package net.i2p.router.client;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Collection;
import java.util.HashMap;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import net.i2p.crypto.KeyStoreUtil;
import net.i2p.router.RouterContext;
import net.i2p.util.I2PSSLSocketFactory;
import net.i2p.util.PortMapper;
import net.i2p.util.SecureDirectory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class SSLClientListenerRunner extends ClientListenerRunner {
    private static final String ASCII_KEYFILE = "i2cp.local.crt";
    private static final String KEY_ALIAS = "i2cp";
    private static final String PROP_KEYSTORE_PASSWORD = "i2cp.keystorePassword";
    private static final String PROP_KEY_PASSWORD = "i2cp.keyPassword";
    private SSLServerSocketFactory _factory;

    public SSLClientListenerRunner(RouterContext routerContext, ClientManager clientManager, int i) {
        super(routerContext, clientManager, i);
    }

    private boolean createKeyStore(File file) {
        String randomString = KeyStoreUtil.randomString();
        boolean createKeys = KeyStoreUtil.createKeys(file, KEY_ALIAS, "localhost", PortMapper.SVC_I2CP, randomString);
        if (createKeys && (createKeys = file.exists())) {
            HashMap hashMap = new HashMap();
            hashMap.put(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
            hashMap.put(PROP_KEY_PASSWORD, randomString);
            this._context.router().saveConfig(hashMap, (Collection<String>) null);
        }
        if (createKeys) {
            this._log.logAlways(20, "Created self-signed certificate for localhost in keystore: " + file.getAbsolutePath() + "\nThe certificate was generated randomly, and is not associated with your IP address, hostname, router identity, or destination keys.");
        } else {
            this._log.error("Failed to create I2CP SSL keystore.\nThis is for the Sun/Oracle keytool, others may be incompatible.\nIf you create the keystore manually, you must add i2cp.keystorePassword and i2cp.keyPassword to " + new File(this._context.getConfigDir(), "router.config").getAbsolutePath());
        }
        return createKeys;
    }

    private void exportCert(File file) {
        SecureDirectory secureDirectory = new SecureDirectory(this._context.getConfigDir(), "certificates/i2cp");
        if (!secureDirectory.exists() && !secureDirectory.mkdirs()) {
            this._log.error("Error saving ASCII SSL keys");
        } else {
            if (KeyStoreUtil.exportCert(file, this._context.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD), KEY_ALIAS, new File(secureDirectory, ASCII_KEYFILE))) {
                return;
            }
            this._log.error("Error getting SSL cert to save as ASCII");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x009e, code lost:
    
        if (r4 == null) goto L29;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00ad, code lost:
    
        return false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00a0, code lost:
    
        r4.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x00aa, code lost:
    
