package com.google.android.libraries.stitch.sslguard;

import android.content.Context;
import android.os.Build;
import android.util.Log;
import com.google.android.libraries.stitch.sslguard.SslGuardConfig;
import java.lang.reflect.Field;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

/* loaded from: classes.dex */
public final class SslGuard {
    private static SslGuardProvider sProvider;
    SslGuardPatchInstaller patchInstaller;
    private static final String TAG = SslGuard.class.getSimpleName();
    private static final Object sLock = new Object();
    private static final String SOCKET_FACTORY_CLASS_NAME = SslGuardSocketFactory.class.getName();
    private static final String SERVER_SOCKET_FACTORY_CLASS_NAME = SslGuardServerSocketFactory.class.getName();

    private SslGuard() {
    }

    public SslGuard(SslGuardPatchInstaller sslGuardPatchInstaller) {
        this.patchInstaller = sslGuardPatchInstaller;
    }

    private void install(SslGuardConfig sslGuardConfig) {
        synchronized (sLock) {
            if (SslGuardConfig.getInstance() != null) {
                if (SslGuardConfig.getInstance().mode != sslGuardConfig.mode) {
                    throw new RuntimeException("Tried to install SslGuard with different config after it was already installed.");
                }
                return;
            }
            SslGuardConfig.configure(sslGuardConfig);
            if (sProvider == null) {
                sProvider = new SslGuardProvider();
            }
            if (Security.insertProviderAt(sProvider, 1) != 1) {
                throw new RuntimeException("Failed to install SslGuard with top priority.");
            }
            if (sslGuardConfig.mode != SslGuardConfig.ConfigurationMode.REFUSE_ALL) {
                SslGuardSocketFactory.initialize(this.patchInstaller);
                SslGuardServerSocketFactory.initialize(this.patchInstaller);
            }
            setDefaultSSLSocketFactory();
            setDefaultSSLContext();
            Log.i(TAG, "SslGuard completed installation.");
        }
    }

    private void setDefaultSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new SslGuardTrustManager()}, null);
            SSLContext.setDefault(sSLContext);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private void setDefaultSSLSocketFactory() {
        if (Build.VERSION.SDK_INT < 28) {
            try {
                SSLContext sSLContext = SSLContext.getInstance("Default");
                Field declaredField = SSLSocketFactory.class.getDeclaredField("defaultSocketFactory");
                declaredField.setAccessible(true);
                declaredField.set(null, sSLContext.getSocketFactory());
                Field declaredField2 = SSLServerSocketFactory.class.getDeclaredField("defaultServerSocketFactory");
                declaredField2.setAccessible(true);
                declaredField2.set(null, sSLContext.getServerSocketFactory());
            } catch (IllegalAccessException | NoSuchFieldException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        Security.setProperty("ssl.SocketFactory.provider", SOCKET_FACTORY_CLASS_NAME);
        Security.setProperty("ssl.ServerSocketFactory.provider", SERVER_SOCKET_FACTORY_CLASS_NAME);
    }

    public void installLazyProvider(Context context) {
        install(new SslGuardConfig(context, SslGuardConfig.ConfigurationMode.LAZY_STRICT));
    }
}
