package tls_proxy;

import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import ru.CryptoPro.JCP.KeyStore.StoreInputStream;
import ru.CryptoPro.JCP.tools.CertReader.Extension;

/* loaded from: classes3.dex */
public class SecureConnectionManager implements ConfigParameters {
    private final Address address;
    private final SSLSocketFactory sslSocketFactory;

    public SecureConnectionManager(Address address) {
        if (address == null) {
            throw new IllegalArgumentException("Address is null.");
        }
        this.address = address;
        try {
            this.sslSocketFactory = createSSLContext().getSocketFactory();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private SSLContext createSSLContext() throws Exception {
        KeyManagerFactory keyManagerFactory;
        ConfigReader configReader = ConfigReader.getInstance();
        String certStoreProvider = configReader.getCertStoreProvider();
        String certStoreType = configReader.getCertStoreType();
        String certStorePath = configReader.getCertStorePath();
        String certStorePassword = configReader.getCertStorePassword();
        String provider = configReader.getProvider();
        String protocol = configReader.getProtocol();
        if (certStoreType == null || certStoreType.isEmpty()) {
            certStoreType = "CertStore";
        }
        MainLogger.info("Trust store parameters for " + this.address.getHost() + ":\n\tprovider" + Extension.COLON_SPACE + certStoreProvider + "\n\ttype" + Extension.COLON_SPACE + certStoreType + "\n\tpath" + Extension.COLON_SPACE + certStorePath + "\n\t" + ConfigParameters.ADDRESS_CLIENT_AUTH_ENABLED + Extension.COLON_SPACE + this.address.isClientAuthEnabled() + "\n\t...");
        KeyStore keyStore = (certStoreProvider == null || certStoreProvider.isEmpty()) ? KeyStore.getInstance(certStoreType) : KeyStore.getInstance(certStoreType, certStoreProvider);
        keyStore.load(new FileInputStream(certStorePath), certStorePassword.toCharArray());
        if (this.address.isClientAuthEnabled()) {
            String keyType = this.address.getKeyType();
            String keyAlias = this.address.getKeyAlias();
            String keyPassword = this.address.getKeyPassword();
            MainLogger.info("Key store parameters for " + this.address.getHost() + ":\n\tprovider" + Extension.COLON_SPACE + provider + "\n\t" + ConfigParameters.ADDRESS_KEY_TYPE + Extension.COLON_SPACE + keyType + "\n\t" + ConfigParameters.ADDRESS_KEY_ALIAS + Extension.COLON_SPACE + keyAlias + "\n\t...");
            KeyStore keyStore2 = (provider == null || provider.isEmpty()) ? KeyStore.getInstance(keyType) : KeyStore.getInstance(keyType, provider);
            if (keyAlias == null || keyAlias.isEmpty()) {
                keyStore2.load(null, null);
            } else {
                keyStore2.load(new StoreInputStream(keyAlias), null);
            }
            keyManagerFactory = KeyManagerFactory.getInstance("GostX509", "JTLS");
            keyManagerFactory.init(keyStore2, keyPassword.toCharArray());
        } else {
            keyManagerFactory = null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("GostX509", "JTLS");
        trustManagerFactory.init(keyStore);
        MainLogger.info("Creating secure context with TLS protocol '" + protocol + "'...");
        SSLContext sSLContext = SSLContext.getInstance(protocol, "JTLS");
        sSLContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory.getTrustManagers(), null);
        MainLogger.info("Secure context created.");
        return sSLContext;
    }

    public SSLSocket getSSLSocket() throws Exception {
        SSLSocket sSLSocket = (SSLSocket) this.sslSocketFactory.createSocket(this.address.getHost(), this.address.getPort());
        String[] ciphers = ConfigReader.getInstance().getCiphers();
        if (ciphers != null) {
            sSLSocket.setEnabledCipherSuites(ciphers);
        }
        return sSLSocket;
    }
}
