package com.quad9.aegis.Model;

import android.net.VpnService;
import android.os.Build;
import android.os.PatternMatcher;
import android.util.Log;
import androidx.constraintlayout.core.motion.utils.TypedValues;
import com.quad9.aegis.MainActivity$$ExternalSyntheticApiModelOutline0;
import de.measite.minidns.dnsserverlookup.UnixUsingEtcResolvConf;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathChecker;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.acra.ACRAConstants;
import org.conscrypt.Conscrypt;
import org.slf4j.Marker;

/* loaded from: classes3.dex */
public class SSLConnector {
    private static final String TAG = "SSLConnector";
    public MyHandshakeListener handshakeListener = null;

    private SSLSocket buildSocket(VpnService vpnService, int i) {
        CertPathChecker revocationChecker;
        String serverName = getServerName();
        try {
            Log.d(TAG, "Locating socket factory for SSL...");
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3", Conscrypt.newProvider());
            sSLContext.init(null, null, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Log.d(TAG, "Provider " + sSLContext.getProvider());
            Log.d(TAG, "Creating secure socket to " + serverName + ":853");
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket();
            sSLSocket.setReuseAddress(true);
            if (Build.VERSION.SDK_INT >= 24 && DnsSeeker.getStatus().isCustomServer()) {
                SSLParameters sSLParameters = new SSLParameters();
                MainActivity$$ExternalSyntheticApiModelOutline0.m$2();
                sSLParameters.setServerNames(Collections.singletonList(MainActivity$$ExternalSyntheticApiModelOutline0.m(serverName)));
                sSLSocket.setSSLParameters(sSLParameters);
            }
            sSLSocket.setSSLParameters(new SSLParameters());
            sSLSocket.setEnabledProtocols(new String[]{"TLSv1.3"});
            if (vpnService != null) {
                sSLSocket.bind(null);
                vpnService.protect(sSLSocket);
            }
            if (DnsSeeker.getStatus().isCustomServer()) {
                sSLSocket.connect(new InetSocketAddress(DnsSeeker.getStatus().getCustomServerIp(), 853), i);
            } else {
                sSLSocket.connect(new InetSocketAddress(serverName, 853), i);
            }
            Log.d(TAG, "Enabling all available cipher suites...");
            sSLSocket.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"});
            Log.d(TAG, "Registering a handshake listener...");
            MyHandshakeListener myHandshakeListener = new MyHandshakeListener();
            this.handshakeListener = myHandshakeListener;
            sSLSocket.addHandshakeCompletedListener(myHandshakeListener);
            Log.d(TAG, "Starting handshaking...");
            sSLSocket.startHandshake();
            Log.d(TAG, "Just connected to " + sSLSocket.getRemoteSocketAddress());
            if (Build.VERSION.SDK_INT >= 24) {
                CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                CertificateFactory certificateFactory = CertificateFactory.getInstance(ACRAConstants.DEFAULT_CERTIFICATE_TYPE);
                PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(sSLSocket.getSession().getPeerCertificates()[1].getEncoded())), null)));
                pKIXParameters.setRevocationEnabled(false);
                System.setProperty("com.sun.net.ssl.checkRevocation", "true");
                Security.setProperty("ocsp.enable", "true");
                CertPath generateCertPath = certificateFactory.generateCertPath(Arrays.asList(sSLSocket.getSession().getPeerCertificates()[0]));
                revocationChecker = certPathBuilder.getRevocationChecker();
                MainActivity$$ExternalSyntheticApiModelOutline0.m431m((Object) revocationChecker);
            }
            if (!DnsSeeker.getStatus().isDebugMode()) {
                if (DnsSeeker.getStatus().isCustomServer()) {
                    validateCertificates(sSLSocket, serverName, DnsSeeker.getStatus().getCustomServerIp());
                } else if (!sSLSocket.getSession().getPeerCertificateChain()[0].getSubjectDN().getName().contains("quad9.net")) {
                    throw new Exception("Hostname error");
                }
            }
            sSLSocket.setTcpNoDelay(true);
            return sSLSocket;
        } catch (Exception e) {
            Log.e(TAG, "connection failed with " + e);
            return null;
        }
    }

