package com.couchbase.lite.internal.replicator;

import androidx.annotation.NonNull;
import co.datadome.sdk.internal.DataDomeSDKBase;
import com.couchbase.lite.LiteCoreException;
import com.couchbase.lite.LogDomain;
import com.couchbase.lite.internal.core.C4Replicator;
import com.couchbase.lite.internal.core.C4Socket;
import com.couchbase.lite.internal.fleece.FLEncoder;
import com.couchbase.lite.internal.fleece.FLValue;
import com.couchbase.lite.internal.support.Log;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Authenticator;
import okhttp3.Challenge;
import okhttp3.Credentials;
import okhttp3.Headers;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;
import okhttp3.WebSocket;
import okhttp3.WebSocketListener;
import okhttp3.internal.tls.CustomHostnameVerifier;
import okio.Buffer;
import okio.ByteString;

/* loaded from: classes.dex */
public class AbstractCBLWebSocket extends C4Socket {
    private static final OkHttpClient BASE_HTTP_CLIENT;
    private static final LogDomain TAG = LogDomain.NETWORK;
    private OkHttpClient httpClient;
    private Map<String, Object> options;
    private URI uri;
    private WebSocket webSocket;
    private CBLWebSocketListener wsListener;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class CBLWebSocketListener extends WebSocketListener {
        CBLWebSocketListener() {
        }

        @Override // okhttp3.WebSocketListener
        public void onClosed(WebSocket webSocket, int i2, String str) {
            Log.v(AbstractCBLWebSocket.TAG, "WebSocketListener.onClosed() code -> " + i2 + ", reason -> " + str);
            AbstractCBLWebSocket.this.didClose(i2, str);
        }

        @Override // okhttp3.WebSocketListener
        public void onClosing(WebSocket webSocket, int i2, String str) {
            Log.v(AbstractCBLWebSocket.TAG, "WebSocketListener.onClosing() code -> " + i2 + ", reason -> " + str);
            C4Socket.closeRequested(((C4Socket) AbstractCBLWebSocket.this).handle, i2, str);
        }

        @Override // okhttp3.WebSocketListener
        public void onFailure(WebSocket webSocket, Throwable th, Response response) {
            Log.w(AbstractCBLWebSocket.TAG, "WebSocketListener.onFailure() response -> " + response, th);
            if (response == null) {
                AbstractCBLWebSocket.this.didClose(th);
                return;
            }
            int code = response.code();
            if (code == 101) {
                AbstractCBLWebSocket.this.didClose(1002, response.message());
                return;
            }
            if (code < 300 || code >= 1000) {
                code = 1008;
            }
            AbstractCBLWebSocket.this.didClose(code, response.message());
        }

        @Override // okhttp3.WebSocketListener
        public void onMessage(WebSocket webSocket, String str) {
            Log.v(AbstractCBLWebSocket.TAG, "WebSocketListener.onMessage() text -> " + str);
            C4Socket.received(((C4Socket) AbstractCBLWebSocket.this).handle, str.getBytes(StandardCharsets.UTF_8));
        }

        @Override // okhttp3.WebSocketListener
        public void onMessage(WebSocket webSocket, ByteString byteString) {
            Log.v(AbstractCBLWebSocket.TAG, "WebSocketListener.onMessage() bytes -> " + byteString.hex());
            C4Socket.received(((C4Socket) AbstractCBLWebSocket.this).handle, byteString.toByteArray());
        }

        @Override // okhttp3.WebSocketListener
        public void onOpen(WebSocket webSocket, Response response) {
            Log.v(AbstractCBLWebSocket.TAG, "WebSocketListener.onOpen() response -> " + response);
            AbstractCBLWebSocket.this.webSocket = webSocket;
            AbstractCBLWebSocket.this.receivedHTTPResponse(response);
            Log.i(AbstractCBLWebSocket.TAG, "CBLWebSocket CONNECTED!");
            C4Socket.opened(((C4Socket) AbstractCBLWebSocket.this).handle);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class TLSSocketFactory extends SSLSocketFactory {
        private SSLSocketFactory delegate;

        TLSSocketFactory(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws GeneralSecurityException {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
            this.delegate = sSLContext.getSocketFactory();
        }

        private Socket setEnabledProtocols(Socket socket) {
            if (socket instanceof SSLSocket) {
                ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
            }
            return socket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i2) throws IOException {
            return setEnabledProtocols(this.delegate.createSocket(str, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i2, InetAddress inetAddress, int i3) throws IOException {
            return setEnabledProtocols(this.delegate.createSocket(str, i2, inetAddress, i3));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i2) throws IOException {
            return setEnabledProtocols(this.delegate.createSocket(inetAddress, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i2, InetAddress inetAddress2, int i3) throws IOException {
            return setEnabledProtocols(this.delegate.createSocket(inetAddress, i2, inetAddress2, i3));
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i2, boolean z2) throws IOException {
            return setEnabledProtocols(this.delegate.createSocket(socket, str, i2, z2));
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.delegate.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.delegate.getSupportedCipherSuites();
        }
    }

