package com.viber.voip.net;

import android.net.http.SslError;
import com.viber.voip.ViberApplication;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes.dex */
public class TrustEveryoneSocketFactory extends SSLSocketFactory {
    private static TrustManager trustManager;
    private SSLContext sslContext;
    private static final String[] mustVerifyHosts = {"secure.integration.viber.com", "wa.development.viber.com", "secure.viber.com"};
    private static final X509HostnameVerifier SELECTED_HOSTNAMES_VERIFIER = new SelectedHostsVerifier(mustVerifyHosts, STRICT_HOSTNAME_VERIFIER);

    /* loaded from: classes.dex */
    private static class SelectedHostsVerifier implements X509HostnameVerifier {
        private final X509HostnameVerifier delegate;
        private final Set<String> mustVerifiedHostSet = new HashSet();

        public SelectedHostsVerifier(String[] strArr, X509HostnameVerifier x509HostnameVerifier) {
            if (strArr != null) {
                for (String str : strArr) {
                    this.mustVerifiedHostSet.add(str);
                }
            }
            this.delegate = x509HostnameVerifier;
        }

        private boolean isMustVerifiedHost(String str) {
            int indexOf = str.indexOf(46);
            if (indexOf != -1) {
                str.substring(indexOf + 1);
            }
            return this.mustVerifiedHostSet.contains(str);
        }

        public final String toString() {
            return "SELECTED_HOSTS_VERIFIER";
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, X509Certificate x509Certificate) throws SSLException {
            ViberApplication.log(3, TrustEveryoneSocketFactory.class.getSimpleName(), "verify paramString:" + str + ",paramX509Certificate:" + (x509Certificate != null ? x509Certificate.getSubjectDN() : "null"));
            if (!isMustVerifiedHost(str)) {
                throw new SSLException("Unknown host:" + str);
            }
            this.delegate.verify(str, x509Certificate);
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, SSLSocket sSLSocket) throws IOException {
            boolean isMustVerifiedHost = isMustVerifiedHost(str);
            ViberApplication.log(3, TrustEveryoneSocketFactory.class.getSimpleName(), "verify paramString:" + str + ",paramSSLSocket:" + sSLSocket + ",isMustVerifiedHost:" + isMustVerifiedHost);
            if (!isMustVerifiedHost) {
                throw new UnknownHostException("Unknown host:" + str);
            }
            this.delegate.verify(str, sSLSocket);
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
            if (!isMustVerifiedHost(str)) {
                throw new SSLException("Unknown host:" + str);
            }
            this.delegate.verify(str, strArr, strArr2);
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (isMustVerifiedHost(str)) {
                return this.delegate.verify(str, sSLSession);
            }
            return true;
        }
    }

    static {
        try {
            trustManager = new EasyX509TrustManager(null);
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    private TrustEveryoneSocketFactory(KeyStore keyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super(keyStore);
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str) throws IOException {
        if (sSLSocket != null) {
            SSLSession session = sSLSocket.getSession();
            if (session != null) {
                session.invalidate();
            }
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    public static SSLSocketFactory getTrustEveryoneSocketFactory() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            TrustEveryoneSocketFactory trustEveryoneSocketFactory = new TrustEveryoneSocketFactory(keyStore);
            trustEveryoneSocketFactory.setHostnameVerifier(SELECTED_HOSTNAMES_VERIFIER);
            return trustEveryoneSocketFactory;
        } catch (Exception e) {
            return null;
        }
    }

    private void verifyServerDomainAndCertificates(X509Certificate[] x509CertificateArr, String str, String str2) throws IOException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate for this site is null");
        }
        getHostnameVerifier().verify(str, x509Certificate);
        try {
            ((EasyX509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str2);
        } catch (GeneralSecurityException e) {
            throw new IOException(new SslError(3, x509Certificate).toString());
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        return this.sslContext.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        if (!sSLSocket.getSession().isValid()) {
            closeSocketThrowException(sSLSocket, "failed to perform SSL handshake");
        }
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            closeSocketThrowException(sSLSocket, "failed to retrieve peer certificates");
        }
        verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, str, "RSA");
        return sSLSocket;
    }
}
