package org.kman.AquaMail.net;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import java.lang.reflect.Method;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.kman.AquaMail.util.Prefs;

/* loaded from: classes2.dex */
public class i {
    private static final int LEVEL_ENABLED = 1;
    private static final int LEVEL_ENABLED_AND_NO_SSLv3 = 2;
    public static final int LEVEL_NONE = 0;
    public static final boolean SSLv3_NOT_SUPPORTED;
    private static final String TAG = "SSLHardening";

    /* renamed from: a, reason: collision with root package name */
    private static int f4502a;

    /* renamed from: b, reason: collision with root package name */
    private static String[] f4503b;

    /* renamed from: c, reason: collision with root package name */
    private static String[] f4504c;
    private static final String[] d;
    private static final String[] e;
    private static final String[] f;
    private static final String[] g;
    private static final String[] h;
    private static final String[] i;
    private static final a j;
    private static SharedPreferences k;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public interface a {
        boolean isBlackListed(String str);
    }

    static {
        SSLv3_NOT_SUPPORTED = Build.VERSION.SDK_INT >= 26;
        f4502a = -1;
        d = new String[]{"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
        e = new String[]{"SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_FALLBACK_SCSV"};
        f = new String[]{"TLS_FALLBACK_SCSV"};
        g = new String[]{"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"};
        h = new String[]{"SSLv3"};
        i = new String[]{"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5"};
        j = new a() { // from class: org.kman.AquaMail.net.-$$Lambda$i$2N03e-mbsRw2vMrZ92Sv4vlU_DM
            @Override // org.kman.AquaMail.net.i.a
            public final boolean isBlackListed(String str) {
                boolean a2;
                a2 = i.a(str);
                return a2;
            }
        };
    }

    public static int a(Context context) {
        synchronized (i.class) {
            SharedPreferences b2 = b(context);
            if (b2.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_KEY, false)) {
                return b2.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_NO_SSLv3_KEY, false) ? 2 : 1;
            }
            return 0;
        }
    }

    private static Set<String> a(String[] strArr) {
        Set<String> c2 = org.kman.Compat.util.e.c();
        Collections.addAll(c2, strArr);
        return c2;
    }

    public static void a(Context context, Socket socket, int i2) {
        if (!(socket instanceof SSLSocket) || i2 < 0) {
            return;
        }
        a(context, (SSLSocket) socket, i2);
    }

    private static void a(Context context, SSLSocket sSLSocket, int i2) {
        String[] strArr;
        String[] strArr2;
        synchronized (i.class) {
            if (f4502a != i2) {
                f4502a = i2;
                boolean z = true;
                if (i2 >= 1) {
                    if (!SSLv3_NOT_SUPPORTED && i2 < 2) {
                        z = false;
                    }
                    f4503b = a(sSLSocket.getSupportedCipherSuites(), sSLSocket.getEnabledCipherSuites(), d, e, j);
                    f4504c = a(sSLSocket.getSupportedProtocols(), null, g, z ? h : null, null);
                } else if (i2 == 0 && Build.VERSION.SDK_INT >= 21) {
                    f4503b = a(sSLSocket.getSupportedCipherSuites(), sSLSocket.getEnabledCipherSuites(), i, f);
                    f4504c = a(sSLSocket.getSupportedProtocols(), null, g, null, null);
                } else if (i2 != 0 || Build.VERSION.SDK_INT < 16) {
                    f4503b = null;
                    f4504c = null;
                } else {
                    f4503b = null;
                    f4504c = a(sSLSocket.getSupportedProtocols(), null, g, null, null);
                }
            }
            strArr = f4503b;
            strArr2 = f4504c;
        }
        if (strArr != null) {
            if (org.kman.Compat.util.i.d()) {
                org.kman.Compat.util.i.a(TAG, "Setting SSL ciphers: %s", Arrays.toString(strArr));
            }
            sSLSocket.setEnabledCipherSuites(strArr);
        }
        if (strArr2 != null) {
            if (org.kman.Compat.util.i.d()) {
                org.kman.Compat.util.i.a(TAG, "Setting SSL protocols: %s", Arrays.toString(strArr2));
            }
            sSLSocket.setEnabledProtocols(strArr2);
        }
    }

