package com.dropbox.core.http;

import com.dropbox.core.util.i;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class f {

    /* renamed from: f, reason: collision with root package name */
    private static a f7496f = null;

    /* renamed from: g, reason: collision with root package name */
    private static final String f7497g = "/com/dropbox/core/trusted-certs.raw";

    /* renamed from: h, reason: collision with root package name */
    private static final int f7498h = 10240;

    /* renamed from: a, reason: collision with root package name */
    private static final X509TrustManager f7491a = e();

    /* renamed from: b, reason: collision with root package name */
    private static final SSLSocketFactory f7492b = d();

    /* renamed from: c, reason: collision with root package name */
    private static final String[] f7493c = {"TLSv1.2"};

    /* renamed from: d, reason: collision with root package name */
    private static final String[] f7494d = {"TLSv1.1"};

    /* renamed from: e, reason: collision with root package name */
    private static final String[] f7495e = {"TLSv1"};

    /* renamed from: i, reason: collision with root package name */
    private static final HashSet<String> f7499i = new HashSet<>(Arrays.asList("SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA", "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA", "SSL_ECDHE_RSA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA", "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_AES_256_GCM_SHA384", "SSL_RSA_WITH_AES_256_CBC_SHA256", "SSL_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_AES_128_GCM_SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-RC4-SHA", "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "AES256-GCM-SHA384", "AES256-SHA256", "AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA256", "AES128-SHA"));

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        private final String[] f7500a;

        /* renamed from: b, reason: collision with root package name */
        private final String[] f7501b;

        public a(String[] strArr, String[] strArr2) {
            this.f7500a = strArr;
            this.f7501b = strArr2;
        }
    }

    /* loaded from: classes2.dex */
    public static final class b extends Exception {
        private static final long serialVersionUID = 0;

        public b(String str, Throwable th) {
            super(str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class c extends SSLSocketFactory {

        /* renamed from: a, reason: collision with root package name */
        private final SSLSocketFactory f7502a;

        public c(SSLSocketFactory sSLSocketFactory) {
            this.f7502a = sSLSocketFactory;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i8) throws IOException {
            Socket createSocket = this.f7502a.createSocket(str, i8);
            f.l((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i8, InetAddress inetAddress, int i9) throws IOException {
            Socket createSocket = this.f7502a.createSocket(str, i8, inetAddress, i9);
            f.l((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i8) throws IOException {
            Socket createSocket = this.f7502a.createSocket(inetAddress, i8);
            f.l((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i8, InetAddress inetAddress2, int i9) throws IOException {
            Socket createSocket = this.f7502a.createSocket(inetAddress, i8, inetAddress2, i9);
            f.l((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i8, boolean z7) throws IOException {
            Socket createSocket = this.f7502a.createSocket(socket, str, i8, z7);
            f.l((SSLSocket) createSocket);
            return createSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.f7502a.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.f7502a.getSupportedCipherSuites();
        }
    }

    public static void b(HttpsURLConnection httpsURLConnection) throws SSLException {
        httpsURLConnection.setSSLSocketFactory(f7492b);
    }

    private static SSLContext c(TrustManager[] trustManagerArr) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                sSLContext.init(null, trustManagerArr, null);
                return sSLContext;
            } catch (KeyManagementException e8) {
                throw com.dropbox.core.util.f.c("Couldn't initialize SSLContext", e8);
            }
        } catch (NoSuchAlgorithmException e9) {
            throw com.dropbox.core.util.f.c("Couldn't create SSLContext", e9);
        }
    }

    private static SSLSocketFactory d() {
        return new c(c(new TrustManager[]{f7491a}).getSocketFactory());
    }

    private static X509TrustManager e() {
        return f(m(f7497g));
    }

    private static X509TrustManager f(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            try {
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 1) {
                    throw new AssertionError("More than 1 TrustManager created.");
                }
                TrustManager trustManager = trustManagers[0];
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
                throw new AssertionError("TrustManager not of type X509: " + trustManagers[0].getClass());
            } catch (KeyStoreException e8) {
                throw com.dropbox.core.util.f.c("Unable to initialize TrustManagerFactory with key store", e8);
            }
        } catch (NoSuchAlgorithmException e9) {
            throw com.dropbox.core.util.f.c("Unable to create TrustManagerFactory", e9);
        }
    }

