package oracle.idm.mobile.connection;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import oracle.idm.mobile.certificate.ClientCertificatePreference;
import oracle.idm.mobile.certificate.OMCertificateService;
import oracle.idm.mobile.logging.OMLog;
import oracle.idm.mobile.logging.OMLogger;

/* loaded from: classes5.dex */
public class OMSSLSocketFactory extends SSLSocketFactory {
    private static final OMLogger mLogger = new OMLogger(OMSSLSocketFactory.class);
    private OMCertificateService mCertificateService;
    private boolean mClientCertificatePreference;
    private String[] mCorrectedProtocols;
    private String[] mEnabledCipherSuites;
    private boolean mHandleClientCertificate;
    private OMX509KeyManager mKM;
    private SSLContext mSSLContext;
    private OMTrustManager mTM;

    /* loaded from: classes5.dex */
    public static class OMTrustManager implements X509TrustManager {
        private X509TrustManager androidTM;
        private String authType;
        private X509Certificate[] chain;
        private boolean isClientCertRequired;
        private boolean isServerCertAllowed = false;
        private boolean isServerCertUntrusted;
        private X509TrustManager localTM;
        private KeyStore trustStore;

        public OMTrustManager(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
            this.localTM = null;
            this.androidTM = null;
            if (keyStore == null) {
                OMSSLSocketFactory.mLogger.error("[OMTrustManager] TrustStore provided for X509trustManager is null");
                throw new IllegalArgumentException("TrustStore for custom TrustManager can not be null!");
            }
            this.androidTM = getTrustManager(null);
            this.trustStore = keyStore;
            this.localTM = getTrustManager(keyStore);
            this.isClientCertRequired = false;
            this.isServerCertUntrusted = false;
        }

        private X509TrustManager getTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.androidTM.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                OMSSLSocketFactory.mLogger.trace("[OMTrustManager] Cert not trusted by android store");
                checkServerTrustedLocally(x509CertificateArr, str, e);
            }
        }

        public void checkServerTrustedLocally(X509Certificate[] x509CertificateArr, String str, CertificateException certificateException) throws CertificateException {
            try {
                if (this.trustStore.size() <= 0) {
                    OMSSLSocketFactory.mLogger.trace("[OMTrustStore] No certs available in local store");
                    this.isServerCertUntrusted = true;
                    this.chain = x509CertificateArr;
                    this.authType = str;
                    if (certificateException == null) {
                        throw new CertificateException("No certs available in local store. Hence it is untrusted.");
                    }
                    throw certificateException;
                }
                try {
                    this.localTM.checkServerTrusted(x509CertificateArr, str);
                    OMSSLSocketFactory.mLogger.trace("[OMTrustManager] Cert trusted by local store");
                } catch (CertificateException e) {
                    OMSSLSocketFactory.mLogger.trace("[OMTrustManager] Cert not trusted in local store");
                    this.isServerCertUntrusted = true;
                    this.chain = x509CertificateArr;
                    this.authType = str;
                    throw e;
                }
            } catch (KeyStoreException e2) {
                this.isServerCertUntrusted = true;
                this.chain = x509CertificateArr;
                this.authType = str;
                throw new CertificateException(e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        String getAuthType() {
            return this.authType;
        }

        X509Certificate[] getUntrustedServerCertChain() {
            return this.chain;
        }

        boolean isServerCertUntrusted() {
            return this.isServerCertUntrusted;
        }

        void setServerCertAllowed(boolean z) {
            this.isServerCertAllowed = z;
        }
    }

    OMSSLSocketFactory(OMCertificateService oMCertificateService, boolean z, String str) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        this.mCorrectedProtocols = null;
        OMLog.debug("OMSSLSocketFactory", "Creating SSLSocketFactory for protocol: " + str + " Client Certificate support : " + z);
        this.mSSLContext = SSLContext.getInstance(str);
        this.mHandleClientCertificate = z;
        this.mTM = new OMTrustManager(oMCertificateService.getTrustStore());
        if (this.mHandleClientCertificate) {
            this.mKM = new OMX509KeyManager(oMCertificateService, null);
        }
        this.mSSLContext.init(this.mHandleClientCertificate ? new KeyManager[]{this.mKM} : null, new TrustManager[]{this.mTM}, null);
        this.mCertificateService = oMCertificateService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OMSSLSocketFactory(OMCertificateService oMCertificateService, boolean z, String str, String[] strArr, String[] strArr2) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        this(oMCertificateService, z, str);
        this.mCorrectedProtocols = strArr;
        this.mEnabledCipherSuites = strArr2;
    }

    private String[] updateCipherSuites(String[] strArr) {
        String[] strArr2 = this.mEnabledCipherSuites;
        return strArr2 != null ? strArr2 : strArr;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return null;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.mSSLContext.getSocketFactory().createSocket(socket, str, i, z);
        sSLSocket.setEnabledProtocols(protocolCorrection(sSLSocket.getEnabledProtocols()));
        sSLSocket.setEnabledCipherSuites(updateCipherSuites(sSLSocket.getEnabledCipherSuites()));
        return sSLSocket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAuthType() {
        return this.mTM.getAuthType();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return new String[0];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal[] getIssuers() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            return oMX509KeyManager.getClientAuthIssuers();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getKeyTypes() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            return oMX509KeyManager.getClientAuthKeyTypes();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPeerHost() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            return oMX509KeyManager.getPeerHost();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPeerPort() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            return oMX509KeyManager.getPeerPort();
        }
        return -1;
    }

    Principal getPrincipal() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            return oMX509KeyManager.getPeerPrincipal();
        }
        return null;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return new String[0];
    }

    public OMTrustManager getTrustManager() {
        return this.mTM;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getUntrustedServerCertChain() {
        return this.mTM.getUntrustedServerCertChain();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClientCertRequired() {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        return oMX509KeyManager != null && oMX509KeyManager.isClientCertRequired();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isServerCertUntrusted() {
        return this.mTM.isServerCertUntrusted();
    }

    protected String[] protocolCorrection(String[] strArr) {
        String[] strArr2 = this.mCorrectedProtocols;
        return strArr2 != null ? strArr2 : strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientCertificatePreference(ClientCertificatePreference clientCertificatePreference) {
        OMX509KeyManager oMX509KeyManager = this.mKM;
        if (oMX509KeyManager != null) {
            oMX509KeyManager.setClientCertificatePreference(clientCertificatePreference);
        }
    }

    void setServerCertAllowed(boolean z) {
        this.mTM.setServerCertAllowed(z);
    }
}
