package org.kman.AquaMail.net;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.kman.AquaMail.util.Prefs;
import org.kman.Compat.util.CollectionUtil;
import org.kman.Compat.util.MyLog;

/* loaded from: classes.dex */
public class SSLHardening {
    private static String[] ENABLED_CIPHERS = null;
    private static String[] ENABLED_PROTOCOLS = null;
    public static final int LEVEL_ENABLED = 1;
    public static final int LEVEL_ENABLED_AND_NO_SSLv3 = 2;
    public static final int LEVEL_NONE = 0;
    private static final String TAG = "SSLHardening";
    private static SharedPreferences gSharedPrefs;
    private static int ENABLED_LEVEL = -1;
    private static final String[] ORDERED_KNOWN_CIPHERS = {"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5"};
    private static final String[] BLACKLISTED_CIPHERS = {"SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"};
    private static final String[] ORDERED_KNOWN_PROTOCOLS = {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"};
    private static final String[] BLACKLISTED_PROTOCOLS_SSLv3 = {"SSLv3"};
    private static final String[] DEPRECATED_CIPHER_SUITES_TO_ENABLE = {"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA"};

    private static String[] enable(String[] strArr, String[] strArr2, String[] strArr3) {
        if (strArr == null) {
            return null;
        }
        ArrayList newArrayList = CollectionUtil.newArrayList(strArr.length);
        Set<String> listToSet = listToSet(strArr);
        for (String str : strArr2) {
            if (listToSet.contains(str)) {
                newArrayList.add(str);
            }
        }
        Set<String> listToSet2 = listToSet(strArr2);
        for (String str2 : strArr3) {
            if (!listToSet2.contains(str2) && listToSet.contains(str2)) {
                newArrayList.add(str2);
            }
        }
        if (MyLog.isEnabled()) {
            MyLog.i(TAG, "Legacy reorder: %s, %s", Arrays.toString(strArr2), Arrays.toString(strArr3));
            MyLog.i(TAG, "-> %s", newArrayList);
        }
        return (String[]) newArrayList.toArray(new String[newArrayList.size()]);
    }

    private static SharedPreferences getSharedPrefsLocked(Context context) {
        if (gSharedPrefs == null) {
            gSharedPrefs = PreferenceManager.getDefaultSharedPreferences(context.getApplicationContext());
        }
        return gSharedPrefs;
    }

    public static void hardenSocket(Context context, Socket socket, int i) {
        if (!(socket instanceof SSLSocket) || i < 0) {
            return;
        }
        hardenSocketImpl(context, (SSLSocket) socket, i);
    }

    private static void hardenSocketImpl(Context context, SSLSocket sSLSocket, int i) {
        String[] strArr;
        String[] strArr2;
        synchronized (SSLHardening.class) {
            if (ENABLED_LEVEL != i) {
                ENABLED_LEVEL = i;
                if (i >= 1) {
                    boolean z = i >= 2;
                    ENABLED_CIPHERS = reorder(sSLSocket.getSupportedCipherSuites(), ORDERED_KNOWN_CIPHERS, BLACKLISTED_CIPHERS);
                    ENABLED_PROTOCOLS = reorder(sSLSocket.getSupportedProtocols(), ORDERED_KNOWN_PROTOCOLS, z ? BLACKLISTED_PROTOCOLS_SSLv3 : null);
                } else if (i != 0 || Build.VERSION.SDK_INT < 20) {
                    ENABLED_CIPHERS = null;
                    ENABLED_PROTOCOLS = null;
                } else {
                    ENABLED_CIPHERS = enable(sSLSocket.getSupportedCipherSuites(), sSLSocket.getEnabledCipherSuites(), DEPRECATED_CIPHER_SUITES_TO_ENABLE);
                    ENABLED_PROTOCOLS = null;
                }
            }
            strArr = ENABLED_CIPHERS;
            strArr2 = ENABLED_PROTOCOLS;
        }
        if (strArr != null) {
            if (MyLog.isEnabled()) {
                MyLog.i(TAG, "Setting SSL ciphers: %s", Arrays.toString(strArr));
            }
            sSLSocket.setEnabledCipherSuites(strArr);
        }
        if (strArr2 != null) {
            if (MyLog.isEnabled()) {
                MyLog.i(TAG, "Setting SSL protocols: %s", Arrays.toString(strArr2));
            }
            sSLSocket.setEnabledProtocols(strArr2);
        }
    }

    public static int isHardeningEnabled(Context context) {
        int i = 0;
        synchronized (SSLHardening.class) {
            SharedPreferences sharedPrefsLocked = getSharedPrefsLocked(context);
            if (sharedPrefsLocked.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_KEY, false)) {
                i = sharedPrefsLocked.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_NO_SSLv3_KEY, false) ? 2 : 1;
            }
        }
        return i;
    }

    private static Set<String> listToSet(String[] strArr) {
        Set<String> newHashSet = CollectionUtil.newHashSet();
        for (String str : strArr) {
            newHashSet.add(str);
        }
        return newHashSet;
    }

    public static void logSocket(Socket socket) {
        if (socket instanceof SSLSocket) {
            logSocketImpl((SSLSocket) socket);
        }
    }

    private static void logSocketImpl(SSLSocket sSLSocket) {
        if (MyLog.isEnabled()) {
            SSLSession session = sSLSocket.getSession();
            MyLog.msg(2, "Encryption: protocol %s, cipher %s", session.getProtocol(), session.getCipherSuite());
        }
    }

    private static String[] reorder(String[] strArr, String[] strArr2, String[] strArr3) {
        if (strArr == null) {
            return null;
        }
        ArrayList newArrayList = CollectionUtil.newArrayList(strArr.length);
        Set<String> listToSet = strArr3 != null ? listToSet(strArr3) : null;
        Set<String> listToSet2 = listToSet(strArr);
        for (String str : strArr2) {
            if (listToSet2.contains(str) && (listToSet == null || !listToSet.contains(str))) {
                newArrayList.add(str);
            }
        }
        Set<String> listToSet3 = listToSet(strArr2);
        for (String str2 : strArr) {
            if (!listToSet3.contains(str2) && (listToSet == null || !listToSet.contains(str2))) {
                newArrayList.add(str2);
            }
        }
        if (MyLog.isEnabled()) {
            MyLog.i(TAG, "Hardening reorder: %s, %s, %s", Arrays.toString(strArr), Arrays.toString(strArr2), Arrays.toString(strArr3));
            MyLog.i(TAG, "-> %s", newArrayList);
        }
        return (String[]) newArrayList.toArray(new String[newArrayList.size()]);
    }
}
