package com.citrix.cck.jsse.ssl;

import com.citrix.cck.CCK;
import com.citrix.cck.Debug;
import com.citrix.cck.jce.CitrixProvider;
import com.citrix.cck.jsse.ssl.CCKConfig;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import net.lingala.zip4j.util.InternalZipConstants;

/* loaded from: classes5.dex */
public class CitrixSSLContext extends SSLContextSpi {
    private static CitrixSSLContext o;
    private static final String[] p = {System.getProperty("java.home") + "/lib/security/cacerts", System.getProperty("java.home") + "/lib/security/jssecacerts", "/data/system/security/cacerts.bks"};
    private static final String[] q = {"JKS", System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()), "BKS"};
    private static KeyStore r = null;
    private boolean d;
    private SecureRandom e;

    /* renamed from: a, reason: collision with root package name */
    private final ArrayList<byte[]> f2643a = new ArrayList<>();
    private final ArrayList<X509TrustManager> b = new ArrayList<>();
    private final ArrayList<X509KeyManager> c = new ArrayList<>();
    private int f = 15;
    private boolean g = true;
    private boolean h = true;
    private CCKConfig.RevocationPolicy i = CCKConfig.RevocationPolicy.NO_NETWORK_ACCESS;
    private CCKConfig.ChainBuildingPolicy j = CCKConfig.ChainBuildingPolicy.CHAIN_BUILD_SERVER_OR_OS;
    private CCKConfig.CipherSuites k = CCKConfig.CipherSuites.CIPHER_ALL;
    boolean l = false;
    private ClientCertificateSelector m = null;
    private final HashMap<String, CitrixSSLSession> n = new HashMap<>(512);

    /* renamed from: com.citrix.cck.jsse.ssl.CitrixSSLContext$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f2644a;

        static {
            int[] iArr = new int[CCKFeature.values().length];
            f2644a = iArr;
            try {
                iArr[CCKFeature.FEATURE_RSA_KEYSIZE_1536.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f2644a[CCKFeature.FEATURE_TLS13_IN_FIPS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public static class ProtoDefault extends CitrixSSLContext {
        public ProtoDefault() {
            super(CCKConfig.getDefaultProtocols());
        }
    }

    /* loaded from: classes5.dex */
    public static class ProtoTLS10 extends CitrixSSLContext {
        public ProtoTLS10() {
            super(1);
        }
    }

    /* loaded from: classes5.dex */
    public static class ProtoTLS11 extends CitrixSSLContext {
        public ProtoTLS11() {
            super(2);
        }
    }

    /* loaded from: classes5.dex */
    public static class ProtoTLS12 extends CitrixSSLContext {
        public ProtoTLS12() {
            super(4);
        }
    }

    /* loaded from: classes5.dex */
    public static class ProtoTLS13 extends CitrixSSLContext {
        public ProtoTLS13() {
            super(8);
        }
    }

    protected CitrixSSLContext(int i) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("created CitrixSSLContext with proto=%d", Integer.valueOf(i));
        }
        try {
            setProtocolVersion(i);
            engineInit(null, null, null);
        } catch (Exception e) {
            Debug.loge("Couldn't initialize SSL context: " + e.getMessage());
        }
    }

    private static KeyStore a(String str, String str2, String str3) {
        char[] charArray;
        try {
            File file = new File(str);
            if (file.exists()) {
                KeyStore keyStore = KeyStore.getInstance(str2);
                FileInputStream fileInputStream = new FileInputStream(file);
                if (str3 != null) {
                    try {
                        charArray = str3.toCharArray();
                    } finally {
                    }
                } else {
                    charArray = null;
                }
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
                if (CCK.isDebugEnabled()) {
                    Debug.logd("TrustStore: %d certificated loaded from [%s]", Integer.valueOf(keyStore.size()), str);
                }
                return keyStore;
            }
        } catch (Throwable th) {
            Debug.loge("TrustStore: [%s] Cannot load keystore -- %s", str, th.getMessage());
        }
        return null;
    }

