package com.citrix.cck.jsse.ssl;

import com.citrix.cck.CCK;
import com.citrix.cck.Debug;
import com.citrix.cck.jsse.ssl.CCKConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import net.lingala.zip4j.util.InternalZipConstants;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes5.dex */
public class CitrixSSLSocketFactory extends SSLSocketFactory {
    private static volatile int f = -2;
    private static CCKConfig.ComplianceMode g;
    private static CitrixSSLSocketFactory h;
    private static final String[] i = {System.getProperty("java.home") + "/lib/security/cacerts", System.getProperty("java.home") + "/lib/security/jssecacerts", "/data/system/security/cacerts.bks"};
    private static final String[] j = {"JKS", System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()), "BKS"};
    private static KeyStore k = null;

    /* renamed from: a, reason: collision with root package name */
    private final CitrixSSLContext f2650a;
    private final ArrayList<X509KeyManager> b;
    private ArrayList<byte[]> c;
    private ArrayList<X509TrustManager> d;

    @Deprecated
    private X509HostnameVerifier e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CitrixSSLSocketFactory() {
        this.b = new ArrayList<>();
        this.c = new ArrayList<>();
        this.d = new ArrayList<>();
        this.e = null;
        this.f2650a = CitrixSSLContext.getDefault();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CitrixSSLSocketFactory(CitrixSSLContext citrixSSLContext) {
        this.b = new ArrayList<>();
        this.c = new ArrayList<>();
        this.d = new ArrayList<>();
        this.e = null;
        this.f2650a = citrixSSLContext;
    }

    private static KeyStore a(String str, String str2, String str3) {
        FileInputStream fileInputStream;
        char[] charArray;
        try {
            File file = new File(str);
            if (file.exists()) {
                KeyStore keyStore = KeyStore.getInstance(str2);
                fileInputStream = new FileInputStream(file);
                if (str3 != null) {
                    try {
                        charArray = str3.toCharArray();
                    } catch (Throwable th) {
                        th = th;
                        try {
                            Debug.loge("TrustStore: [%s] Cannot load keystore -- %s", str, th.getMessage());
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Exception unused) {
                                }
                            }
                            return null;
                        } catch (Throwable th2) {
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Exception unused2) {
                                }
                            }
                            throw th2;
                        }
                    }
                } else {
                    charArray = null;
                }
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
                if (CCK.isDebugEnabled()) {
                    Debug.logd("TrustStore: %d certificated loaded from [%s]", Integer.valueOf(keyStore.size()), str);
                }
                try {
                    fileInputStream.close();
                } catch (Exception unused3) {
                }
                return keyStore;
            }
        } catch (Throwable th3) {
            th = th3;
            fileInputStream = null;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a() {
        return f == 0;
    }

    public static CCKConfig.ComplianceMode getCurrentCompliance() {
        return g;
    }

    public static SocketFactory getDefault() {
        return getSocketFactory();
    }

    @Deprecated
    public static int getFIPSMode() {
        return CCK.isFIPSMode() ? 1 : 0;
    }

    public static synchronized CitrixSSLSocketFactory getSocketFactory() {
        CitrixSSLSocketFactory citrixSSLSocketFactory;
        synchronized (CitrixSSLSocketFactory.class) {
            if (!a()) {
                Debug.loge("CCK is NOT initialized! Call CCK.init(?) before accessing SSL contexts");
                throw new RuntimeException("Citrix Crypto Kit not initialized!");
            }
            if (h == null) {
                h = new CitrixSSLSocketFactory();
            }
            citrixSSLSocketFactory = h;
        }
        return citrixSSLSocketFactory;
    }