    static {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        TimeUnit timeUnit = TimeUnit.SECONDS;
        BASE_HTTP_CLIENT = builder.connectTimeout(0L, timeUnit).readTimeout(0L, timeUnit).writeTimeout(0L, timeUnit).followRedirects(true).followSslRedirects(true).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCBLWebSocket(long j, String str, String str2, int i2, String str3, Map<String, Object> map) throws GeneralSecurityException, URISyntaxException {
        super(j);
        this.uri = new URI(checkScheme(str), null, str2, i2, str3, null, null);
        this.options = map;
        this.httpClient = setupOkHttpClient();
        this.wsListener = new CBLWebSocketListener();
    }

    private String checkScheme(String str) {
        return str.equalsIgnoreCase(C4Replicator.C4_REPLICATOR_SCHEME_2) ? C4Socket.WEBSOCKET_SCHEME : str.equalsIgnoreCase(C4Replicator.C4_REPLICATOR_TLS_SCHEME_2) ? C4Socket.WEBSOCKET_SECURE_CONNECTION_SCHEME : str;
    }

    private X509TrustManager defaultTrustManager() throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 0) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Cannot find the default trust manager");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void didClose(int i2, String str) {
        if (i2 == 1000) {
            didClose(null);
            return;
        }
        Log.i(TAG, "CBLWebSocket CLOSED WITH STATUS " + i2 + " \"" + str + "\"");
        C4Socket.closed(this.handle, 6, i2, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void didClose(Throwable th) {
        if (th == null) {
            C4Socket.closed(this.handle, 6, 0, null);
            return;
        }
        if (handleClose(th)) {
            return;
        }
        if (th.getCause() instanceof CertificateException) {
            C4Socket.closed(this.handle, 5, 8, null);
            return;
        }
        if (th instanceof SSLPeerUnverifiedException) {
            C4Socket.closed(this.handle, 5, 8, null);
        } else if (th instanceof UnknownHostException) {
            C4Socket.closed(this.handle, 5, 2, null);
        } else {
            C4Socket.closed(this.handle, 6, 0, null);
        }
    }

    private KeyStore newEmptyKeyStore(char[] cArr) throws GeneralSecurityException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, cArr);
            return keyStore;
        } catch (IOException e2) {
            throw new AssertionError(e2);
        }
    }

    private Request newRequest() {
        Request.Builder builder = new Request.Builder();
        builder.url(this.uri.toString());
        String host = this.uri.getHost();
        if (this.uri.getPort() != -1) {
            host = String.format(Locale.ENGLISH, "%s:%d", host, Integer.valueOf(this.uri.getPort()));
        }
        builder.header("Host", host);
        Map<String, Object> map = this.options;
        if (map != null) {
            Map map2 = (Map) map.get(C4Socket.REPLICATOR_OPTION_EXTRA_HEADERS);
            if (map2 != null) {
                for (Map.Entry entry : map2.entrySet()) {
                    builder.header((String) entry.getKey(), entry.getValue().toString());
                }
            }
            String str = (String) this.options.get("cookies");
            if (str != null) {
                builder.addHeader(DataDomeSDKBase.HTTP_HEADER_COOKIE, str);
            }
            String str2 = (String) this.options.get(C4Socket.SOCKET_OPTION_WS_PROTOCOLS);
            if (str2 != null) {
                builder.header("Sec-WebSocket-Protocol", str2);
            }
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void receivedHTTPResponse(Response response) {
        int code = response.code();
        Log.v(TAG, "receivedHTTPResponse() httpStatus -> " + code);
        Headers headers = response.headers();
        if (headers == null || headers.size() <= 0) {
            return;
        }
        byte[] bArr = null;
        HashMap hashMap = new HashMap();
        for (int i2 = 0; i2 < headers.size(); i2++) {
            hashMap.put(headers.name(i2), headers.value(i2));
        }
        FLEncoder fLEncoder = new FLEncoder();
        fLEncoder.write(hashMap);
        try {
            try {
                bArr = fLEncoder.finish();
            } catch (LiteCoreException e2) {
                Log.e(TAG, "Failed to encode", e2);
            }
            gotHTTPResponse(code, bArr);
        } finally {
            fLEncoder.free();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int responseCount(Response response) {
        int i2 = 1;
        while (true) {
            response = response.priorResponse();
            if (response == null) {
                return i2;
            }
            i2++;
        }
    }

