package com.amazon.whisperlink.feature.security.transport;

import android.content.Context;
import com.amazon.whisperlink.annotation.Concurrency;
import com.amazon.whisperlink.feature.security.android.PasswordProvider;
import com.amazon.whisperlink.feature.security.android.PasswordProviderFactory;
import com.amazon.whisperlink.feature.security.android.WPSSLTransportParameters;
import com.amazon.whisperlink.port.android.transport.TExternalSocketFactory;
import com.amazon.whisperlink.service.Route;
import com.amazon.whisperlink.settings.ConnectionSettings;
import com.amazon.whisperlink.transport.TransportOptions;
import com.amazon.whisperlink.util.Log;
import com.amazon.whisperlink.util.StringUtil;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TServerTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;

/* loaded from: classes2.dex */
public class TExternalSecureSocketFactory extends TExternalSocketFactory {
    private static final String[] ENABLED_SSL_PROTOCOLS = {"TLSv1", "TLSv1.1", "TLSv1.2"};
    private static final String TAG = "TExternalSecureSocketFactory";
    private final Object inetSecureRouteLock;
    private PasswordProviderFactory mPasswordProviderFactory;

    @Concurrency.GuardedBy("inetSecureRouteLock")
    private int secureServerSocketPort;

    public TExternalSecureSocketFactory(Context context, ConnectionSettings connectionSettings) {
        super(context, connectionSettings);
        this.inetSecureRouteLock = new Object();
        this.secureServerSocketPort = -1;
        this.mPasswordProviderFactory = new PasswordProviderFactory(context);
    }

    public static SSLContext createSSLContext(PasswordProvider passwordProvider) throws TTransportException {
        try {
            passwordProvider.validateParams();
            SSLContext sSLContext = SSLContext.getInstance(passwordProvider.getSSLParams().protocol);
            TrustManager[] trustManagers = passwordProvider.getTrustManagers();
            KeyManager[] keyManagers = passwordProvider.getKeyManagers();
            Log.debug(TAG, "Creating SSL Context. #TM=" + trustManagers.length + " #KM=" + keyManagers.length);
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        } catch (Exception e) {
            throw new TTransportException("Error creating the transport", e);
        }
    }

    public static TSocket createSecureTCPSocketClient(SSLSocketFactory sSLSocketFactory, String str, int i, int i2, int i3) throws TTransportException {
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(createTCPSecureSocketClientHelper(str, i, i2), str, i, true);
            sSLSocket.setEnabledProtocols(ENABLED_SSL_PROTOCOLS);
            sSLSocket.setSoTimeout(i3);
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            SSLSession session = sSLSocket.getSession();
            if (session.isValid()) {
                Log.debug(TAG, "Creating SSL Client Socket on port " + i + " valid? " + session.isValid());
                return new TSocket(sSLSocket, i2);
            }
            Log.debug(TAG, "Could not connect or handshake to " + str + " on port" + i);
            throw new TTransportException("Could not connect or handshake to host on port " + i);
        } catch (TTransportException e) {
            throw e;
        } catch (Exception e2) {
            Log.debug(TAG, "Could not connect to " + str + " on port " + i, e2);
            throw new TTransportException(e2);
        }
    }

    private static TServerSocket createSecureTCPSocketServer(SSLServerSocketFactory sSLServerSocketFactory, int i, int i2, InetAddress inetAddress, WPSSLTransportParameters wPSSLTransportParameters) throws TTransportException {
        try {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket(i, 100, inetAddress);
            sSLServerSocket.setEnabledProtocols(ENABLED_SSL_PROTOCOLS);
            sSLServerSocket.setSoTimeout(i2);
            sSLServerSocket.setNeedClientAuth(wPSSLTransportParameters.clientAuth);
            wPSSLTransportParameters.setCipherSuites(sSLServerSocket.getEnabledCipherSuites());
            String[] enabledCipherSuites = sSLServerSocket.getEnabledCipherSuites();
            if (enabledCipherSuites != null) {
                Log.debug(TAG, "Enabled cipher Suites length :" + enabledCipherSuites.length);
                for (String str : enabledCipherSuites) {
                    Log.debug(TAG, "Enabled cipher suite :" + str);
                }
            } else {
                Log.debug(TAG, "Cipher Suites is null for server socket");
            }
            if (wPSSLTransportParameters == null || wPSSLTransportParameters.cipherSuites == null) {
                Log.warning(TAG, "Attempting to call createServer (secure) without loading cipher suites");
            } else {
                sSLServerSocket.setEnabledCipherSuites(wPSSLTransportParameters.cipherSuites);
            }
            Log.debug(TAG, "Creating SSL Server Socket on port " + sSLServerSocket.getLocalPort());
            return new TServerSocket(sSLServerSocket, i2);
        } catch (Exception e) {
            throw new TTransportException("Could not bind to port " + i, e);
        }
    }

