package io.olvid.messenger.customClasses;

import android.os.Build;
import android.util.Base64;
import com.fasterxml.jackson.core.JsonProcessingException;
import io.olvid.engine.Logger;
import io.olvid.messenger.App;
import io.olvid.messenger.AppSingleton;
import io.olvid.messenger.databases.AppDatabase;
import io.olvid.messenger.databases.entity.KnownCertificate;
import io.olvid.messenger.notifications.AndroidNotificationManager;
import io.olvid.messenger.settings.SettingsActivity;
import j$.util.Objects;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes5.dex */
public class CustomSSLSocketFactory extends SSLSocketFactory implements HandshakeCompletedListener {
    public static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
    public static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n";
    private static final long NOTIFICATION_MIN_INTERVAL_MILLIS = 1800000;
    private static final HashMap<Long, Long> lastUntrustedCertificateNotification = new HashMap<>();
    private final SSLSocketFactory sslSocketFactory;
    private final HashMap<String, List<KnownCertificate>> knownCertificatesByDomainCache = new HashMap<>();
    private boolean cacheInitialized = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.olvid.messenger.customClasses.CustomSSLSocketFactory$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$olvid$messenger$settings$SettingsActivity$BlockUntrustedCertificate;

        static {
            int[] iArr = new int[SettingsActivity.BlockUntrustedCertificate.values().length];
            $SwitchMap$io$olvid$messenger$settings$SettingsActivity$BlockUntrustedCertificate = iArr;
            try {
                iArr[SettingsActivity.BlockUntrustedCertificate.ALWAYS.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$olvid$messenger$settings$SettingsActivity$BlockUntrustedCertificate[SettingsActivity.BlockUntrustedCertificate.NEVER.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$olvid$messenger$settings$SettingsActivity$BlockUntrustedCertificate[SettingsActivity.BlockUntrustedCertificate.ISSUER_CHANGED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public CustomSSLSocketFactory(SSLSocketFactory sSLSocketFactory) {
        this.sslSocketFactory = sSLSocketFactory;
    }

    private Socket configureSocket(Socket socket) {
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            if (Build.VERSION.SDK_INT >= 29) {
                sSLSocket.setEnabledProtocols(new String[]{"TLSv1.3", "TLSv1.2"});
                sSLSocket.setEnabledCipherSuites(new String[]{"TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"});
            } else {
                sSLSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
                sSLSocket.setEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"});
            }
            sSLSocket.addHandshakeCompletedListener(this);
        }
        return socket;
    }

    private void expireCertificatesInDb(String str, long j) {
        AppDatabase.getInstance().knownCertificateDao().deleteExpired(str, j);
        synchronized (this.knownCertificatesByDomainCache) {
            List<KnownCertificate> list = this.knownCertificatesByDomainCache.get(str);
            if (list != null) {
                ArrayList arrayList = new ArrayList();
                for (KnownCertificate knownCertificate : list) {
                    if (knownCertificate.expirationTimestamp >= j) {
                        arrayList.add(knownCertificate);
                    }
                }
                this.knownCertificatesByDomainCache.put(str, arrayList);
            }
        }
    }

