package com.squareup.okhttp.internal.http;

import android.support.v7.internal.widget.ActivityChooserView;
import com.squareup.okhttp.Address;
import com.squareup.okhttp.CertificatePinner;
import com.squareup.okhttp.Connection;
import com.squareup.okhttp.ConnectionPool;
import com.squareup.okhttp.ConnectionSpec;
import com.squareup.okhttp.Handshake;
import com.squareup.okhttp.Protocol;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import com.squareup.okhttp.Route;
import com.squareup.okhttp.internal.ConnectionSpecSelector;
import com.squareup.okhttp.internal.Platform;
import com.squareup.okhttp.internal.Util;
import com.squareup.okhttp.internal.tls.OkHostnameVerifier;
import java.io.IOException;
import java.net.Proxy;
import java.net.Socket;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import okio.Source;

/* loaded from: classes.dex */
public class SocketConnector {
    private final Connection connection;
    private final ConnectionPool connectionPool;

    /* loaded from: classes.dex */
    public class ConnectedSocket {
        public final Protocol alpnProtocol;
        public final Handshake handshake;
        public final Route route;
        public final Socket socket;

        public ConnectedSocket(Route route, Socket socket) {
            this.route = route;
            this.socket = socket;
            this.alpnProtocol = null;
            this.handshake = null;
        }

        public ConnectedSocket(Route route, SSLSocket sSLSocket, Protocol protocol, Handshake handshake) {
            this.route = route;
            this.socket = sSLSocket;
            this.alpnProtocol = protocol;
            this.handshake = handshake;
        }
    }

    public SocketConnector(Connection connection, ConnectionPool connectionPool) {
        this.connection = connection;
        this.connectionPool = connectionPool;
    }

    private Socket connectRawSocket(int i, int i2, Route route) throws RouteException {
        Platform platform = Platform.get();
        try {
            Proxy proxy = route.getProxy();
            Socket createSocket = (proxy.type() == Proxy.Type.DIRECT || proxy.type() == Proxy.Type.HTTP) ? route.getAddress().getSocketFactory().createSocket() : new Socket(proxy);
            createSocket.setSoTimeout(i);
            platform.connectSocket(createSocket, route.getSocketAddress(), i2);
            return createSocket;
        } catch (IOException e2) {
            throw new RouteException(e2);
        }
    }

    private void createTunnel(int i, int i2, Request request, Route route, Socket socket) throws RouteException {
        try {
            Request createTunnelRequest = createTunnelRequest(request);
            HttpConnection httpConnection = new HttpConnection(this.connectionPool, this.connection, socket);
            httpConnection.setTimeouts(i, i2);
            URL url = createTunnelRequest.url();
            String str = "CONNECT " + url.getHost() + ":" + Util.getEffectivePort(url) + " HTTP/1.1";
            do {
                httpConnection.writeRequest(createTunnelRequest.headers(), str);
                httpConnection.flush();
                Response build = httpConnection.readResponse().request(createTunnelRequest).build();
                long contentLength = OkHeaders.contentLength(build);
                if (contentLength == -1) {
                    contentLength = 0;
                }
                Source newFixedLengthSource = httpConnection.newFixedLengthSource(contentLength);
                Util.skipAll(newFixedLengthSource, ActivityChooserView.ActivityChooserViewAdapter.MAX_ACTIVITY_COUNT_UNLIMITED, TimeUnit.MILLISECONDS);
                newFixedLengthSource.close();
                switch (build.code()) {
                    case 200:
                        if (httpConnection.bufferSize() > 0) {
                            throw new IOException("TLS tunnel buffered too many bytes!");
                        }
                        return;
                    case 407:
                        createTunnelRequest = OkHeaders.processAuthHeader(route.getAddress().getAuthenticator(), build, route.getProxy());
                        break;
                    default:
                        throw new IOException("Unexpected response code for CONNECT: " + build.code());
                }
            } while (createTunnelRequest != null);
            throw new IOException("Failed to authenticate with proxy");
        } catch (IOException e2) {
            throw new RouteException(e2);
        }
    }

