package android.net;

import android.net.http.DomainNameChecker;
import android.os.SystemProperties;
import android.util.Log;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;
import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;
import org.apache.harmony.xnet.provider.jsse.SSLParameters;
import org.apache.harmony.xnet.provider.jsse.SSLServerSessionCache;

/* loaded from: classes.dex */
public class SSLCertificateSocketFactory extends SSLSocketFactory {
    private static final String LOG_TAG = "SSLCertificateSocketFactory";
    private static final TrustManager[] TRUST_MANAGER = {new X509TrustManager() { // from class: android.net.SSLCertificateSocketFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};
    private final SSLSocketFactory mFactory;
    private final int mSocketReadTimeoutForSslHandshake;

    public SSLCertificateSocketFactory(int i) throws NoSuchAlgorithmException, KeyManagementException {
        this(i, null);
    }

    private SSLCertificateSocketFactory(int i, SSLClientSessionCache sSLClientSessionCache) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContextImpl sSLContextImpl = new SSLContextImpl();
        sSLContextImpl.engineInit((KeyManager[]) null, TRUST_MANAGER, new SecureRandom(), sSLClientSessionCache, (SSLServerSessionCache) null);
        this.mFactory = sSLContextImpl.engineGetSocketFactory();
        this.mSocketReadTimeoutForSslHandshake = i;
    }

    public static SocketFactory getDefault(int i) {
        return getDefault(i, null);
    }

    public static SocketFactory getDefault(int i, SSLClientSessionCache sSLClientSessionCache) {
        try {
            return new SSLCertificateSocketFactory(i, sSLClientSessionCache);
        } catch (KeyManagementException e) {
            Log.e(LOG_TAG, "SSLCertifcateSocketFactory.getDefault KeyManagementException ", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.e(LOG_TAG, "SSLCertifcateSocketFactory.getDefault NoSuchAlgorithmException ", e2);
            return null;
        }
    }

    private boolean hasValidCertificateChain(Certificate[] certificateArr) throws IOException {
        boolean z = certificateArr != null && certificateArr.length > 0;
        if (!z) {
            return z;
        }
        try {
            SSLParameters.getDefaultTrustManager().checkServerTrusted((X509Certificate[]) certificateArr, "RSA");
            return z;
        } catch (GeneralSecurityException e) {
            Log.d(LOG_TAG, "hasValidCertificateChain(): sec. exception: " + (e != null ? e.getMessage() : "none"));
            return false;
        }
    }

    private void validateSocket(SSLSocket sSLSocket, String str) throws IOException {
        String str2 = SystemProperties.get("socket.relaxsslcheck");
        if ("0".equals(SystemProperties.get("ro.secure")) && "yes".equals(str2)) {
            Log.d(LOG_TAG, "sys prop socket.relaxsslcheck is set, ignoring invalid certs");
            return;
        }
        sSLSocket.setUseClientMode(true);
        sSLSocket.startHandshake();
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null) {
            Log.e(LOG_TAG, "[SSLCertificateSocketFactory] no trusted root CA");
            throw new IOException("no trusted root CA");
        }
        if (!hasValidCertificateChain(peerCertificates)) {
            Log.d(LOG_TAG, "validateSocket(): certificate untrusted!");
            throw new IOException("Certificate untrusted");
        }
        if (DomainNameChecker.match((X509Certificate) peerCertificates[0], str)) {
            return;
        }
        Log.d(LOG_TAG, "validateSocket(): domain name check failed");
        throw new IOException("Domain Name check failed");
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(str, i);
        if (this.mSocketReadTimeoutForSslHandshake >= 0) {
            sSLSocket.setSoTimeout(this.mSocketReadTimeoutForSslHandshake);
        }
        validateSocket(sSLSocket, str);
        sSLSocket.setSoTimeout(0);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.mFactory.createSocket(str, i, inetAddress, i2);
        if (this.mSocketReadTimeoutForSslHandshake >= 0) {
            sSLSocket.setSoTimeout(this.mSocketReadTimeoutForSslHandshake);
        }
        validateSocket(sSLSocket, str);
        sSLSocket.setSoTimeout(0);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        throw new IOException("Cannot validate certification without a hostname");
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        throw new IOException("Cannot validate certification without a hostname");
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        throw new IOException("Cannot validate certification without a hostname");
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return this.mFactory.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return this.mFactory.getSupportedCipherSuites();
    }
}