    private void a() {
    }

    private void a(SecureRandom secureRandom) {
        if (secureRandom == null) {
            secureRandom = CitrixProvider.getSecureRandom();
        } else if (CCK.isFIPSMode() && !CitrixProvider.sameAs(secureRandom.getProvider())) {
            throw new CitrixSSLException("SecureRandom must be from provider CitrixJCE");
        }
        this.e = secureRandom;
        secureRandom.nextInt();
    }

    private void a(ArrayList<X509KeyManager> arrayList, KeyManager[] keyManagerArr) {
        if (keyManagerArr != null) {
            for (KeyManager keyManager : keyManagerArr) {
                if (keyManager instanceof X509ExtendedKeyManager) {
                    arrayList.add((X509KeyManager) keyManager);
                }
            }
            for (KeyManager keyManager2 : keyManagerArr) {
                if (keyManager2 instanceof X509KeyManager) {
                    arrayList.add(new X509KeyManagerExtender((X509KeyManager) keyManager2));
                }
            }
        }
    }

    private void a(ArrayList<X509TrustManager> arrayList, TrustManager[] trustManagerArr) {
        if (trustManagerArr != null) {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof javax.net.ssl.X509ExtendedTrustManager) {
                    arrayList.add((X509TrustManager) trustManager);
                }
            }
            for (TrustManager trustManager2 : trustManagerArr) {
                if (trustManager2 instanceof X509TrustManager) {
                    arrayList.add(new X509TrustManagerExtender((X509TrustManager) trustManager2));
                }
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:67:0x0059, code lost:
    
        if (r4 == null) goto L29;
     */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0076 A[Catch: Exception -> 0x007a, TryCatch #3 {Exception -> 0x007a, blocks: (B:46:0x0003, B:48:0x000b, B:51:0x001e, B:57:0x0036, B:58:0x005c, B:60:0x0066, B:61:0x006c, B:72:0x0076, B:73:0x0079, B:81:0x001a), top: B:45:0x0003 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(javax.net.ssl.KeyManager[] r8, javax.net.ssl.TrustManager[] r9) {
        /*
            Method dump skipped, instructions count: 311
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.cck.jsse.ssl.CitrixSSLContext.a(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[]):void");
    }

    public static void featureConfig(CCKFeature cCKFeature, int i) {
        int i2 = AnonymousClass1.f2644a[cCKFeature.ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new IllegalArgumentException();
        }
        nativeFeatureCtrl(cCKFeature.ordinal(), i);
    }

    public static synchronized CitrixSSLContext getDefault() {
        CitrixSSLContext citrixSSLContext;
        synchronized (CitrixSSLContext.class) {
            if (o == null) {
                o = new CitrixSSLContext(15);
            }
            citrixSSLContext = o;
        }
        return citrixSSLContext;
    }

    public static KeyStore getSystemCAStore() {
        if (r == null) {
            try {
                Debug.logd("TrustStore: Trying to load Android ICS+ keystore...");
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                r = keyStore;
                keyStore.load(null, null);
                Debug.logw("TrustStore: Loaded Android ICS+ keystore. Implementation provided by " + r.getProvider().getName());
            } catch (Throwable unused) {
                Debug.logd("TrustStore: Trying to load keystore from pre-defined locations...");
                int i = 0;
                while (r == null) {
                    String[] strArr = p;
                    if (i >= strArr.length) {
                        break;
                    }
                    String replace = System.getProperty("javax.net.ssl.trustStore", strArr[i]).replace(InternalZipConstants.ZIP_FILE_SEPARATOR, File.separator);
                    Debug.logd("TrustStore: Trying [%s]...", replace);
                    r = a(replace, q[i], System.getProperty("javax.net.ssl.trustStorePassword", null));
                    i++;
                }
            }
            if (r == null) {
                Debug.loge("TrustStore: could not load trusted CAs");
            }
        }
        try {
            Object[] objArr = new Object[1];
            KeyStore keyStore2 = r;
            objArr[0] = Integer.valueOf(keyStore2 != null ? keyStore2.size() : 0);
            Debug.logd("TrustStore: %d cert loaded.", objArr);
        } catch (KeyStoreException unused2) {
            Debug.logd("TrustStore: 0 cert loaded.");
        }
        return r;
    }

