package com.dropbox.internalclient;

import android.content.res.AssetManager;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: panda.py */
/* loaded from: classes.dex */
public final class be {
    private static final String[] a = {"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA"};

    public static KeyStore a(AssetManager assetManager) {
        KeyStore keyStore = KeyStore.getInstance("BKS");
        InputStream open = assetManager.open("root_certs.bks");
        keyStore.load(open, null);
        open.close();
        return keyStore;
    }

    public static SSLSocketFactory a(X509TrustManager x509TrustManager) {
        return new bf(b(x509TrustManager));
    }

    private static SSLSocketFactory b(X509TrustManager x509TrustManager) {
        dbxyzptlk.db8810400.ho.as.a(x509TrustManager);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        return sSLContext.getSocketFactory();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void b(String str, SSLSocket sSLSocket) {
        if (dbxyzptlk.db8810400.ka.d.a.verify(str, sSLSocket.getSession())) {
            return;
        }
        dbxyzptlk.db8810400.kd.f.a((Socket) sSLSocket);
        throw new SSLException("Failed hostname verification");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void b(SSLSocket sSLSocket) {
        List asList = Arrays.asList(sSLSocket.getSupportedProtocols());
        if (asList.contains("TLSv1.2")) {
            sSLSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
        } else if (asList.contains("TLSv1.0")) {
            sSLSocket.setEnabledProtocols(new String[]{"TLSv1.0"});
        } else {
            if (!asList.contains("TLSv1")) {
                throw new SSLException("Minimal TLS version 1 support required!");
            }
            sSLSocket.setEnabledProtocols(new String[]{"TLSv1"});
        }
        String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
        ArrayList arrayList = new ArrayList(Arrays.asList(a));
        arrayList.retainAll(Arrays.asList(supportedCipherSuites));
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
    }
}