    public static void a(Socket socket) {
        if (org.kman.Compat.util.i.d() && (socket instanceof SSLSocket)) {
            a((SSLSocket) socket);
        }
    }

    public static void a(Socket socket, String str) {
        Method declaredMethod;
        if (!(socket instanceof SSLSocket) || Build.VERSION.SDK_INT < 19 || Build.VERSION.SDK_INT >= 24) {
            return;
        }
        try {
            Class<?> cls = socket.getClass();
            String name = cls.getName();
            if (!name.startsWith("com.android.org.conscrypt.") || name.endsWith("Wrapper") || (declaredMethod = cls.getDeclaredMethod("setHostname", String.class)) == null) {
                return;
            }
            declaredMethod.invoke(socket, str);
            org.kman.Compat.util.i.a(2, "Set socket %s SNI to %s", name, str);
        } catch (Exception e2) {
            org.kman.Compat.util.i.a(2, "Error setting SNI", (Throwable) e2);
        }
    }

    private static void a(SSLSocket sSLSocket) {
        SSLSession session = sSLSocket.getSession();
        org.kman.Compat.util.i.a(2, "Encryption: protocol %s, cipher %s", session.getProtocol(), session.getCipherSuite());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean a(String str) {
        return str.contains("_anon_") || str.contains("_NULL_");
    }

    private static String[] a(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4) {
        if (strArr == null) {
            return null;
        }
        Set c2 = org.kman.Compat.util.e.c();
        if (strArr4 != null) {
            Collections.addAll(c2, strArr4);
        }
        ArrayList a2 = org.kman.Compat.util.e.a(strArr.length);
        Set<String> a3 = a(strArr);
        for (String str : strArr2) {
            if (a3.contains(str) && !c2.contains(str)) {
                a2.add(str);
            }
        }
        Set<String> a4 = a(strArr2);
        for (String str2 : strArr3) {
            if (!a4.contains(str2) && a3.contains(str2) && !c2.contains(str2)) {
                a2.add(str2);
            }
        }
        if (org.kman.Compat.util.i.d()) {
            org.kman.Compat.util.i.a(TAG, "Legacy reorder: %s, %s, %s", Arrays.toString(strArr2), Arrays.toString(strArr3), Arrays.toString(strArr4));
            org.kman.Compat.util.i.a(TAG, "-> %s", a2);
        }
        return (String[]) a2.toArray(new String[a2.size()]);
    }

    private static String[] a(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4, a aVar) {
        if (strArr == null) {
            return null;
        }
        Set c2 = org.kman.Compat.util.e.c();
        if (strArr4 != null) {
            Collections.addAll(c2, strArr4);
        }
        ArrayList a2 = org.kman.Compat.util.e.a(strArr.length);
        Set<String> a3 = a(strArr);
        for (String str : strArr3) {
            if (a3.contains(str) && !c2.contains(str)) {
                a2.add(str);
            }
        }
        if (strArr2 != null) {
            Set b2 = org.kman.Compat.util.e.b(a2);
            for (String str2 : strArr2) {
                if (!b2.contains(str2) && !c2.contains(str2)) {
                    a2.add(str2);
                }
            }
        }
        if (aVar != null) {
            Iterator it = a2.iterator();
            while (it.hasNext()) {
                if (aVar.isBlackListed((String) it.next())) {
                    it.remove();
                }
            }
        }
        if (org.kman.Compat.util.i.d()) {
            org.kman.Compat.util.i.a(TAG, "Hardening reorder: %s, %s, %s, %s", Arrays.toString(strArr), Arrays.toString(strArr2), Arrays.toString(strArr3), Arrays.toString(strArr4));
            org.kman.Compat.util.i.a(TAG, "-> %s", a2);
        }
        return (String[]) a2.toArray(new String[a2.size()]);
    }

    private static SharedPreferences b(Context context) {
        if (k == null) {
            k = PreferenceManager.getDefaultSharedPreferences(context.getApplicationContext());
        }
        return k;
    }
}
