package com.ghc.ssl.analyze;

import com.ghc.identity.AuthenticationManager;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.security.nls.GHMessages;
import com.ghc.ssl.SSLTrustManager;
import com.ghc.ssl.SslSettings;
import com.ghc.ssl.SslSettingsUtils;
import com.ghc.utils.StringUtils;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:com/ghc/ssl/analyze/AnalyzeEndpoint.class */
public class AnalyzeEndpoint {
    static final int TIMEOUT = (int) TimeUnit.SECONDS.toMillis(5);
    SSLContext ctx;
    List<Integer> protocols;
    X509Certificate[] certificates;
    SSLTrustManager trustManager;
    Set<Integer> cipherSuites;
    int useVersion;
    boolean isMutualAuth;
    boolean isPeerUsingSSLAndWeAreNot;
    boolean trustAll;
    private HTTPProxyDetails proxy;

    public AnalyzeEndpoint(String str, int i, SslSettings sslSettings) {
        this(str, i, null, sslSettings);
    }

    public AnalyzeEndpoint(String str, int i, HTTPProxyDetails hTTPProxyDetails, SslSettings sslSettings) {
        this.protocols = new ArrayList();
        this.cipherSuites = new TreeSet();
        this.trustAll = false;
        this.proxy = hTTPProxyDetails;
        if (!sslSettings.isUseSsl()) {
            this.isPeerUsingSSLAndWeAreNot = isSSL(str, i);
            if (!this.isPeerUsingSSLAndWeAreNot) {
                return;
            }
        }
        try {
            this.ctx = SslSettingsUtils.createClientContext(AuthenticationManager.getInstance(), sslSettings, str);
        } catch (Exception unused) {
        }
        for (int i2 = 768; i2 <= 771; i2++) {
            if (Request.connect(str, i, i2, CipherSuites.getCiphers(), hTTPProxyDetails) != null) {
                this.protocols.add(Integer.valueOf(i2));
            }
        }
        if (SSLv2Request.connect(str, i, hTTPProxyDetails) != null) {
            this.protocols.add(512);
        }
        Collections.sort(this.protocols);
        Collections.reverse(this.protocols);
        int highest = this.ctx != null ? highest(this.ctx.getProtocol()) : 771;
        Iterator<Integer> it = this.protocols.iterator();
        while (it.hasNext()) {
            this.useVersion = it.next().intValue();
            if (this.useVersion <= highest) {
                supportedSuites(str, i, this.useVersion);
                Response connect = Request.connect(str, i, this.useVersion, CipherSuites.getCiphers(), hTTPProxyDetails);
                if (connect != null) {
                    this.isMutualAuth = connect.mutualAuth;
                    this.certificates = (X509Certificate[]) connect.certificates.toArray(new X509Certificate[0]);
                    try {
                        IdentityStoreResource identityStore = AuthenticationManager.getInstance().getIdentityStore(sslSettings.getClientTrustStoreId());
                        this.trustAll = identityStore == null;
                        this.trustManager = new SSLTrustManager(null, identityStore, str, identityStore != null, identityStore != null, identityStore != null);
                        return;
                    } catch (Exception unused2) {
                        return;
                    }
                }
                return;
            }
        }
    }

    private String versionString(int i) {
        return i == 512 ? "SSLv2" : i == 768 ? "SSLv3" : (i >>> 8) == 3 ? "TLSv1." + ((i & 255) - 1) : "Unknown version " + i;
    }

    private int highest(String str) {
        if ("SSL_TLSv2".equals(str) || "TLSv1.2".equals(str)) {
            return 771;
        }
        if ("TLSv1.1".equals(str)) {
            return 770;
        }
        if ("TLSv1.0".equals(str) || "TLS".equals(str) || "SSL_TLS".equals(str)) {
            return 769;
        }
        if ("SSL".equals(str) || "SSLv3".equals(str)) {
            return 768;
        }
        return "SSLv2".equals(str) ? 512 : -1;
    }

    private boolean isSSL(String str, int i) {
        Socket socket = null;
        try {
            if (this.proxy == null || StringUtils.isBlankOrNull(this.proxy.host) || this.proxy.port <= 0) {
                socket = new Socket(str, i);
            } else {
                socket = new Socket(this.proxy.host, this.proxy.port);
                if (!sendHTTPConnect(socket, str, i, this.proxy.getBasicAuthHeaderValue())) {
                    if (socket == null) {
                        return false;
                    }
                    try {
                        socket.close();
                        return false;
                    } catch (IOException unused) {
                        return false;
                    }
                }
            }
            socket.setSoTimeout(TIMEOUT);
            Request.generateAndSend(768, Collections.emptySet(), socket);
            byte[] bArr = new byte[8];
            if (new BufferedInputStream(socket.getInputStream()).read(bArr) == 7) {
                if (bArr[0] == 21) {
                    if (socket == null) {
                        return true;
                    }
                    try {
                        socket.close();
                        return true;
                    } catch (IOException unused2) {
                        return true;
                    }
                }
            }
            if (socket == null) {
                return false;
            }
            try {
                socket.close();
                return false;
            } catch (IOException unused3) {
                return false;
            }
        } catch (Exception unused4) {
            if (socket == null) {
                return false;
            }
            try {
                socket.close();
                return false;
            } catch (IOException unused5) {
                return false;
            }
        } catch (Throwable th) {
            if (socket != null) {
                try {
                    socket.close();
                } catch (IOException unused6) {
                }
            }
            throw th;
        }
    }