        if (r4 == null) goto L29;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean initializeFactory(java.io.File r11) {
        /*
            r10 = this;
            java.lang.String r0 = "Error loading SSL keys"
            net.i2p.router.RouterContext r1 = r10._context
            java.lang.String r2 = "i2cp.keystorePassword"
            java.lang.String r3 = "changeit"
            java.lang.String r1 = r1.getProperty(r2, r3)
            net.i2p.router.RouterContext r2 = r10._context
            java.lang.String r3 = "i2cp.keyPassword"
            java.lang.String r2 = r2.getProperty(r3)
            r3 = 0
            if (r2 != 0) goto L3f
            net.i2p.util.Log r11 = r10._log
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "No key password, set i2cp.keyPassword in "
            r0.append(r1)
            java.io.File r1 = new java.io.File
            net.i2p.router.RouterContext r2 = r10._context
            java.io.File r2 = r2.getConfigDir()
            java.lang.String r4 = "router.config"
            r1.<init>(r2, r4)
            java.lang.String r1 = r1.getAbsolutePath()
            r0.append(r1)
            java.lang.String r0 = r0.toString()
            r11.error(r0)
            return r3
        L3f:
            r4 = 0
            java.lang.String r5 = "TLS"
            javax.net.ssl.SSLContext r5 = javax.net.ssl.SSLContext.getInstance(r5)     // Catch: java.lang.Throwable -> L96 java.io.IOException -> L98 java.security.GeneralSecurityException -> La4
            java.lang.String r6 = java.security.KeyStore.getDefaultType()     // Catch: java.lang.Throwable -> L96 java.io.IOException -> L98 java.security.GeneralSecurityException -> La4
            java.security.KeyStore r6 = java.security.KeyStore.getInstance(r6)     // Catch: java.lang.Throwable -> L96 java.io.IOException -> L98 java.security.GeneralSecurityException -> La4
            java.io.FileInputStream r7 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L96 java.io.IOException -> L98 java.security.GeneralSecurityException -> La4
            r7.<init>(r11)     // Catch: java.lang.Throwable -> L96 java.io.IOException -> L98 java.security.GeneralSecurityException -> La4
            char[] r1 = r1.toCharArray()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r6.load(r7, r1)     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            java.lang.String r11 = r11.getAbsolutePath()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r8 = 15552000000(0x39ef8b000, double:7.683708924E-314)
            net.i2p.crypto.KeyStoreUtil.logCertExpiration(r6, r11, r8)     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            java.lang.String r11 = javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            javax.net.ssl.KeyManagerFactory r11 = javax.net.ssl.KeyManagerFactory.getInstance(r11)     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            char[] r1 = r2.toCharArray()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r11.init(r6, r1)     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            javax.net.ssl.KeyManager[] r11 = r11.getKeyManagers()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            net.i2p.router.RouterContext r1 = r10._context     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            net.i2p.util.RandomSource r1 = r1.random()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r5.init(r11, r4, r1)     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            javax.net.ssl.SSLServerSocketFactory r11 = r5.getServerSocketFactory()     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r10._factory = r11     // Catch: java.lang.Throwable -> L8d java.io.IOException -> L90 java.security.GeneralSecurityException -> L93
            r11 = 1
            r7.close()     // Catch: java.io.IOException -> L8c
        L8c:
            return r11
        L8d:
            r11 = move-exception
            r4 = r7
            goto Lae
        L90:
            r11 = move-exception
            r4 = r7
            goto L99
        L93:
            r11 = move-exception
            r4 = r7
            goto La5
        L96:
            r11 = move-exception
            goto Lae
        L98:
            r11 = move-exception
        L99:
            net.i2p.util.Log r1 = r10._log     // Catch: java.lang.Throwable -> L96
            r1.error(r0, r11)     // Catch: java.lang.Throwable -> L96
            if (r4 == 0) goto Lad
        La0:
            r4.close()     // Catch: java.io.IOException -> Lad
            goto Lad
        La4:
            r11 = move-exception
        La5:
            net.i2p.util.Log r1 = r10._log     // Catch: java.lang.Throwable -> L96
            r1.error(r0, r11)     // Catch: java.lang.Throwable -> L96
            if (r4 == 0) goto Lad
            goto La0
        Lad:
            return r3
        Lae:
            if (r4 == 0) goto Lb3
            r4.close()     // Catch: java.io.IOException -> Lb3
        Lb3:
            throw r11
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.router.client.SSLClientListenerRunner.initializeFactory(java.io.File):boolean");
    }

    private boolean verifyKeyStore(File file) {
        if (file.exists()) {
            boolean z = this._context.getProperty(PROP_KEY_PASSWORD) != null;
            if (!z) {
                this._log.error("I2CP SSL error, must set i2cp.keyPassword in " + new File(this._context.getConfigDir(), "router.config").getAbsolutePath());
            }
            return z;
        }
        File parentFile = file.getParentFile();
        if (!parentFile.exists() && !new SecureDirectory(parentFile.getAbsolutePath()).mkdir()) {
            return false;
        }
        boolean createKeyStore = createKeyStore(file);
        if (createKeyStore) {
            exportCert(file);
        }
        return createKeyStore;
    }

    @Override // net.i2p.router.client.ClientListenerRunner
    protected ServerSocket getServerSocket() throws IOException {
        ServerSocket createServerSocket;
        if (this._bindAllInterfaces) {
            if (this._log.shouldLog(20)) {
                this._log.info("Listening on port " + this._port + " on all interfaces");
            }
            createServerSocket = this._factory.createServerSocket(this._port);
        } else {
            String property = this._context.getProperty(ClientManagerFacadeImpl.PROP_CLIENT_HOST, "127.0.0.1");
            if (this._log.shouldLog(20)) {
                this._log.info("Listening on port " + this._port + " of the specific interface: " + property);
            }
            createServerSocket = this._factory.createServerSocket(this._port, 0, InetAddress.getByName(property));
        }
        I2PSSLSocketFactory.setProtocolsAndCiphers((SSLServerSocket) createServerSocket);
        return createServerSocket;
    }

    @Override // net.i2p.router.client.ClientListenerRunner
    protected void runServer() {
        File file = new File(this._context.getConfigDir(), "keystore/i2cp.ks");
        if (verifyKeyStore(file) && initializeFactory(file)) {
            super.runServer();
        } else {
            this._log.error("SSL I2CP server error - Failed to create or open key store");
        }
    }

    @Override // net.i2p.router.client.ClientListenerRunner
    protected boolean validate(Socket socket) {
        try {
            InputStream inputStream = socket.getInputStream();
            int soTimeout = socket.getSoTimeout();
            socket.setSoTimeout(20000);
            boolean z = inputStream.read() == 42;
            socket.setSoTimeout(soTimeout);
            return z;
        } catch (IOException unused) {
            if (this._log.shouldLog(30)) {
                this._log.warn("Peer did not authenticate themselves as I2CP quickly enough, dropping");
            }
            return false;
        }
    }
}
