package net.i2p.util;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import net.i2p.I2PAppContext;
import net.i2p.crypto.KeyStoreUtil;
import net.i2p.data.DataHelper;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.util.PublicSuffixList;
import org.apache.http.conn.util.PublicSuffixListParser;
import org.apache.http.conn.util.PublicSuffixMatcher;

/* loaded from: classes.dex */
public class I2PSSLSocketFactory {

    /* renamed from: e, reason: collision with root package name */
    private static PublicSuffixMatcher f5640e;
    private static boolean f;
    private final SSLSocketFactory i;
    private final I2PAppContext j;
    private static final String[] g = {"arpa", "asia", "biz", "cat", "com", "coop", "edu", "gov", "info", "int", "jobs", "mil", "mobi", "museum", "name", "net", "org", "post", "pro", "tel", "travel", "xxx"};
    private static final String[] h = {"i2p", "mooo.com", "onion"};

    /* renamed from: a, reason: collision with root package name */
    public static final List<String> f5636a = Collections.unmodifiableList(Arrays.asList("SSLv2Hello", "SSLv3"));

    /* renamed from: b, reason: collision with root package name */
    public static final List<String> f5637b = Collections.unmodifiableList(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"));

    /* renamed from: c, reason: collision with root package name */
    public static final List<String> f5638c = Collections.unmodifiableList(Arrays.asList("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA", "SSL_DH_anon_WITH_RC4_128_MD5", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "TLS_DH_anon_WITH_AES_256_CBC_SHA", "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "TLS_ECDH_anon_WITH_NULL_SHA", "TLS_ECDH_anon_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_NULL_SHA", "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "TLS_ECDHE_RSA_WITH_NULL_SHA", "TLS_ECDH_RSA_WITH_NULL_SHA", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "TLS_KRB5_WITH_DES_CBC_MD5", "TLS_KRB5_WITH_DES_CBC_SHA", "TLS_KRB5_WITH_RC4_128_MD5", "TLS_KRB5_WITH_RC4_128_SHA", "TLS_RSA_WITH_NULL_SHA256", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"));

    /* renamed from: d, reason: collision with root package name */
    public static final List<String> f5639d = Collections.emptyList();

    public I2PSSLSocketFactory(I2PAppContext i2PAppContext, String str) {
        this.i = a(i2PAppContext, str);
        this.j = i2PAppContext;
    }

    private static SSLSocketFactory a(I2PAppContext i2PAppContext, String str) {
        String str2;
        Log b2 = i2PAppContext.g().b(I2PSSLSocketFactory.class);
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "".toCharArray());
            File file = new File(i2PAppContext.i, str);
            int a2 = KeyStoreUtil.a(file, keyStore);
            if (a2 > 0 && b2.b(20)) {
                b2.a(20, "Loaded " + a2 + " trusted certificates from " + file.getAbsolutePath());
            }
            File file2 = new File(i2PAppContext.h, str);
            if (!file.getAbsolutePath().equals(file2.getAbsolutePath())) {
                int a3 = KeyStoreUtil.a(file2, keyStore);
                a2 += a3;
                if (a3 > 0 && b2.b(20)) {
                    b2.a(20, "Loaded " + a3 + " trusted certificates from " + file.getAbsolutePath());
                }
            }
            if (a2 > 0) {
                if (b2.b(20)) {
                    b2.a(20, "Loaded total of " + a2 + " new trusted certificates");
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), i2PAppContext.m());
                return sSLContext.getSocketFactory();
            }
            StringBuilder sb = new StringBuilder("No trusted certificates loaded (looked in ");
            sb.append(file.getAbsolutePath());
            if (file.getAbsolutePath().equals(file2.getAbsolutePath())) {
                str2 = "";
            } else {
                str2 = " and " + file2.getAbsolutePath();
            }
            sb.append(str2);
            sb.append(", SSL connections will fail. Copy the cert in ");
            sb.append(str);
            sb.append(" from the router to the directory.");
            throw new GeneralSecurityException(sb.toString());
        } catch (IOException e2) {
            throw new GeneralSecurityException("Key Store init error", e2);
        }
    }

