package net.handle.hdllib;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import net.handle.util.AutoSelfSignedKeyManager;
import net.handle.util.TrustManagerSpecificPublicKey;

/* loaded from: input_file:net/handle/hdllib/SSLEngineHelper.class */
public class SSLEngineHelper {
    public static final String[] ENABLED_SERVER_PROTOCOLS;
    public static final String[] ENABLED_CLIENT_PROTOCOLS;
    public static final String[] ENABLED_CIPHER_SUITES;
    public static final String[] COMPATIBILITY_CIPHER_SUITES;
    private static final String[] DESIRED_CIPHER_SUITES = {"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"};
    private static final String[] COMPATIBILITY_ONLY_CIPHER_SUITES = {"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/handle/hdllib/SSLEngineHelper$AllTrustingTrustManager.class */
    public static class AllTrustingTrustManager implements X509TrustManager {
        private AllTrustingTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: input_file:net/handle/hdllib/SSLEngineHelper$SocketFactoryWrapper.class */
    public static class SocketFactoryWrapper extends SSLSocketFactory {
        private final SSLSocketFactory delegate;
        private final boolean clientMode;

        public SocketFactoryWrapper(SSLSocketFactory sSLSocketFactory, boolean z) {
            this.delegate = sSLSocketFactory;
            this.clientMode = z;
        }

        private Socket fix(Socket socket) {
            if (socket instanceof SSLSocket) {
                ((SSLSocket) socket).setEnabledProtocols(this.clientMode ? SSLEngineHelper.ENABLED_CLIENT_PROTOCOLS : SSLEngineHelper.ENABLED_SERVER_PROTOCOLS);
                ((SSLSocket) socket).setEnabledCipherSuites(SSLEngineHelper.ENABLED_CIPHER_SUITES);
            }
            return socket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            return fix(this.delegate.createSocket());
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            return fix(this.delegate.createSocket(inetAddress, i, inetAddress2, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            return fix(this.delegate.createSocket(inetAddress, i));
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            return fix(this.delegate.createSocket(socket, str, i, z));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return fix(this.delegate.createSocket(str, i, inetAddress, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return fix(this.delegate.createSocket(str, i));
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.delegate.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.delegate.getSupportedCipherSuites();
        }

        public boolean equals(Object obj) {
            return this.delegate.equals(obj);
        }

        public int hashCode() {
            return this.delegate.hashCode();
        }

        public String toString() {
            return this.delegate.toString();
        }
    }

    private static String[] getSupportedProtocols() {
        return getAllTrustingClientSSLContext().getSupportedSSLParameters().getProtocols();
    }

    public static SSLContext getServerSSLContext(X509Certificate x509Certificate, PrivateKey privateKey) throws KeyManagementException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[]{new AutoSelfSignedKeyManager((String) null, x509Certificate, privateKey)}, null, null);
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static SSLContext getClientSSLContext(PublicKey publicKey) throws KeyManagementException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new TrustManagerSpecificPublicKey(Util.getBytesFromPublicKey(publicKey))}, null);
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (HandleException e2) {
            throw new KeyManagementException(e2.getMessage(), e2);
        }
    }

    public static SSLContext getClientSSLContext(byte[] bArr) throws KeyManagementException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new TrustManagerSpecificPublicKey(bArr)}, null);
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static SSLEngine getSSLEngine(SSLContext sSLContext, boolean z) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setEnabledCipherSuites(ENABLED_CIPHER_SUITES);
        createSSLEngine.setEnabledProtocols(z ? ENABLED_CLIENT_PROTOCOLS : ENABLED_SERVER_PROTOCOLS);
        createSSLEngine.setUseClientMode(z);
        return createSSLEngine;
    }

    public static SSLContext getAllTrustingClientSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new AllTrustingTrustManager()}, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    static {
        List asList = Arrays.asList(getAllTrustingClientSSLContext().getSupportedSSLParameters().getCipherSuites());
        ArrayList arrayList = new ArrayList(Arrays.asList(DESIRED_CIPHER_SUITES));
        for (String str : DESIRED_CIPHER_SUITES) {
            arrayList.add(str.replaceFirst("TLS", "SSL"));
        }
        arrayList.retainAll(asList);
        ENABLED_CIPHER_SUITES = (String[]) arrayList.toArray(new String[arrayList.size()]);
        ArrayList arrayList2 = new ArrayList(Arrays.asList(COMPATIBILITY_ONLY_CIPHER_SUITES));
        for (String str2 : COMPATIBILITY_ONLY_CIPHER_SUITES) {
            arrayList2.add(str2.replaceFirst("TLS", "SSL"));
        }
        arrayList2.retainAll(asList);
        ArrayList arrayList3 = new ArrayList(arrayList);
        arrayList3.addAll(arrayList2);
        COMPATIBILITY_CIPHER_SUITES = (String[]) arrayList3.toArray(new String[arrayList3.size()]);
        String[] supportedProtocols = getSupportedProtocols();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        for (String str3 : supportedProtocols) {
            if (!"SSLv3".equals(str3)) {
                arrayList4.add(str3);
                if (!"SSLv2Hello".equals(str3)) {
                    arrayList5.add(str3);
                }
            }
        }
        ENABLED_CLIENT_PROTOCOLS = (String[]) arrayList5.toArray(new String[arrayList5.size()]);
        ENABLED_SERVER_PROTOCOLS = (String[]) arrayList4.toArray(new String[arrayList4.size()]);
    }
}
