package assecobs.replication;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import java.net.Socket;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class SocketProvider {
    private X509Certificate _cert1;
    private X509Certificate _cert2;
    private final X509TrustManager _trustManager = new X509TrustManager() { // from class: assecobs.replication.SocketProvider.1
        private PublicKey getPublicKey(X509Certificate x509Certificate) {
            return ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() == ((RSAPublicKey) SocketProvider.this._cert2.getPublicKey()).getModulus().bitLength() ? SocketProvider.this._cert2.getPublicKey() : SocketProvider.this._cert1.getPublicKey();
        }

        private void throwException(Exception exc) throws CertificateException {
            String localizedMessage = exc.getLocalizedMessage();
            if (localizedMessage == null) {
                localizedMessage = exc.getClass().getName();
            }
            throw new CertificateException("Błąd podczas weryfikacji certyfikatu dla połączenia\n" + localizedMessage);
        }

        @Override // javax.net.ssl.X509TrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                throw new CertificateException("Brak certyfikatu wymaganego do połączenia");
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
                try {
                    x509Certificate.verify(getPublicKey(x509Certificate));
                } catch (InvalidKeyException e) {
                    throwException(e);
                } catch (NoSuchAlgorithmException e2) {
                    throwException(e2);
                } catch (NoSuchProviderException e3) {
                    throwException(e3);
                } catch (SignatureException e4) {
                    throwException(e4);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{SocketProvider.this._cert1, SocketProvider.this._cert2};
        }
    };

    private KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
        char[] aliasKey = NativeReplication.getAliasKey();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        keyManagerFactory.init(keyStore, aliasKey);
        return keyManagerFactory.getKeyManagers();
    }

    private SSLSocketFactory getSocketFactory(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext.getSocketFactory();
    }

    private TrustManager[] getTrustManagers() {
        return new TrustManager[]{this._trustManager};
    }

    private KeyStore loadKeyStore(Context context) throws Exception {
        char[] storeKey = NativeReplication.getStoreKey();
        java.io.InputStream openRawResource = context.getResources().openRawResource(R.raw.client);
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(openRawResource, storeKey);
        openRawResource.close();
        this._cert1 = (X509Certificate) keyStore.getCertificate("server_pub1");
        this._cert2 = (X509Certificate) keyStore.getCertificate("server_pub2");
        return keyStore;
    }

    public Socket getSocket(String str, int i, Context context) throws Exception {
        SSLSocket sSLSocket = (SSLSocket) getSocketFactory(getKeyManagers(loadKeyStore(context)), getTrustManagers()).createSocket(str, i);
        if (Build.VERSION.SDK_INT < 22) {
            List asList = Arrays.asList(sSLSocket.getSupportedCipherSuites());
            List<String> asList2 = Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA");
            ArrayList arrayList = new ArrayList();
            for (String str2 : asList2) {
                if (asList.contains(str2)) {
                    arrayList.add(str2);
                }
            }
            String[] strArr = new String[arrayList.size()];
            arrayList.toArray(strArr);
            sSLSocket.setEnabledCipherSuites(strArr);
        }
        sSLSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
        sSLSocket.startHandshake();
        return sSLSocket;
    }
}
