package android.androidVNC;

import java.io.StringBufferInputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class X509Tunnel extends TLSTunnelBase {
    Certificate cert;

    public X509Tunnel(Socket socket, String str) throws CertificateException {
        super(socket);
        if (str != null) {
            this.cert = CertificateFactory.getInstance("X.509").generateCertificate(new StringBufferInputStream(str));
        }
    }

    @Override // android.androidVNC.TLSTunnelBase
    protected void initContext(SSLContext sSLContext) throws GeneralSecurityException {
        TrustManager[] trustManagers;
        if (this.cert != null) {
            trustManagers = new TrustManager[]{new X509TrustManager() { // from class: android.androidVNC.X509Tunnel.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    throw new CertificateException("no clients");
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    boolean z;
                    if (x509CertificateArr == null || x509CertificateArr.length < 1) {
                        throw new CertificateException("no certs");
                    }
                    if (x509CertificateArr == null || x509CertificateArr.length > 1) {
                        throw new CertificateException("cert path too long");
                    }
                    try {
                        x509CertificateArr[0].verify(X509Tunnel.this.cert.getPublicKey());
                        z = true;
                    } catch (Exception e) {
                        z = false;
                    }
                    if (!z && !X509Tunnel.this.cert.equals(x509CertificateArr[0])) {
                        throw new CertificateException("certificate does not match");
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }};
        } else {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(KeyStore.getInstance(KeyStore.getDefaultType()));
            trustManagers = trustManagerFactory.getTrustManagers();
        }
        sSLContext.init(null, trustManagers, null);
    }

    @Override // android.androidVNC.TLSTunnelBase
    protected void setParam(SSLSocket sSLSocket) {
        ArrayList arrayList = new ArrayList();
        String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
        for (int i = 0; i < supportedCipherSuites.length; i++) {
            if (!supportedCipherSuites[i].matches(".*DH_anon.*")) {
                arrayList.add(supportedCipherSuites[i]);
            }
        }
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
    }
}
