package net.i2p.util;

import dk.ozgur.browser.Constants;
import info.guardianproject.netcipher.client.StrongSSLSocketFactory;
import io.fabric.sdk.android.services.network.HttpRequest;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import net.i2p.I2PAppContext;
import net.i2p.crypto.KeyStoreUtil;
import net.i2p.data.DataHelper;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.util.PublicSuffixList;
import org.apache.http.conn.util.PublicSuffixListParser;
import org.apache.http.conn.util.PublicSuffixMatcher;

/* loaded from: classes.dex */
public class I2PSSLSocketFactory {
    private static final String COUNTRY_FILE_DEFAULT = "countries.txt";
    private static PublicSuffixMatcher DEFAULT_MATCHER = null;
    private static final String GEOIP_DIR_DEFAULT = "geoip";
    private static final String GEOIP_FILE_DEFAULT = "geoip.txt";
    private static final String PROP_DISABLE = "i2p.disableSSLHostnameVerification";
    private static final String PROP_GEOIP_DIR = "geoip.dir";
    private static final String PUBLIC_SUFFIX_LIST = "public-suffix-list.txt";
    private static boolean _matcherLoaded;
    private final I2PAppContext _context;
    private final SSLSocketFactory _factory;
    private static final String[] DEFAULT_TLDS = {"arpa", "asia", "biz", "cat", "com", "coop", "edu", "gov", "info", "int", "jobs", "mil", "mobi", "museum", "name", "net", "org", "post", "pro", "tel", "travel", "xxx"};
    private static final String[] ADDITIONAL_TLDS = {Constants.HTTP_PROXY_I2P, "mooo.com", "onion"};
    public static final List<String> EXCLUDE_PROTOCOLS = Collections.unmodifiableList(Arrays.asList("SSLv2Hello", "SSLv3"));
    public static final List<String> INCLUDE_PROTOCOLS = Collections.unmodifiableList(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"));
    public static final List<String> EXCLUDE_CIPHERS = Collections.unmodifiableList(Arrays.asList("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA", "SSL_DH_anon_WITH_RC4_128_MD5", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "TLS_DH_anon_WITH_AES_256_CBC_SHA", "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "TLS_ECDH_anon_WITH_NULL_SHA", "TLS_ECDH_anon_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_NULL_SHA", "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "TLS_ECDHE_RSA_WITH_NULL_SHA", "TLS_ECDH_RSA_WITH_NULL_SHA", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "TLS_KRB5_WITH_DES_CBC_MD5", "TLS_KRB5_WITH_DES_CBC_SHA", "TLS_KRB5_WITH_RC4_128_MD5", "TLS_KRB5_WITH_RC4_128_SHA", "TLS_RSA_WITH_NULL_SHA256", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"));
    public static final List<String> INCLUDE_CIPHERS = Collections.emptyList();

    public I2PSSLSocketFactory(I2PAppContext i2PAppContext, boolean z, String str) throws GeneralSecurityException {
        this._factory = initSSLContext(i2PAppContext, z, str);
        this._context = i2PAppContext;
    }