    public static KeyStore getSystemCAStore() {
        if (k == null) {
            try {
                Debug.logd("TrustStore: Trying to load Android ICS+ keystore...");
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                k = keyStore;
                keyStore.load(null, null);
                Debug.logw("TrustStore: Loaded Android ICS+ keystore. Implementation provided by " + k.getProvider().getName());
            } catch (Throwable unused) {
                Debug.logd("TrustStore: Trying to load keystore from pre-defined locations...");
                int i2 = 0;
                while (k == null) {
                    String[] strArr = i;
                    if (i2 >= strArr.length) {
                        break;
                    }
                    String replace = System.getProperty("javax.net.ssl.trustStore", strArr[i2]).replace(InternalZipConstants.ZIP_FILE_SEPARATOR, File.separator);
                    Debug.logd("TrustStore: Trying [%s]...", replace);
                    try {
                        k = a(replace, j[i2], System.getProperty("javax.net.ssl.trustStorePassword", null));
                    } catch (IOException e) {
                        Debug.loge("Failed to load keystore @ %s due to: %s", replace, e.getMessage());
                    }
                    i2++;
                }
            }
            if (k == null) {
                Debug.loge("TrustStore: could not load trusted CAs");
            }
        }
        try {
            Object[] objArr = new Object[1];
            KeyStore keyStore2 = k;
            objArr[0] = Integer.valueOf(keyStore2 != null ? keyStore2.size() : 0);
            Debug.logd("TrustStore: %d cert loaded.", objArr);
        } catch (KeyStoreException unused2) {
            Debug.logd("TrustStore: 0 cert loaded.");
        }
        return k;
    }

    public static byte[][] getSystemCAs() {
        KeyStore systemCAStore = getSystemCAStore();
        if (systemCAStore == null) {
            return null;
        }
        try {
            if (CCK.isDebugEnabled()) {
                Debug.logd("TrustStore: Encoding %d certs from system keystore.", Integer.valueOf(systemCAStore.size()));
            }
            Enumeration<String> aliases = systemCAStore.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    arrayList.add(systemCAStore.getCertificate(nextElement).getEncoded());
                } catch (CertificateEncodingException e) {
                    Debug.loge("TrustStore: *** could not add cert with alias: [%s] due to \"%s\"", nextElement, e.getMessage());
                }
            }
            if (CCK.isDebugEnabled()) {
                Debug.logd("TrustStore: %s certificates encoded.", Integer.valueOf(arrayList.size()));
            }
            return (byte[][]) arrayList.toArray(new byte[0]);
        } catch (Throwable th) {
            Debug.loge("Problem getting CAs: " + th);
            th.printStackTrace(System.err);
            return null;
        }
    }

    private static native int nativeGetFIPSMode();

    private static native int nativeInitNative(Object[] objArr, int i2);

    private static native int nativeInitPKCS11(long j2, SmartcardPINCallback smartcardPINCallback);

    private static native int nativeTerminate();

    public static boolean setFIPSMode(int i2) {
        CCK.setFIPSMode(i2 != 0);
        return nativeGetFIPSMode() != i2;
    }

    public static synchronized void setupPKCS11(long j2, SmartcardPINCallback smartcardPINCallback) {
        synchronized (CitrixSSLSocketFactory.class) {
            if (CCK.isDebugEnabled()) {
                Debug.logd("calling CitrixSSLSocketFactory.setupPKCS11 with " + j2);
            }
            if (!a()) {
                Debug.loge("Citrix Crypto Kit is NOT initialized! Call CCK.init() before setting up PKCS11!");
                throw new RuntimeException("Citrix Crypto Kit is NOT initialized!");
            }
            if (j2 == 0) {
                Debug.loge("PKCS11 function table pointer cannot be NULL!");
                throw new RuntimeException("PKCS11 function table pointer cannot be NULL!");
            }
            if (smartcardPINCallback == null) {
                Debug.loge("PKCS11 PIN Callback cannot be NULL!");
                throw new RuntimeException("PKCS11 PIN Callback cannot be NULL!");
            }
            nativeInitPKCS11(j2, smartcardPINCallback);
        }
    }

    @Deprecated
    public static synchronized void setupSSLSDK() {
        synchronized (CitrixSSLSocketFactory.class) {
            setupSSLSDK(null, CCK.DEFAULT_COMPLIANCE_MODE);
        }
    }

