package com.huawei.secure.android.common.ssl; import android.content.Context; import com.huawei.secure.android.common.ssl.util.a; import com.huawei.secure.android.common.ssl.util.c; import com.huawei.secure.android.common.ssl.util.g; import java.io.IOException; import java.net.Socket; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLSocketFactory; public class SASFCompatiableSystemCA extends SSLSocketFactory { private static final String i = SASFCompatiableSystemCA.class.getSimpleName(); private static volatile SASFCompatiableSystemCA j = null; private SSLContext a; private SSLSocket b; private Context c; private String[] d; private X509TrustManager e; private String[] f; private String[] g; private String[] h; private SASFCompatiableSystemCA(KeyStore keyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(keyStore); this.b = null; } static void a(X509TrustManager x509TrustManager) { g.c(i, "sasfc update socket factory trust manager"); long currentTimeMillis = System.currentTimeMillis(); try { j = new SASFCompatiableSystemCA((KeyStore) null, x509TrustManager); } catch (NoSuchAlgorithmException unused) { g.b(i, "NoSuchAlgorithmException"); } catch (KeyManagementException unused2) { g.b(i, "KeyManagementException"); } catch (UnrecoverableKeyException unused3) { g.b(i, "UnrecoverableKeyException"); } catch (KeyStoreException unused4) { g.b(i, "KeyStoreException"); } String str = i; g.a(str, "sasf system ca update: cost : " + (System.currentTimeMillis() - currentTimeMillis) + " ms"); } public static SASFCompatiableSystemCA getInstance(KeyStore keyStore, Context context) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException, IllegalArgumentException { c.a(context); if (j == null) { synchronized (SecureApacheSSLSocketFactory.class) { if (j == null) { j = new SASFCompatiableSystemCA(keyStore, context); } } } return j; } @Override // org.apache.http.conn.scheme.LayeredSocketFactory, org.apache.http.conn.ssl.SSLSocketFactory public Socket createSocket(Socket socket, String str, int i2, boolean z) throws IOException { g.c(i, "createSocket: socket host port autoClose"); Socket createSocket = this.a.getSocketFactory().createSocket(socket, str, i2, z); if (createSocket instanceof SSLSocket) { a(createSocket); SSLSocket sSLSocket = (SSLSocket) createSocket; this.b = sSLSocket; this.d = (String[]) sSLSocket.getEnabledCipherSuites().clone(); } return createSocket; } public String[] getBlackCiphers() { return this.f; } public X509Certificate[] getChain() { X509TrustManager x509TrustManager = this.e; return x509TrustManager instanceof SecureX509TrustManager ? ((SecureX509TrustManager) x509TrustManager).getChain() : new X509Certificate[0]; } public Context getContext() { return this.c; } public String[] getProtocols() { return this.h; } public SSLContext getSslContext() { return this.a; } public SSLSocket getSslSocket() { return this.b; } public String[] getSupportedCipherSuites() { String[] strArr = this.d; return strArr != null ? strArr : new String[0]; } public String[] getWhiteCiphers() { return this.g; } public X509TrustManager getX509TrustManager() { return this.e; } public void setBlackCiphers(String[] strArr) { this.f = strArr; } public void setContext(Context context) { this.c = context.getApplicationContext(); } public void setProtocols(String[] strArr) { this.h = strArr; } public void setSslContext(SSLContext sSLContext) { this.a = sSLContext; } public void setSslSocket(SSLSocket sSLSocket) { this.b = sSLSocket; } public void setWhiteCiphers(String[] strArr) { this.g = strArr; } public void setX509TrustManager(X509TrustManager x509TrustManager) { this.e = x509TrustManager; } private SASFCompatiableSystemCA(KeyStore keyStore, Context context) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException, IllegalArgumentException { super(keyStore); this.b = null; if (context == null) { g.b(i, "SecureSSLSocketFactory: context is null"); return; } setContext(context); setSslContext(SSLUtil.setSSLContext()); SecureX509TrustManager instance = SSFSecureX509SingleInstance.getInstance(context); this.e = instance; this.a.init(null, new X509TrustManager[]{instance}, null); } @Override // org.apache.http.conn.scheme.SocketFactory, org.apache.http.conn.ssl.SSLSocketFactory public Socket createSocket() throws IOException { g.c(i, "createSocket: "); Socket createSocket = this.a.getSocketFactory().createSocket(); if (createSocket instanceof SSLSocket) { a(createSocket); SSLSocket sSLSocket = (SSLSocket) createSocket; this.b = sSLSocket; this.d = (String[]) sSLSocket.getEnabledCipherSuites().clone(); } return createSocket; } private void a(Socket socket) { boolean z; boolean z2 = true; if (!a.a(this.h)) { g.c(i, "set protocols"); SSLUtil.setEnabledProtocols((SSLSocket) socket, this.h); z = true; } else { z = false; } if (!a.a(this.g) || !a.a(this.f)) { g.c(i, "set white cipher or black cipher"); SSLSocket sSLSocket = (SSLSocket) socket; SSLUtil.setEnabledProtocols(sSLSocket); if (!a.a(this.g)) { SSLUtil.setWhiteListCipherSuites(sSLSocket, this.g); } else { SSLUtil.setBlackListCipherSuites(sSLSocket, this.f); } } else { z2 = false; } if (!z) { g.c(i, "set default protocols"); SSLUtil.setEnabledProtocols((SSLSocket) socket); } if (!z2) { g.c(i, "set default cipher suites"); SSLUtil.setEnableSafeCipherSuites((SSLSocket) socket); } } public SASFCompatiableSystemCA(KeyStore keyStore, X509TrustManager x509TrustManager) throws NoSuchAlgorithmException, KeyManagementException, IllegalArgumentException, UnrecoverableKeyException, KeyStoreException { super(keyStore); this.b = null; this.a = SSLUtil.setSSLContext(); setX509TrustManager(x509TrustManager); this.a.init(null, new X509TrustManager[]{x509TrustManager}, null); } }