package com.microsoft.office.lync.platform.http.NetworkSecurity;

import android.annotation.SuppressLint;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import com.microsoft.inject.Injector;
import com.microsoft.office.lync.instrumentation.SSAStrings;
import com.microsoft.office.lync.instrumentation.SessionStateAnalytics;
import com.microsoft.office.lync.persistence.X509CertificateInfo;
import com.microsoft.office.lync.platform.ContextProvider;
import com.microsoft.office.lync.platform.http.HttpEngine;
import com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.UserApproval.IUserCertificateApprovalManager;
import com.microsoft.office.lync.platform.http.ServerSslSupport;
import com.microsoft.office.lync.tracing.Trace;
import com.microsoft.office.lync.utility.UserSettingUtils;
import com.microsoft.office.lync.utility.errors.ErrorMessage;
import com.microsoft.office.lync.utility.errors.ErrorUtils;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Set;
import java.util.TreeSet;
import javax.inject.Inject;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

@SuppressLint({"All"})
/* loaded from: classes2.dex */
public abstract class SfbSSLSocketFactory extends SSLSocketFactory {
    private static final String LYNCDISCOVER_EXTERNAL = "lyncdiscover.";
    private static final String LYNCDISCOVER_INTERNAL = "lyncdiscoverinternal.";
    private static final String TAG = String.format("[%s] %s", ErrorUtils.Category.Http.name(), SfbSSLSocketFactory.class.getSimpleName());
    private static String[] mSafeProtocols;
    protected SfbX509TrustManagerAdapter mSfbX509TrustManagerAdapter;

    @Inject
    private IUserCertificateApprovalManager mUserCertificateApprovalManager;

    public SfbSSLSocketFactory() {
        Injector.getInstance().injectNonView(ContextProvider.getContext(), this);
        this.mSfbX509TrustManagerAdapter = new SfbX509TrustManagerAdapter();
    }

    private void addSNISupport(SSLCertificateSocketFactory sSLCertificateSocketFactory, SSLSocket sSLSocket, String str) {
        if (Build.VERSION.SDK_INT >= 17) {
            Trace.v(TAG, String.format("Adding SNI Support for host %s.", str));
            sSLCertificateSocketFactory.setHostname(sSLSocket, str);
            return;
        }
        try {
            Trace.v(TAG, String.format("Adding SNI Support using reflection for host %s.", str));
            sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
        } catch (Exception e) {
            Trace.w(TAG, String.format("Unable to add SNI Support for host %s on device version %d", str, Integer.valueOf(Build.VERSION.SDK_INT)));
            SessionStateAnalytics.onSniFail();
        }
    }

    private void configureSocketToUseSafeProtocols(SSLSocket sSLSocket, String str) {
        if (mSafeProtocols == null) {
            String[] supportedProtocols = sSLSocket.getSupportedProtocols();
            ArrayList arrayList = new ArrayList();
            for (String str2 : supportedProtocols) {
                if (!str2.toLowerCase().startsWith("ssl")) {
                    arrayList.add(str2);
                }
            }
            mSafeProtocols = new String[arrayList.size()];
            arrayList.toArray(mSafeProtocols);
        }
        ServerSslSupport serverSslSupport = HttpEngine.getInstance().mServerSslSupportCache.get(str);
        if (serverSslSupport == null || serverSslSupport.getSupportedProtocols() == null) {
            sSLSocket.setEnabledProtocols(mSafeProtocols);
            return;
        }
        TreeSet treeSet = new TreeSet(Arrays.asList(mSafeProtocols));
        treeSet.retainAll(serverSslSupport.getSupportedProtocols());
        if (treeSet.size() > 0) {
            sSLSocket.setEnabledProtocols((String[]) treeSet.toArray(new String[treeSet.size()]));
        } else {
            Trace.w(TAG, "Server does not support any TLS Protocol. Host:" + str);
        }
        if (serverSslSupport == null || serverSslSupport.getSupportedCiphers() == null) {
            return;
        }
        Set<String> supportedCiphers = serverSslSupport.getSupportedCiphers();
        supportedCiphers.retainAll(new TreeSet(Arrays.asList(sSLSocket.getSupportedCipherSuites())));
        sSLSocket.setEnabledCipherSuites((String[]) supportedCiphers.toArray(new String[supportedCiphers.size()]));
    }