    public static Object[] getSystemCAs() {
        KeyStore systemCAStore = getSystemCAStore();
        if (systemCAStore == null) {
            return null;
        }
        try {
            if (CCK.isDebugEnabled()) {
                Debug.logd("TrustStore: Encoding %d certs from system keystore.", Integer.valueOf(systemCAStore.size()));
            }
            Enumeration<String> aliases = systemCAStore.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    arrayList.add(systemCAStore.getCertificate(nextElement).getEncoded());
                } catch (CertificateEncodingException e) {
                    Debug.loge("TrustStore: *** could not add cert with alias: [%s] due to \"%s\"", nextElement, e.getMessage());
                }
            }
            if (CCK.isDebugEnabled()) {
                Debug.logd("TrustStore: %s certificates encoded.", Integer.valueOf(arrayList.size()));
            }
            return arrayList.toArray();
        } catch (Throwable th) {
            Debug.loge("Problem getting CAs: " + th);
            th.printStackTrace(System.err);
            return null;
        }
    }

    private static native void nativeFeatureCtrl(int i, int i2);

    private static native byte[][] nativeGetPeerCerts(long j);

    private static native byte[] nativeGetSessionID(long j);

    private static native int nativeSetIdentity(long j, byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized CitrixSSLSession a(CCKConfig cCKConfig, CitrixSSLSocket citrixSSLSocket) {
        CitrixSSLSession citrixSSLSession;
        long d = citrixSSLSocket.d();
        byte[] nativeGetSessionID = nativeGetSessionID(d);
        String str = new String(nativeGetSessionID);
        citrixSSLSession = this.n.get(str);
        byte[][] nativeGetPeerCerts = nativeGetPeerCerts(d);
        if (citrixSSLSession == null) {
            CitrixSSLSession citrixSSLSession2 = new CitrixSSLSession(this, nativeGetSessionID, nativeGetPeerCerts, cCKConfig, citrixSSLSocket);
            this.n.put(str, citrixSSLSession2);
            if (CCK.isDebugEnabled()) {
                Debug.logd("Session added, java-side cache has " + this.n.size());
            }
            citrixSSLSession = citrixSSLSession2;
        } else {
            citrixSSLSession.a(nativeGetPeerCerts, cCKConfig, citrixSSLSocket);
            if (CCK.isDebugEnabled()) {
                Debug.logd("Session reused, java-side cache has " + this.n.size());
            }
        }
        return citrixSSLSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void a(byte[] bArr) {
        this.n.remove(new String(bArr));
        if (CCK.isDebugEnabled()) {
            Debug.logd("Session removed, java-side cache has " + this.n.size());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(CitrixSSLSocket citrixSSLSocket, long j) {
        Principal[] nativeGetPeerCAHints = citrixSSLSocket.nativeGetPeerCAHints(j);
        Iterator<X509KeyManager> it = this.c.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            String chooseClientAlias = next.chooseClientAlias(new String[]{"RSA"}, nativeGetPeerCAHints != null ? nativeGetPeerCAHints : new Principal[0], citrixSSLSocket);
            if (chooseClientAlias != null) {
                try {
                    X509Certificate[] certificateChain = next.getCertificateChain(chooseClientAlias);
                    citrixSSLSocket.a(nativeSetIdentity(j, certificateChain[0].getEncoded(), next.getPrivateKey(chooseClientAlias).getEncoded()));
                    citrixSSLSocket.a(certificateChain);
                    if (!CCK.isDebugEnabled()) {
                        return true;
                    }
                    Debug.logd("setClientCertFromKMs: chosen alias (" + chooseClientAlias + ") DN: " + certificateChain[0].getSubjectDN().getName());
                    return true;
                } catch (CertificateEncodingException e) {
                    Debug.loge("Encoding exception on identity with alias " + chooseClientAlias + ": " + e);
                    throw new CitrixSSLException(e);
                }
            }
        }
        return false;
    }

