package com.couchbase.lite.internal.replicator;

import androidx.annotation.GuardedBy;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import com.couchbase.lite.LiteCoreException;
import com.couchbase.lite.LogDomain;
import com.couchbase.lite.internal.core.C4Constants;
import com.couchbase.lite.internal.core.C4Replicator;
import com.couchbase.lite.internal.core.peers.TaggedWeakPeerBinding;
import com.couchbase.lite.internal.fleece.FLEncoder;
import com.couchbase.lite.internal.fleece.FLValue;
import com.couchbase.lite.internal.sockets.CBLSocketException;
import com.couchbase.lite.internal.sockets.CloseStatus;
import com.couchbase.lite.internal.sockets.OkHttpSocket;
import com.couchbase.lite.internal.sockets.SocketFromCore;
import com.couchbase.lite.internal.sockets.SocketFromRemote;
import com.couchbase.lite.internal.sockets.SocketState;
import com.couchbase.lite.internal.sockets.SocketToCore;
import com.couchbase.lite.internal.sockets.SocketToRemote;
import com.couchbase.lite.internal.support.Log;
import com.couchbase.lite.internal.utils.ClassUtils;
import com.couchbase.lite.internal.utils.Fn;
import com.couchbase.lite.internal.utils.StateMachine;
import com.couchbase.lite.internal.utils.StringUtils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InterfaceAddress;
import java.net.NetworkInterface;
import java.net.NoRouteToHostException;
import java.net.PortUnreachableException;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import okhttp3.Challenge;
import okhttp3.Cookie;
import okhttp3.CookieJar;
import okhttp3.Credentials;
import okhttp3.HttpUrl;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;

/* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket.class */
public abstract class AbstractCBLWebSocket implements SocketFromCore, SocketFromRemote, AutoCloseable {
    public static final int DEFAULT_HEARTBEAT_SEC = 300;
    public static final int MAX_AUTH_RETRIES = 3;
    public static final String HEADER_COOKIES = "Cookies";
    public static final String HEADER_USER_AGENT = "User-Agent";
    public static final String HEADER_AUTH = "Authorization";
    private static final String CHALLENGE_BASIC = "Basic";
    public static final String ERROR_INTERCEPTOR = "Interceptor Failure";
    private static final LogDomain LOG_DOMAIN = LogDomain.NETWORK;

    @NonNull
    private static final TaggedWeakPeerBinding<KeyManager> KEY_MANAGERS = new TaggedWeakPeerBinding<>();

    @NonNull
    private final SocketToCore toCore;

    @NonNull
    private final SocketToRemote toRemote;

    @NonNull
    private final URI uri;

    @Nullable
    private final Map<String, Object> options;

    @NonNull
    private final Fn.Consumer<List<Certificate>> serverCertsListener;

    @NonNull
    @GuardedBy("getPeerLock()")
    private final CBLCookieStore cookieStore;

    @NonNull
    @GuardedBy("getPeerLock()")
    private final StateMachine<SocketState> state = SocketState.getSocketStateMachine();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket$ConstrainedAddressSocketFactory.class */
    public static final class ConstrainedAddressSocketFactory extends SSLSocketFactory {

        @NonNull
        private final InetAddress localAddress;

        @NonNull
        private final SSLSocketFactory delegate;

        private ConstrainedAddressSocketFactory(@NonNull InetAddress inetAddress, @NonNull SSLSocketFactory sSLSocketFactory) {
            this.localAddress = inetAddress;
            this.delegate = sSLSocketFactory;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        @NonNull
        public String[] getDefaultCipherSuites() {
            return this.delegate.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        @NonNull
        public String[] getSupportedCipherSuites() {
            return this.delegate.getSupportedCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        @NonNull
        public Socket createSocket(@NonNull Socket socket, @NonNull String str, int i, boolean z) throws IOException {
            return this.delegate.createSocket(socket, str, i, z);
        }

        @Override // javax.net.SocketFactory
        @NonNull
        public Socket createSocket(@NonNull InetAddress inetAddress, int i) throws IOException {
            return createSocket(inetAddress, i, this.localAddress, 0);
        }

        @Override // javax.net.SocketFactory
        @NonNull
        public Socket createSocket(@NonNull InetAddress inetAddress, int i, @NonNull InetAddress inetAddress2, int i2) throws IOException {
            return this.delegate.createSocket(inetAddress, i, inetAddress2, i2);
        }

