package com.tencent.midas.http.midashttp;

import android.os.Build;
import android.text.TextUtils;
import com.tencent.midas.http.core.Request;
import com.tencent.midas.http.core.Response;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.channels.SocketChannel;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class APMidasHttpsCertHandler extends APMidasBaseHttpHandler {
    private final String certification;
    private final MidasIPChecker ipChecker;
    private ThreadLocal<Boolean> hasSetHttpsHeader = new ThreadLocal<Boolean>() { // from class: com.tencent.midas.http.midashttp.APMidasHttpsCertHandler.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean initialValue() {
            return false;
        }
    };
    private ThreadLocal<Boolean> hasSetHostnameVerifier = new ThreadLocal<Boolean>() { // from class: com.tencent.midas.http.midashttp.APMidasHttpsCertHandler.2
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean initialValue() {
            return false;
        }
    };
    private ThreadLocal<Boolean> hasSetSSLSocketFactory = new ThreadLocal<Boolean>() { // from class: com.tencent.midas.http.midashttp.APMidasHttpsCertHandler.3
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean initialValue() {
            return false;
        }
    };

    /* loaded from: classes.dex */
    private static class APDelegateNoSSLv3Compat {

        /* loaded from: classes.dex */
        public static class NoSSLv3Factory extends SSLSocketFactory {
            private final SSLSocketFactory delegate;

            public NoSSLv3Factory(SSLSocketFactory sSLSocketFactory) {
                this.delegate = sSLSocketFactory;
            }

            private static Socket makeSocketSafe(Socket socket) {
                boolean z;
                if (!(socket instanceof SSLSocket) || (socket instanceof a)) {
                    return socket;
                }
                a aVar = new a((SSLSocket) socket);
                a aVar2 = aVar;
                String[] supportedProtocols = aVar2.getSupportedProtocols();
                if (supportedProtocols != null) {
                    z = false;
                    for (String str : supportedProtocols) {
                        if ("TLSv1.2".equals(str)) {
                            z = true;
                        }
                    }
                } else {
                    z = false;
                }
                if (z) {
                    aVar2.setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
                }
                return aVar;
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i) {
                return makeSocketSafe(this.delegate.createSocket(str, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) {
                return makeSocketSafe(this.delegate.createSocket(str, i, inetAddress, i2));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i) {
                return makeSocketSafe(this.delegate.createSocket(inetAddress, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) {
                return makeSocketSafe(this.delegate.createSocket(inetAddress, i, inetAddress2, i2));
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public Socket createSocket(Socket socket, String str, int i, boolean z) {
                return makeSocketSafe(this.delegate.createSocket(socket, str, i, z));
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getDefaultCipherSuites() {
                return this.delegate.getDefaultCipherSuites();
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getSupportedCipherSuites() {
                return this.delegate.getSupportedCipherSuites();
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes.dex */
        public static class a extends a {
            private a(SSLSocket sSLSocket) {
                super(sSLSocket);
                if (sSLSocket.getClass().getCanonicalName().equals("org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl")) {
                    return;
                }
                try {
                    Method method = sSLSocket.getClass().getMethod("setUseSessionTickets", Boolean.TYPE);
                    if (method != null) {
                        method.invoke(sSLSocket, true);
                    }
                } catch (IllegalAccessException e) {
                    e.printStackTrace();
                } catch (NoSuchMethodException e2) {
                    e2.printStackTrace();
                } catch (InvocationTargetException e3) {
                    e3.printStackTrace();
                }
            }

            @Override // com.tencent.midas.http.midashttp.APMidasHttpsCertHandler.a, javax.net.ssl.SSLSocket
            public void setEnabledProtocols(String[] strArr) {
                if (strArr != null && strArr.length == 1 && "SSLv3".equals(strArr[0])) {
                    ArrayList arrayList = new ArrayList(Arrays.asList(this.f6082a.getEnabledProtocols()));
                    if (arrayList.size() > 1) {
                        arrayList.remove("SSLv3");
                    }
                    strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
                }
                super.setEnabledProtocols(strArr);
            }
        }
    }

    /* loaded from: classes.dex */
    public interface MidasIPChecker {
        boolean isMidasIP(String str);
    }

    /* loaded from: classes.dex */
    private static class a extends SSLSocket {

        /* renamed from: a, reason: collision with root package name */
        protected final SSLSocket f6082a;

        a(SSLSocket sSLSocket) {
            this.f6082a = sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocket
        public void addHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
            this.f6082a.addHandshakeCompletedListener(handshakeCompletedListener);
        }

        @Override // java.net.Socket
        public void bind(SocketAddress socketAddress) {
            this.f6082a.bind(socketAddress);
        }

        @Override // java.net.Socket, java.io.Closeable, java.lang.AutoCloseable
        public synchronized void close() {
            this.f6082a.close();
        }

        @Override // java.net.Socket
        public void connect(SocketAddress socketAddress) {
            this.f6082a.connect(socketAddress);
        }