    public void addKeyManager(KeyManager keyManager) {
        synchronized (this.c) {
            if (keyManager instanceof X509KeyManager) {
                this.c.add((X509KeyManager) keyManager);
            } else {
                Debug.loge("Trying to add a null or otherwise invalid key manager!");
            }
        }
    }

    public void addTrustManager(X509TrustManager x509TrustManager) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("CitrixSSLSocketFactory.addTrustManager() called");
        }
        this.b.add(x509TrustManager);
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            return;
        }
        for (X509Certificate x509Certificate : acceptedIssuers) {
            try {
                byte[] encoded = x509Certificate.getEncoded();
                if (encoded == null) {
                    Debug.loge("addTrustManager: You are passing a null cert!");
                } else {
                    this.f2643a.add(encoded);
                }
            } catch (Exception unused) {
                Debug.loge("addTrustManager: Cert passed cannot be encoded!");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CCKConfig b() {
        CCKConfig cCKConfig = new CCKConfig(this.f);
        cCKConfig.a(this.k);
        cCKConfig.a(this.i);
        cCKConfig.a(this.j);
        ClientCertificateSelector clientCertificateSelector = this.m;
        if (clientCertificateSelector != null) {
            cCKConfig.a(clientCertificateSelector);
        }
        if (this.f2643a.size() > 0) {
            Debug.logd("Applying %d accepted CA certificates to policy...", Integer.valueOf(this.f2643a.size()));
            Iterator<byte[]> it = this.f2643a.iterator();
            while (it.hasNext()) {
                cCKConfig.nativePolicyAddCA(it.next());
            }
        }
        cCKConfig.setAllowLegacyHelloMessages(this.h);
        return cCKConfig;
    }

    public void clearKeyManagers() {
        synchronized (this.c) {
            this.c.clear();
        }
    }

    public synchronized void clearTrustManagers() {
        this.b.clear();
        this.f2643a.clear();
    }

    public void enableSessionReuse(boolean z) {
        this.g = z;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        if (!CCK.isDebugEnabled()) {
            return null;
        }
        Debug.logd("engineCreateSSLEngine");
        return null;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        if (!CCK.isDebugEnabled()) {
            return null;
        }
        Debug.logd("engineCreateSSLEngine (host:%s port:%d)", str, Integer.valueOf(i));
        return null;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSessionContext engineGetClientSessionContext() {
        if (!CCK.isDebugEnabled()) {
            return null;
        }
        Debug.logd("engineGetClientSessionContext");
        return null;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetDefaultSSLParameters() {
        if (CCK.isDebugEnabled()) {
            Debug.logd("engineGetDefaultSSLParameters");
        }
        return CitrixSSLParameters.getDefault();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSessionContext engineGetServerSessionContext() {
        if (!CCK.isDebugEnabled()) {
            return null;
        }
        Debug.logd("engineGetServerSessionContext: server role not supported!");
        return null;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (!CCK.isDebugEnabled()) {
            return null;
        }
        Debug.logd("engineGetServerSocketFactory: server role not supported!");
        return null;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLSocketFactory engineGetSocketFactory() {
        if (CCK.isDebugEnabled()) {
            Debug.logd("engineGetSocketFactory");
        }
        if (!this.d) {
            throw new IllegalStateException("SSLContextImpl is not initialized");
        }
        return new CitrixSSLSocketFactory(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetSupportedSSLParameters() {
        if (CCK.isDebugEnabled()) {
            Debug.logd("engineGetSupportedSSLParameters");
        }
        return new SSLParameters();
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
        this.d = false;
        if (CCK.isDebugEnabled()) {
            Debug.logd("engineInit");
            Object[] objArr = new Object[1];
            objArr[0] = keyManagerArr != null ? Integer.valueOf(keyManagerArr.length) : "null";
            Debug.logd("  keyManagers  : %s", objArr);
            Object[] objArr2 = new Object[1];
            objArr2[0] = trustManagerArr != null ? Integer.valueOf(trustManagerArr.length) : "null";
            Debug.logd("  trustManagers: %s", objArr2);
            Object[] objArr3 = new Object[1];
            objArr3[0] = secureRandom != null ? secureRandom.getClass().getSimpleName() : "null";
            Debug.logd("  secureRandom : %s", objArr3);
        }
        if (!CitrixSSLSocketFactory.a()) {
            Debug.loge("CCK is NOT initialized! Call CCK.init(?) before accessing SSL contexts");
            throw new KeyManagementException("SSLSDK not initialized!");
        }
        try {
            a(keyManagerArr, trustManagerArr);
            a(secureRandom);
            a();
            this.d = true;
        } catch (CitrixSSLException e) {
            Debug.loge("engineInit: error initializing: " + e.getMessage());
        }
    }

