package net.i2p.client;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import net.i2p.I2PAppContext;
import net.i2p.util.Log;

/* loaded from: classes.dex */
class I2CPSSLSocketFactory {
    private static final String CERT_DIR = "certificates";
    private static SSLSocketFactory _factory;
    private static final Object _initLock = new Object();
    private static Log _log;

    I2CPSSLSocketFactory() {
    }

    private static boolean addCert(File file, String str, KeyStore keyStore) {
        GeneralSecurityException generalSecurityException;
        IOException iOException;
        boolean z;
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            iOException = e;
        } catch (GeneralSecurityException e2) {
            generalSecurityException = e2;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            if (_log.shouldLog(20)) {
                _log.info("Read X509 Certificate from " + file.getAbsolutePath() + " Issuer: " + x509Certificate.getIssuerX500Principal() + "; Valid From: " + x509Certificate.getNotBefore() + " To: " + x509Certificate.getNotAfter());
            }
            try {
                x509Certificate.checkValidity();
                keyStore.setCertificateEntry(str, x509Certificate);
                if (_log.shouldLog(20)) {
                    _log.info("Now trusting X509 Certificate, Issuer: " + x509Certificate.getIssuerX500Principal());
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                    }
                }
                z = true;
                fileInputStream2 = fileInputStream;
            } catch (CertificateExpiredException e4) {
                _log.error("Rejecting expired X509 Certificate: " + file.getAbsolutePath(), e4);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e5) {
                    }
                }
                fileInputStream2 = fileInputStream;
                z = false;
            } catch (CertificateNotYetValidException e6) {
                _log.error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), e6);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e7) {
                    }
                }
                fileInputStream2 = fileInputStream;
                z = false;
            }
        } catch (IOException e8) {
            iOException = e8;
            fileInputStream2 = fileInputStream;
            _log.error("Error reading X509 Certificate: " + file.getAbsolutePath(), iOException);
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e9) {
                }
            }
            z = false;
            return z;
        } catch (GeneralSecurityException e10) {
            generalSecurityException = e10;
            fileInputStream2 = fileInputStream;
            _log.error("Error reading X509 Certificate: " + file.getAbsolutePath(), generalSecurityException);
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e11) {
                }
            }
            z = false;
            return z;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e12) {
                }
            }
            throw th;
        }
        return z;
    }

    private static int addCerts(File file, KeyStore keyStore) {
        File[] listFiles;
        if (_log.shouldLog(20)) {
            _log.info("Looking for X509 Certificates in " + file.getAbsolutePath());
        }
        int i = 0;
        if (file.exists() && file.isDirectory() && (listFiles = file.listFiles()) != null) {
            for (File file2 : listFiles) {
                if (file2.isFile() && addCert(file2, file2.getName().toLowerCase(Locale.US), keyStore)) {
                    i++;
                }
            }
        }
        return i;
    }

    public static Socket createSocket(I2PAppContext i2PAppContext, String str, int i) throws IOException {
        synchronized (_initLock) {
            if (_factory == null) {
                _log = i2PAppContext.logManager().getLog(I2CPSSLSocketFactory.class);
                initSSLContext(i2PAppContext);
                if (_factory == null) {
                    throw new IOException("Unable to create SSL Context for I2CP Client");
                }
                _log.info("I2CP Client-side SSL Context initialized");
            }
        }
        return _factory.createSocket(str, i);
    }

    private static void initSSLContext(I2PAppContext i2PAppContext) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "".toCharArray());
            File file = new File(i2PAppContext.getConfigDir(), CERT_DIR);
            int addCerts = addCerts(file, keyStore);
            int i = addCerts;
            if (addCerts > 0 && _log.shouldLog(20)) {
                _log.info("Loaded " + addCerts + " trusted certificates from " + file.getAbsolutePath());
            }
            File file2 = new File(System.getProperty("user.dir"), CERT_DIR);
            if (!file.getAbsolutePath().equals(file2.getAbsolutePath())) {
                int addCerts2 = addCerts(file2, keyStore);
                i += addCerts2;
                if (addCerts2 > 0 && _log.shouldLog(20)) {
                    _log.info("Loaded " + addCerts2 + " trusted certificates from " + file.getAbsolutePath());
                }
            }
            if (i <= 0) {
                _log.error("No trusted certificates loaded (looked in " + file.getAbsolutePath() + (file.getAbsolutePath().equals(file2.getAbsolutePath()) ? "" : " and " + file2.getAbsolutePath()) + ", I2CP SSL client connections will fail. Copy the file certificates/i2cp.local.crt from the router to the directory.");
                return;
            }
            if (_log.shouldLog(20)) {
                _log.info("Loaded total of " + i + " new trusted certificates");
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), i2PAppContext.random());
                _factory = sSLContext.getSocketFactory();
            } catch (GeneralSecurityException e) {
                _log.error("SSL context init error", e);
            }
        } catch (IOException e2) {
            _log.error("Key Store init error", e2);
        } catch (GeneralSecurityException e3) {
            _log.error("Key Store init error", e3);
        }
    }
}