        @Override // javax.net.SocketFactory
        @NonNull
        public Socket createSocket(@NonNull String str, int i) throws IOException {
            return this.delegate.createSocket(str, i, this.localAddress, 0);
        }

        @Override // javax.net.SocketFactory
        @NonNull
        public Socket createSocket(@NonNull String str, int i, @NonNull InetAddress inetAddress, int i2) throws IOException {
            return this.delegate.createSocket(str, i, inetAddress, i2);
        }
    }

    /* loaded from: input_file:com/couchbase/lite/internal/replicator/AbstractCBLWebSocket$WebSocketCookieJar.class */
    private class WebSocketCookieJar implements CookieJar {
        private final boolean acceptParentDomain;

        WebSocketCookieJar(boolean z) {
            this.acceptParentDomain = z;
        }

        public void saveFromResponse(@NonNull HttpUrl httpUrl, @NonNull List<Cookie> list) {
            AbstractCBLWebSocket.this.cookieStore.setCookies(httpUrl.uri(), Fn.mapToList(list, (v0) -> {
                return v0.toString();
            }), this.acceptParentDomain);
        }

        @NonNull
        public List<Cookie> loadForRequest(@NonNull HttpUrl httpUrl) {
            ArrayList arrayList = new ArrayList();
            if (!AbstractCBLWebSocket.this.state.assertState(SocketState.UNOPENED, SocketState.OPENING)) {
                return arrayList;
            }
            if (AbstractCBLWebSocket.this.options != null) {
                Object obj = AbstractCBLWebSocket.this.options.get(C4Replicator.REPLICATOR_OPTION_COOKIES);
                if (obj instanceof String) {
                    arrayList.addAll(OkHttpSocket.parseCookies(httpUrl, (String) obj));
                }
            }
            String cookies = AbstractCBLWebSocket.this.cookieStore.getCookies(httpUrl.uri());
            if (cookies != null) {
                arrayList.addAll(OkHttpSocket.parseCookies(httpUrl, cookies));
            }
            return arrayList;
        }
    }

    public static long addKeyManager(@NonNull KeyManager keyManager) {
        long reserveKey = KEY_MANAGERS.reserveKey();
        KEY_MANAGERS.bind(reserveKey, keyManager);
        return reserveKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCBLWebSocket(@NonNull SocketToRemote socketToRemote, @NonNull SocketToCore socketToCore, @NonNull URI uri, @Nullable byte[] bArr, @NonNull CBLCookieStore cBLCookieStore, @NonNull Fn.Consumer<List<Certificate>> consumer) {
        this.toCore = socketToCore;
        this.toRemote = socketToRemote;
        this.uri = uri;
        this.options = bArr == null ? null : Collections.unmodifiableMap(FLValue.fromData(bArr).asDict());
        this.cookieStore = cBLCookieStore;
        this.serverCertsListener = consumer;
    }

    @NonNull
    public String toString() {
        return "CBLWebSocket@" + ClassUtils.objId(this) + "{" + this.toCore + " <=> " + this.toRemote + "(" + this.uri + ")}";
    }

    @Nullable
    @VisibleForTesting
    public Map<String, Object> getOptions() {
        return this.options;
    }

    @Nullable
    protected abstract CloseStatus handleClose(@NonNull Throwable th);

    protected abstract int handleCloseCause(@NonNull Throwable th);

