package com.microsoft.office.lync.platform.http.NetworkSecurity;

import android.net.SSLCertificateSocketFactory;
import com.microsoft.inject.Injector;
import com.microsoft.office.lync.instrumentation.SessionStateAnalytics;
import com.microsoft.office.lync.persistence.X509CertificateInfo;
import com.microsoft.office.lync.platform.ContextProvider;
import com.microsoft.office.lync.platform.http.HttpEngine;
import com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.UserApproval.IUserCertificateApprovalManager;
import com.microsoft.office.lync.platform.http.ServerSslSupport;
import com.microsoft.office.lync.tracing.Trace;
import com.microsoft.office.lync.utility.UserSettingUtils;
import com.microsoft.office.lync.utility.errors.ErrorMessage;
import com.microsoft.office.lync.utility.errors.ErrorUtils;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import java.util.TreeSet;
import javax.inject.Inject;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

/* loaded from: classes2.dex */
public abstract class SfbSSLSocketFactory extends SSLSocketFactory {
    private static final String LYNCDISCOVER_EXTERNAL = "lyncdiscover.";
    private static final String LYNCDISCOVER_INTERNAL = "lyncdiscoverinternal.";
    private static final String TAG = String.format("[%s] %s", ErrorUtils.Category.Http.name(), "SfbSSLSocketFactory");
    private static String[] mSafeProtocols;
    protected SfbX509TrustManagerAdapter mSfbX509TrustManagerAdapter;

    @Inject
    private IUserCertificateApprovalManager mUserCertificateApprovalManager;

    public SfbSSLSocketFactory() {
        Injector.getInstance().injectNonView(ContextProvider.getContext(), this);
        this.mSfbX509TrustManagerAdapter = new SfbX509TrustManagerAdapter();
    }

    private void addSNISupport(SSLCertificateSocketFactory sSLCertificateSocketFactory, SSLSocket sSLSocket, String str) {
        Trace.v(TAG, String.format("Adding SNI Support for host %s.", str));
        sSLCertificateSocketFactory.setHostname(sSLSocket, str);
    }

    private void configureSocketToUseSafeProtocols(SSLSocket sSLSocket, String str) {
        if (mSafeProtocols == null) {
            String[] supportedProtocols = sSLSocket.getSupportedProtocols();
            ArrayList arrayList = new ArrayList();
            for (String str2 : supportedProtocols) {
                if (!str2.toLowerCase().startsWith("ssl")) {
                    arrayList.add(str2);
                }
            }
            String[] strArr = new String[arrayList.size()];
            mSafeProtocols = strArr;
            arrayList.toArray(strArr);
        }
        ServerSslSupport serverSslSupport = HttpEngine.getInstance().mServerSslSupportCache.get(str);
        if (serverSslSupport == null || serverSslSupport.getSupportedProtocols() == null) {
            sSLSocket.setEnabledProtocols(mSafeProtocols);
            return;
        }
        TreeSet treeSet = new TreeSet(Arrays.asList(mSafeProtocols));
        treeSet.retainAll(serverSslSupport.getSupportedProtocols());
        if (treeSet.size() > 0) {
            sSLSocket.setEnabledProtocols((String[]) treeSet.toArray(new String[treeSet.size()]));
        } else {
            Trace.w(TAG, "Server does not support any TLS Protocol. Host:" + str);
        }
        if (serverSslSupport == null || serverSslSupport.getSupportedCiphers() == null) {
            return;
        }
        Set<String> supportedCiphers = serverSslSupport.getSupportedCiphers();
        supportedCiphers.retainAll(new TreeSet(Arrays.asList(sSLSocket.getSupportedCipherSuites())));
        sSLSocket.setEnabledCipherSuites((String[]) supportedCiphers.toArray(new String[supportedCiphers.size()]));
    }

