package defpackage;

import android.net.Network;
import android.net.VpnService;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class kxm {
    public static SSLSocketFactory a(Set set) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                x509Certificate.getSubjectDN().getName();
                keyStore.setCertificateEntry(x509Certificate.getSerialNumber().toString(), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (((Boolean) ldz.j.f()).booleanValue() && lhg.i().a()) {
                trustManagers = new TrustManager[]{new kxl()};
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[0], trustManagers, null);
            return sSLContext.getSocketFactory();
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new kxa(oyn.FAILED_TO_CREATE_SOCKET_FACTORY, "Failed to initialize certificate validation", e);
        }
    }

    public static SSLSocket b(Network network, SSLSocketFactory sSLSocketFactory) {
        return c(network, sSLSocketFactory, ((Integer) lec.c.f()).intValue());
    }

    static SSLSocket c(Network network, SSLSocketFactory sSLSocketFactory, int i) {
        lfj.d();
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket();
            try {
                sSLSocket.setSoTimeout(i);
                try {
                    network.bindSocket(sSLSocket);
                    new VpnService().protect(sSLSocket);
                    return sSLSocket;
                } catch (IOException e) {
                    d(sSLSocket);
                    throw new kxa(oyn.IO_EXCEPTION, "Failed to bind SSL socket to network", e);
                }
            } catch (SocketException e2) {
                d(sSLSocket);
                throw new kxa(oyn.IO_EXCEPTION, "Failed to set timeout", e2);
            }
        } catch (IOException e3) {
            throw new kxa(oyn.FAILED_TO_CREATE_SSL_SOCKET, "Failed to create socket", e3);
        }
    }

    public static void d(Socket socket) {
        if (socket != null) {
            try {
                socket.close();
            } catch (IOException e) {
                lgp.c(e, "Failed to close socket", new Object[0]);
            }
        }
    }

    public static void e(Socket socket, InetSocketAddress inetSocketAddress) {
        int intValue = ((Integer) lec.c.f()).intValue();
        lfj.d();
        try {
            socket.connect(inetSocketAddress, intValue);
        } catch (IOException e) {
            oyn a = kxa.a(e);
            String valueOf = String.valueOf(inetSocketAddress);
            StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 21);
            sb.append("Failed to connect to ");
            sb.append(valueOf);
            throw new kxa(a, sb.toString(), e);
        }
    }

    public static void f(SSLSocket sSLSocket, InetSocketAddress inetSocketAddress, Set set) {
        lfj.d();
        try {
            lgp.b("Starting SSL handshake with %s", inetSocketAddress);
            sSLSocket.startHandshake();
            if (((Boolean) lec.q.f()).booleanValue()) {
                String hostString = inetSocketAddress.getHostString();
                SSLSession session = sSLSocket.getSession();
                HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
                if (!(hostString.startsWith("alt") ? defaultHostnameVerifier.verify(hostString.substring(hostString.indexOf(46) + 1), session) : defaultHostnameVerifier.verify(hostString, session))) {
                    oyn oynVar = oyn.TLS_HOSTNAME_VERIFICATION_FAILURE;
                    String valueOf = String.valueOf(hostString);
                    throw new kxa(oynVar, valueOf.length() != 0 ? "Unable to verify hostname ".concat(valueOf) : new String("Unable to verify hostname "));
                }
            }
            lgp.b("%s connected as %s", sSLSocket, inetSocketAddress);
        } catch (SSLHandshakeException e) {
            Throwable th = e;
            while (th.getCause() != null) {
                th = th.getCause();
            }
            if (th instanceof CertPathValidatorException) {
                lgp.e("Failed to validate server SSL certificate:", new Object[0]);
                lgp.e("Server certificate chain: %s", ((CertPathValidatorException) th).getCertPath());
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    lgp.e("Valid Root CA:\n%s", (X509Certificate) it.next());
                }
            } else {
                lgp.d("Handshake failed for unknown cause: %s", th.getClass());
            }
            throw new kxa(oyn.TLS_HANDSHAKE_FAILURE, "Failed to establish secure link", e);
        } catch (IOException e2) {
            throw new kxa(kxa.a(e2), "Failed to establish connection", e2);
        }
    }

    public static String g(SSLSession sSLSession) {
        try {
            String str = null;
            boolean z = false;
            for (Certificate certificate : sSLSession.getPeerCertificates()) {
                if (certificate instanceof X509Certificate) {
                    for (List<?> list : ((X509Certificate) certificate).getSubjectAlternativeNames()) {
                        switch (((Integer) list.get(0)).intValue()) {
                            case 2:
                                if (z) {
                                    break;
                                } else {
                                    str = (String) list.get(1);
                                    z = true;
                                    break;
                                }
                        }
                    }
                }
            }
            return str;
        } catch (CertificateParsingException | SSLPeerUnverifiedException e) {
            throw new kxa(oyn.CERTIFICATE_EXCEPTION, "Failed to extract control plane certs", e);
        }
    }
}