    private static void addCountries(I2PAppContext i2PAppContext, List<String> list) {
        Log log = i2PAppContext.logManager().getLog(I2PSSLSocketFactory.class);
        String property = i2PAppContext.getProperty(PROP_GEOIP_DIR, GEOIP_DIR_DEFAULT);
        File file = new File(property);
        if (!file.isAbsolute()) {
            file = new File(i2PAppContext.getBaseDir(), property);
        }
        File file2 = new File(file, COUNTRY_FILE_DEFAULT);
        if (!file2.exists()) {
            if (log.shouldWarn()) {
                log.warn("Country file not found: " + file2.getAbsolutePath());
                return;
            }
            return;
        }
        BufferedReader bufferedReader = null;
        try {
            try {
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(new FileInputStream(file2), HttpRequest.CHARSET_UTF8));
                int i = 0;
                while (true) {
                    try {
                        String readLine = bufferedReader2.readLine();
                        if (readLine == null) {
                            break;
                        }
                        try {
                            if (readLine.charAt(0) != '#') {
                                list.add(DataHelper.split(readLine, ",")[0].toLowerCase(Locale.US));
                                i++;
                            }
                        } catch (IndexOutOfBoundsException e) {
                        }
                    } catch (IOException e2) {
                        e = e2;
                        bufferedReader = bufferedReader2;
                        log.error("Error reading the Country File", e);
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                                return;
                            } catch (IOException e3) {
                                return;
                            }
                        }
                        return;
                    } catch (Throwable th) {
                        th = th;
                        bufferedReader = bufferedReader2;
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e4) {
                            }
                        }
                        throw th;
                    }
                }
                if (log.shouldInfo()) {
                    log.info("Loaded " + i + " TLDs from " + file2.getAbsolutePath());
                }
                if (bufferedReader2 != null) {
                    try {
                        bufferedReader2.close();
                    } catch (IOException e5) {
                    }
                }
            } catch (IOException e6) {
                e = e6;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static PublicSuffixMatcher getDefaultMatcher(I2PAppContext i2PAppContext) {
        synchronized (I2PSSLSocketFactory.class) {
            if (!_matcherLoaded) {
                String property = i2PAppContext.getProperty(PROP_GEOIP_DIR, GEOIP_DIR_DEFAULT);
                File file = new File(property);
                File file2 = new File(!file.isAbsolute() ? new File(i2PAppContext.getBaseDir(), property) : file, PUBLIC_SUFFIX_LIST);
                Log log = i2PAppContext.logManager().getLog(I2PSSLSocketFactory.class);
                if (file2.exists()) {
                    try {
                        long currentTimeMillis = System.currentTimeMillis();
                        FileInputStream fileInputStream = null;
                        PublicSuffixList publicSuffixList = new PublicSuffixList(Arrays.asList(ADDITIONAL_TLDS), Collections.emptyList());
                        try {
                            FileInputStream fileInputStream2 = new FileInputStream(file2);
                            try {
                                PublicSuffixList merge = merge(publicSuffixList, new PublicSuffixListParser().parse(new InputStreamReader(fileInputStream2, HttpRequest.CHARSET_UTF8)));
                                if (fileInputStream2 != null) {
                                    try {
                                        fileInputStream2.close();
                                    } catch (IOException e) {
                                    }
                                }
                                DEFAULT_MATCHER = new PublicSuffixMatcher(merge.getRules(), merge.getExceptions());
                                if (log.shouldWarn()) {
                                    log.warn("Loaded " + file2 + " in " + (System.currentTimeMillis() - currentTimeMillis) + " ms and created list with " + merge.getRules().size() + " entries and " + merge.getExceptions().size() + " exceptions");
                                }
                            } catch (Throwable th) {
                                th = th;
                                fileInputStream = fileInputStream2;
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException e2) {
                                    }
                                }
                                throw th;
                            }
                        } catch (Throwable th2) {
                            th = th2;
                        }
                    } catch (IOException e3) {
                        log.error("Failure loading public suffix list from " + file2, e3);
                    }
                } else {
                    ArrayList arrayList = new ArrayList(320);
                    addCountries(i2PAppContext, arrayList);
                    arrayList.addAll(Arrays.asList(DEFAULT_TLDS));
                    arrayList.addAll(Arrays.asList(ADDITIONAL_TLDS));
                    DEFAULT_MATCHER = new PublicSuffixMatcher(arrayList, null);
                    if (log.shouldWarn()) {
                        log.warn("No public suffix list found at " + file2 + " - created default with " + arrayList.size() + " entries");
                    }
                }
            }
            _matcherLoaded = true;
        }
        return DEFAULT_MATCHER;
    }

    private static SSLSocketFactory initSSLContext(I2PAppContext i2PAppContext, boolean z, String str) throws GeneralSecurityException {
        KeyStore keyStore;
        Log log = i2PAppContext.logManager().getLog(I2PSSLSocketFactory.class);
        if (z) {
            keyStore = KeyStoreUtil.loadSystemKeyStore();
            if (keyStore == null) {
                throw new GeneralSecurityException("Key Store init error");
            }
        } else {
            try {
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, "".toCharArray());
            } catch (IOException e) {
                throw new GeneralSecurityException("Key Store init error", e);
            }
        }
        File file = new File(i2PAppContext.getConfigDir(), str);
        int addCerts = KeyStoreUtil.addCerts(file, keyStore);
        int i = addCerts;
        if (addCerts > 0 && log.shouldLog(20)) {
            log.info("Loaded " + addCerts + " trusted certificates from " + file.getAbsolutePath());
        }
        File file2 = new File(i2PAppContext.getBaseDir(), str);
        if (!file.getAbsolutePath().equals(file2.getAbsolutePath())) {
            int addCerts2 = KeyStoreUtil.addCerts(file2, keyStore);
            i += addCerts2;
            if (addCerts2 > 0 && log.shouldLog(20)) {
                log.info("Loaded " + addCerts2 + " trusted certificates from " + file.getAbsolutePath());
            }
        }
        if (i <= 0 && !z) {
            throw new GeneralSecurityException("No trusted certificates loaded (looked in " + file.getAbsolutePath() + (file.getAbsolutePath().equals(file2.getAbsolutePath()) ? "" : " and " + file2.getAbsolutePath()) + ", SSL connections will fail. Copy the cert in " + str + " from the router to the directory.");
        }
        if (log.shouldLog(20)) {
            log.info("Loaded total of " + i + " new trusted certificates");
        }
        SSLContext sSLContext = SSLContext.getInstance(StrongSSLSocketFactory.TLS);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), i2PAppContext.random());
        return sSLContext.getSocketFactory();
    }

