package com.iiordanov.bVNC;

import android.os.Message;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class X509Tunnel extends TLSTunnelBase {
    private static final String TAG = "X509Tunnel";
    RemoteCanvas canvas;
    Certificate cert;

    public X509Tunnel(Socket socket, String str, RemoteCanvas remoteCanvas) throws CertificateException {
        super(socket);
        Log.i(TAG, "X509Tunnel began.");
        this.canvas = remoteCanvas;
        if (!TextUtils.isEmpty(str)) {
            this.cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 0)));
        }
        Log.i(TAG, "X509Tunnel ended.");
    }

    @Override // com.iiordanov.bVNC.TLSTunnelBase
    protected void initContext(SSLContext sSLContext) throws GeneralSecurityException {
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.iiordanov.bVNC.X509Tunnel.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("no clients");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                boolean z;
                if (x509CertificateArr == null || x509CertificateArr.length < 1) {
                    throw new CertificateException("no certs");
                }
                if (x509CertificateArr == null || x509CertificateArr.length > 1) {
                    throw new CertificateException("cert path too long");
                }
                if (X509Tunnel.this.cert == null) {
                    Message message = new Message();
                    message.setTarget(X509Tunnel.this.canvas.handler);
                    message.what = 1;
                    message.obj = x509CertificateArr[0];
                    X509Tunnel.this.canvas.handler.sendMessage(message);
                    synchronized (X509Tunnel.this.canvas) {
                        while (!X509Tunnel.this.canvas.isCertificateAccepted()) {
                            try {
                                X509Tunnel.this.canvas.wait();
                            } catch (InterruptedException e) {
                                e.printStackTrace();
                            }
                        }
                    }
                    z = true;
                } else {
                    z = false;
                }
                if (z) {
                    return;
                }
                try {
                    x509CertificateArr[0].verify(X509Tunnel.this.cert.getPublicKey());
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
                if (!X509Tunnel.this.cert.equals(x509CertificateArr[0])) {
                    throw new CertificateException("certificate does not match");
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, null);
    }

    @Override // com.iiordanov.bVNC.TLSTunnelBase
    protected void setParam(SSLSocket sSLSocket) {
        ArrayList arrayList = new ArrayList();
        String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
        for (int i = 0; i < supportedCipherSuites.length; i++) {
            if (!supportedCipherSuites[i].matches(".*DH_anon.*")) {
                arrayList.add(supportedCipherSuites[i]);
                Log.i(TAG, "Adding cipher: " + supportedCipherSuites[i]);
            }
        }
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
    }
}
