package okhttp3.internal.connection;

import com.facebook.common.time.Clock;
import java.io.IOException;
import java.lang.ref.Reference;
import java.net.ConnectException;
import java.net.ProtocolException;
import java.net.Proxy;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.UnknownServiceException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import okhttp3.HttpUrl;
import okhttp3.Protocol;
import okhttp3.a;
import okhttp3.aa;
import okhttp3.ac;
import okhttp3.ae;
import okhttp3.g;
import okhttp3.internal.Internal;
import okhttp3.internal.Util;
import okhttp3.internal.Version;
import okhttp3.internal.http.HttpCodec;
import okhttp3.internal.http.HttpHeaders;
import okhttp3.internal.http1.Http1Codec;
import okhttp3.internal.http2.ErrorCode;
import okhttp3.internal.http2.Http2Codec;
import okhttp3.internal.http2.Http2Connection;
import okhttp3.internal.http2.Http2Stream;
import okhttp3.internal.platform.Platform;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.internal.ws.RealWebSocket;
import okhttp3.j;
import okhttp3.k;
import okhttp3.l;
import okhttp3.t;
import okhttp3.y;
import okio.d;
import okio.e;
import okio.o;
import okio.w;

/* loaded from: classes.dex */
public final class RealConnection extends Http2Connection.Listener implements j {
    private final k connectionPool;
    private t handshake;
    private Http2Connection http2Connection;
    public boolean noNewStreams;
    private Protocol protocol;
    private Socket rawSocket;
    private final ae route;
    private d sink;
    private Socket socket;
    private e source;
    public int successCount;
    public int allocationLimit = 1;
    public final List<Reference<StreamAllocation>> allocations = new ArrayList();
    public long idleAtNanos = Clock.MAX_TIME;

    public RealConnection(k kVar, ae aeVar) {
        this.connectionPool = kVar;
        this.route = aeVar;
    }

    private void connectSocket(int i, int i2) throws IOException {
        Proxy yJ = this.route.yJ();
        this.rawSocket = (yJ.type() == Proxy.Type.DIRECT || yJ.type() == Proxy.Type.HTTP) ? this.route.Bs().yE().createSocket() : new Socket(yJ);
        this.rawSocket.setSoTimeout(i2);
        try {
            Platform.get().connectSocket(this.rawSocket, this.route.Bt(), i);
            this.source = o.e(o.b(this.rawSocket));
            this.sink = o.f(o.a(this.rawSocket));
        } catch (ConnectException e) {
            ConnectException connectException = new ConnectException("Failed to connect to " + this.route.Bt());
            connectException.initCause(e);
            throw connectException;
        }
    }

    private void connectTls(ConnectionSpecSelector connectionSpecSelector) throws IOException {
        SSLSocket sSLSocket;
        SSLSocket sSLSocket2 = null;
        a Bs = this.route.Bs();
        try {
            try {
                sSLSocket = (SSLSocket) Bs.yK().createSocket(this.rawSocket, Bs.yC().Af(), Bs.yC().Ag(), true);
            } catch (AssertionError e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            l configureSecureSocket = connectionSpecSelector.configureSecureSocket(sSLSocket);
            if (configureSecureSocket.zt()) {
                Platform.get().configureTlsExtensions(sSLSocket, Bs.yC().Af(), Bs.yG());
            }
            sSLSocket.startHandshake();
            t a2 = t.a(sSLSocket.getSession());
            if (!Bs.yL().verify(Bs.yC().Af(), sSLSocket.getSession())) {
                X509Certificate x509Certificate = (X509Certificate) a2.zR().get(0);
                throw new SSLPeerUnverifiedException("Hostname " + Bs.yC().Af() + " not verified:\n    certificate: " + g.a((Certificate) x509Certificate) + "\n    DN: " + x509Certificate.getSubjectDN().getName() + "\n    subjectAltNames: " + OkHostnameVerifier.allSubjectAltNames(x509Certificate));
            }
            Bs.yM().c(Bs.yC().Af(), a2.zR());
            String selectedProtocol = configureSecureSocket.zt() ? Platform.get().getSelectedProtocol(sSLSocket) : null;
            this.socket = sSLSocket;
            this.source = o.e(o.b(this.socket));
            this.sink = o.f(o.a(this.socket));
            this.handshake = a2;
            this.protocol = selectedProtocol != null ? Protocol.get(selectedProtocol) : Protocol.HTTP_1_1;
            if (sSLSocket != null) {
                Platform.get().afterHandshake(sSLSocket);
            }
        } catch (AssertionError e2) {
            e = e2;
            if (!Util.isAndroidGetsocknameError(e)) {
                throw e;
            }
            throw new IOException(e);
        } catch (Throwable th2) {
            sSLSocket2 = sSLSocket;
            th = th2;
            if (sSLSocket2 != null) {
                Platform.get().afterHandshake(sSLSocket2);
            }
            Util.closeQuietly((Socket) sSLSocket2);
            throw th;
        }
    }

