package de.geeksfactory.opacclient.networking;

import android.annotation.TargetApi;
import android.os.Build;
import android.util.Log;
import java.io.IOException;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.protocol.HttpContext;

/* loaded from: classes2.dex */
public class TlsSniSocketFactory extends SSLConnectionSocketFactory {
    static final String TAG = "opacclient.tls";
    public boolean allCipherSuites;
    private final X509HostnameVerifier hostnameVerifier;
    private SSLSocketFactory socketfactory;
    protected boolean tls_only;

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TlsSniSocketFactory(javax.net.ssl.SSLContext r3) {
        /*
            r2 = this;
            org.apache.http.conn.ssl.X509HostnameVerifier r0 = org.apache.http.conn.ssl.SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
            r2.<init>(r3, r0)
            r1 = 1
            r2.tls_only = r1
            r1 = 0
            r2.allCipherSuites = r1
            javax.net.ssl.SSLSocketFactory r3 = r3.getSocketFactory()
            r2.socketfactory = r3
            r2.hostnameVerifier = r0
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: de.geeksfactory.opacclient.networking.TlsSniSocketFactory.<init>(javax.net.ssl.SSLContext):void");
    }

    private void verifyHostname(SSLSocket sSLSocket, String str) throws IOException {
        try {
            if (str.matches("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$")) {
                return;
            }
            if (Log.isLoggable(TAG, 3)) {
                try {
                    SSLSession session = sSLSocket.getSession();
                    Log.d(TAG, "Secure session established");
                    Log.d(TAG, " negotiated protocol: " + session.getProtocol());
                    Log.d(TAG, " negotiated cipher suite: " + session.getCipherSuite());
                    X509Certificate x509Certificate = (X509Certificate) session.getPeerCertificates()[0];
                    Log.d(TAG, " peer principal: " + x509Certificate.getSubjectX500Principal().toString());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add((String) list.get(1));
                            }
                        }
                        Log.d(TAG, " peer alternative names: " + arrayList);
                    }
                    Log.d(TAG, " issuer principal: " + x509Certificate.getIssuerX500Principal().toString());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add((String) list2.get(1));
                            }
                        }
                        Log.d(TAG, " issuer alternative names: " + arrayList2);
                    }
                } catch (Exception unused) {
                }
            }
            this.hostnameVerifier.verify(str, sSLSocket);
        } catch (IOException e2) {
            try {
                sSLSocket.close();
            } catch (Exception unused2) {
            }
            throw e2;
        }
    }

    @Override // org.apache.http.conn.ssl.SSLConnectionSocketFactory, org.apache.http.conn.socket.LayeredConnectionSocketFactory
    @TargetApi(17)
    public Socket createLayeredSocket(Socket socket, String str, int i, HttpContext httpContext) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.socketfactory.createSocket(socket, str, i, true);
        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
        ArrayList arrayList = new ArrayList(supportedProtocols.length);
        for (String str2 : supportedProtocols) {
            if (!str2.startsWith(SSLConnectionSocketFactory.SSL) || !this.tls_only) {
                arrayList.add(str2);
            }
        }
        if (!arrayList.isEmpty()) {
            sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        if (this.allCipherSuites) {
            sSLSocket.setEnabledCipherSuites(sSLSocket.getSupportedCipherSuites());
        }
        Log.d(TAG, "Enabled protocols: " + Arrays.asList(sSLSocket.getEnabledProtocols()));
        Log.d(TAG, "Enabled cipher suites:" + Arrays.asList(sSLSocket.getEnabledCipherSuites()));
        prepareSocket(sSLSocket);
        if (Build.VERSION.SDK_INT >= 17) {
            Log.d(TAG, "Enabling SNI for " + str);
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Exception e2) {
                Log.d(TAG, "SNI configuration failed", e2);
            }
        } else {
            Log.d(TAG, "No documented SNI support on Android <4.2, trying with reflection");
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Exception e3) {
                Log.w(TAG, "SNI not useable", e3);
            }
        }
        Log.d(TAG, "Starting handshake");
        sSLSocket.startHandshake();
        verifyHostname(sSLSocket, str);
        return sSLSocket;
    }
}
