package com.github.megatronking.netbare.ssl;

import android.os.Build;
import android.support.annotation.NonNull;
import com.github.megatronking.netbare.NetBareLog;
import com.github.megatronking.netbare.NetBareUtils;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public final class SSLEngineFactory {
    private static final int ALIVE_MINUTES = 10;
    private static final int CONCURRENCY_LEVEL = 16;
    private static final String SSL_CONTEXT_FALLBACK_PROTOCOL = "TLSv1";
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static volatile SSLEngineFactory sEngineFactory;
    private static SSLKeyManagerProvider sKeyManagerProvider;
    private static SSLTrustManagerProvider sTrustManagerProvider;
    private Certificate mCaCert;
    private PrivateKey mCaPrivKey;
    private final CertificateGenerator mGenerator = new CertificateGenerator();
    private final JKS mJKS;
    private static final Cache<String, SSLContext> SERVER_SSL_CONTEXTS = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).concurrencyLevel(16).build();
    private static final Cache<String, SSLContext> CLIENT_SSL_CONTEXTS = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).concurrencyLevel(16).build();

    public SSLEngineFactory(@NonNull JKS jks) throws GeneralSecurityException, IOException {
        this.mJKS = jks;
        initializeSSLContext();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLContext createClientContext(String str) throws GeneralSecurityException {
        SSLKeyManagerProvider sSLKeyManagerProvider = sKeyManagerProvider;
        KeyManager[] provide = sSLKeyManagerProvider != null ? sSLKeyManagerProvider.provide(str, true) : null;
        SSLTrustManagerProvider sSLTrustManagerProvider = sTrustManagerProvider;
        TrustManager[] provide2 = sSLTrustManagerProvider != null ? sSLTrustManagerProvider.provide(str, true) : null;
        if (provide2 == null) {
            provide2 = getClientTrustManager();
        }
        return createContext(provide, provide2);
    }

    private SSLContext createContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext createSSLContext = createSSLContext();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis() + 1);
        createSSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
        return createSSLContext;
    }

    private SSLContext createSSLContext() throws NoSuchAlgorithmException {
        try {
            return SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
        } catch (NoSuchAlgorithmException unused) {
            return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLContext createServerContext(String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        SSLKeyManagerProvider sSLKeyManagerProvider = sKeyManagerProvider;
        KeyManager[] provide = sSLKeyManagerProvider != null ? sSLKeyManagerProvider.provide(str, false) : null;
        if (provide == null) {
            provide = getServerKeyManagers(str);
        }
        SSLTrustManagerProvider sSLTrustManagerProvider = sTrustManagerProvider;
        return createContext(provide, sSLTrustManagerProvider != null ? sSLTrustManagerProvider.provide(str, false) : null);
    }

    public static SSLEngineFactory get(JKS jks) throws GeneralSecurityException, IOException {
        if (sEngineFactory == null) {
            synchronized (SSLEngineFactory.class) {
                if (sEngineFactory == null) {
                    sEngineFactory = new SSLEngineFactory(jks);
                }
            }
        }
        return sEngineFactory;
    }

    private TrustManager[] getClientTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return trustManagers;
            }
            throw new KeyManagementException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            NetBareLog.wtf(e);
            return null;
        }
    }

    private KeyManager[] getServerKeyManagers(String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, OperatorCreationException, InvalidKeyException, IOException, SignatureException, NoSuchProviderException, CertificateException {
        KeyStore generateServer = this.mGenerator.generateServer(str, this.mJKS, this.mCaCert, this.mCaPrivKey);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(generateServer, this.mJKS.password());
        return keyManagerFactory.getKeyManagers();
    }

    private void initializeSSLContext() throws GeneralSecurityException, IOException {
        KeyStore loadKeyStore = loadKeyStore();
        this.mCaCert = loadKeyStore.getCertificate(this.mJKS.alias());
        this.mCaPrivKey = (PrivateKey) loadKeyStore.getKey(this.mJKS.alias(), this.mJKS.password());
    }

    private KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(this.mGenerator.keyStoreType());
        FileInputStream fileInputStream = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(this.mJKS.aliasFile(JKS.KEY_STORE_FILE_EXTENSION));
            try {
                keyStore.load(fileInputStream2, this.mJKS.password());
                NetBareUtils.closeQuietly(fileInputStream2);
                return keyStore;
            } catch (Throwable th) {
                th = th;
                fileInputStream = fileInputStream2;
                NetBareUtils.closeQuietly(fileInputStream);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public static void updateProviders(SSLKeyManagerProvider sSLKeyManagerProvider, SSLTrustManagerProvider sSLTrustManagerProvider) {
        sKeyManagerProvider = sSLKeyManagerProvider;
        sTrustManagerProvider = sSLTrustManagerProvider;
        SERVER_SSL_CONTEXTS.invalidateAll();
        CLIENT_SSL_CONTEXTS.invalidateAll();
    }

    public SSLEngine createClientEngine(@NonNull final String str, int i) throws ExecutionException {
        SSLEngine createSSLEngine = CLIENT_SSL_CONTEXTS.get(str, new Callable<SSLContext>() { // from class: com.github.megatronking.netbare.ssl.SSLEngineFactory.2
            @Override // java.util.concurrent.Callable
            public SSLContext call() throws GeneralSecurityException, IOException, OperatorCreationException {
                return SSLEngineFactory.this.createClientContext(str);
            }
        }).createSSLEngine(str, i);
        LinkedList linkedList = new LinkedList();
        for (String str2 : createSSLEngine.getEnabledCipherSuites()) {
            if (!str2.equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") && !str2.equals("TLS_DHE_RSA_WITH_AES_256_CBC_SHA")) {
                linkedList.add(str2);
            }
        }
        createSSLEngine.setEnabledCipherSuites((String[]) linkedList.toArray(new String[0]));
        createSSLEngine.setUseClientMode(true);
        createSSLEngine.setNeedClientAuth(false);
        return createSSLEngine;
    }

    public SSLEngine createServerEngine(@NonNull final String str) throws ExecutionException {
        SSLContext sSLContext = SERVER_SSL_CONTEXTS.get(str, new Callable<SSLContext>() { // from class: com.github.megatronking.netbare.ssl.SSLEngineFactory.1
            @Override // java.util.concurrent.Callable
            public SSLContext call() throws GeneralSecurityException, IOException, OperatorCreationException {
                return SSLEngineFactory.this.createServerContext(str);
            }
        });
        if (Build.VERSION.SDK_INT != 27) {
            return sSLContext.createSSLEngine();
        }
        try {
            return sSLContext.createSSLEngine();
        } catch (Exception e) {
            throw new ExecutionException(e);
        }
    }
}
