package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.t;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* compiled from: JdkSslContext.java */
/* loaded from: classes4.dex */
public class y extends t1 {

    /* renamed from: l, reason: collision with root package name */
    private static final io.netty.util.internal.logging.d f8615l = io.netty.util.internal.logging.e.b(y.class);

    /* renamed from: m, reason: collision with root package name */
    static final String f8616m = "TLS";

    /* renamed from: n, reason: collision with root package name */
    private static final String[] f8617n;
    private static final List<String> o;
    private static final List<String> p;

    /* renamed from: q, reason: collision with root package name */
    private static final Set<String> f8618q;
    private static final Set<String> r;
    private static final Provider s;
    private final String[] e;
    private final String[] f;
    private final List<String> g;

    /* renamed from: h, reason: collision with root package name */
    private final t f8619h;

    /* renamed from: i, reason: collision with root package name */
    private final ClientAuth f8620i;

    /* renamed from: j, reason: collision with root package name */
    private final SSLContext f8621j;

    /* renamed from: k, reason: collision with root package name */
    private final boolean f8622k;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: JdkSslContext.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class a {
        static final /* synthetic */ int[] a;
        static final /* synthetic */ int[] b;
        static final /* synthetic */ int[] c;
        static final /* synthetic */ int[] d;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.Protocol.values().length];
            d = iArr;
            try {
                iArr[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                d[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                d[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            c = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            int[] iArr4 = new int[ClientAuth.values().length];
            a = iArr4;
            try {
                iArr4[ClientAuth.OPTIONAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                a[ClientAuth.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                a[ClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    static {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            s = sSLContext.getProvider();
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            f8617n = d1(sSLContext, createSSLEngine);
            Set<String> unmodifiableSet = Collections.unmodifiableSet(f1(createSSLEngine));
            f8618q = unmodifiableSet;
            o = Collections.unmodifiableList(c1(createSSLEngine, unmodifiableSet));
            ArrayList arrayList = new ArrayList(o);
            arrayList.removeAll(Arrays.asList(y1.s));
            p = Collections.unmodifiableList(arrayList);
            LinkedHashSet linkedHashSet = new LinkedHashSet(f8618q);
            linkedHashSet.removeAll(Arrays.asList(y1.s));
            r = Collections.unmodifiableSet(linkedHashSet);
            if (f8615l.g()) {
                f8615l.y("Default protocols (JDK): {} ", Arrays.asList(f8617n));
                f8615l.y("Default cipher suites (JDK): {}", o);
            }
        } catch (Exception e) {
            throw new Error("failed to initialize the default SSL context", e);
        }
    }

    @Deprecated
    public y(SSLContext sSLContext, boolean z, ClientAuth clientAuth) {
        this(sSLContext, z, (Iterable<String>) null, (h) n.b, (t) v.a, clientAuth, (String[]) null, false);
    }

    @Deprecated
    public y(SSLContext sSLContext, boolean z, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth) {
        this(sSLContext, z, iterable, hVar, applicationProtocolConfig, clientAuth, (String[]) null, false);
    }

    public y(SSLContext sSLContext, boolean z, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth, String[] strArr, boolean z2) {
        this(sSLContext, z, iterable, hVar, g1(applicationProtocolConfig, !z), clientAuth, strArr == null ? null : (String[]) strArr.clone(), z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y(SSLContext sSLContext, boolean z, Iterable<String> iterable, h hVar, t tVar, ClientAuth clientAuth, String[] strArr, boolean z2) {
        super(z2);
        Set<String> f1;
        List<String> list;
        this.f8619h = (t) io.netty.util.internal.u.c(tVar, "apn");
        this.f8620i = (ClientAuth) io.netty.util.internal.u.c(clientAuth, "clientAuth");
        this.f8621j = (SSLContext) io.netty.util.internal.u.c(sSLContext, "sslContext");
        if (s.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? f8617n : strArr;
            this.e = strArr;
            if (e1(strArr)) {
                f1 = f8618q;
                list = o;
            } else {
                f1 = r;
                list = p;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.e = d1(sSLContext, createSSLEngine);
                } else {
                    this.e = strArr;
                }
                f1 = f1(createSSLEngine);
                List<String> c1 = c1(createSSLEngine, f1);
                if (!e1(this.e)) {
                    for (String str : y1.s) {
                        f1.remove(str);
                        c1.remove(str);
                    }
                }
                io.netty.util.y.c(createSSLEngine);
                list = c1;
            } catch (Throwable th) {
                io.netty.util.y.c(createSSLEngine);
                throw th;
            }
        }
        String[] a2 = ((h) io.netty.util.internal.u.c(hVar, "cipherFilter")).a(iterable, list, f1);
        this.f = a2;
        this.g = Collections.unmodifiableList(Arrays.asList(a2));
        this.f8622k = z;
    }