    private void supportedSuites(String str, int i, int i2) {
    }

    public void report(StringBuilder sb) {
        if (this.proxy == null || StringUtils.isBlankOrNull(this.proxy.host) || this.proxy.port <= 0) {
            sb.append("\n\n" + GHMessages.AnalyzeEndpoint_Diagnostics + "\n");
        } else {
            sb.append("\n\n" + GHMessages.AnalyzeEndpoint_DiagnosticsViaProxy + "\n");
            sb.append(String.valueOf(MessageFormat.format(GHMessages.AnalyzeEndpoint_connectionTunnelled, this.proxy.host, new StringBuilder().append(this.proxy.port).toString())) + "\n");
            if (!StringUtils.isBlankOrNull(this.proxy.ntlmDomain)) {
                sb.append(String.valueOf(GHMessages.AnalyzeEndpoint_ntlmNotSupported) + "\n");
            }
        }
        if (this.protocols.size() == 0) {
            if (this.isPeerUsingSSLAndWeAreNot) {
                return;
            }
            sb.append(GHMessages.AnalyzeEndpoint_NoSSL);
            return;
        }
        if (this.isPeerUsingSSLAndWeAreNot) {
            sb.append(String.valueOf(GHMessages.AnalyzeEndpoint_PeerConfiguredAndWeAreNot) + "\n");
        }
        if (this.ctx != null && !this.isPeerUsingSSLAndWeAreNot) {
            sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_ClientConfigured) + "\n", this.ctx.getProtocol()));
        }
        String str = "";
        Iterator<Integer> it = this.protocols.iterator();
        while (it.hasNext()) {
            str = String.valueOf(String.valueOf(str) + versionString(it.next().intValue())) + (it.hasNext() ? ", " : "\n");
        }
        sb.append(MessageFormat.format(GHMessages.AnalyzeEndpoint_ServerProtocols, str));
        if (!this.isPeerUsingSSLAndWeAreNot) {
            sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_CommunicateUsing) + "\n", versionString(this.useVersion)));
        }
        if (this.certificates == null || this.certificates.length <= 0) {
            sb.append(String.valueOf(GHMessages.AnalyzeEndpoint_NoCertificate) + "\n");
            return;
        }
        sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_ServerPresented) + "\n", this.certificates[0].getSubjectDN()));
        if (this.isPeerUsingSSLAndWeAreNot) {
            return;
        }
        for (int i = 0; i < this.certificates.length - 1; i++) {
            if (this.certificates[i].getIssuerDN() != null) {
                sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_IssuedBy) + "\n", this.certificates[i].getIssuerDN()));
            }
        }
        try {
            this.certificates[0].checkValidity();
            sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_DateRangeValid) + "\n", this.certificates[0].getNotBefore(), this.certificates[0].getNotAfter()));
        } catch (Exception e) {
            sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_DateRangeError) + "\n", e.getLocalizedMessage()));
        }
        if (this.trustManager != null) {
            if (this.trustAll) {
                sb.append(GHMessages.AnalyzeEndpoint_trustAllEnabled);
            } else {
                try {
                    this.trustManager.checkTrusted(this.certificates);
                    sb.append(String.valueOf(GHMessages.AnalyzeEndpoint_ChainValid) + "\n");
                } catch (Exception e2) {
                    sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_ChainError) + "\n", e2.getLocalizedMessage()));
                }
                try {
                    this.trustManager.checkCN(this.certificates[0]);
                    sb.append(String.valueOf(GHMessages.AnalyzeEndpoint_PeerMatches) + "\n");
                } catch (Exception e3) {
                    Collection<List<?>> collection = null;
                    try {
                        collection = this.certificates[0].getSubjectAlternativeNames();
                    } catch (Exception unused) {
                    }
                    if (collection != null) {
                        sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_PeerCNWarning) + "\n", e3.getLocalizedMessage()));
                        try {
                            this.trustManager.checkAlternativeNames(collection);
                            sb.append(String.valueOf(MessageFormat.format(GHMessages.AnalyzeEndpoint_PeerSANMatches, Integer.valueOf(collection.size()))) + "\n");
                        } catch (Exception e4) {
                            sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_PeerSANError) + "\n", e4.getLocalizedMessage()));
                        }
                    } else {
                        sb.append(MessageFormat.format(String.valueOf(GHMessages.AnalyzeEndpoint_PeerCNError) + "\n", e3.getLocalizedMessage()));
                    }
                }
            }
        }
        if (this.isMutualAuth) {
            sb.append(GHMessages.AnalyzeEndpoint_MutualRequested);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00fa A[Catch: all -> 0x0128, all -> 0x0137, IOException -> 0x0156, TryCatch #1 {all -> 0x0137, blocks: (B:8:0x008d, B:10:0x00a2, B:19:0x00ae, B:21:0x00dc, B:25:0x00f2, B:27:0x00fa, B:30:0x010d, B:14:0x0120, B:40:0x012f, B:42:0x0136), top: B:7:0x008d, outer: #0 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean sendHTTPConnect(java.net.Socket r7, java.lang.String r8, int r9, java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 352
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ghc.ssl.analyze.AnalyzeEndpoint.sendHTTPConnect(java.net.Socket, java.lang.String, int, java.lang.String):boolean");
    }
}