    @Override // java.lang.AutoCloseable
    public void close() {
        Log.d(LOG_DOMAIN, "%s.close: %s", this, this.uri);
        this.toCore.requestCoreClose(new CloseStatus(C4Constants.WebSocketError.GOING_AWAY, "Closed by client"));
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromCore
    public final void coreRequestsOpen() {
        Log.d(LOG_DOMAIN, "%s.coreRequestedOpen", this);
        if (changeState(SocketState.OPENING)) {
            this.toRemote.openRemote(this.uri, this.options);
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromCore
    public final void coreWrites(@NonNull byte[] bArr) {
        int length = bArr.length;
        Log.d(LOG_DOMAIN, "%s.coreWrites(%d)", this, Integer.valueOf(length));
        if (assertState(SocketState.OPEN, SocketState.CLOSING)) {
            if (this.toRemote.writeToRemote(bArr)) {
                this.toCore.ackWriteToCore(length);
            } else {
                Log.i(LOG_DOMAIN, "CBLWebSocket failed to send data of length: " + length);
            }
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromCore
    public void coreAcksWrite(long j) {
        Log.d(LOG_DOMAIN, "%s.coreAckReceive: %d", this, Long.valueOf(j));
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromCore
    public final void coreRequestsClose(@NonNull CloseStatus closeStatus) {
        Log.d(LOG_DOMAIN, "%s.coreRequestsClose%s", this, closeStatus);
        if (assertState(SocketState.OPEN, SocketState.CLOSING)) {
            if (closeStatus.code > 100 && closeStatus.code < 600) {
                closeStatus = new CloseStatus(6, C4Constants.WebSocketError.POLICY_ERROR, closeStatus.message);
            }
            if (this.toRemote.closeRemote(closeStatus)) {
                return;
            }
            Log.d(LOG_DOMAIN, "%s.coreRequestsClose: Could not close remote", this);
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromCore
    public final void coreClosed() {
        Log.w(LOG_DOMAIN, "%s.coreClosed: ignoring unexpected call", this);
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    @NonNull
    public Object getLock() {
        return this.toCore.getLock();
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void setupRemoteSocketFactory(@NonNull OkHttpClient.Builder builder) {
        boolean z = false;
        if (this.options != null) {
            Object obj = this.options.get(C4Replicator.REPLICATOR_HEARTBEAT_INTERVAL);
            builder.pingInterval(obj instanceof Number ? ((Long) obj).longValue() : 300L, TimeUnit.SECONDS);
            Object obj2 = this.options.get(C4Replicator.REPLICATOR_OPTION_AUTHENTICATION);
            if (obj2 instanceof Map) {
                Map<?, ?> map = (Map) obj2;
                if ("Basic".equals(map.get(C4Replicator.REPLICATOR_AUTH_TYPE))) {
                    setupBasicAuthenticator(map, builder);
                }
            }
            Object obj3 = this.options.get(C4Replicator.REPLICATOR_OPTION_ACCEPT_PARENT_COOKIES);
            if (obj3 instanceof Boolean) {
                z = ((Boolean) obj3).booleanValue();
            }
        }
        builder.cookieJar(new WebSocketCookieJar(z));
        setupSSLSocketFactory(builder);
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void remoteOpened(int i, @Nullable Map<String, Object> map) {
        Log.d(LOG_DOMAIN, "%s.remoteOpened: %s", this, map);
        if (changeState(SocketState.OPEN)) {
            this.toCore.ackOpenToCore(i, encodHeaders(map));
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void remoteWrites(@NonNull byte[] bArr) {
        Log.d(LOG_DOMAIN, "%s.remoteWrites(%d)", this, Integer.valueOf(bArr.length));
        if (assertState(SocketState.OPEN, SocketState.CLOSING)) {
            this.toCore.writeToCore(bArr);
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void remoteRequestsClose(@NonNull CloseStatus closeStatus) {
        Log.d(LOG_DOMAIN, "%s.remoteRequestsClose: %s", this, closeStatus);
        if (changeState(SocketState.CLOSING)) {
            this.toCore.requestCoreClose(closeStatus);
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void remoteClosed(@NonNull CloseStatus closeStatus) {
        Log.d(LOG_DOMAIN, "%s.remoteClosed(%d): %s", this, closeStatus);
        if (changeState(SocketState.CLOSED)) {
            if (closeStatus.code == 1000) {
                closeStatus = new CloseStatus(1, 0, closeStatus.message);
            }
            this.toCore.closeCore(closeStatus);
        }
    }

    @Override // com.couchbase.lite.internal.sockets.SocketFromRemote
    public void remoteFailed(@NonNull Throwable th) {
        Log.d(LOG_DOMAIN, "%s.remoteFailed", th, this);
        if (changeState(SocketState.CLOSED)) {
            this.toCore.closeCore(getStatusForError(th));
        }
    }

