package com.boxer.emailcommon.utility;

import android.content.BroadcastReceiver;
import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.database.Cursor;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import com.boxer.contacts.provider.d;
import com.boxer.emailcommon.mail.RestrictedCiphersException;
import com.boxer.emailcommon.provider.Account;
import com.boxer.emailcommon.provider.EmailContent;
import com.boxer.emailcommon.provider.HostAuth;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

/* loaded from: classes2.dex */
public class SSLUtils {

    /* renamed from: a, reason: collision with root package name */
    public static final String f6674a = com.boxer.common.logging.p.a() + "/EmailUtils";

    /* renamed from: b, reason: collision with root package name */
    private static final boolean f6675b = true;
    private static final int c = 30000;

    /* loaded from: classes2.dex */
    public static class ManagedAccountDeletionBroadcastReceiver extends BroadcastReceiver {
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            d.d();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: classes2.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        @VisibleForTesting
        static final String[] f6676a = {"SSLv3", "TLSv1"};

        /* renamed from: b, reason: collision with root package name */
        @VisibleForTesting
        static final String[] f6677b = {"TLSv1"};

        a() {
        }

        @NonNull
        String[] a() {
            return b() ? f6677b : f6676a;
        }

        @VisibleForTesting
        boolean b() {
            return com.boxer.common.h.a.f();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: classes2.dex */
    public static final class b extends SSLSocketFactory {

        /* renamed from: a, reason: collision with root package name */
        @VisibleForTesting
        static final String f6678a = "NO_CIPHERS_AVAILABLE";

        /* renamed from: b, reason: collision with root package name */
        @VisibleForTesting
        static final Map<a, Boolean> f6679b = new Hashtable();
        private final SSLContext c;
        private final SSLSocketFactory d;
        private final boolean e;
        private j f;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes2.dex */
        public class a {

            /* renamed from: a, reason: collision with root package name */
            final String f6680a;

            /* renamed from: b, reason: collision with root package name */
            final int f6681b;

            a(@NonNull String str, int i) {
                this.f6680a = str;
                this.f6681b = i;
            }

            public boolean equals(Object obj) {
                if (this == obj) {
                    return true;
                }
                if (obj == null || getClass() != obj.getClass()) {
                    return false;
                }
                a aVar = (a) obj;
                return this.f6681b == aVar.f6681b && Objects.equals(this.f6680a, aVar.f6680a);
            }

            public int hashCode() {
                return Objects.hash(this.f6680a, Integer.valueOf(this.f6681b));
            }
        }

        b(KeyManager keyManager, TrustManager trustManager, boolean z, boolean z2) throws KeyManagementException, NoSuchAlgorithmException {
            this(keyManager, trustManager, z, z2, null);
        }

        b(@Nullable KeyManager keyManager, @Nullable TrustManager trustManager, boolean z, boolean z2, @Nullable Account account) throws KeyManagementException, NoSuchAlgorithmException {
            this.c = SSLContext.getInstance("TLS");
            KeyManager[] keyManagerArr = keyManager != null ? new KeyManager[]{keyManager} : null;
            trustManager = z2 ? com.boxer.e.ad.a().aj() : trustManager;
            this.c.init(keyManagerArr, trustManager != null ? new TrustManager[]{trustManager} : null, null);
            this.d = this.c.getSocketFactory();
            this.e = z;
            this.f = new j(account, this.d);
        }

        private void a(@NonNull SSLSocket sSLSocket, @NonNull String str, int i) throws IOException {
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
            sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
            if (this.e) {
                x xVar = new x();
                if (a(sSLSocket, str, i, xVar)) {
                    sSLSocket.setEnabledProtocols(a());
                }
                a(sSLSocket, str, xVar);
            }
        }

        private boolean a(@NonNull SSLHandshakeException sSLHandshakeException) {
            return sSLHandshakeException.getCause() != null && sSLHandshakeException.getCause().getMessage() != null && sSLHandshakeException.getCause().getMessage().contains(f6678a) && this.f.b();
        }