    public static boolean testSocket(String str, VpnService vpnService) {
        SSLSocket sSLSocket;
        SSLSocket sSLSocket2 = null;
        try {
            Log.d(TAG, "Locating socket factory for SSL...");
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3", Conscrypt.newProvider());
            sSLContext.init(null, null, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Log.d(TAG, "Creating secure socket to " + str + ":853");
            sSLSocket = (SSLSocket) socketFactory.createSocket();
        } catch (Exception e) {
            e = e;
        }
        try {
            if (Build.VERSION.SDK_INT >= 24 && DnsSeeker.getStatus().isCustomServer()) {
                SSLParameters sSLParameters = new SSLParameters();
                MainActivity$$ExternalSyntheticApiModelOutline0.m$2();
                sSLParameters.setServerNames(Collections.singletonList(MainActivity$$ExternalSyntheticApiModelOutline0.m(str)));
                sSLSocket.setSSLParameters(sSLParameters);
            }
            sSLSocket.setEnabledProtocols(new String[]{"TLSv1.3"});
            if (vpnService != null) {
                sSLSocket.bind(null);
                vpnService.protect(sSLSocket);
            }
            if (DnsSeeker.getStatus().isCustomServer()) {
                sSLSocket.connect(new InetSocketAddress(DnsSeeker.getStatus().getCustomServerIp(), 853), TypedValues.Custom.TYPE_INT);
            } else {
                sSLSocket.connect(new InetSocketAddress(str, 853), TypedValues.Custom.TYPE_INT);
            }
            Log.d(TAG, "Enabling all available cipher suites...");
            sSLSocket.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"});
            Log.d(TAG, "Registering a handshake listener...");
            Log.d(TAG, "Starting handshaking...");
            sSLSocket.startHandshake();
            Log.d(TAG, "Just connected to " + sSLSocket.getRemoteSocketAddress());
            if (!DnsSeeker.getStatus().isDebugMode()) {
                if (DnsSeeker.getStatus().isCustomServer()) {
                    validateCertificates(sSLSocket, str, DnsSeeker.getStatus().getCustomServerIp());
                } else if (!sSLSocket.getSession().getPeerCertificateChain()[0].getSubjectDN().getName().contains("quad9.net")) {
                    throw new Exception("Hostname error");
                }
            }
            sSLSocket.setTcpNoDelay(true);
            sSLSocket.close();
            return true;
        } catch (Exception e2) {
            e = e2;
            sSLSocket2 = sSLSocket;
            Log.d("Test socket failed: ", "" + e);
            if (sSLSocket2 != null) {
                try {
                    sSLSocket2.close();
                } catch (IOException e3) {
                    Log.d("Closing test socket failed: ", "" + e3);
                }
            }
            return false;
        }
    }

    private static void validateCertificates(SSLSocket sSLSocket, String str, String str2) throws Exception {
        if (!str.equals(str2) && !sSLSocket.getSession().getPeerHost().contains(str)) {
            throw new Exception("Hostname error. Expected " + str + ", but found " + sSLSocket.getSession().getPeerHost());
        }
        Collection<List<?>> subjectAlternativeNames = ((X509Certificate) sSLSocket.getSession().getPeerCertificates()[0]).getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            throw new Exception("Missing alt names in certificate.");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 2) {
                arrayList.add((String) list.get(1));
            }
            if (((Integer) list.get(0)).intValue() == 7) {
                arrayList2.add((String) list.get(1));
            }
        }
        if (!str.equals(str2)) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (new PatternMatcher(((String) it.next()).replace(Marker.ANY_MARKER, ".*"), 2).match(str)) {
                }
            }
            throw new Exception("Certificate DNS hostname error. Expected " + str + ", but found " + arrayList);
        }
        if (arrayList2.isEmpty() || arrayList2.contains(str2)) {
            return;
        }
        throw new Exception("Certificate IP error. Expected " + str2 + ", but found " + arrayList2);
    }

    public SSLSocket connectSSL(boolean z, VpnService vpnService) {
        Log.w(TAG, Thread.currentThread().toString());
        int i = z ? 1000 : UnixUsingEtcResolvConf.PRIORITY;
        SSLSocket buildSocket = buildSocket(vpnService, i);
        if (buildSocket == null) {
            DnsSeeker.getStatus().changeServer();
            buildSocket = buildSocket(vpnService, i);
        }
        if (buildSocket == null && DnsSeeker.status.isUsingIpv6()) {
            DnsSeeker.status.setUsingIpv6(false);
            buildSocket = buildSocket(vpnService, i);
        }
        if (buildSocket != null) {
            DnsSeeker.getStatus().increTraffic(GlobalVariables.CONNECTION);
        }
        return buildSocket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MyHandshakeListener getHandshakeListener() {
        return this.handshakeListener;
    }

    public String getServerName() {
        return DnsSeeker.getStatus().getServerName();
    }
}
