package com.couchbase.lite.internal.replicator;

import android.support.annotation.GuardedBy;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import com.couchbase.lite.LiteCoreException;
import com.couchbase.lite.LogDomain;
import com.couchbase.lite.internal.core.C4Constants;
import com.couchbase.lite.internal.core.C4Replicator;
import com.couchbase.lite.internal.core.C4Socket;
import com.couchbase.lite.internal.core.NativeContext;
import com.couchbase.lite.internal.fleece.FLEncoder;
import com.couchbase.lite.internal.fleece.FLValue;
import com.couchbase.lite.internal.support.Log;
import com.couchbase.lite.internal.utils.Fn;
import com.couchbase.lite.internal.utils.StateMachine;
import com.couchbase.lite.internal.utils.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.net.NoRouteToHostException;
import java.net.PortUnreachableException;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.annotation.concurrent.ThreadSafe;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.TrustManager;
import okhttp3.Challenge;
import okhttp3.Cookie;
import okhttp3.CookieJar;
import okhttp3.Credentials;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.WebSocket;
import okhttp3.WebSocketListener;
import okio.ByteString;

/* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket.class */
public abstract class AbstractCBLWebSocket extends C4Socket {
    private static final int MAX_AUTH_RETRIES = 3;
    public static final int DEFAULT_HEARTBEAT_SEC = 300;
    private static final String HEADER_AUTH = "Authorization";
    public static final String HEADER_COOKIES = "Cookies";

    @NonNull
    private final URI uri;

    @NonNull
    private final OkHttpRemote okHttpRemote;

    @NonNull
    private final OkHttpClient okHttpSocketFactory;

    @Nullable
    private final Map<String, Object> options;

    @NonNull
    private final Fn.Consumer<List<Certificate>> serverCertsListener;

    @GuardedBy("getPeerLock()")
    @NonNull
    private final StateMachine<State> state;

    @GuardedBy("getPeerLock()")
    @NonNull
    private final CBLCookieStore cookieStore;

    @GuardedBy("getPeerLock()")
    private WebSocket webSocket;
    private static final LogDomain TAG = LogDomain.NETWORK;

    @NonNull
    private static final NativeContext<KeyManager> KEY_MANAGERS = new NativeContext<>();
    private static final StateMachine.Builder<State> WS_STATE_BUILDER = new StateMachine.Builder(State.class, State.INIT, State.FAILED).addTransition(State.INIT, State.CONNECTING, new State[0]).addTransition(State.CONNECTING, State.OPEN, State.CLOSE_REQUESTED, State.CLOSING, State.CLOSED).addTransition(State.OPEN, State.CLOSE_REQUESTED, State.CLOSING, State.CLOSED).addTransition(State.CLOSE_REQUESTED, State.CLOSING, State.CLOSED).addTransition(State.CLOSING, State.CLOSED, new State[0]);

    @NonNull
    private static final OkHttpClient BASE_HTTP_CLIENT = new OkHttpClient.Builder().connectTimeout(0, TimeUnit.SECONDS).readTimeout(0, TimeUnit.SECONDS).writeTimeout(0, TimeUnit.SECONDS).followRedirects(true).followSslRedirects(true).build();

    @ThreadSafe
    /* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket$OkHttpRemote.class */
    final class OkHttpRemote extends WebSocketListener {
        OkHttpRemote() {
        }

        public void onOpen(@NonNull WebSocket webSocket, @NonNull Response response) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP open: %s", AbstractCBLWebSocket.this, response);
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (!AbstractCBLWebSocket.this.state.setState(State.OPEN)) {
                    if (AbstractCBLWebSocket.this.state.assertState(State.CLOSED, State.FAILED)) {
                        webSocket.cancel();
                    }
                } else {
                    AbstractCBLWebSocket.this.webSocket = webSocket;
                    AbstractCBLWebSocket.this.receivedHTTPResponse(response);
                    AbstractCBLWebSocket.this.opened();
                    Log.i(AbstractCBLWebSocket.TAG, "WebSocket OPEN");
                }
            }
        }

