package org.kman.AquaMail.net;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import java.lang.reflect.Method;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.kman.AquaMail.util.Prefs;

/* loaded from: classes6.dex */
public class p {
    private static final int LEVEL_ENABLED = 1;
    private static final int LEVEL_ENABLED_AND_NO_SSLv3 = 2;
    public static final int LEVEL_NONE = 0;
    public static final boolean SSLv3_NOT_SUPPORTED;
    private static final String TAG = "SSLHardening";

    /* renamed from: a, reason: collision with root package name */
    private static int f63636a;

    /* renamed from: b, reason: collision with root package name */
    private static String[] f63637b;

    /* renamed from: c, reason: collision with root package name */
    private static String[] f63638c;

    /* renamed from: d, reason: collision with root package name */
    private static final String[] f63639d;

    /* renamed from: e, reason: collision with root package name */
    private static final String[] f63640e;

    /* renamed from: f, reason: collision with root package name */
    private static final String[] f63641f;

    /* renamed from: g, reason: collision with root package name */
    private static final String[] f63642g;

    /* renamed from: h, reason: collision with root package name */
    private static final String[] f63643h;

    /* renamed from: i, reason: collision with root package name */
    private static final String[] f63644i;

    /* renamed from: j, reason: collision with root package name */
    private static final a f63645j;

    /* renamed from: k, reason: collision with root package name */
    private static SharedPreferences f63646k;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public interface a {
        boolean a(String str);
    }

    static {
        SSLv3_NOT_SUPPORTED = Build.VERSION.SDK_INT >= 26;
        f63636a = -1;
        f63639d = new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"};
        f63640e = new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_FALLBACK_SCSV"};
        f63641f = new String[]{"TLS_FALLBACK_SCSV"};
        f63642g = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"};
        f63643h = new String[]{"SSLv3"};
        f63644i = new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5"};
        f63645j = new a() { // from class: org.kman.AquaMail.net.o
            @Override // org.kman.AquaMail.net.p.a
            public final boolean a(String str) {
                boolean g10;
                g10 = p.g(str);
                return g10;
            }
        };
    }

    private static String[] b(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4) {
        if (strArr == null) {
            int i10 = 5 << 0;
            return null;
        }
        Set s9 = org.kman.Compat.util.e.s();
        if (strArr4 != null) {
            Collections.addAll(s9, strArr4);
        }
        ArrayList j10 = org.kman.Compat.util.e.j(strArr.length);
        Set<String> h10 = h(strArr);
        for (String str : strArr2) {
            if (h10.contains(str) && !s9.contains(str)) {
                j10.add(str);
            }
        }
        Set<String> h11 = h(strArr2);
        for (String str2 : strArr3) {
            if (!h11.contains(str2) && h10.contains(str2) && !s9.contains(str2)) {
                j10.add(str2);
            }
        }
        if (org.kman.Compat.util.j.Q()) {
            org.kman.Compat.util.j.L(TAG, "Legacy reorder: %s, %s, %s", Arrays.toString(strArr2), Arrays.toString(strArr3), Arrays.toString(strArr4));
            org.kman.Compat.util.j.J(TAG, "-> %s", j10);
        }
        return (String[]) j10.toArray(new String[j10.size()]);
    }

    private static SharedPreferences c(Context context) {
        if (f63646k == null) {
            f63646k = PreferenceManager.getDefaultSharedPreferences(context.getApplicationContext());
        }
        return f63646k;
    }

    public static void d(Context context, Socket socket, int i10) {
        if ((socket instanceof SSLSocket) && i10 >= 0) {
            e(context, (SSLSocket) socket, i10);
        }
    }

