package com.boxer.emailcommon.utility;

import android.content.BroadcastReceiver;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.database.Cursor;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import android.util.Pair;
import com.boxer.common.logging.LogTag;
import com.boxer.common.logging.LogUtils;
import com.boxer.contacts.provider.ContactAggregator;
import com.boxer.email.smime.storage.CertificateUtility;
import com.boxer.emailcommon.provider.Account;
import com.boxer.emailcommon.provider.EmailContent;
import com.boxer.emailcommon.provider.HostAuth;
import com.boxer.injection.ObjectGraphController;
import com.boxer.model.api.AccountSettingsConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

/* loaded from: classes2.dex */
public class SSLUtils {
    private static final boolean a = true;
    private static final String b = LogTag.a() + "/EmailUtils";
    private static final int c = 30000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class CompatSSLSocketFactory extends javax.net.ssl.SSLSocketFactory {
        private static final String[] a = {"SSL_RSA_WITH_3DES_EDE_CBC_SHA"};
        private static final String[] b = {"SSLv3", "TLSv1"};
        private static final Map<Pair<String, Integer>, Boolean> f = new Hashtable();
        private final SSLContext c = SSLContext.getInstance("TLS");
        private final javax.net.ssl.SSLSocketFactory d;
        private final boolean e;

        CompatSSLSocketFactory(KeyManager keyManager, TrustManager trustManager, boolean z) throws KeyManagementException, NoSuchAlgorithmException {
            this.c.init(keyManager != null ? new KeyManager[]{keyManager} : null, trustManager != null ? new TrustManager[]{trustManager} : null, null);
            this.d = this.c.getSocketFactory();
            this.e = z;
        }

        private void a(Socket socket, String str) throws IOException {
            if (!(socket instanceof SSLSocket)) {
                throw new IllegalArgumentException("Attempt to verify non-SSL socket");
            }
            SSLSocket sSLSocket = (SSLSocket) socket;
            int soTimeout = sSLSocket.getSoTimeout();
            sSLSocket.setSoTimeout(SSLUtils.c);
            sSLSocket.startHandshake();
            sSLSocket.setSoTimeout(soTimeout);
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                throw new SSLException("Cannot verify SSL socket without session");
            }
            LogUtils.a(SSLUtils.b, "SSL socket using protocol: %s", session.getProtocol());
            if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(str, session)) {
                throw new SSLPeerUnverifiedException("Cannot verify hostname: " + str);
            }
        }

        private void a(@NonNull SSLSocket sSLSocket, @NonNull String str, int i) throws IOException {
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
            sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
            if (this.e) {
                if (a(str, i)) {
                    sSLSocket.setEnabledProtocols(b);
                }
                a(sSLSocket, str);
            }
        }

        private boolean a(String str, int i) throws IOException {
            Pair<String, Integer> create = Pair.create(str, Integer.valueOf(i));
            if (f.containsKey(create)) {
                return f.get(create).booleanValue();
            }
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(str, i);
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
            sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
            try {
                try {
                    a(sSLSocket, str);
                    f.put(create, false);
                    return false;
                } catch (SSLHandshakeException e) {
                    LogUtils.d(SSLUtils.b, e, "A handshake exception occurred connecting to host '%s', trying compatibility mode", str);
                    sSLSocket = (SSLSocket) this.d.createSocket(str, i);
                    sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
                    sSLSocket.setEnabledProtocols(b);
                    try {
                        a(sSLSocket, str);
                        f.put(create, true);
                        sSLSocket.close();
                        return true;
                    } catch (SSLHandshakeException e2) {
                        LogUtils.e(SSLUtils.b, e2, "Could not connect to host '%s' using compatibility mode", new Object[0]);
                        sSLSocket.close();
                    } finally {
                        sSLSocket.close();
                    }
                }
            } catch (Throwable th) {
                sSLSocket = sSLSocket;
                throw th;
            }
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket();
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
            sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(str, i);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(str, i, inetAddress, i2);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(inetAddress, i);
            a(sSLSocket, inetAddress.getHostName(), i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(inetAddress, i, inetAddress2, i2);
            a(sSLSocket, inetAddress.getHostName(), i);
            return sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(socket, str, i, z);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            String[] defaultCipherSuites = this.d.getDefaultCipherSuites();
            String[] strArr = new String[defaultCipherSuites.length + a.length];
            System.arraycopy(defaultCipherSuites, 0, strArr, 0, defaultCipherSuites.length);
            System.arraycopy(a, 0, strArr, defaultCipherSuites.length, a.length);
            return strArr;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.d.getSupportedCipherSuites();
        }
    }