        public void onMessage(@NonNull WebSocket webSocket, @NonNull String str) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP text data: %d", AbstractCBLWebSocket.this, Integer.valueOf(str.length()));
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (AbstractCBLWebSocket.this.state.assertState(State.OPEN)) {
                    AbstractCBLWebSocket.this.received(str.getBytes(StandardCharsets.UTF_8));
                } else {
                    if (AbstractCBLWebSocket.this.state.assertState(State.CLOSED, State.FAILED)) {
                        webSocket.cancel();
                    }
                }
            }
        }

        public void onMessage(@NonNull WebSocket webSocket, @NonNull ByteString byteString) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP byte data: %d", AbstractCBLWebSocket.this, Integer.valueOf(byteString.size()));
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (AbstractCBLWebSocket.this.state.assertState(State.OPEN)) {
                    AbstractCBLWebSocket.this.received(byteString.toByteArray());
                } else {
                    if (AbstractCBLWebSocket.this.state.assertState(State.CLOSED, State.FAILED)) {
                        webSocket.cancel();
                    }
                }
            }
        }

        public void onClosing(@NonNull WebSocket webSocket, int i, @NonNull String str) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP closing: %s", AbstractCBLWebSocket.this, str);
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (AbstractCBLWebSocket.this.state.setState(State.CLOSE_REQUESTED)) {
                    AbstractCBLWebSocket.this.closeRequested(i, str);
                } else {
                    if (AbstractCBLWebSocket.this.state.assertState(State.CLOSED, State.FAILED)) {
                        webSocket.cancel();
                    }
                }
            }
        }

        public void onClosed(@NonNull WebSocket webSocket, int i, @NonNull String str) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP closed: (%d) %s", AbstractCBLWebSocket.this, Integer.valueOf(i), str);
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (AbstractCBLWebSocket.this.state.setState(State.CLOSED)) {
                    AbstractCBLWebSocket.this.closeWithCode(i, str);
                }
            }
        }

        public void onFailure(@NonNull WebSocket webSocket, @NonNull Throwable th, @Nullable Response response) {
            Log.d(AbstractCBLWebSocket.TAG, "%s#OkHTTP failed: %s", th, AbstractCBLWebSocket.this, response);
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (AbstractCBLWebSocket.this.state.assertState(State.CLOSED, State.FAILED)) {
                    webSocket.cancel();
                    return;
                }
                AbstractCBLWebSocket.this.state.setState(State.FAILED);
                if (response == null) {
                    AbstractCBLWebSocket.this.closeWithError(th);
                } else {
                    AbstractCBLWebSocket.this.closeWithCode(response.code(), response.message());
                }
            }
        }
    }

    /* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket$State.class */
    private enum State {
        INIT,
        CONNECTING,
        OPEN,
        CLOSE_REQUESTED,
        CLOSING,
        CLOSED,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket$WebSocketCookieJar.class */
    public class WebSocketCookieJar implements CookieJar {
        private final boolean acceptParentDomain;

        WebSocketCookieJar(boolean z) {
            this.acceptParentDomain = z;
        }

        public void saveFromResponse(@NonNull HttpUrl httpUrl, @NonNull List<Cookie> list) {
            ArrayList arrayList = new ArrayList(list.size());
            Iterator<Cookie> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().toString());
            }
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                AbstractCBLWebSocket.this.cookieStore.setCookies(httpUrl.uri(), arrayList, this.acceptParentDomain);
            }
        }

        @NonNull
        public List<Cookie> loadForRequest(@NonNull HttpUrl httpUrl) {
            String str;
            ArrayList arrayList = new ArrayList();
            synchronized (AbstractCBLWebSocket.this.getPeerLock()) {
                if (!AbstractCBLWebSocket.this.state.assertState(State.INIT, State.CONNECTING)) {
                    return arrayList;
                }
                if (AbstractCBLWebSocket.this.options != null && (str = (String) AbstractCBLWebSocket.this.options.get(C4Replicator.REPLICATOR_OPTION_COOKIES)) != null) {
                    arrayList.addAll(CBLCookieStore.parseCookies(httpUrl, str));
                }
                String cookies = AbstractCBLWebSocket.this.cookieStore.getCookies(httpUrl.uri());
                if (cookies != null) {
                    arrayList.addAll(CBLCookieStore.parseCookies(httpUrl, cookies));
                }
                return arrayList;
            }
        }
    }

