package io.netty.handler.ssl;

import io.netty.buffer.InterfaceC2453m;
import io.netty.handler.ssl.E;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* compiled from: JdkSslContext.java */
/* loaded from: classes9.dex */
public class Q extends hb {

    /* renamed from: d, reason: collision with root package name */
    private static final io.netty.util.internal.logging.d f60512d = io.netty.util.internal.logging.e.a((Class<?>) Q.class);

    /* renamed from: e, reason: collision with root package name */
    static final String f60513e = "TLS";

    /* renamed from: f, reason: collision with root package name */
    private static final String[] f60514f;

    /* renamed from: g, reason: collision with root package name */
    private static final List<String> f60515g;

    /* renamed from: h, reason: collision with root package name */
    private static final List<String> f60516h;

    /* renamed from: i, reason: collision with root package name */
    private static final Set<String> f60517i;

    /* renamed from: j, reason: collision with root package name */
    private static final Set<String> f60518j;

    /* renamed from: k, reason: collision with root package name */
    private static final Provider f60519k;

    /* renamed from: l, reason: collision with root package name */
    private final String[] f60520l;

    /* renamed from: m, reason: collision with root package name */
    private final String[] f60521m;

    /* renamed from: n, reason: collision with root package name */
    private final List<String> f60522n;

    /* renamed from: o, reason: collision with root package name */
    private final E f60523o;
    private final ClientAuth p;
    private final SSLContext q;
    private final boolean r;

    static {
        try {
            SSLContext sSLContext = SSLContext.getInstance(f60513e);
            sSLContext.init(null, null, null);
            f60519k = sSLContext.getProvider();
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            f60514f = a(createSSLEngine);
            f60517i = Collections.unmodifiableSet(b(createSSLEngine));
            f60515g = Collections.unmodifiableList(a(createSSLEngine, f60517i));
            ArrayList arrayList = new ArrayList(f60515g);
            arrayList.removeAll(Arrays.asList(wb.s));
            f60516h = Collections.unmodifiableList(arrayList);
            LinkedHashSet linkedHashSet = new LinkedHashSet(f60517i);
            linkedHashSet.removeAll(Arrays.asList(wb.s));
            f60518j = Collections.unmodifiableSet(linkedHashSet);
            if (f60512d.isDebugEnabled()) {
                f60512d.c("Default protocols (JDK): {} ", Arrays.asList(f60514f));
                f60512d.c("Default cipher suites (JDK): {}", f60515g);
            }
        } catch (Exception e2) {
            throw new Error("failed to initialize the default SSL context", e2);
        }
    }

    @Deprecated
    public Q(SSLContext sSLContext, boolean z, ClientAuth clientAuth) {
        this(sSLContext, z, (Iterable<String>) null, (InterfaceC2769i) r.f60731a, (E) L.f60480a, clientAuth, (String[]) null, false);
    }

    @Deprecated
    public Q(SSLContext sSLContext, boolean z, Iterable<String> iterable, InterfaceC2769i interfaceC2769i, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth) {
        this(sSLContext, z, iterable, interfaceC2769i, applicationProtocolConfig, clientAuth, (String[]) null, false);
    }

