package defpackage;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
class czu implements cze {
    private final SSLSocketFactory a;
    private final daa b;
    private final int c;
    private final czs d;
    private final Set<String> e;
    private final Long f;
    private final boolean g;

    public czu(SSLSocketFactory sSLSocketFactory, daa daaVar, int i, czs czsVar, Set<String> set, Long l, boolean z) throws GeneralSecurityException {
        this.a = sSLSocketFactory;
        this.b = daaVar;
        this.c = i;
        this.d = czsVar;
        this.e = set;
        this.f = l;
        this.g = z;
    }

    @Override // defpackage.cze
    public czq a(String str, int i) throws IOException {
        Object[] array;
        SSLSocket sSLSocket = (SSLSocket) this.a.createSocket(str, i);
        sSLSocket.setSoTimeout(this.c);
        if (this.e != null && !this.e.isEmpty()) {
            if (this.g) {
                HashSet hashSet = new HashSet();
                String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
                for (int i2 = 0; i2 != supportedCipherSuites.length; i2++) {
                    hashSet.add(supportedCipherSuites[i2]);
                }
                ArrayList arrayList = new ArrayList();
                for (String str2 : this.e) {
                    if (hashSet.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
                if (arrayList.isEmpty()) {
                    throw new IllegalStateException("No supplied cipher suite is supported by the provider.");
                }
                array = arrayList.toArray(new String[arrayList.size()]);
            } else {
                array = this.e.toArray(new String[this.e.size()]);
            }
            sSLSocket.setEnabledCipherSuites((String[]) array);
        }
        sSLSocket.startHandshake();
        if (this.b != null && !this.b.a(str, sSLSocket.getSession())) {
            throw new IOException("Host name could not be verified.");
        }
        String c = dyr.c(sSLSocket.getSession().getCipherSuite());
        if (c.contains("_des_") || c.contains("_des40_") || c.contains("_3des_")) {
            throw new IOException("EST clients must not use DES ciphers");
        }
        if (dyr.c(sSLSocket.getSession().getCipherSuite()).contains("null")) {
            throw new IOException("EST clients must not use NULL ciphers");
        }
        if (dyr.c(sSLSocket.getSession().getCipherSuite()).contains("anon")) {
            throw new IOException("EST clients must not use anon ciphers");
        }
        if (dyr.c(sSLSocket.getSession().getCipherSuite()).contains("export")) {
            throw new IOException("EST clients must not use export ciphers");
        }
        if (sSLSocket.getSession().getProtocol().equalsIgnoreCase("tlsv1")) {
            try {
                sSLSocket.close();
            } catch (Exception unused) {
            }
            throw new IOException("EST clients must not use TLSv1");
        }
        if (this.b == null || this.b.a(str, sSLSocket.getSession())) {
            return new dab(sSLSocket, this.d, this.f);
        }
        throw new IOException("Hostname was not verified: " + str);
    }
}