    /* loaded from: classes2.dex */
    public static class KeyChainKeyManager extends StubKeyManager {
        private final String a;
        private final X509Certificate[] b;
        private final PrivateKey c;

        private KeyChainKeyManager(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            super();
            this.a = str;
            this.b = x509CertificateArr;
            this.c = privateKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static KeyChainKeyManager a(Context context, HostAuth hostAuth) throws CertificateException {
            String str = hostAuth.F;
            Account j = Account.j(context, hostAuth.bV_);
            try {
                X509Certificate[] c = KeyChainWrapper.c(context, str, j);
                try {
                    PrivateKey d = KeyChainWrapper.d(context, str, j);
                    if (c == null || d == null) {
                        throw new CertificateException("Can't access certificate from keystore");
                    }
                    LogUtils.b(SSLUtils.b, "Found cert chain: %s and private key: %s for alias: %s", Arrays.toString(c), d.toString(), str);
                    return new KeyChainKeyManager(str, c, d);
                } catch (KeyChainException | InterruptedException e) {
                    a(str, "private key", e);
                    throw new CertificateException(e);
                }
            } catch (KeyChainException | InterruptedException e2) {
                a(str, "certificate chain", e2);
                throw new CertificateException(e2);
            }
        }

        public static void a() {
            KeyChainWrapper.d();
        }

        private static void a(String str, String str2, Exception exc) {
            LogUtils.e(SSLUtils.b, "Unable to retrieve " + str2 + " for [" + str + "] due to " + exc, new Object[0]);
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            LogUtils.c(SSLUtils.b, "Requesting a client cert alias for " + Arrays.toString(strArr), new Object[0]);
            return this.a;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            LogUtils.c(SSLUtils.b, "Requesting a client certificate chain for alias [" + str + "]", new Object[0]);
            return this.b;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            LogUtils.c(SSLUtils.b, "Requesting a client private key for alias [" + str + "]", new Object[0]);
            return this.c;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class KeyChainWrapper {
        private static volatile KeyChainWrapper a;
        private final KeyStore b;

        private KeyChainWrapper(KeyStore keyStore) throws KeyChainException {
            this.b = keyStore;
        }

        @Nullable
        private static KeyChainWrapper a(@Nullable Account account) throws KeyChainException {
            if (account != null) {
                try {
                    if (account.G()) {
                        return b();
                    }
                } catch (KeyStoreException | CertificateException e) {
                    throw new KeyChainException(e);
                }
            }
            return null;
        }

        @NonNull
        private static KeyChainWrapper b() throws KeyChainException, CertificateException, KeyStoreException {
            if (a == null) {
                synchronized (KeyChainWrapper.class) {
                    if (a == null) {
                        a = new KeyChainWrapper(c());
                    }
                }
            }
            return a;
        }

        @NonNull
        private static KeyStore c() throws CertificateException, KeyStoreException {
            return ObjectGraphController.a().k().d().k().c(AccountSettingsConstants.a);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static X509Certificate[] c(@NonNull Context context, @NonNull String str, @Nullable Account account) throws KeyChainException, InterruptedException {
            try {
                KeyChainWrapper a2 = a(account);
                if (a2 == null) {
                    return KeyChain.getCertificateChain(context, str);
                }
                Certificate[] certificateChain = a2.b == null ? null : a2.b.getCertificateChain(str);
                if (certificateChain == null) {
                    return null;
                }
                return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length, X509Certificate[].class);
            } catch (KeyStoreException e) {
                throw new KeyChainException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static PrivateKey d(@NonNull Context context, @NonNull String str, @Nullable Account account) throws KeyChainException, InterruptedException {
            try {
                KeyChainWrapper a2 = a(account);
                if (a2 != null) {
                    return (PrivateKey) (a2.b != null ? a2.b.getKey(str, null) : null);
                }
                return KeyChain.getPrivateKey(context, str);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new KeyChainException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void d() {
            synchronized (KeyChainWrapper.class) {
                a = null;
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class ManagedAccountDeletionBroadcastReceiver extends BroadcastReceiver {
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            KeyChainWrapper.d();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class SameCertificateCheckingTrustManager implements X509TrustManager {
        private final HostAuth a;
        private final Context b;
        private PublicKey c;