    private void connectTunnel(int i, int i2, int i3) throws IOException {
        aa createTunnelRequest = createTunnelRequest();
        HttpUrl yC = createTunnelRequest.yC();
        int i4 = 0;
        while (true) {
            i4++;
            if (i4 > 21) {
                throw new ProtocolException("Too many tunnel connections attempted: 21");
            }
            connectSocket(i, i2);
            createTunnelRequest = createTunnel(i2, i3, createTunnelRequest, yC);
            if (createTunnelRequest == null) {
                return;
            }
            Util.closeQuietly(this.rawSocket);
            this.rawSocket = null;
            this.sink = null;
            this.source = null;
        }
    }

    private aa createTunnel(int i, int i2, aa aaVar, HttpUrl httpUrl) throws IOException {
        ac Br;
        String str = "CONNECT " + Util.hostHeader(httpUrl, true) + " HTTP/1.1";
        do {
            Http1Codec http1Codec = new Http1Codec(null, null, this.source, this.sink);
            this.source.timeout().timeout(i, TimeUnit.MILLISECONDS);
            this.sink.timeout().timeout(i2, TimeUnit.MILLISECONDS);
            http1Codec.writeRequest(aaVar.headers(), str);
            http1Codec.finishRequest();
            Br = http1Codec.readResponseHeaders(false).b(aaVar).Br();
            long contentLength = HttpHeaders.contentLength(Br);
            if (contentLength == -1) {
                contentLength = 0;
            }
            w newFixedLengthSource = http1Codec.newFixedLengthSource(contentLength);
            Util.skipAll(newFixedLengthSource, Integer.MAX_VALUE, TimeUnit.MILLISECONDS);
            newFixedLengthSource.close();
            switch (Br.code()) {
                case 200:
                    if (this.source.Bw().BA() && this.sink.Bw().BA()) {
                        return null;
                    }
                    throw new IOException("TLS tunnel buffered too many bytes!");
                case 407:
                    aaVar = this.route.Bs().yF().a(this.route, Br);
                    if (aaVar != null) {
                        break;
                    } else {
                        throw new IOException("Failed to authenticate with proxy");
                    }
                default:
                    throw new IOException("Unexpected response code for CONNECT: " + Br.code());
            }
        } while (!"close".equalsIgnoreCase(Br.cD("Connection")));
        return aaVar;
    }

    private aa createTunnelRequest() {
        return new aa.a().d(this.route.Bs().yC()).S("Host", Util.hostHeader(this.route.Bs().yC(), true)).S("Proxy-Connection", "Keep-Alive").S("User-Agent", Version.userAgent()).build();
    }

    private void establishProtocol(ConnectionSpecSelector connectionSpecSelector) throws IOException {
        if (this.route.Bs().yK() == null) {
            this.protocol = Protocol.HTTP_1_1;
            this.socket = this.rawSocket;
            return;
        }
        connectTls(connectionSpecSelector);
        if (this.protocol == Protocol.HTTP_2) {
            this.socket.setSoTimeout(0);
            this.http2Connection = new Http2Connection.Builder(true).socket(this.socket, this.route.Bs().yC().Af(), this.source, this.sink).listener(this).build();
            this.http2Connection.start();
        }
    }

    public static RealConnection testConnection(k kVar, ae aeVar, Socket socket, long j) {
        RealConnection realConnection = new RealConnection(kVar, aeVar);
        realConnection.socket = socket;
        realConnection.idleAtNanos = j;
        return realConnection;
    }

    public void cancel() {
        Util.closeQuietly(this.rawSocket);
    }

    public void connect(int i, int i2, int i3, boolean z) {
        if (this.protocol != null) {
            throw new IllegalStateException("already connected");
        }
        List<l> yH = this.route.Bs().yH();
        ConnectionSpecSelector connectionSpecSelector = new ConnectionSpecSelector(yH);
        if (this.route.Bs().yK() == null) {
            if (!yH.contains(l.bvR)) {
                throw new RouteException(new UnknownServiceException("CLEARTEXT communication not enabled for client"));
            }
            String Af = this.route.Bs().yC().Af();
            if (!Platform.get().isCleartextTrafficPermitted(Af)) {
                throw new RouteException(new UnknownServiceException("CLEARTEXT communication to " + Af + " not permitted by network security policy"));
            }
        }
        RouteException routeException = null;
        do {
            try {
                if (this.route.Bu()) {
                    connectTunnel(i, i2, i3);
                } else {
                    connectSocket(i, i2);
                }
                establishProtocol(connectionSpecSelector);
                if (this.http2Connection != null) {
                    synchronized (this.connectionPool) {
                        this.allocationLimit = this.http2Connection.maxConcurrentStreams();
                    }
                    return;
                }
                return;
            } catch (IOException e) {
                Util.closeQuietly(this.socket);
                Util.closeQuietly(this.rawSocket);
                this.socket = null;
                this.rawSocket = null;
                this.source = null;
                this.sink = null;
                this.handshake = null;
                this.protocol = null;
                this.http2Connection = null;
                if (routeException == null) {
                    routeException = new RouteException(e);
                } else {
                    routeException.addConnectException(e);
                }
                if (!z) {
                    throw routeException;
                }
            }
        } while (connectionSpecSelector.connectionFailed(e));
        throw routeException;
    }