    @NonNull
    @VisibleForTesting
    SocketState getSocketState() {
        return this.state.getCurrentState();
    }

    private boolean changeState(@NonNull SocketState socketState) {
        boolean state;
        synchronized (getLock()) {
            state = this.state.setState(socketState);
        }
        return state;
    }

    private boolean assertState(@NonNull SocketState... socketStateArr) {
        boolean assertState;
        synchronized (getLock()) {
            assertState = this.state.assertState(socketStateArr);
        }
        return assertState;
    }

    @Nullable
    private byte[] encodHeaders(@Nullable Map<String, Object> map) {
        try {
            FLEncoder managedEncoder = FLEncoder.getManagedEncoder();
            try {
                managedEncoder.write(map);
                byte[] finish = managedEncoder.finish();
                if (managedEncoder != null) {
                    managedEncoder.close();
                }
                return finish;
            } finally {
            }
        } catch (LiteCoreException e) {
            Log.w(LOG_DOMAIN, "CBLWebSocket failed to encode response headers", e);
            Log.d(LOG_DOMAIN, StringUtils.toString(map));
            return null;
        }
    }

    @NonNull
    private CloseStatus getStatusForError(@Nullable Throwable th) {
        int i;
        Log.i(LOG_DOMAIN, "WebSocket CLOSED with error", th);
        if (th == null) {
            return new CloseStatus(6, 0, null);
        }
        CloseStatus handleClose = handleClose(th);
        if (handleClose != null) {
            return handleClose;
        }
        int codeForError = getCodeForError(th);
        int i2 = 5;
        if (th instanceof SocketTimeoutException) {
            i = 3;
        } else if ((th instanceof NoRouteToHostException) || (th instanceof PortUnreachableException)) {
            i = 24;
        } else if ((th instanceof SocketException) || (th instanceof EOFException)) {
            i = 22;
        } else if (codeForError > 0) {
            i = codeForError;
        } else if (th instanceof UnknownHostException) {
            i = 2;
        } else if (th instanceof SSLHandshakeException) {
            i = 6;
        } else if ((th instanceof SSLKeyException) || (th instanceof SSLPeerUnverifiedException)) {
            i = 8;
        } else if (th instanceof SSLProtocolException) {
            i2 = 6;
            i = 1002;
        } else if (th instanceof SSLException) {
            i = 18;
        } else {
            i2 = 6;
            i = 1008;
        }
        return new CloseStatus(i2, i, th.toString());
    }

    private int getCodeForError(Throwable th) {
        Throwable cause = th.getCause();
        if (cause == null) {
            return -1;
        }
        int handleCloseCause = handleCloseCause(cause);
        if (handleCloseCause > 0) {
            return handleCloseCause;
        }
        if (cause instanceof CertificateExpiredException) {
            return 14;
        }
        return cause instanceof CertificateException ? 8 : 0;
    }

    private void setupBasicAuthenticator(@NonNull Map<?, ?> map, @NonNull OkHttpClient.Builder builder) {
        Object obj = map.get(C4Replicator.REPLICATOR_AUTH_USER_NAME);
        Object obj2 = map.get(C4Replicator.REPLICATOR_AUTH_PASSWORD);
        if ((obj2 instanceof String) && (obj instanceof String)) {
            String basic = Credentials.basic((String) obj, (String) obj2);
            builder.authenticator((route, response) -> {
                return authenticate(response, basic);
            });
            builder.addInterceptor(chain -> {
                Request request = chain.request();
                try {
                    return chain.proceed(chain.connection() != null ? request : request.newBuilder().header(HEADER_AUTH, basic).method(request.method(), request.body()).build());
                } catch (Exception e) {
                    Log.w(LOG_DOMAIN, "Interceptor failure on thread %s: (%s) \"%s\"", e, Thread.currentThread().toString(), request.method(), request.body());
                    return new Response.Builder().request(request).protocol(Protocol.HTTP_1_1).code(C4Constants.HttpError.INTERNAL_SERVER_ERROR).message(ERROR_INTERCEPTOR).body(ResponseBody.create(MediaType.parse("text/plain"), ERROR_INTERCEPTOR)).build();
                }
            });
        }
    }

