (strArr2 != null) {
            sSLSocket.setEnabledCipherSuites(strArr2);
        }
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String host, int i) {
        Intrinsics.checkParameterIsNotNull(host, "host");
        Socket ssl = this.delegate.createSocket(host, i);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        Intrinsics.checkExpressionValueIsNotNull(ssl, "ssl");
        return ssl;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String host, int i, InetAddress localHost, int i2) {
        Intrinsics.checkParameterIsNotNull(host, "host");
        Intrinsics.checkParameterIsNotNull(localHost, "localHost");
        Socket ssl = this.delegate.createSocket(host, i, localHost, i2);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        Intrinsics.checkExpressionValueIsNotNull(ssl, "ssl");
        return ssl;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress host, int i) {
        Intrinsics.checkParameterIsNotNull(host, "host");
        Socket ssl = this.delegate.createSocket(host, i);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        Intrinsics.checkExpressionValueIsNotNull(ssl, "ssl");
        return ssl;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress address, int i, InetAddress localAddress, int i2) {
        Intrinsics.checkParameterIsNotNull(address, "address");
        Intrinsics.checkParameterIsNotNull(localAddress, "localAddress");
        Socket ssl = this.delegate.createSocket(address, i, localAddress, i2);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        Intrinsics.checkExpressionValueIsNotNull(ssl, "ssl");
        return ssl;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket s, String host, int i, boolean z) {
        Intrinsics.checkParameterIsNotNull(s, "s");
        Intrinsics.checkParameterIsNotNull(host, "host");
        Socket ssl = this.delegate.createSocket(s, host, i, z);
        if (ssl instanceof SSLSocket) {
            upgradeTLS((SSLSocket) ssl);
        }
        Intrinsics.checkExpressionValueIsNotNull(ssl, "ssl");
        return ssl;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        String[] strArr = cipherSuites;
        return strArr != null ? strArr : this.delegate.getDefaultCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        String[] strArr = cipherSuites;
        return strArr != null ? strArr : this.delegate.getSupportedCipherSuites();
    }
}
