package x;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.util.g;

/* compiled from: SSLConnectionSocketFactory.java */
/* loaded from: classes2.dex */
public class d implements w.b {

    /* renamed from: a, reason: collision with root package name */
    public final o0.b f2536a;

    /* renamed from: b, reason: collision with root package name */
    public final SSLSocketFactory f2537b;

    /* renamed from: c, reason: collision with root package name */
    public final HostnameVerifier f2538c;

    /* renamed from: d, reason: collision with root package name */
    public final String[] f2539d;

    /* renamed from: e, reason: collision with root package name */
    public final String[] f2540e;

    /* renamed from: f, reason: collision with root package name */
    public final f f2541f;

    /* compiled from: SSLConnectionSocketFactory.java */
    /* loaded from: classes2.dex */
    public class a implements PrivilegedExceptionAction<Object> {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ Socket f2542a;

        /* renamed from: b, reason: collision with root package name */
        public final /* synthetic */ InetSocketAddress f2543b;

        /* renamed from: c, reason: collision with root package name */
        public final /* synthetic */ g f2544c;

        public a(d dVar, Socket socket, InetSocketAddress inetSocketAddress, g gVar) {
            this.f2542a = socket;
            this.f2543b = inetSocketAddress;
            this.f2544c = gVar;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() {
            Socket socket = this.f2542a;
            InetSocketAddress inetSocketAddress = this.f2543b;
            g gVar = this.f2544c;
            socket.connect(inetSocketAddress, gVar != null ? g.a(gVar.b()) : 0);
            return null;
        }
    }

    static {
        Collections.unmodifiableList(Arrays.asList(Pattern.compile("^(TLS|SSL)_(NULL|ECDH_anon|DH_anon|DH_anon_EXPORT|DHE_RSA_EXPORT|DHE_DSS_EXPORT|DSS_EXPORT|DH_DSS_EXPORT|DH_RSA_EXPORT|RSA_EXPORT|KRB5_EXPORT)_(.*)", 2), Pattern.compile("^(TLS|SSL)_(.*)_WITH_(NULL|DES_CBC|DES40_CBC|DES_CBC_40|3DES_EDE_CBC|RC4_128|RC4_40|RC2_CBC_40)_(.*)", 2)));
    }

    public d(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier) {
        o0.b a2 = o0.c.a((Class<?>) d.class);
        this.f2536a = a2;
        this.f2537b = (SSLSocketFactory) org.apache.hc.core5.util.a.a(sSLSocketFactory, "SSL socket factory");
        this.f2539d = strArr;
        this.f2540e = strArr2;
        this.f2538c = hostnameVerifier == null ? c.a() : hostnameVerifier;
        this.f2541f = new f(a2);
    }

    @Override // w.b
    public Socket a(Socket socket, String str, int i2, org.apache.hc.core5.http.protocol.c cVar) {
        SSLSocket sSLSocket = (SSLSocket) this.f2537b.createSocket(socket, str, i2, true);
        String[] strArr = this.f2539d;
        if (strArr != null) {
            sSLSocket.setEnabledProtocols(strArr);
        } else {
            sSLSocket.setEnabledProtocols(TLS.a(sSLSocket.getEnabledProtocols()));
        }
        String[] strArr2 = this.f2540e;
        if (strArr2 != null) {
            sSLSocket.setEnabledCipherSuites(strArr2);
        } else {
            sSLSocket.setEnabledCipherSuites(k0.a.a(sSLSocket.getEnabledCipherSuites()));
        }
        if (this.f2536a.c()) {
            o0.b bVar = this.f2536a;
            StringBuilder a2 = a.b.a("Enabled protocols: ");
            a2.append(Arrays.asList(sSLSocket.getEnabledProtocols()));
            bVar.c(a2.toString());
            o0.b bVar2 = this.f2536a;
            StringBuilder a3 = a.b.a("Enabled cipher suites:");
            a3.append(Arrays.asList(sSLSocket.getEnabledCipherSuites()));
            bVar2.c(a3.toString());
        }
        this.f2536a.c("Starting handshake");
        sSLSocket.startHandshake();
        a(sSLSocket, str);
        return sSLSocket;
    }