    @Deprecated
    public static synchronized void setupSSLSDK(byte[][] bArr) {
        synchronized (CitrixSSLSocketFactory.class) {
            setupSSLSDK(bArr, CCK.DEFAULT_COMPLIANCE_MODE);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x00c1 A[Catch: all -> 0x0118, TryCatch #0 {, blocks: (B:4:0x0003, B:6:0x000a, B:8:0x0018, B:9:0x0019, B:10:0x0022, B:13:0x0028, B:15:0x002e, B:16:0x0033, B:18:0x0039, B:20:0x003f, B:21:0x0059, B:24:0x0097, B:26:0x009b, B:29:0x00a2, B:30:0x00bc, B:32:0x00bd, B:34:0x00c1, B:35:0x00c6, B:38:0x00dc, B:44:0x00ea, B:45:0x010a, B:46:0x005d, B:47:0x0069, B:48:0x006a, B:50:0x0070, B:51:0x010b, B:52:0x0117, B:23:0x008b), top: B:3:0x0003, inners: #1 }] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00d7  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x00da  */
    @java.lang.Deprecated
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static synchronized void setupSSLSDK(byte[][] r6, com.citrix.cck.jsse.ssl.CCKConfig.ComplianceMode r7) {
        /*
            Method dump skipped, instructions count: 283
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.cck.jsse.ssl.CitrixSSLSocketFactory.setupSSLSDK(byte[][], com.citrix.cck.jsse.ssl.CCKConfig$ComplianceMode):void");
    }

    @Deprecated
    public static synchronized void terminateSSLSDK() {
        synchronized (CitrixSSLSocketFactory.class) {
            if (CCK.isDebugEnabled()) {
                Debug.logd("calling terminateSSLSDK when init_status = " + f);
            }
            if (!a()) {
                Debug.loge("CCK was not initialized or already terminated");
            }
            nativeTerminate();
            f = -2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLSocket a(Socket socket, CCKConfig cCKConfig) {
        if (f != 0) {
            Debug.loge("Citrix Crypto Kit is NOT initialized! Call CCK.init() before creating sockets!");
            throw new CitrixSSLException("Citrix Crypto Kit is not initialized!");
        }
        CitrixSSLSocket citrixSSLSocket = new CitrixSSLSocket(socket, cCKConfig, this.f2650a.l, this);
        if (CCK.isDebugEnabled()) {
            if (citrix.java.net.Socket.isConnected(socket)) {
                InetAddress inetAddress = citrix.javax.net.ssl.SSLSocket.getInetAddress(citrixSSLSocket);
                if (inetAddress != null) {
                    Debug.logd("createSslSocket [host addr = %s]", inetAddress.getHostAddress());
                    Debug.logd("createSslSocket [host name = %s]", inetAddress.getHostName());
                } else {
                    Debug.logw("createSslSocket [no host/address??]");
                }
            } else {
                Debug.logd("lower socket NOT connected yet");
            }
        }
        return citrixSSLSocket;
    }

    public void addKeyManager(KeyManager keyManager) {
        synchronized (this.b) {
            X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
            if (x509KeyManager == null) {
                Debug.loge("Trying to add a null key manager!");
            } else {
                this.b.add(x509KeyManager);
            }
        }
    }

    public void addTrustManager(X509TrustManager x509TrustManager) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("CitrixSSLSocketFactory.addTrustManager() called");
        }
        this.d.add(x509TrustManager);
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            return;
        }
        for (X509Certificate x509Certificate : acceptedIssuers) {
            try {
                byte[] encoded = x509Certificate.getEncoded();
                if (encoded == null) {
                    Debug.loge("addTrustManager: You are passing a null cert!");
                } else {
                    this.c.add(encoded);
                }
            } catch (Exception unused) {
                Debug.loge("addTrustManager: Cert passed cannot be encoded!");
            }
        }
    }