        @VisibleForTesting
        void a(j jVar) {
            this.f = jVar;
        }

        @VisibleForTesting
        void a(Socket socket, String str, HostnameVerifier hostnameVerifier) throws IOException {
            if (!(socket instanceof SSLSocket)) {
                throw new IllegalArgumentException("Attempt to verify non-SSL socket");
            }
            SSLSocket sSLSocket = (SSLSocket) socket;
            int soTimeout = sSLSocket.getSoTimeout();
            sSLSocket.setSoTimeout(SSLUtils.c);
            try {
                sSLSocket.startHandshake();
                sSLSocket.setSoTimeout(soTimeout);
                SSLSession session = sSLSocket.getSession();
                if (session == null) {
                    throw new SSLException("Cannot verify SSL socket without session");
                }
                com.boxer.common.logging.t.a(SSLUtils.f6674a, "SSL socket using protocol: %s", session.getProtocol());
                if (hostnameVerifier.verify(str, session)) {
                    return;
                }
                SSLUtils.a(session);
                throw new SSLPeerUnverifiedException("Cannot verify hostname: " + str);
            } catch (SSLHandshakeException e) {
                if (!a(e)) {
                    throw e;
                }
                throw new RestrictedCiphersException(e);
            }
        }

        @VisibleForTesting
        boolean a(SSLSocket sSLSocket, String str, int i, @NonNull HostnameVerifier hostnameVerifier) throws IOException {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            a aVar = new a(str, i);
            if (f6679b.containsKey(aVar)) {
                return f6679b.get(aVar).booleanValue();
            }
            try {
                try {
                    a(sSLSocket, str, hostnameVerifier);
                    sSLSocket.setEnabledProtocols(enabledProtocols);
                    f6679b.put(aVar, false);
                    return false;
                } catch (SSLHandshakeException e) {
                    com.boxer.common.logging.t.d(SSLUtils.f6674a, e, "A handshake exception occurred connecting to host '%s', trying compatibility mode", str);
                    sSLSocket.setEnabledProtocols(a());
                    try {
                        a(sSLSocket, str, hostnameVerifier);
                        f6679b.put(aVar, true);
                        sSLSocket.setEnabledProtocols(enabledProtocols);
                        return true;
                    } catch (SSLHandshakeException e2) {
                        com.boxer.common.logging.t.e(SSLUtils.f6674a, e2, "Could not connect to host '%s' using compatibility mode", new Object[0]);
                    }
                }
            } catch (Throwable th) {
                sSLSocket.setEnabledProtocols(enabledProtocols);
                throw th;
            }
        }

        String[] a() {
            return new a().a();
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket();
            sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
            sSLSocket.setEnabledCipherSuites(getDefaultCipherSuites());
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(str, i);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(str, i, inetAddress, i2);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(inetAddress, i);
            a(sSLSocket, inetAddress.getHostName(), i);
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(inetAddress, i, inetAddress2, i2);
            a(sSLSocket, inetAddress.getHostName(), i);
            return sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.d.createSocket(socket, str, i, z);
            a(sSLSocket, str, i);
            return sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.f.a();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.d.getSupportedCipherSuites();
        }
    }

    /* loaded from: classes2.dex */
    public static class c extends f {

        /* renamed from: a, reason: collision with root package name */
        private final String f6682a;

        /* renamed from: b, reason: collision with root package name */
        private final X509Certificate[] f6683b;
        private final PrivateKey c;

        private c(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            super();
            this.f6682a = str;
            this.f6683b = x509CertificateArr;
            this.c = privateKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static c a(Context context, HostAuth hostAuth) throws CertificateException {
            String str = hostAuth.E;
            Account h = Account.h(context, hostAuth.bU_);
            try {
                X509Certificate[] c = d.c(context, str, h);
                try {
                    PrivateKey d = d.d(context, str, h);
                    if (c == null || d == null) {
                        throw new CertificateException("Can't access certificate from keystore");
                    }
                    com.boxer.common.logging.t.b(SSLUtils.f6674a, "Found cert chain: %s and private key: %s for alias: %s", Arrays.toString(c), d.toString(), str);
                    return new c(str, c, d);
                } catch (KeyChainException | InterruptedException e) {
                    a(str, "private key", e);
                    throw new CertificateException(e);
                }
            } catch (KeyChainException | InterruptedException e2) {
                a(str, "certificate chain", e2);
                throw new CertificateException(e2);
            }
        }

        public static void a() {
            d.d();
        }

        private static void a(String str, String str2, Exception exc) {
            com.boxer.common.logging.t.e(SSLUtils.f6674a, "Unable to retrieve %s for [%s] due to %s", str2, str, exc);
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "Requesting a client cert alias for %s", Arrays.toString(strArr));
            return this.f6682a;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "Requesting a client certificate chain for alias [%s]", str);
            return this.f6683b;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "Requesting a client private key for alias [%s]", str);
            return this.c;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class d {