        @Override // java.net.Socket
        public void connect(SocketAddress socketAddress, int i) {
            this.f6082a.connect(socketAddress, i);
        }

        public boolean equals(Object obj) {
            return this.f6082a.equals(obj);
        }

        @Override // java.net.Socket
        public SocketChannel getChannel() {
            return this.f6082a.getChannel();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getEnableSessionCreation() {
            return this.f6082a.getEnableSessionCreation();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getEnabledCipherSuites() {
            return this.f6082a.getEnabledCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getEnabledProtocols() {
            return this.f6082a.getEnabledProtocols();
        }

        @Override // java.net.Socket
        public InetAddress getInetAddress() {
            return this.f6082a.getInetAddress();
        }

        @Override // java.net.Socket
        public InputStream getInputStream() {
            return this.f6082a.getInputStream();
        }

        @Override // java.net.Socket
        public boolean getKeepAlive() {
            return this.f6082a.getKeepAlive();
        }

        @Override // java.net.Socket
        public InetAddress getLocalAddress() {
            return this.f6082a.getLocalAddress();
        }

        @Override // java.net.Socket
        public int getLocalPort() {
            return this.f6082a.getLocalPort();
        }

        @Override // java.net.Socket
        public SocketAddress getLocalSocketAddress() {
            return this.f6082a.getLocalSocketAddress();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getNeedClientAuth() {
            return this.f6082a.getNeedClientAuth();
        }

        @Override // java.net.Socket
        public boolean getOOBInline() {
            return this.f6082a.getOOBInline();
        }

        @Override // java.net.Socket
        public OutputStream getOutputStream() {
            return this.f6082a.getOutputStream();
        }

        @Override // java.net.Socket
        public int getPort() {
            return this.f6082a.getPort();
        }

        @Override // java.net.Socket
        public synchronized int getReceiveBufferSize() {
            return this.f6082a.getReceiveBufferSize();
        }

        @Override // java.net.Socket
        public SocketAddress getRemoteSocketAddress() {
            return this.f6082a.getRemoteSocketAddress();
        }

        @Override // java.net.Socket
        public boolean getReuseAddress() {
            return this.f6082a.getReuseAddress();
        }

        @Override // java.net.Socket
        public synchronized int getSendBufferSize() {
            return this.f6082a.getSendBufferSize();
        }

        @Override // javax.net.ssl.SSLSocket
        public SSLSession getSession() {
            return this.f6082a.getSession();
        }

        @Override // java.net.Socket
        public int getSoLinger() {
            return this.f6082a.getSoLinger();
        }

        @Override // java.net.Socket
        public synchronized int getSoTimeout() {
            return this.f6082a.getSoTimeout();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getSupportedCipherSuites() {
            return this.f6082a.getSupportedCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getSupportedProtocols() {
            return this.f6082a.getSupportedProtocols();
        }

        @Override // java.net.Socket
        public boolean getTcpNoDelay() {
            return this.f6082a.getTcpNoDelay();
        }

        @Override // java.net.Socket
        public int getTrafficClass() {
            return this.f6082a.getTrafficClass();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getUseClientMode() {
            return this.f6082a.getUseClientMode();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getWantClientAuth() {
            return this.f6082a.getWantClientAuth();
        }

        @Override // java.net.Socket
        public boolean isBound() {
            return this.f6082a.isBound();
        }

        @Override // java.net.Socket
        public boolean isClosed() {
            return this.f6082a.isClosed();
        }

        @Override // java.net.Socket
        public boolean isConnected() {
            return this.f6082a.isConnected();
        }

        @Override // java.net.Socket
        public boolean isInputShutdown() {
            return this.f6082a.isInputShutdown();
        }

        @Override // java.net.Socket
        public boolean isOutputShutdown() {
            return this.f6082a.isOutputShutdown();
        }

        @Override // javax.net.ssl.SSLSocket
        public void removeHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
            this.f6082a.removeHandshakeCompletedListener(handshakeCompletedListener);
        }

        @Override // java.net.Socket
        public void sendUrgentData(int i) {
            this.f6082a.sendUrgentData(i);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnableSessionCreation(boolean z) {
            this.f6082a.setEnableSessionCreation(z);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnabledCipherSuites(String[] strArr) {
            this.f6082a.setEnabledCipherSuites(strArr);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnabledProtocols(String[] strArr) {
            this.f6082a.setEnabledProtocols(strArr);
        }

        @Override // java.net.Socket
        public void setKeepAlive(boolean z) {
            this.f6082a.setKeepAlive(z);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setNeedClientAuth(boolean z) {
            this.f6082a.setNeedClientAuth(z);
        }

        @Override // java.net.Socket
        public void setOOBInline(boolean z) {
            this.f6082a.setOOBInline(z);
        }

        @Override // java.net.Socket
        public void setPerformancePreferences(int i, int i2, int i3) {
            this.f6082a.setPerformancePreferences(i, i2, i3);
        }

        @Override // java.net.Socket
        public synchronized void setReceiveBufferSize(int i) {
            this.f6082a.setReceiveBufferSize(i);
        }