    public static int addKeyManager(@NonNull KeyManager keyManager) {
        int reserveKey = KEY_MANAGERS.reserveKey();
        KEY_MANAGERS.bind(reserveKey, keyManager);
        return reserveKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCBLWebSocket(long j, @NonNull URI uri, @Nullable byte[] bArr, @NonNull CBLCookieStore cBLCookieStore, @NonNull Fn.Consumer<List<Certificate>> consumer) throws GeneralSecurityException {
        super(j);
        this.state = WS_STATE_BUILDER.build();
        this.uri = uri;
        this.options = bArr == null ? null : Collections.unmodifiableMap(FLValue.fromData(bArr).asDict());
        this.cookieStore = cBLCookieStore;
        this.serverCertsListener = consumer;
        this.okHttpSocketFactory = setupOkHttpFactory();
        this.okHttpRemote = new OkHttpRemote();
    }

    @Override // com.couchbase.lite.internal.core.C4NativePeer
    @NonNull
    public String toString() {
        return "CBLWebSocket{@" + super.toString() + ": " + this.uri + "}";
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        Log.d(TAG, "%s#External told to close: %s", this, this.uri);
        synchronized (getPeerLock()) {
            if (this.state.setState(State.CLOSE_REQUESTED)) {
                closeRequested(C4Constants.WebSocketError.GOING_AWAY, "Closed by client");
            } else if (!this.state.setState(State.CLOSING)) {
                this.state.setState(State.CLOSED);
            } else {
                if (this.webSocket != null) {
                    closeWebSocket(C4Constants.WebSocketError.GOING_AWAY, "Closed by client");
                }
            }
        }
    }

    @VisibleForTesting
    @NonNull
    public final OkHttpClient getOkHttpSocketFactory() {
        return this.okHttpSocketFactory;
    }

    @VisibleForTesting
    @Nullable
    public Map<String, Object> getOptions() {
        return this.options;
    }

    protected abstract boolean handleClose(Throwable th);

    protected abstract int handleCloseCause(Throwable th);

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected final void openSocket() {
        Log.d(TAG, "%s#Core connect: %s", this, this.uri);
        synchronized (getPeerLock()) {
            if (this.state.setState(State.CONNECTING)) {
                this.okHttpSocketFactory.newWebSocket(newRequest(), this.okHttpRemote);
            }
        }
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected final void send(@NonNull byte[] bArr) {
        Log.d(TAG, "%s#Core send: %d", this, Integer.valueOf(bArr.length));
        synchronized (getPeerLock()) {
            if (this.state.assertState(State.OPEN)) {
                if (this.webSocket.send(ByteString.of(bArr, 0, bArr.length))) {
                    completedWrite(bArr.length);
                } else {
                    Log.i(TAG, "CBLWebSocket failed to send data of length = " + bArr.length);
                }
            }
        }
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected final void completedReceive(long j) {
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected final void requestClose(int i, String str) {
        Log.d(TAG, "%s#Core request close: %d", this, Integer.valueOf(i));
        synchronized (getPeerLock()) {
            if (this.state.setState(State.CLOSING)) {
                if (this.webSocket != null) {
                    closeWebSocket(i, str);
                } else {
                    this.state.setState(State.CLOSED);
                    closeWithCode(i, str);
                }
            }
        }
    }

    @Override // com.couchbase.lite.internal.core.C4Socket
    protected final void closeSocket() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    @GuardedBy("getPeerLock()")
    public void receivedHTTPResponse(@NonNull Response response) {
        Log.d(TAG, "CBLWebSocket received HTTP response %s", response);
        Headers headers = response.headers();
        if (headers == null || headers.size() <= 0) {
            return;
        }
        byte[] bArr = null;
        HashMap hashMap = new HashMap();
        for (int i = 0; i < headers.size(); i++) {
            hashMap.put(headers.name(i), headers.value(i));
        }
        try {
            FLEncoder managedEncoder = FLEncoder.getManagedEncoder();
            try {
                managedEncoder.write(hashMap);
                bArr = managedEncoder.finish();
                if (managedEncoder != null) {
                    managedEncoder.close();
                }
            } finally {
            }
        } catch (LiteCoreException e) {
            Log.w(TAG, "CBLWebSocket failed to encode response headers", e);
            Log.d(TAG, StringUtils.toString(hashMap));
        }
        gotHTTPResponse(response.code(), bArr);
    }