    public void clearKeyManagers() {
        this.b.clear();
    }

    public void clearTrustManagers() {
        this.d.clear();
        this.c.clear();
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() {
        if (CCK.isDebugEnabled()) {
            Debug.logd("createSocket 0 [not connected]");
        }
        return a(citrix.java.net.Socket.createObject(), this.f2650a.b());
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i2) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("createSocket 1 to host [" + str + ":" + i2 + "]");
        }
        Socket createObject = citrix.java.net.Socket.createObject(str, i2);
        CCKConfig b = this.f2650a.b();
        if (str == null) {
            str = citrix.java.net.Socket.getInetAddress(createObject).getHostName();
        }
        b.setPeerCommonName(str);
        return a(createObject, b);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i2, InetAddress inetAddress, int i3) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("createSocket 2 to host [" + str + "]");
        }
        Socket createObject = citrix.java.net.Socket.createObject(str, i2, inetAddress, i3);
        CCKConfig b = this.f2650a.b();
        if (str == null) {
            str = citrix.java.net.Socket.getInetAddress(createObject).getHostName();
        }
        b.setPeerCommonName(str);
        return a(createObject, b);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i2) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("createSocket 3 to InetAddress " + inetAddress + " and port " + i2);
        }
        return a(citrix.java.net.Socket.createObject(inetAddress, i2), this.f2650a.b());
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i2, InetAddress inetAddress2, int i3) {
        if (CCK.isDebugEnabled()) {
            Debug.logd("createSocket 4 to InetAddress " + inetAddress + " and port " + i2);
        }
        return a(citrix.java.net.Socket.createObject(inetAddress, i2, inetAddress2, i3), this.f2650a.b());
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x004a  */
    /* JADX WARN: Removed duplicated region for block: B:14:0x004d  */
    @Override // javax.net.ssl.SSLSocketFactory
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.net.Socket createSocket(java.net.Socket r6, java.lang.String r7, int r8, boolean r9) {
        /*
            r5 = this;
            boolean r0 = com.citrix.cck.CCK.isDebugEnabled()
            if (r0 == 0) goto L56
            r0 = 2
            r1 = 1
            r2 = 0
            if (r6 == 0) goto L32
            boolean r3 = citrix.java.net.Socket.isConnected(r6)
            if (r3 == 0) goto L32
            java.net.InetAddress r3 = citrix.java.net.Socket.getInetAddress(r6)
            if (r3 == 0) goto L2f
            java.lang.Object[] r4 = new java.lang.Object[r0]
            java.lang.String r3 = r3.getHostName()
            r4[r2] = r3
            int r3 = citrix.java.net.Socket.getPort(r6)
            java.lang.Integer r3 = java.lang.Integer.valueOf(r3)
            r4[r1] = r3
            java.lang.String r3 = "createSocket 5 (lower already connected) to host [%s:%d]"
            com.citrix.cck.Debug.logd(r3, r4)
            goto L37
        L2f:
            java.lang.String r3 = "createSocket 5 (lower already connected but no info about where)"
            goto L34
        L32:
            java.lang.String r3 = "createSocket 5 (lower disconnected)"
        L34:
            com.citrix.cck.Debug.logd(r3)
        L37:
            java.lang.Object[] r0 = new java.lang.Object[r0]
            r0[r2] = r7
            java.lang.Integer r3 = java.lang.Integer.valueOf(r8)
            r0[r1] = r3
            java.lang.String r3 = "createSocket 5 (reaching %s:%d)"
            com.citrix.cck.Debug.logd(r3, r0)
            java.lang.Object[] r0 = new java.lang.Object[r1]
            if (r9 == 0) goto L4d
            java.lang.String r9 = "true"
            goto L4f
        L4d:
            java.lang.String r9 = "false"
        L4f:
            r0[r2] = r9
            java.lang.String r9 = "createSocket 5 (auto-close:%s)"
            com.citrix.cck.Debug.logd(r9, r0)
        L56:
            if (r6 != 0) goto L5f
            java.net.Socket r6 = new java.net.Socket
            java.net.Socket r6 = citrix.java.net.Socket.createObject(r7, r8)
            goto L6d
        L5f:
            boolean r9 = citrix.java.net.Socket.isConnected(r6)
            if (r9 != 0) goto L6d
            java.net.InetSocketAddress r9 = new java.net.InetSocketAddress
            r9.<init>(r7, r8)
            citrix.java.net.Socket.connect(r6, r9)
        L6d:
            com.citrix.cck.jsse.ssl.CitrixSSLContext r8 = r5.f2650a
            com.citrix.cck.jsse.ssl.CCKConfig r8 = r8.b()
            if (r7 == 0) goto L76
            goto L7e
        L76:
            java.net.InetAddress r7 = citrix.java.net.Socket.getInetAddress(r6)
            java.lang.String r7 = r7.getHostName()
        L7e:
            r8.setPeerCommonName(r7)
            javax.net.ssl.SSLSocket r6 = r5.a(r6, r8)
            return r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.citrix.cck.jsse.ssl.CitrixSSLSocketFactory.createSocket(java.net.Socket, java.lang.String, int, boolean):java.net.Socket");
    }

