package com.acompli.libcircle.net;

import com.acompli.libcircle.ClInterfaces;
import com.acompli.libcircle.metrics.EventBuilderAndLogger;
import com.acompli.libcircle.metrics.EventLogger;
import com.acompli.libcircle.util.Logger;
import com.acompli.libcircle.util.LoggerFactory;
import com.acompli.libcircle.util.StreamUtil;
import com.squareup.okhttp.internal.tls.OkHostnameVerifier;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes.dex */
public class SocketServerConnFactory implements ServerConnFactory {
    private static final Logger log = LoggerFactory.getLogger(SocketServerConnFactory.class);
    private final ClInterfaces.ClConfig config;
    private final EventLogger eventLogger;
    private final KeyStore trustStore;

    public SocketServerConnFactory(ClInterfaces.ClConfig clConfig, KeyStore keyStore, EventLogger eventLogger) {
        this.config = clConfig;
        this.trustStore = keyStore;
        this.eventLogger = eventLogger;
    }

    private SSLSocket openSocketConnection() throws IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.trustStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(this.config.getApiHost(), this.config.getApiPort());
            sSLSocket.startHandshake();
            sSLSocket.setKeepAlive(true);
            return sSLSocket;
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private void validateHostname(SSLSocket sSLSocket) throws SSLException {
        if (OkHostnameVerifier.INSTANCE.verify(this.config.getApiHost(), sSLSocket.getSession())) {
            return;
        }
        log.w("SSL handshake completed, but the server cert does not match the hostname");
        log.v("expected hostname: " + this.config.getApiHost());
        log.v("peer principal: " + sSLSocket.getSession().getPeerPrincipal().getName());
        EventBuilderAndLogger eventBuilderAndLogger = this.eventLogger.build("ssl_invalid_hostname").set("hostname", this.config.getApiHost()).set("peer_principal", sSLSocket.getSession().getPeerPrincipal().getName());
        try {
            String bigInteger = new BigInteger(sSLSocket.getSession().getPeerCertificates()[0].getEncoded()).toString(16);
            log.v("leaf cert: " + bigInteger);
            eventBuilderAndLogger.set("leaf_cert", bigInteger);
        } catch (CertificateEncodingException e) {
            log.e("Failed to encode the offending leaf cert", e);
        }
        eventBuilderAndLogger.finish();
        throw new SSLException("Certificate is not valid for hostname " + this.config.getApiHost());
    }

    @Override // com.acompli.libcircle.net.ServerConnFactory
    public ServerConn createSocket() throws IOException {
        log.i("Creating socket to " + this.config.getApiHost() + ":" + this.config.getApiPort());
        SSLSocket sSLSocket = null;
        InputStream inputStream = null;
        OutputStream outputStream = null;
        boolean z = false;
        try {
            sSLSocket = openSocketConnection();
            validateHostname(sSLSocket);
            inputStream = sSLSocket.getInputStream();
            outputStream = sSLSocket.getOutputStream();
            z = true;
            return new ServerConn(sSLSocket, inputStream, outputStream, this.eventLogger);
        } finally {
            if (!z) {
                StreamUtil.safelyClose(outputStream);
                StreamUtil.safelyClose(inputStream);
                StreamUtil.safelyClose((Socket) sSLSocket);
            }
        }
    }
}