        /* renamed from: a, reason: collision with root package name */
        private static volatile d f6684a;

        /* renamed from: b, reason: collision with root package name */
        private final KeyStore f6685b;

        private d(KeyStore keyStore) throws KeyChainException {
            this.f6685b = keyStore;
        }

        @Nullable
        private static d a(@Nullable Account account) throws KeyChainException {
            if (account == null) {
                return null;
            }
            try {
                if (account.E()) {
                    return b();
                }
                return null;
            } catch (KeyStoreException | CertificateException e) {
                throw new KeyChainException(e);
            }
        }

        @NonNull
        private static d b() throws KeyChainException, CertificateException, KeyStoreException {
            if (f6684a == null) {
                synchronized (d.class) {
                    if (f6684a == null) {
                        f6684a = new d(c());
                    }
                }
            }
            return f6684a;
        }

        @NonNull
        private static KeyStore c() throws CertificateException, KeyStoreException {
            return com.boxer.e.ad.a().k().f().n().d("AccountAuthenticationCertificateId");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static X509Certificate[] c(@NonNull Context context, @NonNull String str, @Nullable Account account) throws KeyChainException, InterruptedException {
            try {
                d a2 = a(account);
                if (a2 == null) {
                    return KeyChain.getCertificateChain(context, str);
                }
                Certificate[] certificateChain = a2.f6685b == null ? null : a2.f6685b.getCertificateChain(str);
                if (certificateChain == null) {
                    return null;
                }
                return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length, X509Certificate[].class);
            } catch (KeyStoreException e) {
                throw new KeyChainException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static PrivateKey d(@NonNull Context context, @NonNull String str, @Nullable Account account) throws KeyChainException, InterruptedException {
            try {
                d a2 = a(account);
                if (a2 == null) {
                    return KeyChain.getPrivateKey(context, str);
                }
                Key key = null;
                if (a2.f6685b != null) {
                    key = a2.f6685b.getKey(str, null);
                }
                return (PrivateKey) key;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new KeyChainException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void d() {
            synchronized (d.class) {
                f6684a = null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class e implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        private final HostAuth f6686a;

        /* renamed from: b, reason: collision with root package name */
        private final Context f6687b;
        private PublicKey c;

        e(Context context, HostAuth hostAuth) {
            this.f6687b = context;
            this.f6686a = hostAuth;
            Cursor query = context.getContentResolver().query(HostAuth.n, new String[]{EmailContent.h.k}, d.v.c, new String[]{Long.toString(hostAuth.bU_)}, null);
            if (query != null) {
                try {
                    if (query.moveToNext()) {
                        this.f6686a.F = query.getBlob(0);
                    }
                } finally {
                    query.close();
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException("We don't check client certificates");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr.length == 0) {
                throw new CertificateException("No certificates?");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (this.f6686a.F == null) {
                byte[] encoded = x509Certificate.getEncoded();
                this.f6686a.F = encoded;
                ContentValues contentValues = new ContentValues();
                contentValues.put(EmailContent.h.k, encoded);
                this.f6687b.getContentResolver().update(ContentUris.withAppendedId(HostAuth.n, this.f6686a.bU_), contentValues, null, null);
                return;
            }
            if (this.c == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.f6686a.F);
                this.c = com.boxer.email.smime.storage.c.a(byteArrayInputStream).getPublicKey();
                try {
                    byteArrayInputStream.close();
                } catch (IOException unused) {
                }
            }
            if (!this.c.equals(x509Certificate.getPublicKey())) {
                throw new CertificateException("PublicKey has changed since initial connection!");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* loaded from: classes2.dex */
    private static abstract class f extends X509ExtendedKeyManager {
        private f() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket);

