package com.mk.tigervnc.rfb;

import android.os.Message;
import com.mk.imVNC.VncCanvas;
import com.mk.tigervnc.rdr.InStream;
import com.mk.tigervnc.rdr.JavaInStream;
import com.mk.tigervnc.rdr.JavaOutStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CSecurityTLS extends CSecurity {
    private boolean anon;
    private String cafile;
    protected CConnection cc;
    private String crlfile;
    private InStream is;
    private SSLSession session;
    private SSLSocket ssl;
    TrustManager[] trustAllCerts;
    VncCanvas vncCanvas;
    public static StringParameter x509ca = new StringParameter("x509ca", "X509 CA certificate", "");
    public static StringParameter x509crl = new StringParameter("x509crl", "X509 CRL file", "");
    static LogWriter vlog = new LogWriter("CSecurityTLS");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class MyHandshakeListener implements HandshakeCompletedListener {
        MyHandshakeListener() {
        }

        @Override // javax.net.ssl.HandshakeCompletedListener
        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
            CSecurityTLS.vlog.info("Handshake succesful!");
            CSecurityTLS.vlog.info("Using cipher suite: " + handshakeCompletedEvent.getCipherSuite());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class MyX509TrustManager implements X509TrustManager {
        X509TrustManager tm;

        MyX509TrustManager() throws GeneralSecurityException {
            File file;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("BKS");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                keyStore.load(null, null);
                file = new File(CSecurityTLS.this.cafile);
            } catch (FileNotFoundException e) {
                CSecurityTLS.vlog.error(e.toString());
            } catch (IOException e2) {
                CSecurityTLS.vlog.error(e2.toString());
            }
            if (file.exists() && file.canRead()) {
                keyStore.setCertificateEntry("CA", (X509Certificate) certificateFactory.generateCertificate(new FileInputStream(CSecurityTLS.this.cafile)));
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
                File file2 = new File(CSecurityTLS.this.crlfile);
                if (file2.exists() && file2.canRead()) {
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificateFactory.generateCRLs(new FileInputStream(CSecurityTLS.this.crlfile)))));
                    pKIXBuilderParameters.setRevocationEnabled(true);
                } else {
                    pKIXBuilderParameters.setRevocationEnabled(false);
                }
                trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                this.tm = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.tm != null) {
                this.tm.checkClientTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                if (this.tm == null) {
                    throw new CertificateException("The authenticity of the server's certificate could not be established.");
                }
                this.tm.checkClientTrusted(x509CertificateArr, str);
            } catch (java.lang.Exception e) {
                Message message = new Message();
                message.setTarget(CSecurityTLS.this.vncCanvas.handler);
                message.what = 1;
                message.obj = x509CertificateArr[0];
                CSecurityTLS.this.vncCanvas.handler.sendMessage(message);
                while (!CSecurityTLS.this.vncCanvas.certificateAccepted) {
                    try {
                        Thread.sleep(100L);
                    } catch (InterruptedException e2) {
                        e2.printStackTrace();
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            if (this.tm != null) {
                return this.tm.getAcceptedIssuers();
            }
            return null;
        }
    }

    public CSecurityTLS(boolean z, VncCanvas vncCanvas) {
        this.vncCanvas = vncCanvas;
        this.anon = z;
        setDefaults();
        this.cafile = x509ca.getData();
        this.crlfile = x509crl.getData();
    }

    private void initGlobal() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            if (this.anon) {
                sSLContext.init(null, null, null);
            } else {
                sSLContext.init(null, new TrustManager[]{new MyX509TrustManager()}, null);
            }
            try {
                this.ssl = (SSLSocket) sSLContext.getSocketFactory().createSocket(CConnection.sock, CConnection.sock.getInetAddress().getHostName(), CConnection.sock.getPort(), true);
                this.ssl.setTcpNoDelay(true);
                if (this.anon) {
                    ArrayList arrayList = new ArrayList();
                    String[] supportedCipherSuites = this.ssl.getSupportedCipherSuites();
                    for (int i = 0; i < supportedCipherSuites.length; i++) {
                        if (supportedCipherSuites[i].matches("TLS_DH_anon.*")) {
                            arrayList.add(supportedCipherSuites[i]);
                        }
                    }
                    if (arrayList.size() == 0) {
                        throw new Exception("Your device lacks support for ciphers necessary for this encryption mode (Anonymous Diffie-Hellman ciphers). This is a known issue with devices running Android 2.2.x and older. You can work around this by using VeNCrypt with x509 certificates instead.");
                    }
                    this.ssl.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
                } else {
                    this.ssl.setEnabledCipherSuites(this.ssl.getSupportedCipherSuites());
                }
                this.ssl.setEnabledProtocols(this.ssl.getSupportedProtocols());
                this.ssl.addHandshakeCompletedListener(new MyHandshakeListener());
            } catch (IOException e) {
                throw new Exception(e.toString());
            }
        } catch (GeneralSecurityException e2) {
            vlog.error("TLS handshake failed " + e2.toString());
        }
    }

    public static void setDefaults() {
        if (0 == 0) {
            vlog.error("Could not obtain VNC home directory path");
            return;
        }
        String str = new String(String.valueOf((Object) null) + "x509_ca.pem");
        String str2 = new String(String.valueOf((Object) null) + "x509_crl.pem");
        if (new File(str).exists()) {
            x509ca.setDefaultStr(str);
        }
        if (new File(str2).exists()) {
            x509crl.setDefaultStr(str2);
        }
    }

    @Override // com.mk.tigervnc.rfb.CSecurity
    public final String description() {
        return this.anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth";
    }

    @Override // com.mk.tigervnc.rfb.CSecurity
    public final int getType() {
        return this.anon ? 257 : 260;
    }

    @Override // com.mk.tigervnc.rfb.CSecurity
    public boolean processMsg(CConnection cConnection) {
        this.is = cConnection.getInStream();
        initGlobal();
        if (!this.is.checkNoWait(1)) {
            return false;
        }
        if (this.is.readU8() == 0) {
            int readU32 = this.is.readU32();
            throw new AuthFailureException((readU32 == 1 || readU32 == 2) ? this.is.readString() : new String("Authentication failure (protocol error)"));
        }
        this.session = this.ssl.getSession();
        if (!this.session.isValid()) {
            throw new Exception("TLS Handshake failed!");
        }
        try {
            cConnection.setStreams(new JavaInStream(this.ssl.getInputStream()), new JavaOutStream(this.ssl.getOutputStream()));
            return true;
        } catch (IOException e) {
            throw new Exception("Failed to set streams");
        }
    }
}