    private boolean getUserApprovalForUnverifiedHostname(SSLSocket sSLSocket, String str) {
        try {
            return this.mUserCertificateApprovalManager.getUserApproval(new X509CertificateInfo((X509Certificate) sSLSocket.getSession().getPeerCertificates()[0]), null, IUserCertificateApprovalManager.Trigger.UnverifiedHostname).isTrusted();
        } catch (Exception e) {
            Trace.w(TAG, String.format("Failed to create X509CertificateInfo in getUserApprovalForUnverifiedHostname. Host: %s", str), e);
            onCertInfoCreateError(e, sSLSocket);
            return false;
        }
    }

    private void onCertInfoCreateError(Exception exc, SSLSocket sSLSocket) {
        String str = SSAStrings.NULL;
        String str2 = SSAStrings.NOT_APPLICABLE;
        String str3 = SSAStrings.NOT_APPLICABLE;
        String str4 = SSAStrings.NOT_APPLICABLE;
        if (sSLSocket != null) {
            str = SSAStrings.NOT_NULL;
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                str2 = SSAStrings.NULL;
            } else {
                str2 = SSAStrings.NOT_NULL;
                Certificate[] certificateArr = null;
                try {
                    certificateArr = session.getPeerCertificates();
                    if (certificateArr == null) {
                        str3 = SSAStrings.NULL;
                    }
                } catch (SSLPeerUnverifiedException e) {
                    str3 = e.getClass().getSimpleName();
                }
                if (certificateArr != null) {
                    if (certificateArr.length == 0) {
                        str3 = SSAStrings.EMPTY;
                    } else {
                        str3 = SSAStrings.NOT_EMPTY;
                        str4 = certificateArr[0] == null ? SSAStrings.NULL : SSAStrings.NOT_NULL;
                    }
                }
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put(SSAStrings.ATTRIBUTE_SOCKET, str);
        hashMap.put(SSAStrings.ATTRIBUTE_SESSION, str2);
        hashMap.put(SSAStrings.ATTRIBUTE_CHAIN, str3);
        hashMap.put(SSAStrings.ATTRIBUTE_HEAD_CERTIFICATE, str4);
        hashMap.put("Exception", exc.getClass().getSimpleName());
        hashMap.put(SSAStrings.ATTRIBUTE_INNER_EXCEPTION_TYPE, exc.getCause() == null ? SSAStrings.NULL : exc.getCause().getClass().getSimpleName());
        SessionStateAnalytics.onCertErrorOnHostnameVerification(hashMap);
    }

    private void throwHostNameVerificationException(String str, boolean z) throws SocketException {
        String format = String.format("Unable to verify host: %s", str);
        Trace.w(TAG, format);
        SessionStateAnalytics.onHostnameVerificationFailed(z);
        throw new SocketException(format);
    }

    protected void configureSocketAndVerifyHostName(SSLCertificateSocketFactory sSLCertificateSocketFactory, SSLSocket sSLSocket, String str) throws SocketException {
        if (sSLSocket == null) {
            ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Http, ErrorMessage.InvalidSocket, str);
            return;
        }
        configureSocketToUseSafeProtocols(sSLSocket, str);
        addSNISupport(sSLCertificateSocketFactory, sSLSocket, str);
        verifyHostName(sSLSocket, str);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(inetAddress, i);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, inetAddress.getHostName());
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(inetAddress, i, inetAddress2, i2);
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, inetAddress.getHostName());
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        SSLSocket sSLSocket;
        SSLCertificateSocketFactory socketFactory = getSocketFactory();
        if (UserSettingUtils.isSniEnabled()) {
            sSLSocket = (SSLSocket) socketFactory.createSocket(InetAddress.getByName(str), i);
        } else {
            Trace.d(TAG, "SNI is disabled");
            sSLSocket = (SSLSocket) socketFactory.createSocket(socket, str, i, z);
        }
        configureSocketAndVerifyHostName(socketFactory, sSLSocket, str);
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return new String[0];
    }

    public abstract HostnameVerifier getHostnameVerifier();

    protected SSLCertificateSocketFactory getSocketFactory() throws SocketException {
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
        sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{this.mSfbX509TrustManagerAdapter});
        return sSLCertificateSocketFactory;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return new String[0];
    }

    void verifyHostName(SSLSocket sSLSocket, String str) throws SocketException {
        if (getHostnameVerifier().verify(str, sSLSocket.getSession())) {
            return;
        }
        Trace.d(TAG, String.format("Hostname verification failed, getting user approval. Host: %s", str));
        if (str.startsWith(LYNCDISCOVER_EXTERNAL) || str.startsWith(LYNCDISCOVER_INTERNAL)) {
            throwHostNameVerificationException(str, true);
        }
        if (getUserApprovalForUnverifiedHostname(sSLSocket, str)) {
            return;
        }
        throwHostNameVerificationException(str, false);
    }
}
