package info.guardianproject.netcipher.client;

import android.content.Context;
import ch.boye.httpclientandroidlib.HttpHost;
import ch.boye.httpclientandroidlib.conn.ClientConnectionOperator;
import ch.boye.httpclientandroidlib.conn.params.ConnRoutePNames;
import ch.boye.httpclientandroidlib.conn.scheme.PlainSocketFactory;
import ch.boye.httpclientandroidlib.conn.scheme.Scheme;
import ch.boye.httpclientandroidlib.conn.scheme.SchemeRegistry;
import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
import ch.boye.httpclientandroidlib.impl.conn.tsccm.ThreadSafeClientConnManager;
import info.guardianproject.onionkit.R;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes.dex */
public class StrongHttpsClient extends DefaultHttpClient {
    private static final String TRUSTSTORE_PASSWORD = "changeit";
    private static final String TRUSTSTORE_TYPE = "BKS";
    public static final String TYPE_HTTP = "http";
    public static final String TYPE_SOCKS = "socks";
    final Context context;
    private SchemeRegistry mRegistry = new SchemeRegistry();
    private HttpHost proxyHost;
    private String proxyType;
    private SocksAwareProxyRoutePlanner routePlanner;
    private StrongSSLSocketFactory sFactory;

    public StrongHttpsClient(Context context) {
        this.context = context;
        this.mRegistry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
        try {
            KeyStore loadKeyStore = loadKeyStore();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadKeyStore);
            this.sFactory = new StrongSSLSocketFactory(context, trustManagerFactory.getTrustManagers(), loadKeyStore, "changeit");
            this.mRegistry.register(new Scheme("https", 443, this.sFactory));
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }

    public StrongHttpsClient(Context context, KeyStore keyStore) {
        this.context = context;
        this.mRegistry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
        try {
            this.sFactory = new StrongSSLSocketFactory(context, TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).getTrustManagers(), keyStore, "changeit");
            this.mRegistry.register(new Scheme("https", 443, this.sFactory));
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }

    private KeyStore loadKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(TRUSTSTORE_TYPE);
        keyStore.load(this.context.getResources().openRawResource(R.raw.debiancacerts), "changeit".toCharArray());
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient
    public ThreadSafeClientConnManager createClientConnectionManager() {
        return new ThreadSafeClientConnManager(getParams(), this.mRegistry) { // from class: info.guardianproject.netcipher.client.StrongHttpsClient.1
            @Override // ch.boye.httpclientandroidlib.impl.conn.tsccm.ThreadSafeClientConnManager
            protected ClientConnectionOperator createConnectionOperator(SchemeRegistry schemeRegistry) {
                return new SocksAwareClientConnOperator(schemeRegistry, StrongHttpsClient.this.proxyHost, StrongHttpsClient.this.proxyType, StrongHttpsClient.this.routePlanner);
            }
        };
    }

    public void disableProxy() {
        getParams().removeParameter(ConnRoutePNames.DEFAULT_PROXY);
        this.proxyHost = null;
    }

    public void enableSSLCompatibilityMode() {
        this.sFactory.setEnableStongerDefaultProtocalVersion(false);
        this.sFactory.setEnableStongerDefaultSSLCipherSuite(false);
    }

    public void useProxy(boolean z, String str, String str2, int i) {
        if (!z) {
            getParams().removeParameter(ConnRoutePNames.DEFAULT_PROXY);
            this.proxyHost = null;
            return;
        }
        this.proxyType = str;
        if (str.equalsIgnoreCase("socks")) {
            this.proxyHost = new HttpHost(str2, i);
        } else {
            this.proxyHost = new HttpHost(str2, i, str);
            getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, this.proxyHost);
        }
    }

    public void useProxyRoutePlanner(SocksAwareProxyRoutePlanner socksAwareProxyRoutePlanner) {
        this.routePlanner = socksAwareProxyRoutePlanner;
        setRoutePlanner(socksAwareProxyRoutePlanner);
    }
}