        SameCertificateCheckingTrustManager(Context context, HostAuth hostAuth) {
            this.b = context;
            this.a = hostAuth;
            Cursor query = context.getContentResolver().query(HostAuth.n, new String[]{EmailContent.HostAuthColumns.k}, ContactAggregator.RawContactIdAndAccountQuery.c, new String[]{Long.toString(hostAuth.bV_)}, null);
            if (query != null) {
                try {
                    if (query.moveToNext()) {
                        this.a.G = query.getBlob(0);
                    }
                } finally {
                    query.close();
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException("We don't check client certificates");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr.length == 0) {
                throw new CertificateException("No certificates?");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (this.a.G == null) {
                byte[] encoded = x509Certificate.getEncoded();
                this.a.G = encoded;
                ContentValues contentValues = new ContentValues();
                contentValues.put(EmailContent.HostAuthColumns.k, encoded);
                this.b.getContentResolver().update(ContentUris.withAppendedId(HostAuth.n, this.a.bV_), contentValues, null, null);
                return;
            }
            if (this.c == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.a.G);
                this.c = CertificateUtility.a(byteArrayInputStream).getPublicKey();
                try {
                    byteArrayInputStream.close();
                } catch (IOException e) {
                }
            }
            if (!this.c.equals(x509Certificate.getPublicKey())) {
                throw new CertificateException("PublicKey has changed since initial connection!");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* loaded from: classes2.dex */
    private static abstract class StubKeyManager extends X509ExtendedKeyManager {
        private StubKeyManager() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket);

        @Override // javax.net.ssl.X509KeyManager
        public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract X509Certificate[] getCertificateChain(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract PrivateKey getPrivateKey(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class TrackingKeyManager extends StubKeyManager {
        private volatile long a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public TrackingKeyManager() {
            super();
            this.a = 0L;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long a() {
            return this.a;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            LogUtils.c(SSLUtils.b, "TrackingKeyManager: requesting a client cert alias for " + socket.getInetAddress().getCanonicalHostName(), new Object[0]);
            this.a = System.currentTimeMillis();
            return null;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            LogUtils.c(SSLUtils.b, "TrackingKeyManager: returning a null cert chain", new Object[0]);
            return null;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            LogUtils.c(SSLUtils.b, "TrackingKeyManager: returning a null private key", new Object[0]);
            return null;
        }
    }

    @VisibleForTesting(a = 3)
    public static String a(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if (a(charAt) || b(charAt) || '-' == charAt || '.' == charAt) {
                sb.append(charAt);
            } else if ('+' == charAt) {
                sb.append("++");
            } else {
                sb.append('+').append((int) charAt);
            }
        }
        return sb.toString();
    }

    public static synchronized javax.net.ssl.SSLSocketFactory a(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        javax.net.ssl.SSLSocketFactory sSLSocketFactory;
        synchronized (SSLUtils.class) {
            try {
                sSLSocketFactory = z ? new CompatSSLSocketFactory(keyManager, new SameCertificateCheckingTrustManager(context, hostAuth), false) : new CompatSSLSocketFactory(keyManager, null, true);
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                LogUtils.e(b, e, "An exception occurred create an SSL socket factory", new Object[0]);
                sSLSocketFactory = (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
            }
        }
        return sSLSocketFactory;
    }

    private static boolean a(char c2) {
        return ('a' <= c2 && c2 <= 'z') || ('A' <= c2 && c2 <= 'Z');
    }

    public static SSLSocketFactory b(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(a(context, hostAuth, keyManager, z));
        if (z) {
            sSLSocketFactory.a(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        }
        return sSLSocketFactory;
    }

    private static boolean b(char c2) {
        return '0' <= c2 && c2 <= '9';
    }
}