    protected static Socket createTCPSecureSocketClientHelper(String str, int i, int i2) throws TTransportException {
        try {
            Socket socket = new Socket();
            socket.connect(new InetSocketAddress(str, i), i2);
            return socket;
        } catch (Exception e) {
            Log.debug(TAG, "createTCPSocketClient Exception: host=" + str + " :port " + i, e);
            throw new TTransportException(e);
        }
    }

    private static TSocket getSecureClientSocket(String str, int i, int i2, int i3, PasswordProvider passwordProvider) throws TTransportException {
        WPSSLTransportParameters sSLParams = passwordProvider.getSSLParams();
        if (sSLParams == null || !(sSLParams.isKeyStoreSet || sSLParams.isTrustStoreSet)) {
            throw new TTransportException("Either one of the KeyStore or TrustStore must be set for SSLTransportParameters");
        }
        return createSecureTCPSocketClient(createSSLContext(passwordProvider).getSocketFactory(), str, i, i2, i3);
    }

    public static TServerSocket getSecureTCPServerSocket(int i, int i2, InetAddress inetAddress, PasswordProvider passwordProvider) throws TTransportException {
        WPSSLTransportParameters sSLParams = passwordProvider.getSSLParams();
        if (sSLParams == null || !(sSLParams.isKeyStoreSet || sSLParams.isTrustStoreSet)) {
            throw new TTransportException("Either one of the KeyStore or TrustStore must be set for SSLTransportParameters");
        }
        return createSecureTCPSocketServer(createSSLContext(passwordProvider).getServerSocketFactory(), i, i2, inetAddress, sSLParams);
    }

    @Override // com.amazon.whisperlink.port.android.transport.TExternalSocketFactory, com.amazon.whisperlink.transport.TExternalCommunicationChannelFactory
    public TServerTransport getSecureServerTransport() throws TTransportException {
        TServerSocket secureTCPServerSocket;
        int i = this.secureServerSocketPort;
        synchronized (this.inetSecureRouteLock) {
            try {
                secureTCPServerSocket = getSecureTCPServerSocket(this.secureServerSocketPort > 0 ? this.secureServerSocketPort : 0, this.inetConnectionSettings.getReadTimeOut(), null, this.mPasswordProviderFactory.getPasswordProvider());
            } catch (TTransportException e) {
                Log.info(TAG, "Exception when attempting to get secure server socket on port :" + this.secureServerSocketPort + ". Creating socket on new port.", e);
                this.secureServerSocketPort = -1;
                secureTCPServerSocket = getSecureTCPServerSocket(0, this.inetConnectionSettings.getReadTimeOut(), null, this.mPasswordProviderFactory.getPasswordProvider());
            }
            this.secureServerSocketPort = secureTCPServerSocket.getServerSocket().getLocalPort();
            Log.info(TAG, "Secure Server transport created on port :" + this.secureServerSocketPort);
        }
        if (i != this.secureServerSocketPort) {
            submitRefreshInetRouteTask();
        }
        return secureTCPServerSocket;
    }

    @Override // com.amazon.whisperlink.port.android.transport.TExternalSocketFactory, com.amazon.whisperlink.transport.TExternalCommunicationChannelFactory
    public TTransport getSecureTransport(TransportOptions transportOptions) throws TTransportException {
        if (transportOptions == null) {
            throw new TTransportException("No transport options specified");
        }
        Route connInfo = transportOptions.getConnInfo();
        if (connInfo == null) {
            throw new TTransportException("Route not supported for this device");
        }
        String str = connInfo.ipv4;
        String str2 = connInfo.ipv6;
        if (StringUtil.isEmpty(str) && StringUtil.isEmpty(str2)) {
            return null;
        }
        if (!StringUtil.isEmpty(str)) {
            return getSecureClientSocket(str, connInfo.getSecurePort(), transportOptions.getConnectTimeout(), transportOptions.getReadTimeout(), this.mPasswordProviderFactory.getPasswordProvider());
        }
        if (StringUtil.isEmpty(str2)) {
            return null;
        }
        return getSecureClientSocket(str2, connInfo.getSecurePort(), transportOptions.getConnectTimeout(), transportOptions.getReadTimeout(), this.mPasswordProviderFactory.getPasswordProvider());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.whisperlink.port.android.transport.TExternalSocketFactory
    public Route setupNewRoute(String str, String str2, String str3) {
        Route route = super.setupNewRoute(str, str2, str3);
        synchronized (this.inetSecureRouteLock) {
            route.setSecurePort(this.secureServerSocketPort);
        }
        return route;
    }
}