    public Q(SSLContext sSLContext, boolean z, Iterable<String> iterable, InterfaceC2769i interfaceC2769i, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth, String[] strArr, boolean z2) {
        this(sSLContext, z, iterable, interfaceC2769i, a(applicationProtocolConfig, !z), clientAuth, strArr == null ? null : (String[]) strArr.clone(), z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Q(SSLContext sSLContext, boolean z, Iterable<String> iterable, InterfaceC2769i interfaceC2769i, E e2, ClientAuth clientAuth, String[] strArr, boolean z2) {
        super(z2);
        Set<String> set;
        List<String> list;
        io.netty.util.internal.A.a(e2, "apn");
        this.f60523o = e2;
        io.netty.util.internal.A.a(clientAuth, "clientAuth");
        this.p = clientAuth;
        io.netty.util.internal.A.a(sSLContext, "sslContext");
        this.q = sSLContext;
        if (f60519k.equals(sSLContext.getProvider())) {
            this.f60520l = strArr == null ? f60514f : strArr;
            if (a(this.f60520l)) {
                set = f60517i;
                list = f60515g;
            } else {
                set = f60518j;
                list = f60516h;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.f60520l = a(createSSLEngine);
                } else {
                    this.f60520l = strArr;
                }
                Set<String> b2 = b(createSSLEngine);
                List<String> a2 = a(createSSLEngine, b2);
                if (!a(this.f60520l)) {
                    for (String str : wb.s) {
                        b2.remove(str);
                        a2.remove(str);
                    }
                }
                io.netty.util.N.b(createSSLEngine);
                set = b2;
                list = a2;
            } catch (Throwable th) {
                io.netty.util.N.b(createSSLEngine);
                throw th;
            }
        }
        io.netty.util.internal.A.a(interfaceC2769i, "cipherFilter");
        this.f60521m = interfaceC2769i.a(iterable, list, set);
        this.f60522n = Collections.unmodifiableList(Arrays.asList(this.f60521m));
        this.r = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static E a(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i2;
        if (applicationProtocolConfig != null && (i2 = P.f60501d[applicationProtocolConfig.a().ordinal()]) != 1) {
            if (i2 == 2) {
                if (z) {
                    int i3 = P.f60499b[applicationProtocolConfig.c().ordinal()];
                    if (i3 == 1) {
                        return new D(true, (Iterable<String>) applicationProtocolConfig.d());
                    }
                    if (i3 == 2) {
                        return new D(false, (Iterable<String>) applicationProtocolConfig.d());
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
                }
                int i4 = P.f60500c[applicationProtocolConfig.b().ordinal()];
                if (i4 == 1) {
                    return new D(false, (Iterable<String>) applicationProtocolConfig.d());
                }
                if (i4 == 2) {
                    return new D(true, (Iterable<String>) applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            if (i2 != 3) {
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.a() + " protocol");
            }
            if (z) {
                int i5 = P.f60500c[applicationProtocolConfig.b().ordinal()];
                if (i5 == 1) {
                    return new N(false, (Iterable<String>) applicationProtocolConfig.d());
                }
                if (i5 == 2) {
                    return new N(true, (Iterable<String>) applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            int i6 = P.f60499b[applicationProtocolConfig.c().ordinal()];
            if (i6 == 1) {
                return new N(true, (Iterable<String>) applicationProtocolConfig.d());
            }
            if (i6 == 2) {
                return new N(false, (Iterable<String>) applicationProtocolConfig.d());
            }
            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
        }
        return L.f60480a;
    }

    private static List<String> a(SSLEngine sSLEngine, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        wb.a(set, arrayList, wb.r);
        wb.a(arrayList, sSLEngine.getEnabledCipherSuites());
        return arrayList;
    }

    @Deprecated
    protected static KeyManagerFactory a(File file, File file2, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return a(file, property, file2, str, keyManagerFactory);
    }

    @Deprecated
    protected static KeyManagerFactory a(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException {
        return hb.a(hb.c(file), str, hb.a(file2, str2), str2, keyManagerFactory);
    }

    private SSLEngine a(SSLEngine sSLEngine, InterfaceC2453m interfaceC2453m) {
        sSLEngine.setEnabledCipherSuites(this.f60521m);
        sSLEngine.setEnabledProtocols(this.f60520l);
        sSLEngine.setUseClientMode(j());
        if (k()) {
            int i2 = P.f60498a[this.p.ordinal()];
            if (i2 == 1) {
                sSLEngine.setWantClientAuth(true);
            } else if (i2 == 2) {
                sSLEngine.setNeedClientAuth(true);
            } else if (i2 != 3) {
                throw new Error("Unknown auth " + this.p);
            }
        }
        E.f e2 = this.f60523o.e();
        return e2 instanceof E.a ? ((E.a) e2).a(sSLEngine, interfaceC2453m, this.f60523o, k()) : e2.a(sSLEngine, this.f60523o, k());
    }

    private static boolean a(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    private static String[] a(SSLEngine sSLEngine) {
        String[] supportedProtocols = sSLEngine.getSupportedProtocols();
        HashSet hashSet = new HashSet(supportedProtocols.length);
        for (String str : supportedProtocols) {
            hashSet.add(str);
        }
        ArrayList arrayList = new ArrayList();
        wb.a(hashSet, arrayList, "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(new String[0]) : sSLEngine.getEnabledProtocols();
    }

    private static Set<String> b(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                String str2 = "TLS_" + str.substring(4);
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{str2});
                    linkedHashSet.add(str2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    @Override // io.netty.handler.ssl.hb
    public final SSLEngine a(InterfaceC2453m interfaceC2453m) {
        return a(s().createSSLEngine(), interfaceC2453m);
    }

    @Override // io.netty.handler.ssl.hb
    public final SSLEngine a(InterfaceC2453m interfaceC2453m, String str, int i2) {
        return a(s().createSSLEngine(str, i2), interfaceC2453m);
    }

    @Override // io.netty.handler.ssl.hb
    public final E b() {
        return this.f60523o;
    }

    @Override // io.netty.handler.ssl.hb
    public final List<String> e() {
        return this.f60522n;
    }

    @Override // io.netty.handler.ssl.hb
    public final boolean j() {
        return this.r;
    }

    @Override // io.netty.handler.ssl.hb
    public final long o() {
        return q().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.hb
    public final SSLSessionContext q() {
        return k() ? s().getServerSessionContext() : s().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.hb
    public final long r() {
        return q().getSessionTimeout();
    }

    public final SSLContext s() {
        return this.q;
    }
}