        @Override // java.net.Socket
        public void setReuseAddress(boolean z) {
            this.f6082a.setReuseAddress(z);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setSSLParameters(SSLParameters sSLParameters) {
            this.f6082a.setSSLParameters(sSLParameters);
        }

        @Override // java.net.Socket
        public synchronized void setSendBufferSize(int i) {
            this.f6082a.setSendBufferSize(i);
        }

        @Override // java.net.Socket
        public void setSoLinger(boolean z, int i) {
            this.f6082a.setSoLinger(z, i);
        }

        @Override // java.net.Socket
        public synchronized void setSoTimeout(int i) {
            this.f6082a.setSoTimeout(i);
        }

        @Override // java.net.Socket
        public void setTcpNoDelay(boolean z) {
            this.f6082a.setTcpNoDelay(z);
        }

        @Override // java.net.Socket
        public void setTrafficClass(int i) {
            this.f6082a.setTrafficClass(i);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setUseClientMode(boolean z) {
            this.f6082a.setUseClientMode(z);
        }

        @Override // javax.net.ssl.SSLSocket
        public void setWantClientAuth(boolean z) {
            this.f6082a.setWantClientAuth(z);
        }

        @Override // java.net.Socket
        public void shutdownInput() {
            this.f6082a.shutdownInput();
        }

        @Override // java.net.Socket
        public void shutdownOutput() {
            this.f6082a.shutdownOutput();
        }

        @Override // javax.net.ssl.SSLSocket
        public void startHandshake() {
            this.f6082a.startHandshake();
        }

        @Override // javax.net.ssl.SSLSocket, java.net.Socket
        public String toString() {
            return this.f6082a.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b implements HostnameVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final MidasIPChecker f6083a;

        private b(MidasIPChecker midasIPChecker) {
            this.f6083a = midasIPChecker;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            MidasIPChecker midasIPChecker = this.f6083a;
            if (midasIPChecker == null) {
                return false;
            }
            return midasIPChecker.isMidasIP(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class c implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        private X509TrustManager f6084a;

        c(String str) {
            if (TextUtils.isEmpty(str)) {
                return;
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                KeyStore.TrustedCertificateEntry trustedCertificateEntry = new KeyStore.TrustedCertificateEntry(x509Certificate);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setEntry("ca_root", trustedCertificateEntry, null);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        this.f6084a = (X509TrustManager) trustManagers[i];
                        return;
                    }
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.f6084a.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.f6084a.getAcceptedIssuers();
        }
    }

    public APMidasHttpsCertHandler(String str, MidasIPChecker midasIPChecker) {
        this.certification = str;
        this.ipChecker = midasIPChecker;
    }

    private void createSSLConnection(Request request) {
        ThreadLocal<Boolean> threadLocal;
        boolean z;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            if (request.isRequestWithIP()) {
                sSLContext.init(null, new TrustManager[]{new c(this.certification)}, new SecureRandom());
                request.setCustomHostnameVerifier(new b(this.ipChecker));
                this.hasSetHostnameVerifier.set(true);
            } else {
                sSLContext.init(null, null, new SecureRandom());
            }
            if (Build.VERSION.SDK_INT >= 20) {
                request.setCustomSSLSocketFactory(sSLContext.getSocketFactory());
                threadLocal = this.hasSetSSLSocketFactory;
                z = true;
            } else {
                request.setCustomSSLSocketFactory(new APDelegateNoSSLv3Compat.NoSSLv3Factory(sSLContext.getSocketFactory()));
                threadLocal = this.hasSetSSLSocketFactory;
                z = true;
            }
            threadLocal.set(z);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private boolean needCustomCert(Request request) {
        return request != null && request.isHttpsRequest() && request.isRequestWithIP() && (request instanceof APMidasHttpRequest) && request.getCustomHostnameVerifier() == null && request.getCustomSSLSocketFactory() == null;
    }

    @Override // com.tencent.midas.http.midashttp.APMidasBaseHttpHandler, com.tencent.midas.http.core.HttpHandler
    public void onHttpEnd(Request request, Response response) {
        super.onHttpEnd(request, response);
        if (this.hasSetHttpsHeader.get().booleanValue()) {
            this.hasSetHttpsHeader.set(false);
            request.removeHttpHeader("https.protocols", "TLSv1");
        }
        if (this.hasSetHostnameVerifier.get().booleanValue()) {
            this.hasSetHostnameVerifier.set(false);
            request.clearCustomHostnameVerifier();
        }
        if (this.hasSetSSLSocketFactory.get().booleanValue()) {
            this.hasSetSSLSocketFactory.set(false);
            request.clearCustomSSLSocketFactory();
        }
    }

    @Override // com.tencent.midas.http.midashttp.APMidasBaseHttpHandler, com.tencent.midas.http.core.HttpHandler
    public void onHttpStart(Request request) {
        if (request != null && needCustomCert(request)) {
            if (!request.hasHttpHeader("https.protocols", "TLSv1")) {
                request.addHttpHeader("https.protocols", "TLSv1");
                this.hasSetHttpsHeader.set(true);
            }
            createSSLConnection(request);
        }
    }
}