        @Override // javax.net.ssl.X509KeyManager
        public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract X509Certificate[] getCertificateChain(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract PrivateKey getPrivateKey(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class g extends f {

        /* renamed from: a, reason: collision with root package name */
        private volatile long f6688a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public g() {
            super();
            this.f6688a = 0L;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long a() {
            return this.f6688a;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "TrackingKeyManager: requesting a client cert alias for %s", socket.getInetAddress().getCanonicalHostName());
            this.f6688a = System.currentTimeMillis();
            return null;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "TrackingKeyManager: returning a null cert chain", new Object[0]);
            return null;
        }

        @Override // com.boxer.emailcommon.utility.SSLUtils.f, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            com.boxer.common.logging.t.c(SSLUtils.f6674a, "TrackingKeyManager: returning a null private key", new Object[0]);
            return null;
        }
    }

    public static z a(@NonNull Context context, @NonNull HostAuth hostAuth, @Nullable KeyManager keyManager, boolean z, boolean z2, @Nullable Account account) {
        z zVar = new z(b(context, hostAuth, keyManager, z, z2, account));
        if (z) {
            zVar.a(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        }
        return zVar;
    }

    @VisibleForTesting(otherwise = 3)
    public static String a(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if (a(charAt) || b(charAt) || '-' == charAt || '.' == charAt) {
                sb.append(charAt);
            } else if ('+' == charAt) {
                sb.append("++");
            } else {
                sb.append('+');
                sb.append((int) charAt);
            }
        }
        return sb.toString();
    }

    public static synchronized SSLSocketFactory a(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z, Account account) {
        SSLSocketFactory b2;
        synchronized (SSLUtils.class) {
            b2 = b(context, hostAuth, keyManager, z, false, account);
        }
        return b2;
    }

    public static void a(@NonNull SSLSession sSLSession) {
        try {
            X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
            String a2 = new com.boxer.emailcommon.utility.b(x509Certificate.getSubjectX500Principal()).a("cn");
            if (TextUtils.isEmpty(a2)) {
                com.boxer.common.logging.t.c(f6674a, "No Common name found in the server certificate.", new Object[0]);
            } else {
                com.boxer.common.logging.t.c(f6674a, "Common name used in HostnameVerifier %s", a2);
            }
            List<String> a3 = x.a(x509Certificate, 2);
            if (a3.isEmpty()) {
                com.boxer.common.logging.t.c(f6674a, "No dns names found in the SAN extension of server certificate.", new Object[0]);
            } else {
                com.boxer.common.logging.t.c(f6674a, "Dns names found in SAN extension %s", a3);
            }
            List<String> a4 = x.a(x509Certificate, 7);
            if (a4.isEmpty()) {
                com.boxer.common.logging.t.c(f6674a, "No ip addresses found in the SAN extension of server certificate.", new Object[0]);
            } else {
                com.boxer.common.logging.t.c(f6674a, "IP addresses found in SAN extension %s", a4);
            }
        } catch (SSLPeerUnverifiedException unused) {
        }
    }

    private static boolean a(char c2) {
        return ('a' <= c2 && c2 <= 'z') || ('A' <= c2 && c2 <= 'Z');
    }

    public static z b(@NonNull Context context, @NonNull HostAuth hostAuth, @Nullable KeyManager keyManager, boolean z, @Nullable Account account) {
        return a(context, hostAuth, keyManager, z, false, account);
    }

    private static synchronized SSLSocketFactory b(@NonNull Context context, @NonNull HostAuth hostAuth, @Nullable KeyManager keyManager, boolean z, boolean z2, @Nullable Account account) {
        synchronized (SSLUtils.class) {
            try {
                if (z) {
                    return new b(keyManager, new e(context, hostAuth), false, false, account);
                }
                return new b(keyManager, null, true, z2, account);
            } catch (KeyManagementException | NoSuchAlgorithmException e2) {
                com.boxer.common.logging.t.e(f6674a, e2, "An exception occurred create an SSL socket factory", new Object[0]);
                return (SSLSocketFactory) SSLSocketFactory.getDefault();
            }
        }
    }

    private static boolean b(char c2) {
        return '0' <= c2 && c2 <= '9';
    }
}
