package com.labgency.tools.requests.handlers;

import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import com.labgency.hss.HSSAgent;
import com.labgency.hss.HSSLog;
import defpackage.f63;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.params.HttpParams;
import tv.molotov.common.refresher.Refresher;

@TargetApi(17)
/* loaded from: classes3.dex */
public class b implements LayeredSocketFactory {
    public final HostnameVerifier a = new a(this);
    public KeyManagerFactory b;
    public TrustManagerFactory c;

    /* loaded from: classes3.dex */
    public class a extends StrictHostnameVerifier {
        public a(b bVar) {
        }
    }

    /* renamed from: com.labgency.tools.requests.handlers.b$b, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public class C0113b implements X509TrustManager {
        public final /* synthetic */ X509TrustManager a;

        public C0113b(X509TrustManager x509TrustManager) {
            this.a = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.a.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null) {
                try {
                    HSSLog.d("TlsSniSocketFactory", "checkServerTrusted, authType: " + str);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        HSSLog.d("TlsSniSocketFactory", "one cert with DN " + x509Certificate.getSubjectDN());
                    }
                } catch (CertificateExpiredException e) {
                    HSSLog.d("TlsSniSocketFactory", "CertificateExpiredException");
                    if (!b.this.b(x509CertificateArr)) {
                        throw e;
                    }
                    return;
                } catch (CertificateNotYetValidException e2) {
                    HSSLog.d("TlsSniSocketFactory", "CertificateNotYetValidException");
                    if (!b.this.b(x509CertificateArr)) {
                        throw e2;
                    }
                    return;
                } catch (CertificateException e3) {
                    StringBuilder a = f63.a("CertificateException ");
                    a.append(e3.getMessage());
                    HSSLog.d("TlsSniSocketFactory", a.toString());
                    if (e3.getCause() != null) {
                        StringBuilder a2 = f63.a("CertificateException cause: ");
                        a2.append(e3.getCause().getMessage());
                        HSSLog.d("TlsSniSocketFactory", a2.toString());
                    }
                    if (e3.getCause() != null && "timestamp check failed".equals(e3.getCause().getMessage())) {
                        if (!b.this.b(x509CertificateArr)) {
                            throw e3;
                        }
                        return;
                    } else if (e3.getCause() != null && e3.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                        if (!b.this.b(x509CertificateArr)) {
                            throw e3;
                        }
                        return;
                    } else {
                        if (e3.getCause() == null || !e3.getCause().getClass().equals(CertificateNotYetValidException.class)) {
                            throw e3;
                        }
                        if (!b.this.b(x509CertificateArr)) {
                            throw e3;
                        }
                        return;
                    }
                }
            }
            this.a.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.a.getAcceptedIssuers();
        }
    }

    public b(KeyStore keyStore) {
        this.b = null;
        this.c = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.b = keyManagerFactory;
            keyManagerFactory.init(keyStore, "idviu2015".toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.c = trustManagerFactory;
            trustManagerFactory.init(keyStore);
        } catch (Exception e) {
            e.printStackTrace();
            HSSLog.e("httpclient", "could not create SSLSocketFactory");
        }
    }

    public final boolean b(X509Certificate[] x509CertificateArr) {
        if (HSSAgent.getClockState() > 0) {
            return true;
        }
        if (x509CertificateArr != null && x509CertificateArr.length != 0) {
            long time = HSSAgent.getTime();
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (x509Certificate.getNotAfter().getTime() >= time && x509Certificate.getNotBefore().getTime() <= time) {
                return true;
            }
        }
        return false;
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket connectSocket(Socket socket, String str, int i, InetAddress inetAddress, int i2, HttpParams httpParams) throws IOException {
        return createSocket(socket, str, i, true);
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        return SSLSocketFactory.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        f63.d("create socket to host: ", str, "TlsSniSocketFactory");
        if (z && socket != null) {
            socket.close();
        }
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(Refresher.LIVE_RELATED);
        sSLCertificateSocketFactory.setKeyManagers(this.b.getKeyManagers());
        TrustManager[] trustManagers = this.c.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0) {
            sSLCertificateSocketFactory.setTrustManagers(this.c.getTrustManagers());
        } else {
            StringBuilder a2 = f63.a("we have ");
            a2.append(trustManagers.length);
            a2.append(" trust managers");
            HSSLog.d("TlsSniSocketFactory", a2.toString());
            sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{new C0113b((X509TrustManager) trustManagers[0])});
        }
        SSLSocket sSLSocket = (SSLSocket) sSLCertificateSocketFactory.createSocket(InetAddress.getByName(str), i);
        sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
        if (Build.VERSION.SDK_INT >= 17) {
            sSLCertificateSocketFactory.setHostname(sSLSocket, str);
        } else {
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Exception unused) {
            }
        }
        if (this.a.verify(str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException("Cannot verify hostname: " + str);
    }

    @Override // org.apache.http.conn.scheme.SocketFactory
    public boolean isSecure(Socket socket) throws IllegalArgumentException {
        if (socket instanceof SSLSocket) {
            return ((SSLSocket) socket).isConnected();
        }
        return false;
    }
}