    @Deprecated
    protected static KeyManagerFactory W0(File file, File file2, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException {
        return X0(file, file2, str, keyManagerFactory, KeyStore.getDefaultType());
    }

    static KeyManagerFactory X0(File file, File file2, String str, KeyManagerFactory keyManagerFactory, String str2) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return Z0(file, property, file2, str, keyManagerFactory, str2);
    }

    @Deprecated
    protected static KeyManagerFactory Y0(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException {
        return t1.e(t1.R0(file), str, t1.N0(file2, str2), str2, keyManagerFactory, KeyStore.getDefaultType());
    }

    static KeyManagerFactory Z0(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory, String str3) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException {
        return t1.e(t1.R0(file), str, t1.N0(file2, str2), str2, keyManagerFactory, str3);
    }

    private SSLEngine a1(SSLEngine sSLEngine, k.a.b.k kVar) {
        sSLEngine.setEnabledCipherSuites(this.f);
        sSLEngine.setEnabledProtocols(this.e);
        sSLEngine.setUseClientMode(u());
        if (v()) {
            int i2 = a.a[this.f8620i.ordinal()];
            if (i2 == 1) {
                sSLEngine.setWantClientAuth(true);
            } else if (i2 == 2) {
                sSLEngine.setNeedClientAuth(true);
            } else if (i2 != 3) {
                throw new Error("Unknown auth " + this.f8620i);
            }
        }
        t.f f = this.f8619h.f();
        return f instanceof t.a ? ((t.a) f).b(sSLEngine, kVar, this.f8619h, v()) : f.a(sSLEngine, this.f8619h, v());
    }

    private static List<String> c1(SSLEngine sSLEngine, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        y1.a(set, arrayList, y1.r);
        y1.p(arrayList, sSLEngine.getEnabledCipherSuites());
        return arrayList;
    }

    private static String[] d1(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        y1.a(hashSet, arrayList, cn.hutool.core.net.j.f1294k, cn.hutool.core.net.j.f1293j, cn.hutool.core.net.j.f1292i);
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(new String[0]) : sSLEngine.getEnabledProtocols();
    }

    private static boolean e1(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    private static Set<String> f1(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                String str2 = "TLS_" + str.substring(4);
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{str2});
                    linkedHashSet.add(str2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static t g1(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i2;
        if (applicationProtocolConfig != null && (i2 = a.d[applicationProtocolConfig.a().ordinal()]) != 1) {
            if (i2 == 2) {
                if (z) {
                    int i3 = a.b[applicationProtocolConfig.c().ordinal()];
                    if (i3 == 1) {
                        return new s(true, (Iterable<String>) applicationProtocolConfig.d());
                    }
                    if (i3 == 2) {
                        return new s(false, (Iterable<String>) applicationProtocolConfig.d());
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
                }
                int i4 = a.c[applicationProtocolConfig.b().ordinal()];
                if (i4 == 1) {
                    return new s(false, (Iterable<String>) applicationProtocolConfig.d());
                }
                if (i4 == 2) {
                    return new s(true, (Iterable<String>) applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            if (i2 != 3) {
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.a() + " protocol");
            }
            if (z) {
                int i5 = a.c[applicationProtocolConfig.b().ordinal()];
                if (i5 == 1) {
                    return new w(false, (Iterable<String>) applicationProtocolConfig.d());
                }
                if (i5 == 2) {
                    return new w(true, (Iterable<String>) applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            int i6 = a.b[applicationProtocolConfig.c().ordinal()];
            if (i6 == 1) {
                return new w(true, (Iterable<String>) applicationProtocolConfig.d());
            }
            if (i6 == 2) {
                return new w(false, (Iterable<String>) applicationProtocolConfig.d());
            }
            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
        }
        return v.a;
    }

    @Override // io.netty.handler.ssl.t1
    public final long H0() {
        return I0().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.t1
    public final SSLSessionContext I0() {
        return v() ? b1().getServerSessionContext() : b1().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.t1
    public final long J0() {
        return I0().getSessionTimeout();
    }

    @Override // io.netty.handler.ssl.t1
    public final SSLEngine V(k.a.b.k kVar) {
        return a1(b1().createSSLEngine(), kVar);
    }

    @Override // io.netty.handler.ssl.t1
    /* renamed from: V0, reason: merged with bridge method [inline-methods] */
    public final t a() {
        return this.f8619h;
    }

    @Override // io.netty.handler.ssl.t1
    public final SSLEngine W(k.a.b.k kVar, String str, int i2) {
        return a1(b1().createSSLEngine(str, i2), kVar);
    }

    public final SSLContext b1() {
        return this.f8621j;
    }

    @Override // io.netty.handler.ssl.t1
    public final List<String> n() {
        return this.g;
    }

    @Override // io.netty.handler.ssl.t1
    public final boolean u() {
        return this.f8622k;
    }
}