    private Authenticator setupAuthenticator() {
        Map map;
        Map<String, Object> map2 = this.options;
        if (map2 == null || !map2.containsKey(C4Socket.REPLICATOR_OPTION_AUTHENTICATION) || (map = (Map) this.options.get(C4Socket.REPLICATOR_OPTION_AUTHENTICATION)) == null) {
            return null;
        }
        final String str = (String) map.get("username");
        final String str2 = (String) map.get("password");
        if (str == null || str2 == null) {
            return null;
        }
        return new Authenticator() { // from class: com.couchbase.lite.internal.replicator.AbstractCBLWebSocket.1
            @Override // okhttp3.Authenticator
            public Request authenticate(@NonNull Route route, @NonNull Response response) {
                Log.v(AbstractCBLWebSocket.TAG, "Authenticating for response: " + response);
                if (AbstractCBLWebSocket.this.responseCount(response) >= 3) {
                    return null;
                }
                List<Challenge> challenges = response.challenges();
                Log.v(AbstractCBLWebSocket.TAG, "Challenges: " + challenges);
                if (challenges != null) {
                    Iterator<Challenge> it = challenges.iterator();
                    while (it.hasNext()) {
                        if (it.next().scheme().equals("Basic")) {
                            return response.request().newBuilder().header("Authorization", Credentials.basic(str, str2)).build();
                        }
                    }
                }
                return null;
            }
        };
    }

    private OkHttpClient setupOkHttpClient() throws GeneralSecurityException {
        OkHttpClient.Builder newBuilder = BASE_HTTP_CLIENT.newBuilder();
        Authenticator authenticator = setupAuthenticator();
        if (authenticator != null) {
            newBuilder.authenticator(authenticator);
        }
        setupSSLSocketFactory(newBuilder);
        return newBuilder.build();
    }

    private void setupSSLSocketFactory(OkHttpClient.Builder builder) throws GeneralSecurityException {
        X509TrustManager x509TrustManager;
        boolean z2;
        byte[] bArr;
        Map<String, Object> map = this.options;
        if (map == null || !map.containsKey(C4Socket.REPLICATOR_OPTION_PINNED_SERVER_CERT) || (bArr = (byte[]) this.options.get(C4Socket.REPLICATOR_OPTION_PINNED_SERVER_CERT)) == null) {
            x509TrustManager = null;
            z2 = false;
        } else {
            x509TrustManager = trustManagerForCertificates(toStream(bArr));
            z2 = true;
        }
        if (x509TrustManager == null) {
            x509TrustManager = defaultTrustManager();
        }
        SSLContext.getInstance("TLS").init(null, new TrustManager[]{x509TrustManager}, null);
        builder.sslSocketFactory(new TLSSocketFactory(null, new TrustManager[]{x509TrustManager}, null), x509TrustManager);
        if (z2) {
            builder.hostnameVerifier(CustomHostnameVerifier.getInstance());
        }
    }

    public static void socket_open(long j, Object obj, String str, String str2, int i2, String str3, byte[] bArr) {
        Log.e(TAG, "CBLWebSocket.socket_open()");
        Map<String, Object> asDict = bArr != null ? FLValue.fromData(bArr).asDict() : null;
        if (str.equalsIgnoreCase(C4Replicator.C4_REPLICATOR_SCHEME_2)) {
            str = C4Socket.WEBSOCKET_SCHEME;
        } else if (str.equalsIgnoreCase(C4Replicator.C4_REPLICATOR_TLS_SCHEME_2)) {
            str = C4Socket.WEBSOCKET_SECURE_CONNECTION_SCHEME;
        }
        try {
            CBLWebSocket cBLWebSocket = new CBLWebSocket(j, str, str2, i2, str3, asDict);
            C4Socket.REVERSE_LOOKUP_TABLE.put(Long.valueOf(j), cBLWebSocket);
            cBLWebSocket.start();
        } catch (Exception e2) {
            Log.e(TAG, "Failed to instantiate C4Socket: " + e2);
            e2.printStackTrace();
        }
    }

    private void start() {
        Log.v(TAG, String.format(Locale.ENGLISH, "CBLWebSocket connecting to %s...", this.uri));
        this.httpClient.newWebSocket(newRequest(), this.wsListener);
    }

    private InputStream toStream(byte[] bArr) {
        return new Buffer().write(bArr).inputStream();
    }

    private X509TrustManager trustManagerForCertificates(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        char[] charArray = "umwxnikwxx".toCharArray();
        KeyStore newEmptyKeyStore = newEmptyKeyStore(charArray);
        Iterator<? extends Certificate> it = generateCertificates.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            newEmptyKeyStore.setCertificateEntry(Integer.toString(i2), it.next());
            i2++;
        }
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(newEmptyKeyStore, charArray);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(newEmptyKeyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected void close() {
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected void completedReceive(long j) {
    }

    protected boolean handleClose(Throwable th) {
        return false;
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected void requestClose(int i2, String str) {
        WebSocket webSocket = this.webSocket;
        if (webSocket == null) {
            Log.w(TAG, "CBLWebSocket.requestClose() webSocket is not initialized.");
        } else {
            if (webSocket.close(i2, str)) {
                return;
            }
            Log.w(TAG, "CBLWebSocket.requestClose() Failed to attempt to initiate a graceful shutdown of this web socket.");
        }
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected void send(byte[] bArr) {
        if (this.webSocket.send(ByteString.of(bArr, 0, bArr.length))) {
            completedWrite(bArr.length);
        } else {
            Log.e(TAG, "CBLWebSocket.send() FAILED to send data");
        }
    }
}