    private static PublicSuffixList merge(PublicSuffixList publicSuffixList, PublicSuffixList publicSuffixList2) {
        List<String> rules = publicSuffixList.getRules();
        List<String> exceptions = publicSuffixList.getExceptions();
        List<String> rules2 = publicSuffixList2.getRules();
        List<String> exceptions2 = publicSuffixList2.getExceptions();
        ArrayList arrayList = new ArrayList(rules.size() + rules2.size());
        ArrayList arrayList2 = new ArrayList(exceptions.size() + exceptions2.size());
        arrayList.addAll(rules);
        arrayList.addAll(rules2);
        arrayList2.addAll(exceptions);
        arrayList2.addAll(exceptions2);
        return new PublicSuffixList(arrayList, arrayList2);
    }

    private static String[] select(String[] strArr, String[] strArr2, List<String> list, List<String> list2) {
        Log log = I2PAppContext.getGlobalContext().logManager().getLog(I2PSSLSocketFactory.class);
        HashSet hashSet = new HashSet(strArr.length);
        hashSet.addAll(Arrays.asList(strArr));
        hashSet.removeAll(list2);
        HashSet hashSet2 = new HashSet(strArr2.length);
        hashSet2.addAll(Arrays.asList(strArr2));
        for (String str : list) {
            if (hashSet2.contains(str)) {
                if (hashSet.add(str) && log.shouldLog(20)) {
                    log.info("Added, previously disabled: " + str);
                }
            } else if (log.shouldLog(20)) {
                log.info("Not supported in this JVM: " + str);
            }
        }
        if (hashSet.isEmpty()) {
            log.logAlways(30, "No TLS support for SSLEepGet, falling back");
            return strArr;
        }
        if (log.shouldLog(10)) {
            ArrayList arrayList = new ArrayList(hashSet);
            Collections.sort(arrayList);
            log.debug("Selected: " + arrayList);
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    private static String[] selectCipherSuites(String[] strArr, String[] strArr2) {
        return select(strArr, strArr2, INCLUDE_CIPHERS, EXCLUDE_CIPHERS);
    }

    private static String[] selectProtocols(String[] strArr, String[] strArr2) {
        return select(strArr, strArr2, INCLUDE_PROTOCOLS, EXCLUDE_PROTOCOLS);
    }

    public static void setProtocolsAndCiphers(SSLServerSocket sSLServerSocket) {
        String[] selectProtocols = selectProtocols(sSLServerSocket.getEnabledProtocols(), sSLServerSocket.getSupportedProtocols());
        for (String str : selectProtocols) {
            if (str.equals("SSLv3")) {
                return;
            }
        }
        sSLServerSocket.setEnabledProtocols(selectProtocols);
        sSLServerSocket.setEnabledCipherSuites(selectCipherSuites(sSLServerSocket.getEnabledCipherSuites(), sSLServerSocket.getSupportedCipherSuites()));
    }

    public static void setProtocolsAndCiphers(SSLSocket sSLSocket) {
        sSLSocket.setEnabledProtocols(selectProtocols(sSLSocket.getEnabledProtocols(), sSLSocket.getSupportedProtocols()));
        sSLSocket.setEnabledCipherSuites(selectCipherSuites(sSLSocket.getEnabledCipherSuites(), sSLSocket.getSupportedCipherSuites()));
    }

    public static void verifyHostname(I2PAppContext i2PAppContext, SSLSocket sSLSocket, String str) throws SSLException {
        Log log = i2PAppContext.logManager().getLog(I2PSSLSocketFactory.class);
        if (!i2PAppContext.getBooleanProperty(PROP_DISABLE) && !str.equals("localhost") && !str.equals("127.0.0.1") && !str.equals("::1") && !str.equals("0:0:0:0:0:0:0:1")) {
            if (!(SystemVersion.isAndroid() ? HttpsURLConnection.getDefaultHostnameVerifier() : new DefaultHostnameVerifier(getDefaultMatcher(i2PAppContext))).verify(str, sSLSocket.getSession())) {
                throw new SSLHandshakeException("SSL hostname verify failed, Expected " + str + " - set " + PROP_DISABLE + "=true to disable verification (dangerous!)");
            }
        } else if (log.shouldWarn()) {
            log.warn("Skipping hostname validation for " + str);
        }
    }

    public Socket createSocket(String str, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this._factory.createSocket(str, i);
        setProtocolsAndCiphers(sSLSocket);
        verifyHostname(this._context, sSLSocket, str);
        return sSLSocket;
    }

    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this._factory.createSocket(inetAddress, i);
        setProtocolsAndCiphers(sSLSocket);
        verifyHostname(this._context, sSLSocket, inetAddress.getHostName());
        return sSLSocket;
    }
}