    private Request createTunnelRequest(Request request) throws IOException {
        String host = request.url().getHost();
        int effectivePort = Util.getEffectivePort(request.url());
        Request.Builder header = new Request.Builder().url(new URL("https", host, effectivePort, "/")).header("Host", effectivePort == Util.getDefaultPort("https") ? host : host + ":" + effectivePort).header("Proxy-Connection", "Keep-Alive");
        String header2 = request.header("User-Agent");
        if (header2 != null) {
            header.header("User-Agent", header2);
        }
        String header3 = request.header("Proxy-Authorization");
        if (header3 != null) {
            header.header("Proxy-Authorization", header3);
        }
        return header.build();
    }

    public ConnectedSocket connectCleartext(int i, int i2, Route route) throws RouteException {
        return new ConnectedSocket(route, connectRawSocket(i2, i, route));
    }

    public ConnectedSocket connectTls(int i, int i2, int i3, Request request, Route route, List<ConnectionSpec> list, boolean z) throws RouteException {
        IOException iOException;
        SSLSocket sSLSocket;
        boolean z2;
        SSLSocket sSLSocket2;
        String selectedProtocol;
        Address address = route.getAddress();
        ConnectionSpecSelector connectionSpecSelector = new ConnectionSpecSelector(list);
        RouteException routeException = null;
        do {
            RouteException routeException2 = routeException;
            Socket connectRawSocket = connectRawSocket(i2, i, route);
            if (route.requiresTunnel()) {
                createTunnel(i2, i3, request, route, connectRawSocket);
            }
            try {
                sSLSocket2 = (SSLSocket) address.getSslSocketFactory().createSocket(connectRawSocket, address.getUriHost(), address.getUriPort(), true);
            } catch (IOException e2) {
                iOException = e2;
                sSLSocket = null;
            }
            try {
                ConnectionSpec configureSecureSocket = connectionSpecSelector.configureSecureSocket(sSLSocket2);
                Platform platform = Platform.get();
                Protocol protocol = null;
                try {
                    if (configureSecureSocket.supportsTlsExtensions()) {
                        platform.configureTlsExtensions(sSLSocket2, address.getUriHost(), address.getProtocols());
                    }
                    sSLSocket2.startHandshake();
                    Handshake handshake = Handshake.get(sSLSocket2.getSession());
                    if (configureSecureSocket.supportsTlsExtensions() && (selectedProtocol = platform.getSelectedProtocol(sSLSocket2)) != null) {
                        protocol = Protocol.get(selectedProtocol);
                    }
                    platform.afterHandshake(sSLSocket2);
                    if (address.getHostnameVerifier().verify(address.getUriHost(), sSLSocket2.getSession())) {
                        address.getCertificatePinner().check(address.getUriHost(), handshake.peerCertificates());
                        return new ConnectedSocket(route, sSLSocket2, protocol, handshake);
                    }
                    X509Certificate x509Certificate = (X509Certificate) sSLSocket2.getSession().getPeerCertificates()[0];
                    throw new SSLPeerUnverifiedException("Hostname " + address.getUriHost() + " not verified:\n    certificate: " + CertificatePinner.pin(x509Certificate) + "\n    DN: " + x509Certificate.getSubjectDN().getName() + "\n    subjectAltNames: " + OkHostnameVerifier.allSubjectAltNames(x509Certificate));
                } catch (Throwable th) {
                    platform.afterHandshake(sSLSocket2);
                    throw th;
                }
            } catch (IOException e3) {
                iOException = e3;
                sSLSocket = sSLSocket2;
                z2 = z && connectionSpecSelector.connectionFailed(iOException);
                Util.closeQuietly((Socket) sSLSocket);
                Util.closeQuietly(connectRawSocket);
                if (routeException2 == null) {
                    routeException = new RouteException(iOException);
                } else {
                    routeException2.addConnectException(iOException);
                    routeException = routeException2;
                }
            }
        } while (z2);
        throw routeException;
    }
}