    private static PublicSuffixMatcher a(I2PAppContext i2PAppContext) {
        FileInputStream fileInputStream;
        synchronized (I2PSSLSocketFactory.class) {
            if (!f) {
                String a2 = i2PAppContext.a("geoip.dir", "geoip");
                File file = new File(a2);
                if (!file.isAbsolute()) {
                    file = new File(i2PAppContext.h, a2);
                }
                File file2 = new File(file, "public-suffix-list.txt");
                Log b2 = i2PAppContext.g().b(I2PSSLSocketFactory.class);
                if (file2.exists()) {
                    try {
                        long currentTimeMillis = System.currentTimeMillis();
                        PublicSuffixList publicSuffixList = new PublicSuffixList(Arrays.asList(h), Collections.emptyList());
                        try {
                            fileInputStream = new FileInputStream(file2);
                            try {
                                PublicSuffixList parse = new PublicSuffixListParser().parse(new InputStreamReader(fileInputStream, "UTF-8"));
                                List<String> rules = publicSuffixList.getRules();
                                List<String> exceptions = publicSuffixList.getExceptions();
                                List<String> rules2 = parse.getRules();
                                List<String> exceptions2 = parse.getExceptions();
                                ArrayList arrayList = new ArrayList(rules.size() + rules2.size());
                                ArrayList arrayList2 = new ArrayList(exceptions.size() + exceptions2.size());
                                arrayList.addAll(rules);
                                arrayList.addAll(rules2);
                                arrayList2.addAll(exceptions);
                                arrayList2.addAll(exceptions2);
                                PublicSuffixList publicSuffixList2 = new PublicSuffixList(arrayList, arrayList2);
                                try {
                                    fileInputStream.close();
                                } catch (IOException unused) {
                                }
                                f5640e = new PublicSuffixMatcher(publicSuffixList2.getRules(), publicSuffixList2.getExceptions());
                                if (b2.b(30)) {
                                    b2.a(30, "Loaded " + file2 + " in " + (System.currentTimeMillis() - currentTimeMillis) + " ms and created list with " + publicSuffixList2.getRules().size() + " entries and " + publicSuffixList2.getExceptions().size() + " exceptions");
                                }
                            } catch (Throwable th) {
                                th = th;
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException unused2) {
                                    }
                                }
                                throw th;
                            }
                        } catch (Throwable th2) {
                            th = th2;
                            fileInputStream = null;
                        }
                    } catch (IOException e2) {
                        b2.d("Failure loading public suffix list from ".concat(String.valueOf(file2)), e2);
                    }
                } else {
                    ArrayList arrayList3 = new ArrayList(320);
                    a(i2PAppContext, arrayList3);
                    arrayList3.addAll(Arrays.asList(g));
                    arrayList3.addAll(Arrays.asList(h));
                    f5640e = new PublicSuffixMatcher(arrayList3, null);
                    if (b2.b(30)) {
                        b2.a(30, "No public suffix list found at " + file2 + " - created default with " + arrayList3.size() + " entries");
                    }
                }
            }
            f = true;
        }
        return f5640e;
    }

