package com.kavsdk.secureconnection;

import android.content.Context;
import android.os.SystemClock;
import com.kaspersky.ProtectedTheApplication;
import com.kaspersky.components.io.IOUtils;
import com.kaspersky.components.urlchecker.UrlInfo;
import com.kaspersky.components.utils.net.NetworkFileUtils;
import com.kavsdk.certificatechecker.CertificateCheckResult;
import com.kavsdk.certificatechecker.CertificateCheckServiceImpl;
import com.kavsdk.certificatechecker.CertificateCheckTelemetry;
import com.kavsdk.certificatechecker.CertificateCheckVerdict;
import com.kavsdk.dnschecker.DnsCheckVerdict;
import com.kavsdk.dnschecker.impl.DnsCheckerImpl;
import com.kavsdk.license.SdkLicenseViolationException;
import com.kavsdk.urlchecker.UrlCheckService;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.net.URI;
import java.net.URL;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;

/* loaded from: classes4.dex */
final class SecureTools {
    private static final int DEFAULT_HTTPS_PORT = 443;
    private static final String PROTOCOL_HTTPS = ProtectedTheApplication.s("㡎");
    private static final String TAG = ProtectedTheApplication.s("㡏");
    private final UrlCheckService mUrlCheckService;
    private final long[] mTelemetry = new long[SecureConnectionTelemetry.values().length];
    private final CertificateCheckServiceImpl mCertificateCheckService = new CertificateCheckServiceImpl();
    private final DnsCheckerImpl mDnsChecker = new DnsCheckerImpl();
    private final Collection<String> mTrustedIpv4Addresses = new HashSet(0);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.kavsdk.secureconnection.SecureTools$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict;

        static {
            int[] iArr = new int[DnsCheckVerdict.values().length];
            $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict = iArr;
            try {
                iArr[DnsCheckVerdict.CloudUnreachable.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict[DnsCheckVerdict.Unknown.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict[DnsCheckVerdict.Trusted.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict[DnsCheckVerdict.Partial.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict[DnsCheckVerdict.Untrusted.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    public SecureTools(Context context) throws SdkLicenseViolationException {
        this.mUrlCheckService = new UrlCheckService(context);
    }

    private List<String> check(String str, String str2, boolean z) throws IOException {
        if (!isSupportedProtocol(str)) {
            throw new IllegalArgumentException(String.format(ProtectedTheApplication.s("㡐"), str));
        }
        Arrays.fill(this.mTelemetry, 0L);
        List<String> checkDns = checkDns(str2, z);
        checkUrlReputation(str2);
        checkCertificate(str2);
        return checkDns;
    }

    private void checkCertificate(String str) throws IOException {
        try {
            CertificateCheckResult checkCertificate = this.mCertificateCheckService.checkCertificate(str);
            log(ProtectedTheApplication.s("㡑") + checkCertificate.toString());
            this.mTelemetry[SecureConnectionTelemetry.CertGenerateChainTime.ordinal()] = checkCertificate.a(CertificateCheckTelemetry.CertGenerateChainTime);
            this.mTelemetry[SecureConnectionTelemetry.CertCheckByChainTime.ordinal()] = checkCertificate.a(CertificateCheckTelemetry.CertCheckByChainTime);
            this.mTelemetry[SecureConnectionTelemetry.CertCheckByFingerprintTime.ordinal()] = checkCertificate.a(CertificateCheckTelemetry.CertCheckByFingerprintTime);
            if (checkCertificate.b() != CertificateCheckVerdict.Untrusted) {
            } else {
                throw new UntrustedCertificateException(String.format(ProtectedTheApplication.s("㡒"), ProtectedTheApplication.s("㡓")));
            }
        } catch (CertificateException e) {
            throw new UntrustedCertificateException(e);
        }
    }