    private static void e(Context context, SSLSocket sSLSocket, int i10) {
        String[] strArr;
        String[] strArr2;
        synchronized (p.class) {
            try {
                if (f63636a != i10) {
                    f63636a = i10;
                    boolean z9 = true;
                    int i11 = 1 >> 0;
                    if (i10 >= 1) {
                        if (!SSLv3_NOT_SUPPORTED && i10 < 2) {
                            z9 = false;
                        }
                        f63637b = k(sSLSocket.getSupportedCipherSuites(), sSLSocket.getEnabledCipherSuites(), f63639d, f63640e, f63645j);
                        f63638c = k(sSLSocket.getSupportedProtocols(), null, f63642g, z9 ? f63643h : null, null);
                    } else if (i10 == 0) {
                        f63637b = b(sSLSocket.getSupportedCipherSuites(), sSLSocket.getEnabledCipherSuites(), f63644i, f63641f);
                        f63638c = k(sSLSocket.getSupportedProtocols(), null, f63642g, null, null);
                    } else if (i10 == 0) {
                        f63637b = null;
                        f63638c = k(sSLSocket.getSupportedProtocols(), null, f63642g, null, null);
                    } else {
                        f63637b = null;
                        f63638c = null;
                    }
                }
                strArr = f63637b;
                strArr2 = f63638c;
            } catch (Throwable th) {
                throw th;
            }
        }
        if (strArr != null) {
            if (org.kman.Compat.util.j.Q()) {
                org.kman.Compat.util.j.J(TAG, "Setting SSL ciphers: %s", Arrays.toString(strArr));
            }
            sSLSocket.setEnabledCipherSuites(strArr);
        }
        if (strArr2 != null) {
            if (org.kman.Compat.util.j.Q()) {
                org.kman.Compat.util.j.J(TAG, "Setting SSL protocols: %s", Arrays.toString(strArr2));
            }
            sSLSocket.setEnabledProtocols(strArr2);
        }
    }

    public static int f(Context context) {
        synchronized (p.class) {
            try {
                SharedPreferences c10 = c(context);
                if (c10.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_KEY, false)) {
                    return c10.getBoolean(Prefs.PREF_NETWORK_SSL_HARDNENING_NO_SSLv3_KEY, false) ? 2 : 1;
                }
                return 0;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean g(String str) {
        boolean z9;
        if (!str.contains("_anon_") && !str.contains("_NULL_")) {
            z9 = false;
            return z9;
        }
        z9 = true;
        return z9;
    }

    private static Set<String> h(String[] strArr) {
        Set<String> s9 = org.kman.Compat.util.e.s();
        Collections.addAll(s9, strArr);
        return s9;
    }

    public static void i(Socket socket) {
        if (org.kman.Compat.util.j.Q() && (socket instanceof SSLSocket)) {
            j((SSLSocket) socket);
        }
    }

    private static void j(SSLSocket sSLSocket) {
        SSLSession session = sSLSocket.getSession();
        org.kman.Compat.util.j.X(2, "Encryption: protocol %s, cipher %s", session.getProtocol(), session.getCipherSuite());
    }

    private static String[] k(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4, a aVar) {
        if (strArr == null) {
            return null;
        }
        Set s9 = org.kman.Compat.util.e.s();
        if (strArr4 != null) {
            Collections.addAll(s9, strArr4);
        }
        ArrayList j10 = org.kman.Compat.util.e.j(strArr.length);
        Set<String> h10 = h(strArr);
        for (String str : strArr3) {
            if (h10.contains(str) && !s9.contains(str)) {
                j10.add(str);
            }
        }
        if (strArr2 != null) {
            Set u9 = org.kman.Compat.util.e.u(j10);
            for (String str2 : strArr2) {
                if (!u9.contains(str2) && !s9.contains(str2)) {
                    j10.add(str2);
                }
            }
        }
        if (aVar != null) {
            Iterator it = j10.iterator();
            while (it.hasNext()) {
                if (aVar.a((String) it.next())) {
                    it.remove();
                }
            }
        }
        if (org.kman.Compat.util.j.Q()) {
            org.kman.Compat.util.j.M(TAG, "Hardening reorder: %s, %s, %s, %s", Arrays.toString(strArr), Arrays.toString(strArr2), Arrays.toString(strArr3), Arrays.toString(strArr4));
            org.kman.Compat.util.j.J(TAG, "-> %s", j10);
        }
        return (String[]) j10.toArray(new String[j10.size()]);
    }

    public static void l(Socket socket, String str) {
        Method declaredMethod;
        if ((socket instanceof SSLSocket) && Build.VERSION.SDK_INT < 24) {
            try {
                Class<?> cls = socket.getClass();
                String name = cls.getName();
                if (name.startsWith("com.android.org.conscrypt.") && !name.endsWith("Wrapper") && (declaredMethod = cls.getDeclaredMethod("setHostname", String.class)) != null) {
                    declaredMethod.invoke(socket, str);
                    org.kman.Compat.util.j.X(2, "Set socket %s SNI to %s", name, str);
                }
            } catch (Exception e10) {
                org.kman.Compat.util.j.l0(2, "Error setting SNI", e10);
            }
        }
    }
}
