package org.andstatus.app.net.http;

import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.andstatus.app.context.MyPreferences;
import org.andstatus.app.util.MyLog;
import org.apache.http.HttpHost;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.protocol.HttpContext;

/* loaded from: classes.dex */
public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
    private static final ConcurrentHashMap<SslModeEnum, TlsSniSocketFactory> instances = new ConcurrentHashMap<>();
    private final boolean secure;
    private final SSLCertificateSocketFactory sslSocketFactory;

    public TlsSniSocketFactory(SslModeEnum sslModeEnum) {
        this.secure = sslModeEnum == SslModeEnum.SECURE;
        if (this.secure) {
            this.sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(MyPreferences.getConnectionTimeoutMs());
        } else {
            this.sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getInsecure(MyPreferences.getConnectionTimeoutMs(), null);
            MyLog.i(this, "Insecure SSL allowed");
        }
    }

    @TargetApi(17)
    private void connectWithSNI(SSLSocket sSLSocket, String str) throws SSLPeerUnverifiedException {
        sSLSocket.setEnabledProtocols(sSLSocket.getSupportedProtocols());
        if (Build.VERSION.SDK_INT >= 17) {
            MyLog.d(this, "Using documented SNI with host name " + str);
            this.sslSocketFactory.setHostname(sSLSocket, str);
        } else {
            MyLog.d(this, "No documented SNI support on Android <4.2, trying with reflection");
            try {
                sSLSocket.getClass().getMethod("setHostname", String.class).invoke(sSLSocket, str);
            } catch (Exception e) {
                MyLog.i(this, "SNI not useable", e);
            }
        }
        SSLSession session = sSLSocket.getSession();
        if (!session.isValid()) {
            MyLog.i(this, "Invalid session to host:'" + str + "'");
        }
        if (!(this.secure ? new BrowserCompatHostnameVerifier() : new AllowAllHostnameVerifier()).verify(str, session)) {
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + str);
        }
        MyLog.i(this, "Established " + session.getProtocol() + " connection with " + session.getPeerHost() + " using " + session.getCipherSuite());
    }

    public static void forget() {
        instances.clear();
    }

    public static ConnectionSocketFactory getInstance(SslModeEnum sslModeEnum) {
        if (!instances.containsKey(sslModeEnum)) {
            instances.put(sslModeEnum, new TlsSniSocketFactory(sslModeEnum));
        }
        return instances.get(sslModeEnum);
    }

    @Override // org.apache.http.conn.socket.ConnectionSocketFactory
    public Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) throws IOException {
        MyLog.d(this, "Preparing direct SSL connection (without proxy) to " + httpHost);
        socket.close();
        SSLSocket sSLSocket = (SSLSocket) this.sslSocketFactory.createSocket(inetSocketAddress.getAddress(), httpHost.getPort());
        connectWithSNI(sSLSocket, httpHost.getHostName());
        return sSLSocket;
    }

    @Override // org.apache.http.conn.socket.LayeredConnectionSocketFactory
    public Socket createLayeredSocket(Socket socket, String str, int i, HttpContext httpContext) throws IOException {
        MyLog.d(this, "Preparing layered SSL connection (over proxy) to " + str);
        SSLSocket sSLSocket = (SSLSocket) this.sslSocketFactory.createSocket(socket, str, i, true);
        MyLog.w(this, "Setting SNI/TLSv1.2 will silently fail because the handshake is already done");
        connectWithSNI(sSLSocket, str);
        return sSLSocket;
    }

    @Override // org.apache.http.conn.socket.ConnectionSocketFactory
    public Socket createSocket(HttpContext httpContext) throws IOException {
        return this.sslSocketFactory.createSocket();
    }
}