    private static List<X509Certificate> g(CertificateFactory certificateFactory, InputStream inputStream) throws IOException, b, CertificateException {
        ArrayList arrayList = new ArrayList();
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        byte[] bArr = new byte[10240];
        while (true) {
            int readUnsignedShort = dataInputStream.readUnsignedShort();
            if (readUnsignedShort == 0) {
                if (dataInputStream.read() < 0) {
                    return arrayList;
                }
                throw new b("Found data after after zero-length header.", null);
            }
            if (readUnsignedShort > 10240) {
                throw new b("Invalid length for certificate entry: " + readUnsignedShort, null);
            }
            dataInputStream.readFully(bArr, 0, readUnsignedShort);
            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr, 0, readUnsignedShort)));
        }
    }

    private static String[] h(String[] strArr) {
        a aVar = f7496f;
        if (aVar != null && Arrays.equals(aVar.f7500a, strArr)) {
            return aVar.f7501b;
        }
        ArrayList arrayList = new ArrayList(f7499i.size());
        for (String str : strArr) {
            if (f7499i.contains(str)) {
                arrayList.add(str);
            }
        }
        String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
        f7496f = new a(strArr, strArr2);
        return strArr2;
    }

    private static String[] i(String[] strArr) throws SSLException {
        boolean z7 = false;
        boolean z8 = false;
        boolean z9 = false;
        for (String str : strArr) {
            if (str.equals("TLSv1.2")) {
                z7 = true;
            } else if (str.equals("TLSv1.1")) {
                z8 = true;
            } else if (str.equals("TLSv1")) {
                z9 = true;
            }
        }
        if (z7) {
            return f7493c;
        }
        if (z8) {
            return f7494d;
        }
        if (z9) {
            return f7495e;
        }
        throw new SSLException("Socket's available protocols doesn't overlap with our allowed protocols: " + i.l(strArr) + ".");
    }

    public static SSLSocketFactory j() {
        return f7492b;
    }

    public static X509TrustManager k() {
        return f7491a;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void l(SSLSocket sSLSocket) throws SSLException {
        sSLSocket.setEnabledProtocols(i(sSLSocket.getEnabledProtocols()));
        sSLSocket.setEnabledCipherSuites(h(sSLSocket.getEnabledCipherSuites()));
    }

    private static KeyStore m(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, new char[0]);
            InputStream resourceAsStream = f.class.getResourceAsStream(str);
            try {
                if (resourceAsStream == null) {
                    throw new AssertionError("Couldn't find resource \"" + str + "\"");
                }
                try {
                    try {
                        try {
                            n(keyStore, resourceAsStream);
                            return keyStore;
                        } catch (IOException e8) {
                            throw com.dropbox.core.util.f.c("Error loading from \"" + str + "\"", e8);
                        }
                    } catch (KeyStoreException e9) {
                        throw com.dropbox.core.util.f.c("Error loading from \"" + str + "\"", e9);
                    }
                } catch (b e10) {
                    throw com.dropbox.core.util.f.c("Error loading from \"" + str + "\"", e10);
                }
            } finally {
                com.dropbox.core.util.e.a(resourceAsStream);
            }
        } catch (IOException e11) {
            throw com.dropbox.core.util.f.c("Couldn't initialize KeyStore", e11);
        } catch (KeyStoreException e12) {
            throw com.dropbox.core.util.f.c("Couldn't initialize KeyStore", e12);
        } catch (NoSuchAlgorithmException e13) {
            throw com.dropbox.core.util.f.c("Couldn't initialize KeyStore", e13);
        } catch (CertificateException e14) {
            throw com.dropbox.core.util.f.c("Couldn't initialize KeyStore", e14);
        }
    }

    private static void n(KeyStore keyStore, InputStream inputStream) throws IOException, b, KeyStoreException {
        try {
            try {
                for (X509Certificate x509Certificate : g(CertificateFactory.getInstance("X.509"), inputStream)) {
                    try {
                        keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
                    } catch (KeyStoreException e8) {
                        throw new b("Error loading certificate: " + e8.getMessage(), e8);
                    }
                }
            } catch (CertificateException e9) {
                throw new b("Error loading certificate: " + e9.getMessage(), e9);
            }
        } catch (CertificateException e10) {
            throw com.dropbox.core.util.f.c("Couldn't initialize X.509 CertificateFactory", e10);
        }
    }
}