    @GuardedBy("getPeerLock()")
    private void closeWebSocket(int i, String str) {
        if (i > 100 && i < 600) {
            i = 1008;
        }
        if (this.webSocket.close(i, str)) {
            return;
        }
        Log.i(TAG, "CBLWebSocket failed to initiate a graceful shutdown of this web socket.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    @GuardedBy("getPeerLock()")
    public void closeWithCode(int i, String str) {
        Log.v(TAG, "WebSocket CLOSED with code: " + i + "(" + str + ")");
        if (i == 1000) {
            closed(1, 0, null);
        } else {
            closed(6, i, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @GuardedBy("getPeerLock()")
    public void closeWithError(@Nullable Throwable th) {
        int i;
        Log.i(TAG, "WebSocket CLOSED with error", th);
        if (th == null) {
            closed(6, 0, null);
            return;
        }
        if (handleClose(th)) {
            return;
        }
        int codeForCause = getCodeForCause(th);
        int i2 = 5;
        if ((th instanceof NoRouteToHostException) || (th instanceof PortUnreachableException) || (th instanceof SocketTimeoutException)) {
            i = 24;
        } else if ((th instanceof SocketException) || (th instanceof EOFException)) {
            i = 22;
        } else if (codeForCause > 0) {
            i = codeForCause;
        } else if (th instanceof UnknownHostException) {
            i = 2;
        } else if (th instanceof SSLHandshakeException) {
            i = 6;
        } else if ((th instanceof SSLKeyException) || (th instanceof SSLPeerUnverifiedException)) {
            i = 8;
        } else if (th instanceof SSLProtocolException) {
            i2 = 6;
            i = 1002;
        } else if (th instanceof SSLException) {
            i = 16;
        } else {
            i2 = 6;
            i = 1008;
        }
        closed(i2, i, th.toString());
    }

    private int getCodeForCause(Throwable th) {
        Throwable cause = th.getCause();
        if (cause == null) {
            return -1;
        }
        int handleCloseCause = handleCloseCause(cause);
        if (handleCloseCause > 0) {
            return handleCloseCause;
        }
        if (cause instanceof CertificateExpiredException) {
            return 14;
        }
        return cause instanceof CertificateException ? 8 : 0;
    }

    @NonNull
    private OkHttpClient setupOkHttpFactory() throws GeneralSecurityException {
        OkHttpClient.Builder newBuilder = BASE_HTTP_CLIENT.newBuilder();
        boolean z = false;
        if (this.options != null) {
            Object obj = this.options.get(C4Replicator.REPLICATOR_HEARTBEAT_INTERVAL);
            newBuilder.pingInterval(obj instanceof Number ? ((Long) obj).longValue() : 300L, TimeUnit.SECONDS);
            Object obj2 = this.options.get(C4Replicator.REPLICATOR_OPTION_ACCEPT_PARENT_COOKIES);
            if (obj2 instanceof Boolean) {
                z = ((Boolean) obj2).booleanValue();
            }
        }
        setupBasicAuthenticator(newBuilder);
        newBuilder.cookieJar(new WebSocketCookieJar(z));
        setupSSLSocketFactory(newBuilder);
        return newBuilder.build();
    }

    @NonNull
    private Request newRequest() {
        Request.Builder builder = new Request.Builder();
        builder.url(this.uri.toString());
        String host = this.uri.getHost();
        if (this.uri.getPort() >= 0) {
            host = host + ":" + this.uri.getPort();
        }
        builder.header("Host", host);
        if (this.options != null) {
            Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_EXTRA_HEADERS);
            if (obj instanceof Map) {
                for (Map.Entry entry : ((Map) obj).entrySet()) {
                    builder.header(entry.getKey().toString(), entry.getValue().toString());
                }
            }
            Object obj2 = this.options.get(C4Replicator.SOCKET_OPTION_WS_PROTOCOLS);
            if (obj2 instanceof String) {
                builder.header("Sec-WebSocket-Protocol", (String) obj2);
            }
        }
        return builder.build();
    }