    private void setupSSLSocketFactory(@NonNull OkHttpClient.Builder builder) {
        X509Certificate x509Certificate = null;
        boolean z = false;
        KeyManager[] keyManagerArr = null;
        InetAddress inetAddress = null;
        if (this.options != null) {
            Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_PINNED_SERVER_CERT);
            if (obj instanceof byte[]) {
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) obj));
                } catch (CertificateException e) {
                    Log.w(LOG_DOMAIN, "Can't parse pinned certificate.  Ignored", e);
                }
            }
            Object obj2 = this.options.get(C4Replicator.REPLICATOR_OPTION_SELF_SIGNED_SERVER_CERT);
            if (obj2 instanceof Boolean) {
                z = ((Boolean) obj2).booleanValue();
            }
            KeyManager authenticator = getAuthenticator();
            if (authenticator != null) {
                keyManagerArr = new KeyManager[]{authenticator};
            }
            Object obj3 = this.options.get(C4Replicator.SOCKET_OPTIONS_NETWORK_INTERFACE);
            if (obj3 instanceof String) {
                inetAddress = getSelectedInterface((String) obj3);
            }
        }
        CBLTrustManager cBLTrustManager = new CBLTrustManager(x509Certificate, z, this.serverCertsListener);
        try {
            SSLContext sSLContext = SSLContext.getInstance(C4Constants.LogDomain.TLS);
            sSLContext.init(keyManagerArr, new TrustManager[]{cBLTrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            builder.sslSocketFactory(inetAddress == null ? socketFactory : new ConstrainedAddressSocketFactory(inetAddress, socketFactory), cBLTrustManager);
            if (x509Certificate != null || z) {
                builder.hostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e2) {
            throw new CBLSocketException(6, C4Constants.WebSocketError.CANT_FULFILL, "Failed getting SSL context", e2);
        }
    }

    @Nullable
    private KeyManager getAuthenticator() {
        if (this.options == null) {
            return null;
        }
        Object obj = this.options.get(C4Replicator.REPLICATOR_OPTION_AUTHENTICATION);
        if (!(obj instanceof Map)) {
            return null;
        }
        Map map = (Map) obj;
        if (!C4Replicator.AUTH_TYPE_CLIENT_CERT.equals(map.get(C4Replicator.REPLICATOR_AUTH_TYPE))) {
            return null;
        }
        KeyManager keyManager = null;
        Object obj2 = map.get(C4Replicator.REPLICATOR_AUTH_CLIENT_CERT_KEY);
        if (obj2 instanceof Long) {
            keyManager = KEY_MANAGERS.getBinding(((Long) obj2).longValue());
        }
        if (keyManager == null) {
            Log.i(LOG_DOMAIN, "CBLWebSocket: No key manager configured for client certificate authentication");
        }
        return keyManager;
    }

    @Nullable
    @SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"})
    private Request authenticate(@NonNull Response response, @NonNull String str) {
        Log.d(LOG_DOMAIN, "%s.authenticate: %s", this, response);
        if (responseCount(response) >= 3) {
            return null;
        }
        List challenges = response.challenges();
        Log.d(LOG_DOMAIN, "challenges: %s", challenges);
        if (challenges == null) {
            return null;
        }
        Iterator it = challenges.iterator();
        while (it.hasNext()) {
            if ("Basic".equalsIgnoreCase(((Challenge) it.next()).scheme())) {
                return response.request().newBuilder().header(HEADER_AUTH, str).build();
            }
        }
        return null;
    }

    @NonNull
    private InetAddress getSelectedInterface(@NonNull String str) {
        List<InterfaceAddress> interfaceAddresses;
        try {
            Iterator it = Collections.list(NetworkInterface.getNetworkInterfaces()).iterator();
            while (it.hasNext()) {
                NetworkInterface networkInterface = (NetworkInterface) it.next();
                if (str.equals(networkInterface.getName()) && (interfaceAddresses = networkInterface.getInterfaceAddresses()) != null && !interfaceAddresses.isEmpty()) {
                    return interfaceAddresses.get(0).getAddress();
                }
            }
            try {
                return InetAddress.getByName(str);
            } catch (UnknownHostException e) {
                throw new CBLSocketException(5, 27, "Could not resolve specified interface: " + str, e);
            }
        } catch (SocketException e2) {
            throw new CBLSocketException(5, 20, "Could not get device interfaces", e2);
        }
    }

    private int responseCount(Response response) {
        int i = 1;
        while (true) {
            Response priorResponse = response.priorResponse();
            response = priorResponse;
            if (priorResponse == null) {
                return i;
            }
            i++;
        }
    }
}