    private List<String> checkDns(String str, boolean z) throws IOException {
        List<String> a;
        log(String.format(ProtectedTheApplication.s("㡔"), str, new URL(str).getHost()));
        long uptimeMillis = SystemClock.uptimeMillis();
        if (hasTrustedAddresses()) {
            List<String> checkURL = this.mDnsChecker.checkURL(str, this.mTrustedIpv4Addresses);
            this.mTelemetry[SecureConnectionTelemetry.DnsLocalTime.ordinal()] = SystemClock.uptimeMillis() - uptimeMillis;
            if (checkURL.size() != 0) {
                return checkURL;
            }
            throw new UntrustedDnsException(ProtectedTheApplication.s("㡕"));
        }
        URL url = NetworkFileUtils.getUrl(str);
        List<InetAddress> addressesForHost = DnsCheckerImpl.getAddressesForHost(url.getHost());
        long uptimeMillis2 = SystemClock.uptimeMillis();
        com.kavsdk.dnschecker.a checkURL2 = this.mDnsChecker.checkURL(url, addressesForHost);
        this.mTelemetry[SecureConnectionTelemetry.DnsInKsnTime.ordinal()] = SystemClock.uptimeMillis() - uptimeMillis2;
        this.mTelemetry[SecureConnectionTelemetry.DnsIpTime.ordinal()] = uptimeMillis2 - uptimeMillis;
        DnsCheckVerdict b = checkURL2.b();
        int i = AnonymousClass1.$SwitchMap$com$kavsdk$dnschecker$DnsCheckVerdict[b.ordinal()];
        if (i == 1) {
            throw new UntrustedDnsException(ProtectedTheApplication.s("㡚"));
        }
        if (i == 2) {
            throw new UntrustedDnsException(ProtectedTheApplication.s("㡙"));
        }
        if (i == 3) {
            a = checkURL2.a();
        } else {
            if (i != 4 && i != 5) {
                throw new IllegalArgumentException(ProtectedTheApplication.s("㡖") + b);
            }
            if (z) {
                throw new UntrustedDnsException(ProtectedTheApplication.s("㡗") + b.toString());
            }
            a = checkURL2.a();
        }
        if (a != null && !a.isEmpty()) {
            return a;
        }
        throw new IllegalArgumentException(ProtectedTheApplication.s("㡘") + b);
    }

    private void checkUrlReputation(String str) throws IOException {
        long uptimeMillis = SystemClock.uptimeMillis();
        UrlInfo a = this.mUrlCheckService.a(str);
        this.mTelemetry[SecureConnectionTelemetry.UrlReputationTime.ordinal()] = SystemClock.uptimeMillis() - uptimeMillis;
        log(ProtectedTheApplication.s("㡛") + a.mVerdict);
        if (a.mVerdict == 2) {
            throw new UntrustedUrlReputationException(String.format(ProtectedTheApplication.s("㡝"), ProtectedTheApplication.s("㡜")));
        }
    }

    private boolean isReachable(String str, int i, Proxy proxy) {
        if (i == -1) {
            i = 443;
        }
        InetSocketAddress inetSocketAddress = new InetSocketAddress(str, i);
        Socket socket = proxy == null ? new Socket() : new Socket(proxy);
        try {
            socket.connect(inetSocketAddress);
            IOUtils.closeQuietly(socket);
            return true;
        } catch (IOException unused) {
            IOUtils.closeQuietly(socket);
            return false;
        } catch (Throwable th) {
            IOUtils.closeQuietly(socket);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSupportedProtocol(String str) {
        return ProtectedTheApplication.s("㡞").equalsIgnoreCase(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void log(String str) {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addTrustedIpv4Address(String str) {
        this.mTrustedIpv4Addresses.add(str);
    }

    List<String> checkURL(URI uri, boolean z) throws IOException {
        return check(uri.getScheme(), uri.toString(), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> checkURL(URL url, boolean z) throws IOException {
        return check(url.getProtocol(), url.toString(), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearTrustedIpv4Addresses() {
        this.mTrustedIpv4Addresses.clear();
    }

    public int getCertificateCheckTimeout() {
        return this.mCertificateCheckService.getTimeout();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTelemetry(SecureConnectionTelemetry secureConnectionTelemetry) {
        return this.mTelemetry[secureConnectionTelemetry.ordinal()];
    }

    public int getUrlCheckTimeout() {
        return this.mUrlCheckService.f();
    }

    boolean hasTrustedAddresses() {
        return this.mTrustedIpv4Addresses.size() > 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String selectAvailableIp(List<String> list, int i, ConnectionMode connectionMode, Proxy proxy) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        if (connectionMode == ConnectionMode.FirstIpOnly) {
            return list.get(0);
        }
        if (connectionMode != ConnectionMode.AllIps) {
            throw new IllegalArgumentException(ProtectedTheApplication.s("㡡") + connectionMode);
        }
        if (list.size() == 1) {
            return list.get(0);
        }
        for (int i2 = 0; i2 < list.size(); i2++) {
            String str = list.get(i2);
            boolean isReachable = isReachable(str, i, proxy);
            log(ProtectedTheApplication.s("㡟") + str + ProtectedTheApplication.s("㡠") + isReachable);
            if (isReachable) {
                return str;
            }
        }
        return null;
    }

    public void setCertificateCheckTimeout(int i) {
        this.mCertificateCheckService.setTimeout(i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTrustedIpv4Addresses(Collection<String> collection) {
        clearTrustedIpv4Addresses();
        this.mTrustedIpv4Addresses.addAll(collection);
    }

    public void setUrlCheckTimeout(int i) {
        this.mUrlCheckService.g(i);
    }
}