    private void setupBasicAuthenticator(@NonNull OkHttpClient.Builder builder) {
        if (this.options == null) {
            return;
        }
        Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_AUTHENTICATION);
        if (obj instanceof Map) {
            Map map = (Map) obj;
            if (C4Replicator.AUTH_TYPE_BASIC.equals(map.get(C4Replicator.REPLICATOR_AUTH_TYPE))) {
                Object obj2 = map.get(C4Replicator.REPLICATOR_AUTH_USER_NAME);
                if (obj2 instanceof String) {
                    Object obj3 = map.get(C4Replicator.REPLICATOR_AUTH_PASSWORD);
                    if (obj3 instanceof String) {
                        String basic = Credentials.basic((String) obj2, (String) obj3);
                        builder.authenticator((route, response) -> {
                            return authenticate(response, basic);
                        });
                        builder.addInterceptor(chain -> {
                            Request request = chain.request();
                            try {
                                return chain.proceed(chain.connection() != null ? request : request.newBuilder().header(HEADER_AUTH, basic).method(request.method(), request.body()).build());
                            } catch (IOException e) {
                                throw e;
                            } catch (Exception e2) {
                                throw new IOException("Unexpected interceptor failure @" + Thread.currentThread() + ": " + request.method() + " \"" + request.body() + "\"", e2);
                            }
                        });
                    }
                }
            }
        }
    }

    private void setupSSLSocketFactory(@NonNull OkHttpClient.Builder builder) throws GeneralSecurityException {
        X509Certificate x509Certificate = null;
        boolean z = false;
        KeyManager[] keyManagerArr = null;
        if (this.options != null) {
            Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_PINNED_SERVER_CERT);
            if (obj instanceof byte[]) {
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) obj));
                } catch (CertificateException e) {
                    Log.w(TAG, "Can't parse pinned certificate.  Ignored", e);
                }
            }
            Object obj2 = this.options.get(C4Replicator.REPLICATOR_OPTION_SELF_SIGNED_SERVER_CERT);
            if (obj2 instanceof Boolean) {
                z = ((Boolean) obj2).booleanValue();
            }
            KeyManager authenticator = getAuthenticator();
            if (authenticator != null) {
                keyManagerArr = new KeyManager[]{authenticator};
            }
        }
        CBLTrustManager cBLTrustManager = new CBLTrustManager(x509Certificate, z, this.serverCertsListener);
        SSLContext sSLContext = SSLContext.getInstance(C4Constants.LogDomain.TLS);
        sSLContext.init(keyManagerArr, new TrustManager[]{cBLTrustManager}, null);
        builder.sslSocketFactory(sSLContext.getSocketFactory(), cBLTrustManager);
        if (x509Certificate != null || z) {
            builder.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
        }
    }

    @Nullable
    private KeyManager getAuthenticator() {
        if (this.options == null) {
            return null;
        }
        Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_AUTHENTICATION);
        if (!(obj instanceof Map)) {
            return null;
        }
        Map map = (Map) obj;
        if (!C4Replicator.AUTH_TYPE_CLIENT_CERT.equals(map.get(C4Replicator.REPLICATOR_AUTH_TYPE))) {
            return null;
        }
        KeyManager keyManager = null;
        Object obj2 = map.get(C4Replicator.REPLICATOR_AUTH_CLIENT_CERT_KEY);
        if (obj2 instanceof Long) {
            keyManager = KEY_MANAGERS.getObjFromContext(((Long) obj2).longValue());
        }
        if (keyManager == null) {
            Log.i(TAG, "No key manager configured for client certificate authentication");
        }
        return keyManager;
    }

    @Nullable
    private Request authenticate(@NonNull Response response, @NonNull String str) {
        Log.d(TAG, "CBLWebSocket.authenticate: %s", response);
        if (responseCount(response) >= 3) {
            return null;
        }
        List challenges = response.challenges();
        Log.d(TAG, "CBLWebSocket challenges: %s", challenges);
        if (challenges == null) {
            return null;
        }
        Iterator it = challenges.iterator();
        while (it.hasNext()) {
            if (C4Replicator.AUTH_TYPE_BASIC.equalsIgnoreCase(((Challenge) it.next()).scheme())) {
                return response.request().newBuilder().header(HEADER_AUTH, str).build();
            }
        }
        return null;
    }

    private int responseCount(Response response) {
        int i = 1;
        while (true) {
            Response priorResponse = response.priorResponse();
            response = priorResponse;
            if (priorResponse == null) {
                return i;
            }
            i++;
        }
    }
}