    public ClientCertificateSelector getClientCertificateSelector() {
        return this.m;
    }

    public X509KeyManager[] getKeyManagers() {
        X509KeyManager[] x509KeyManagerArr;
        synchronized (this.c) {
            x509KeyManagerArr = (X509KeyManager[]) this.c.toArray(new X509KeyManager[0]);
        }
        return x509KeyManagerArr;
    }

    public boolean isSessionReuseEnabled() {
        return this.g;
    }

    public boolean removeKeyManager(X509KeyManager x509KeyManager) {
        boolean z;
        synchronized (this.c) {
            if (x509KeyManager != null) {
                try {
                    z = this.c.remove(x509KeyManager);
                } finally {
                }
            }
        }
        return z;
    }

    public void setAllowLegacyHelloMessages(boolean z) {
        this.h = z;
    }

    public void setChainBuildingPolicy(CCKConfig.ChainBuildingPolicy chainBuildingPolicy) {
        this.j = chainBuildingPolicy;
    }

    public void setCipherSuites(CCKConfig.CipherSuites cipherSuites) {
        this.k = cipherSuites;
    }

    public void setClientCertificateSelector(ClientCertificateSelector clientCertificateSelector) {
        this.m = clientCertificateSelector;
    }

    public void setProtocolVersion(int i) {
        int i2 = i & 15;
        if (i2 == 0) {
            Debug.loge("Invalid protocols [%s] passed to setProtocolVersion!", Integer.valueOf(i2));
            throw new CitrixSSLException("Invalid protocol " + i2 + ". Valid protos are SSL_PROTOCOL_VERSION_TLS10, SSL_PROTOCOL_VERSION_TLS11, SSL_PROTOCOL_VERSION_TLS12. They can be ORed.");
        }
        this.f = i2;
        if (CCK.isDebugEnabled()) {
            Debug.logd("this SocketFactory is using proto mask " + this.f);
        }
    }

    public void setRevocationPolicy(CCKConfig.RevocationPolicy revocationPolicy) {
        if (CCK.getCurrentCompliance() != CCKConfig.ComplianceMode.SSLSDK_SP_800_52 || revocationPolicy == CCKConfig.RevocationPolicy.MUST_CHECK || revocationPolicy == CCKConfig.RevocationPolicy.MUST_CHECK_ALL) {
            this.i = revocationPolicy;
        } else {
            Debug.loge("Revocation policy can only be changed to MUST_CHECK or MUST_CHECK_ALL in SP800-52 mode. Ignoring " + revocationPolicy + "...");
        }
    }

    public void setTrustAll(boolean z) {
        this.l = z;
    }
}