    @Deprecated
    public void enableSessionReuse(boolean z) {
        this.f2650a.enableSessionReuse(z);
    }

    @Deprecated
    public ClientCertificateSelector getClientCertificateSelector() {
        return this.f2650a.getClientCertificateSelector();
    }

    public CitrixSSLContext getContext() {
        return this.f2650a;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return CCKConfig.CTX_SUPPORTED_CIPHERSUITES;
    }

    @Deprecated
    public X509HostnameVerifier getHostnameVerifier() {
        return this.e;
    }

    public X509KeyManager[] getKeyManagers() {
        X509KeyManager[] x509KeyManagerArr;
        synchronized (this.b) {
            ArrayList<X509KeyManager> arrayList = this.b;
            x509KeyManagerArr = (X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]);
        }
        return x509KeyManagerArr;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return CCKConfig.CTX_SUPPORTED_CIPHERSUITES;
    }

    @Deprecated
    public boolean isSessionReuseEnabled() {
        return this.f2650a.isSessionReuseEnabled();
    }

    public boolean removeKeyManager(X509KeyManager x509KeyManager) {
        boolean z;
        synchronized (this.b) {
            if (x509KeyManager != null) {
                try {
                    z = this.b.remove(x509KeyManager);
                } finally {
                }
            }
        }
        return z;
    }

    @Deprecated
    public void setAllowLegacyHelloMessages(boolean z) {
        this.f2650a.setAllowLegacyHelloMessages(z);
    }

    @Deprecated
    public void setChainBuildingPolicy(CCKConfig.ChainBuildingPolicy chainBuildingPolicy) {
        this.f2650a.setChainBuildingPolicy(chainBuildingPolicy);
    }

    @Deprecated
    public void setCipherSuites(CCKConfig.CipherSuites cipherSuites) {
        this.f2650a.setCipherSuites(cipherSuites);
    }

    @Deprecated
    public void setClientCertificateSelector(ClientCertificateSelector clientCertificateSelector) {
        this.f2650a.setClientCertificateSelector(clientCertificateSelector);
    }

    @Deprecated
    public void setHostnameVerifier(X509HostnameVerifier x509HostnameVerifier) {
        this.e = x509HostnameVerifier;
    }

    @Deprecated
    public void setProtocolVersion(int i2) {
        this.f2650a.setProtocolVersion(i2);
    }

    @Deprecated
    public void setRevocationPolicy(CCKConfig.RevocationPolicy revocationPolicy) {
        this.f2650a.setRevocationPolicy(revocationPolicy);
    }

    @Deprecated
    public void setTrustAll(boolean z) {
        this.f2650a.setTrustAll(z);
    }
}
