package org.tn5250j.framework.transport.SSL;

import android.util.Log;
import com.five_ten_sg.connectbot.R;
import com.five_ten_sg.connectbot.service.TerminalBridge;
import com.five_ten_sg.connectbot.service.TerminalManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.tn5250j.framework.transport.SSLInterface;

/* loaded from: classes.dex */
public class SSLImplementation implements SSLInterface, X509TrustManager {
    private static final String TAG = "SSLImplementation";
    X509Certificate[] acceptedIssuers;
    TerminalBridge bridge;
    TerminalManager manager;
    private String userKsPath;
    SSLContext sslContext = null;
    KeyStore userks = null;
    private char[] userksPassword = "changeit".toCharArray();
    String target = null;
    KeyManagerFactory userkmf = null;
    TrustManagerFactory usertmf = null;
    TrustManager[] userTrustManagers = null;

    public SSLImplementation(TerminalBridge terminalBridge, TerminalManager terminalManager) {
        this.bridge = null;
        this.manager = null;
        this.bridge = terminalBridge;
        this.manager = terminalManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new SecurityException("checkClientTrusted unsupported");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (int i = 0; i < this.userTrustManagers.length; i++) {
            try {
                if (this.userTrustManagers[i] instanceof X509TrustManager) {
                    X509TrustManager x509TrustManager = (X509TrustManager) this.userTrustManagers[i];
                    if (x509TrustManager.getAcceptedIssuers().length <= 0) {
                        throw new CertificateException("Empty list of accepted issuers (a.k.a. root CA list).");
                    }
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException unused) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                String concat = (this.manager.res.getString(R.string.host_cert_version) + x509Certificate.getVersion() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_serial) + x509Certificate.getSerialNumber() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_algorithm) + x509Certificate.getSigAlgName() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_issuer) + x509Certificate.getIssuerDN().getName() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_from) + x509Certificate.getNotBefore() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_to) + x509Certificate.getNotAfter() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_dn) + x509Certificate.getSubjectDN().getName() + "\r\n").concat(this.manager.res.getString(R.string.host_cert_publickey) + x509Certificate.getPublicKey().getFormat() + "\r\n");
                this.bridge.outputLine(this.manager.res.getString(R.string.host_authenticity_warning, this.target));
                this.bridge.outputLine(this.manager.res.getString(R.string.host_certificate, concat));
                Boolean requestBooleanPrompt = this.bridge.promptHelper.requestBooleanPrompt(null, this.manager.res.getString(R.string.prompt_accept_certificate));
                if (requestBooleanPrompt == null || !requestBooleanPrompt.booleanValue()) {
                    throw new CertificateException("Certificate Rejected");
                }
                Boolean requestBooleanPrompt2 = this.bridge.promptHelper.requestBooleanPrompt(null, this.manager.res.getString(R.string.prompt_save_certificate));
                if (requestBooleanPrompt2 == null || !requestBooleanPrompt2.booleanValue()) {
                    return;
                }
                try {
                    this.userks.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
                    this.userks.store(new FileOutputStream(this.userKsPath), this.userksPassword);
                    return;
                } catch (Exception e) {
                    Log.e(TAG, "Error saving certificate [" + e.getMessage() + "]");
                    e.printStackTrace();
                    return;
                }
            }
        }
    }

    @Override // org.tn5250j.framework.transport.SSLInterface
    public Socket createSSLSocket(String str, int i) {
        if (this.sslContext == null) {
            throw new IllegalStateException("SSL Context Not Initialized");
        }
        try {
            this.target = str + ":" + String.valueOf(i);
            return (SSLSocket) this.sslContext.getSocketFactory().createSocket(str, i);
        } catch (Exception e) {
            Log.e(TAG, "Error creating ssl socket [" + e.getMessage() + "]");
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.acceptedIssuers;
    }

    @Override // org.tn5250j.framework.transport.SSLInterface
    public void init(String str, String str2) {
        try {
            Log.d(TAG, "Initializing User KeyStore");
            this.userKsPath = str2 + File.separator + "keystore";
            File file = new File(this.userKsPath);
            this.userks = KeyStore.getInstance(KeyStore.getDefaultType());
            this.userks.load(file.exists() ? new FileInputStream(file) : null, this.userksPassword);
            Log.d(TAG, "Initializing User Key Manager Factory");
            this.userkmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.userkmf.init(this.userks, this.userksPassword);
            Log.d(TAG, "Initializing User Trust Manager Factory");
            this.usertmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.usertmf.init(this.userks);
            this.userTrustManagers = this.usertmf.getTrustManagers();
            Log.d(TAG, "Initializing SSL Context");
            this.sslContext = SSLContext.getInstance(str);
            this.sslContext.init(this.userkmf.getKeyManagers(), new TrustManager[]{this}, null);
        } catch (Exception e) {
            Log.e(TAG, "Error initializing SSL [" + e.getMessage() + "]");
        }
    }
}