    @Override // w.a
    public Socket a(org.apache.hc.core5.http.protocol.c cVar) {
        return SocketFactory.getDefault().createSocket();
    }

    @Override // w.a
    public Socket a(g gVar, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, org.apache.hc.core5.http.protocol.c cVar) {
        if (inetSocketAddress2 != null) {
            socket.bind(inetSocketAddress2);
        }
        try {
            if (g.c(gVar) && socket.getSoTimeout() == 0) {
                socket.setSoTimeout(g.a(gVar.b()));
            }
            if (this.f2536a.c()) {
                this.f2536a.c("Connecting socket to " + inetSocketAddress + " with timeout " + gVar);
            }
            try {
                AccessController.doPrivileged(new a(this, socket, inetSocketAddress, gVar));
                if (!(socket instanceof SSLSocket)) {
                    return a(socket, httpHost.f2130a, inetSocketAddress.getPort(), cVar);
                }
                SSLSocket sSLSocket = (SSLSocket) socket;
                this.f2536a.c("Starting handshake");
                sSLSocket.startHandshake();
                a(sSLSocket, httpHost.f2130a);
                return socket;
            } catch (PrivilegedActionException e2) {
                org.apache.hc.core5.util.b.a(e2.getCause() instanceof IOException, "method contract violation only checked exceptions are wrapped: " + e2.getCause());
                throw ((IOException) e2.getCause());
            }
        } catch (IOException e3) {
            l0.a.a(socket);
            throw e3;
        }
    }

    public void a(String str, SSLSession sSLSession) {
        f fVar = this.f2541f;
        HostnameVerifier hostnameVerifier = this.f2538c;
        if (fVar.f2547a.c()) {
            fVar.f2547a.c("Secure session established");
            o0.b bVar = fVar.f2547a;
            StringBuilder a2 = a.b.a(" negotiated protocol: ");
            a2.append(sSLSession.getProtocol());
            bVar.c(a2.toString());
            o0.b bVar2 = fVar.f2547a;
            StringBuilder a3 = a.b.a(" negotiated cipher suite: ");
            a3.append(sSLSession.getCipherSuite());
            bVar2.c(a3.toString());
            try {
                Certificate certificate = sSLSession.getPeerCertificates()[0];
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                    fVar.f2547a.c(" peer principal: " + subjectX500Principal.toString());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add((String) list.get(1));
                            }
                        }
                        fVar.f2547a.c(" peer alternative names: " + arrayList);
                    }
                    X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                    fVar.f2547a.c(" issuer principal: " + issuerX500Principal.toString());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add((String) list2.get(1));
                            }
                        }
                        fVar.f2547a.c(" issuer alternative names: " + arrayList2);
                    }
                }
            } catch (Exception unused) {
            }
        }
        if (hostnameVerifier != null) {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length < 1) {
                throw new SSLPeerUnverifiedException("Peer certificate chain is empty");
            }
            Certificate certificate2 = peerCertificates[0];
            if (!(certificate2 instanceof X509Certificate)) {
                StringBuilder a4 = a.b.a("Unexpected certificate type: ");
                a4.append(certificate2.getType());
                throw new SSLPeerUnverifiedException(a4.toString());
            }
            X509Certificate x509Certificate2 = (X509Certificate) certificate2;
            if (hostnameVerifier instanceof b) {
                ((b) hostnameVerifier).a(str, x509Certificate2);
                return;
            }
            if (hostnameVerifier.verify(str, sSLSession)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + DefaultHostnameVerifier.a(x509Certificate2));
        }
    }

    public final void a(SSLSocket sSLSocket, String str) {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    sSLSocket.startHandshake();
                    session = sSLSocket.getSession();
                }
            }
            if (session == null) {
                throw new SSLHandshakeException("SSL session not available");
            }
            a(str, session);
        } catch (IOException e2) {
            l0.a.a(sSLSocket);
            throw e2;
        }
    }
}