    private KnownCertificate getKnownCertificateForDb(String str, Certificate[] certificateArr, boolean z) {
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            byte[] encoded = x509Certificate.getEncoded();
            StringBuilder sb = new StringBuilder();
            sb.append(BEGIN_CERTIFICATE);
            sb.append(Base64.encodeToString(x509Certificate.getEncoded(), 0));
            sb.append(END_CERTIFICATE);
            int length = certificateArr.length - 1;
            String[] strArr = new String[length];
            int i = 0;
            while (i < length) {
                int i2 = i + 1;
                X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i2];
                strArr[i] = x509Certificate2.getIssuerDN().getName();
                sb.append(BEGIN_CERTIFICATE);
                sb.append(Base64.encodeToString(x509Certificate2.getEncoded(), 0));
                sb.append(END_CERTIFICATE);
                i = i2;
            }
            return new KnownCertificate(str, encoded, z ? Long.valueOf(System.currentTimeMillis()) : null, x509Certificate.getNotAfter().getTime(), AppSingleton.getJsonObjectMapper().writeValueAsString(strArr), sb.toString());
        } catch (JsonProcessingException | CertificateEncodingException unused) {
            Logger.e("Error storing SSL certificate in DB.");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: insertCertificateInDb, reason: merged with bridge method [inline-methods] */
    public void lambda$verifySllCertificateAndAllowConnection$2(String str, KnownCertificate knownCertificate) {
        try {
            knownCertificate.id = AppDatabase.getInstance().knownCertificateDao().insert(knownCertificate);
            synchronized (this.knownCertificatesByDomainCache) {
                List<KnownCertificate> list = this.knownCertificatesByDomainCache.get(str);
                if (list == null) {
                    list = new ArrayList<>();
                    this.knownCertificatesByDomainCache.put(str, list);
                }
                list.add(knownCertificate);
                sortCertificateList(list);
            }
        } catch (Exception e) {
            Logger.e("Exception while inserting KnownCertificate certificate in DB");
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$loadKnownCertificates$0() {
        synchronized (this.knownCertificatesByDomainCache) {
            for (KnownCertificate knownCertificate : AppDatabase.getInstance().knownCertificateDao().getAll()) {
                List<KnownCertificate> list = this.knownCertificatesByDomainCache.get(knownCertificate.domainName);
                if (list == null) {
                    list = new ArrayList<>();
                    this.knownCertificatesByDomainCache.put(knownCertificate.domainName, list);
                }
                list.add(knownCertificate);
            }
            Iterator<List<KnownCertificate>> it = this.knownCertificatesByDomainCache.values().iterator();
            while (it.hasNext()) {
                sortCertificateList(it.next());
            }
            this.cacheInitialized = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ int lambda$sortCertificateList$1(KnownCertificate knownCertificate, KnownCertificate knownCertificate2) {
        if (knownCertificate.trustTimestamp == null && knownCertificate2.trustTimestamp == null) {
            return 0;
        }
        if (knownCertificate.trustTimestamp == null) {
            return -1;
        }
        if (knownCertificate2.trustTimestamp == null) {
            return 1;
        }
        return Long.compare(knownCertificate2.trustTimestamp.longValue(), knownCertificate.trustTimestamp.longValue());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$verifySllCertificateAndAllowConnection$3(String str, KnownCertificate knownCertificate, Long l, boolean z) {
        lambda$verifySllCertificateAndAllowConnection$2(str, knownCertificate);
        notifyUser(knownCertificate.id, l, !z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$verifySllCertificateAndAllowConnection$4(String str, Certificate[] certificateArr) {
        KnownCertificate knownCertificateForDb = getKnownCertificateForDb(str, certificateArr, true);
        if (knownCertificateForDb != null) {
            expireCertificatesInDb(str, System.currentTimeMillis());
            lambda$verifySllCertificateAndAllowConnection$2(str, knownCertificateForDb);
        }
    }

    private void notifyUser(long j, Long l, boolean z) {
        HashMap<Long, Long> hashMap = lastUntrustedCertificateNotification;
        Long l2 = hashMap.get(Long.valueOf(j));
        if (l2 == null || l2.longValue() < System.currentTimeMillis() - NOTIFICATION_MIN_INTERVAL_MILLIS) {
            hashMap.put(Long.valueOf(j), Long.valueOf(System.currentTimeMillis()));
            App.openAppDialogCertificateChanged(j, l);
        }
        if (z) {
            AndroidNotificationManager.displayConnectionBlockedNotification(j, l);
        }
    }

    private boolean shouldAllowConnection(KnownCertificate knownCertificate, KnownCertificate knownCertificate2) {
        int i = AnonymousClass1.$SwitchMap$io$olvid$messenger$settings$SettingsActivity$BlockUntrustedCertificate[SettingsActivity.getBlockUntrustedCertificate().ordinal()];
        if (i == 1) {
            return false;
        }
        if (i == 2) {
            return true;
        }
        if (knownCertificate2 == null) {
            return false;
        }
        return Objects.equals(knownCertificate.issuers, knownCertificate2.issuers);
    }

    private void sortCertificateList(List<KnownCertificate> list) {
        Collections.sort(list, new Comparator() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda5
            @Override // java.util.Comparator
            public final int compare(Object obj, Object obj2) {
                return CustomSSLSocketFactory.lambda$sortCertificateList$1((KnownCertificate) obj, (KnownCertificate) obj2);
            }
        });
    }