    public static void a(SSLSocket sSLSocket) {
        sSLSocket.setEnabledProtocols(a(sSLSocket.getEnabledProtocols(), sSLSocket.getSupportedProtocols()));
        sSLSocket.setEnabledCipherSuites(b(sSLSocket.getEnabledCipherSuites(), sSLSocket.getSupportedCipherSuites()));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static void a(I2PAppContext i2PAppContext, List<String> list) {
        BufferedReader bufferedReader;
        Log b2 = i2PAppContext.g().b(I2PSSLSocketFactory.class);
        String a2 = i2PAppContext.a("geoip.dir", "geoip");
        File file = new File(a2);
        if (!file.isAbsolute()) {
            file = new File(i2PAppContext.h, a2);
        }
        File file2 = new File(file, "countries.txt");
        if (!file2.exists()) {
            if (b2.b(30)) {
                b2.a(30, "Country file not found: " + file2.getAbsolutePath());
                return;
            }
            return;
        }
        BufferedReader bufferedReader2 = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file2), "UTF-8"));
                int i = 0;
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        try {
                            if (readLine.charAt(0) != '#') {
                                list.add(DataHelper.a(readLine, ",")[0].toLowerCase(Locale.US));
                                i++;
                            }
                        } catch (IndexOutOfBoundsException unused) {
                        }
                    } catch (IOException e2) {
                        e = e2;
                        bufferedReader2 = bufferedReader;
                        b2.d("Error reading the Country File", e);
                        if (bufferedReader2 != null) {
                            try {
                                bufferedReader2.close();
                                return;
                            } catch (IOException unused2) {
                                return;
                            }
                        }
                        return;
                    } catch (Throwable th) {
                        th = th;
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException unused3) {
                            }
                        }
                        throw th;
                    }
                }
                if (b2.b(20)) {
                    b2.a(20, "Loaded " + i + " TLDs from " + file2.getAbsolutePath());
                }
                try {
                    bufferedReader.close();
                } catch (IOException unused4) {
                }
            } catch (IOException e3) {
                e = e3;
            }
        } catch (Throwable th2) {
            th = th2;
            bufferedReader = bufferedReader2;
        }
    }

    public static void a(I2PAppContext i2PAppContext, SSLSocket sSLSocket, String str) {
        Log b2 = i2PAppContext.g().b(I2PSSLSocketFactory.class);
        if (i2PAppContext.b("i2p.disableSSLHostnameVerification") || str.equals("localhost") || str.equals("127.0.0.1") || str.equals("::1") || str.equals("0:0:0:0:0:0:0:1")) {
            if (b2.b(30)) {
                b2.a(30, "Skipping hostname validation for ".concat(String.valueOf(str)));
            }
        } else {
            if ((SystemVersion.c() ? HttpsURLConnection.getDefaultHostnameVerifier() : new DefaultHostnameVerifier(a(i2PAppContext))).verify(str, sSLSocket.getSession())) {
                return;
            }
            throw new SSLHandshakeException("SSL hostname verify failed, Expected " + str + " - set i2p.disableSSLHostnameVerification=true to disable verification (dangerous!)");
        }
    }

    private static String[] a(String[] strArr, String[] strArr2) {
        return a(strArr, strArr2, f5637b, f5636a);
    }

    private static String[] a(String[] strArr, String[] strArr2, List<String> list, List<String> list2) {
        Log b2 = I2PAppContext.a().g().b(I2PSSLSocketFactory.class);
        HashSet hashSet = new HashSet(strArr.length);
        hashSet.addAll(Arrays.asList(strArr));
        hashSet.removeAll(list2);
        HashSet hashSet2 = new HashSet(strArr2.length);
        hashSet2.addAll(Arrays.asList(strArr2));
        for (String str : list) {
            if (hashSet2.contains(str)) {
                if (hashSet.add(str) && b2.b(20)) {
                    b2.a(20, "Added, previously disabled: ".concat(String.valueOf(str)));
                }
            } else if (b2.b(20)) {
                b2.a(20, "Not supported in this JVM: ".concat(String.valueOf(str)));
            }
        }
        if (hashSet.isEmpty()) {
            b2.b("No TLS support for SSLEepGet, falling back");
            return strArr;
        }
        if (b2.b(10)) {
            ArrayList arrayList = new ArrayList(hashSet);
            Collections.sort(arrayList);
            b2.a(10, "Selected: ".concat(String.valueOf(arrayList)));
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    private static String[] b(String[] strArr, String[] strArr2) {
        return a(strArr, strArr2, f5639d, f5638c);
    }

    public final Socket a(String str, int i) {
        SSLSocket sSLSocket = (SSLSocket) this.i.createSocket(str, i);
        a(sSLSocket);
        a(this.j, sSLSocket, str);
        return sSLSocket;
    }
}