    @Override // okhttp3.j
    public t handshake() {
        return this.handshake;
    }

    public boolean isEligible(a aVar, ae aeVar) {
        if (this.allocations.size() >= this.allocationLimit || this.noNewStreams || !Internal.instance.equalsNonHost(this.route.Bs(), aVar)) {
            return false;
        }
        if (aVar.yC().Af().equals(route().Bs().yC().Af())) {
            return true;
        }
        if (this.http2Connection == null || aeVar == null || aeVar.yJ().type() != Proxy.Type.DIRECT || this.route.yJ().type() != Proxy.Type.DIRECT || !this.route.Bt().equals(aeVar.Bt()) || aeVar.Bs().yL() != OkHostnameVerifier.INSTANCE || !supportsUrl(aVar.yC())) {
            return false;
        }
        try {
            aVar.yM().c(aVar.yC().Af(), handshake().zR());
            return true;
        } catch (SSLPeerUnverifiedException e) {
            return false;
        }
    }

    public boolean isHealthy(boolean z) {
        if (this.socket.isClosed() || this.socket.isInputShutdown() || this.socket.isOutputShutdown()) {
            return false;
        }
        if (this.http2Connection != null) {
            return !this.http2Connection.isShutdown();
        }
        if (!z) {
            return true;
        }
        try {
            int soTimeout = this.socket.getSoTimeout();
            try {
                this.socket.setSoTimeout(1);
                if (this.source.BA()) {
                    this.socket.setSoTimeout(soTimeout);
                    return false;
                }
                this.socket.setSoTimeout(soTimeout);
                return true;
            } catch (Throwable th) {
                this.socket.setSoTimeout(soTimeout);
                throw th;
            }
        } catch (SocketTimeoutException e) {
            return true;
        } catch (IOException e2) {
            return false;
        }
    }

    public boolean isMultiplexed() {
        return this.http2Connection != null;
    }

    public HttpCodec newCodec(y yVar, StreamAllocation streamAllocation) throws SocketException {
        if (this.http2Connection != null) {
            return new Http2Codec(yVar, streamAllocation, this.http2Connection);
        }
        this.socket.setSoTimeout(yVar.AG());
        this.source.timeout().timeout(yVar.AG(), TimeUnit.MILLISECONDS);
        this.sink.timeout().timeout(yVar.AH(), TimeUnit.MILLISECONDS);
        return new Http1Codec(yVar, streamAllocation, this.source, this.sink);
    }

    public RealWebSocket.Streams newWebSocketStreams(final StreamAllocation streamAllocation) {
        return new RealWebSocket.Streams(true, this.source, this.sink) { // from class: okhttp3.internal.connection.RealConnection.1
            @Override // java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                streamAllocation.streamFinished(true, streamAllocation.codec());
            }
        };
    }

    @Override // okhttp3.internal.http2.Http2Connection.Listener
    public void onSettings(Http2Connection http2Connection) {
        synchronized (this.connectionPool) {
            this.allocationLimit = http2Connection.maxConcurrentStreams();
        }
    }

    @Override // okhttp3.internal.http2.Http2Connection.Listener
    public void onStream(Http2Stream http2Stream) throws IOException {
        http2Stream.close(ErrorCode.REFUSED_STREAM);
    }

    @Override // okhttp3.j
    public Protocol protocol() {
        return this.protocol;
    }

    @Override // okhttp3.j
    public ae route() {
        return this.route;
    }

    @Override // okhttp3.j
    public Socket socket() {
        return this.socket;
    }

    public boolean supportsUrl(HttpUrl httpUrl) {
        if (httpUrl.Ag() != this.route.Bs().yC().Ag()) {
            return false;
        }
        if (httpUrl.Af().equals(this.route.Bs().yC().Af())) {
            return true;
        }
        return this.handshake != null && OkHostnameVerifier.INSTANCE.verify(httpUrl.Af(), (X509Certificate) this.handshake.zR().get(0));
    }

    public String toString() {
        return "Connection{" + this.route.Bs().yC().Af() + ":" + this.route.Bs().yC().Ag() + ", proxy=" + this.route.yJ() + " hostAddress=" + this.route.Bt() + " cipherSuite=" + (this.handshake != null ? this.handshake.zQ() : "none") + " protocol=" + this.protocol + '}';
    }
}