    private boolean verifySllCertificateAndAllowConnection(final String str, final Certificate[] certificateArr) {
        boolean z;
        try {
            if (certificateArr.length != 0 && (certificateArr[0] instanceof X509Certificate)) {
                synchronized (this.knownCertificatesByDomainCache) {
                    List<KnownCertificate> list = this.knownCertificatesByDomainCache.get(str);
                    if (list != null && list.size() != 0) {
                        byte[] encoded = ((X509Certificate) certificateArr[0]).getEncoded();
                        KnownCertificate knownCertificate = null;
                        final KnownCertificate knownCertificate2 = null;
                        for (KnownCertificate knownCertificate3 : list) {
                            if (!Arrays.equals(encoded, knownCertificate3.certificateBytes)) {
                                if (knownCertificate == null && knownCertificate3.isTrusted()) {
                                    knownCertificate = knownCertificate3;
                                    if (knownCertificate2 != null) {
                                        break;
                                    }
                                }
                            } else {
                                if (knownCertificate3.isTrusted()) {
                                    knownCertificate2 = knownCertificate3;
                                    z = true;
                                    break;
                                }
                                knownCertificate2 = knownCertificate3;
                                if (knownCertificate != null) {
                                    break;
                                }
                            }
                        }
                        z = false;
                        if (knownCertificate2 == null) {
                            if (SettingsActivity.notifyCertificateChange()) {
                                final KnownCertificate knownCertificateForDb = getKnownCertificateForDb(str, certificateArr, false);
                                if (knownCertificateForDb == null) {
                                    return SettingsActivity.getBlockUntrustedCertificate() == SettingsActivity.BlockUntrustedCertificate.NEVER;
                                }
                                final boolean shouldAllowConnection = shouldAllowConnection(knownCertificateForDb, knownCertificate);
                                final Long valueOf = knownCertificate != null ? Long.valueOf(knownCertificate.id) : null;
                                App.runThread(new Runnable() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda1
                                    @Override // java.lang.Runnable
                                    public final void run() {
                                        CustomSSLSocketFactory.this.lambda$verifySllCertificateAndAllowConnection$3(str, knownCertificateForDb, valueOf, shouldAllowConnection);
                                    }
                                });
                                return shouldAllowConnection;
                            }
                            App.runThread(new Runnable() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda2
                                @Override // java.lang.Runnable
                                public final void run() {
                                    CustomSSLSocketFactory.this.lambda$verifySllCertificateAndAllowConnection$4(str, certificateArr);
                                }
                            });
                        } else if (!z) {
                            if (SettingsActivity.notifyCertificateChange()) {
                                boolean shouldAllowConnection2 = shouldAllowConnection(knownCertificate2, knownCertificate);
                                long j = knownCertificate2.id;
                                if (knownCertificate != null) {
                                    r5 = Long.valueOf(knownCertificate.id);
                                }
                                notifyUser(j, r5, !shouldAllowConnection2);
                                return shouldAllowConnection2;
                            }
                            App.runThread(new Runnable() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda3
                                @Override // java.lang.Runnable
                                public final void run() {
                                    CustomSSLSocketFactory.this.lambda$verifySllCertificateAndAllowConnection$5(knownCertificate2);
                                }
                            });
                        }
                        return true;
                    }
                    final KnownCertificate knownCertificateForDb2 = getKnownCertificateForDb(str, certificateArr, true);
                    if (knownCertificateForDb2 != null) {
                        App.runThread(new Runnable() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda0
                            @Override // java.lang.Runnable
                            public final void run() {
                                CustomSSLSocketFactory.this.lambda$verifySllCertificateAndAllowConnection$2(str, knownCertificateForDb2);
                            }
                        });
                    }
                    return true;
                }
            }
            Logger.w("SSL handshake finished with no certificates or a non-X.509 certificate. Aborting user certificate validation.");
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return !SettingsActivity.notifyCertificateChange() || SettingsActivity.getBlockUntrustedCertificate() == SettingsActivity.BlockUntrustedCertificate.NEVER;
        }
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket());
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket(str, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket(str, i, inetAddress, i2));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket(inetAddress, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket(inetAddress, i, inetAddress2, i2));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return configureSocket(this.sslSocketFactory.createSocket(socket, str, i, z));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return this.sslSocketFactory.getDefaultCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return this.sslSocketFactory.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        try {
            String peerHost = handshakeCompletedEvent.getSession().getPeerHost();
            if (peerHost == null) {
                return;
            }
            Logger.d("Connected to " + peerHost + " using cipher suite " + handshakeCompletedEvent.getCipherSuite());
            Certificate[] peerCertificates = handshakeCompletedEvent.getPeerCertificates();
            synchronized (this.knownCertificatesByDomainCache) {
                if (!this.cacheInitialized || !verifySllCertificateAndAllowConnection(peerHost, peerCertificates)) {
                    Logger.e("Connection to " + peerHost + " was blocked");
                    try {
                        handshakeCompletedEvent.getSocket().shutdownOutput();
                        handshakeCompletedEvent.getSocket().shutdownInput();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    public void loadKnownCertificates() {
        App.runThread(new Runnable() { // from class: io.olvid.messenger.customClasses.CustomSSLSocketFactory$$ExternalSyntheticLambda4
            @Override // java.lang.Runnable
            public final void run() {
                CustomSSLSocketFactory.this.lambda$loadKnownCertificates$0();
            }
        });
    }

    /* renamed from: trustCertificateInDb, reason: merged with bridge method [inline-methods] */
    public void lambda$verifySllCertificateAndAllowConnection$5(KnownCertificate knownCertificate) {
        synchronized (this.knownCertificatesByDomainCache) {
            String str = knownCertificate.domainName;
            long currentTimeMillis = System.currentTimeMillis();
            List<KnownCertificate> list = this.knownCertificatesByDomainCache.get(str);
            if (list != null) {
                for (KnownCertificate knownCertificate2 : list) {
                    if (knownCertificate2.id == knownCertificate.id) {
                        knownCertificate2.trustTimestamp = Long.valueOf(currentTimeMillis);
                    }
                }
                sortCertificateList(list);
            }
            AppDatabase.getInstance().knownCertificateDao().updateTrustTimestamp(knownCertificate.id, currentTimeMillis);
            expireCertificatesInDb(str, currentTimeMillis);
        }
    }
}