    private boolean getUserApprovalForUnverifiedHostname(SSLSocket sSLSocket, String str) {
        try {
            return this.mUserCertificateApprovalManager.getUserApproval(new X509CertificateInfo((X509Certificate) sSLSocket.getSession().getPeerCertificates()[0]), null, IUserCertificateApprovalManager.Trigger.UnverifiedHostname).isTrusted();
        } catch (Exception e) {
            Trace.w(TAG, String.format("Failed to create X509CertificateInfo in getUserApprovalForUnverifiedHostname. Host: %s", str), e);
            onCertInfoCreateError(e, sSLSocket);
            return false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:9:0x0076  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void onCertInfoCreateError(java.lang.Exception r8, javax.net.ssl.SSLSocket r9) {
        /*
            r7 = this;
            java.lang.String r0 = "null"
            java.lang.String r1 = "NotApplicable"
            if (r9 == 0) goto L46
            javax.net.ssl.SSLSession r9 = r9.getSession()
            java.lang.String r2 = "NotNull"
            if (r9 != 0) goto L12
            r9 = r1
            r3 = r2
            r1 = r0
            goto L48
        L12:
            java.security.cert.Certificate[] r9 = r9.getPeerCertificates()     // Catch: javax.net.ssl.SSLPeerUnverifiedException -> L1c
            if (r9 != 0) goto L1a
            r3 = r0
            goto L29
        L1a:
            r3 = r1
            goto L29
        L1c:
            r9 = move-exception
            r3 = 0
            java.lang.Class r9 = r9.getClass()
            java.lang.String r9 = r9.getSimpleName()
            r6 = r3
            r3 = r9
            r9 = r6
        L29:
            if (r9 == 0) goto L41
            int r3 = r9.length
            if (r3 != 0) goto L31
            java.lang.String r9 = "Empty"
            goto L42
        L31:
            r1 = 0
            r9 = r9[r1]
            java.lang.String r1 = "NotEmpty"
            if (r9 != 0) goto L3d
            r9 = r1
            r1 = r2
            r3 = r1
            r2 = r0
            goto L49
        L3d:
            r9 = r1
            r1 = r2
            r3 = r1
            goto L49
        L41:
            r9 = r3
        L42:
            r3 = r2
            r2 = r1
            r1 = r3
            goto L49
        L46:
            r3 = r0
            r9 = r1
        L48:
            r2 = r9
        L49:
            java.util.HashMap r4 = new java.util.HashMap
            r4.<init>()
            java.lang.String r5 = "Socket"
            r4.put(r5, r3)
            java.lang.String r3 = "Session"
            r4.put(r3, r1)
            java.lang.String r1 = "Chain"
            r4.put(r1, r9)
            java.lang.String r9 = "HeadCertificate"
            r4.put(r9, r2)
            java.lang.Class r9 = r8.getClass()
            java.lang.String r9 = r9.getSimpleName()
            java.lang.String r1 = "Exception"
            r4.put(r1, r9)
            java.lang.Throwable r9 = r8.getCause()
            if (r9 != 0) goto L76
            goto L82
        L76:
            java.lang.Throwable r8 = r8.getCause()
            java.lang.Class r8 = r8.getClass()
            java.lang.String r0 = r8.getSimpleName()
        L82:
            java.lang.String r8 = "InnerException"
            r4.put(r8, r0)
            com.microsoft.office.lync.instrumentation.SessionStateAnalytics.onCertErrorOnHostnameVerification(r4)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.office.lync.platform.http.NetworkSecurity.SfbSSLSocketFactory.onCertInfoCreateError(java.lang.Exception, javax.net.ssl.SSLSocket):void");
    }

    private void throwHostNameVerificationException(String str, boolean z) throws SocketException {
        String format = String.format("Unable to verify host: %s", str);
        Trace.w(TAG, format);
        SessionStateAnalytics.onHostnameVerificationFailed(z);
        throw new SocketException(format);
    }

    protected void configureSocketAndVerifyHostName(SSLCertificateSocketFactory sSLCertificateSocketFactory, SSLSocket sSLSocket, String str) throws SocketException {
        if (sSLSocket == null) {
            ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Http, ErrorMessage.InvalidSocket, str);
            return;
        }
        configureSocketToUseSafeProtocols(sSLSocket, str);
        addSNISupport(sSLCertificateSocketFactory, sSLSocket, str);
        verifyHostName(sSLSocket, str);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(inetAddress, i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, inetAddress.getHostName());
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(inetAddress, i, inetAddress2, i2);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, inetAddress.getHostName());
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        SSLSocket sSLSocket;
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        if (UserSettingUtils.isSniEnabled()) {
            sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        } else {
            Trace.d(TAG, "SNI is disabled");
            sSLSocket = (SSLSocket) socketFactory.createSocket(socket, str, i, z);
        }
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return new String[0];
    }

    public abstract HostnameVerifier getHostnameVerifier();

    protected SSLCertificateSocketFactory getSocketFactory() throws SocketException {
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
        sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{this.mSfbX509TrustManagerAdapter});
        return sSLCertificateSocketFactory;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return new String[0];
    }

    void verifyHostName(SSLSocket sSLSocket, String str) throws SocketException {
        if (getHostnameVerifier().verify(str, sSLSocket.getSession())) {
            return;
        }
        Trace.d(TAG, String.format("Hostname verification failed, getting user approval. Host: %s", str));
        if (str.startsWith(LYNCDISCOVER_EXTERNAL) || str.startsWith(LYNCDISCOVER_INTERNAL)) {
            throwHostNameVerificationException(str, true);
        }
        if (getUserApprovalForUnverifiedHostname(sSLSocket, str)) {
            return;
        }
        throwHostNameVerificationException(str, false);
    }
}
