package io.netty.handler.ssl;

import androidx.cardview.R$color;
import androidx.constraintlayout.core.SolverVariable$Type$EnumUnboxingSharedUtility;
import ch.qos.logback.core.spi.FilterReply$EnumUnboxingLocalUtility;
import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel$EnumUnboxingLocalUtility;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.JdkApplicationProtocolNegotiator;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* loaded from: classes.dex */
public class JdkSslContext extends SslContext {
    public static final List<String> DEFAULT_CIPHERS;
    public static final List<String> DEFAULT_CIPHERS_NON_TLSV13;
    public static final String[] DEFAULT_PROTOCOLS;
    public static final Provider DEFAULT_PROVIDER;
    public static final Set<String> SUPPORTED_CIPHERS;
    public static final Set<String> SUPPORTED_CIPHERS_NON_TLSV13;
    public final JdkApplicationProtocolNegotiator apn;
    public final String[] cipherSuites;
    public final int clientAuth;
    public final boolean isClient;
    public final String[] protocols;
    public final SSLContext sslContext;
    public final List<String> unmodifiableCipherSuites;

    static {
        InternalLogger internalLoggerFactory = InternalLoggerFactory.getInstance(JdkSslContext.class.getName());
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            DEFAULT_PROVIDER = sSLContext.getProvider();
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] defaultProtocols = defaultProtocols(sSLContext, createSSLEngine);
            DEFAULT_PROTOCOLS = defaultProtocols;
            Set<String> unmodifiableSet = Collections.unmodifiableSet(supportedCiphers(createSSLEngine));
            SUPPORTED_CIPHERS = unmodifiableSet;
            ArrayList arrayList = new ArrayList();
            SslUtils.addIfSupported(unmodifiableSet, arrayList, SslUtils.DEFAULT_CIPHER_SUITES);
            SslUtils.useFallbackCiphersIfDefaultIsEmpty(Arrays.asList(createSSLEngine.getEnabledCipherSuites()), arrayList);
            List<String> unmodifiableList = Collections.unmodifiableList(arrayList);
            DEFAULT_CIPHERS = unmodifiableList;
            ArrayList arrayList2 = new ArrayList(unmodifiableList);
            String[] strArr = SslUtils.DEFAULT_TLSV13_CIPHER_SUITES;
            arrayList2.removeAll(Arrays.asList(strArr));
            DEFAULT_CIPHERS_NON_TLSV13 = Collections.unmodifiableList(arrayList2);
            LinkedHashSet linkedHashSet = new LinkedHashSet(unmodifiableSet);
            linkedHashSet.removeAll(Arrays.asList(strArr));
            SUPPORTED_CIPHERS_NON_TLSV13 = Collections.unmodifiableSet(linkedHashSet);
            if (internalLoggerFactory.isDebugEnabled()) {
                internalLoggerFactory.debug(Arrays.asList(defaultProtocols), "Default protocols (JDK): {} ");
                internalLoggerFactory.debug(unmodifiableList, "Default cipher suites (JDK): {}");
            }
        } catch (Exception e) {
            throw new Error("failed to initialize the default SSL context", e);
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public JdkSslContext(SSLContext sSLContext, boolean z, Iterable iterable, CipherSuiteFilter cipherSuiteFilter, JdkApplicationProtocolNegotiator jdkApplicationProtocolNegotiator, String[] strArr) {
        super(0);
        Set<String> supportedCiphers;
        List<String> list;
        int i = 0;
        this.apn = jdkApplicationProtocolNegotiator;
        boolean z2 = true;
        this.clientAuth = 1;
        this.sslContext = sSLContext;
        if (DEFAULT_PROVIDER.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? DEFAULT_PROTOCOLS : strArr;
            this.protocols = strArr;
            int length = strArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                if ("TLSv1.3".equals(strArr[i2])) {
                    i = 1;
                    break;
                }
                i2++;
            }
            if (i != 0) {
                supportedCiphers = SUPPORTED_CIPHERS;
                list = DEFAULT_CIPHERS;
            } else {
                supportedCiphers = SUPPORTED_CIPHERS_NON_TLSV13;
                list = DEFAULT_CIPHERS_NON_TLSV13;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.protocols = defaultProtocols(sSLContext, createSSLEngine);
                } else {
                    this.protocols = strArr;
                }
                supportedCiphers = supportedCiphers(createSSLEngine);
                ArrayList arrayList = new ArrayList();
                SslUtils.addIfSupported(supportedCiphers, arrayList, SslUtils.DEFAULT_CIPHER_SUITES);
                SslUtils.useFallbackCiphersIfDefaultIsEmpty(Arrays.asList(createSSLEngine.getEnabledCipherSuites()), arrayList);
                String[] strArr2 = this.protocols;
                int length2 = strArr2.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length2) {
                        z2 = false;
                        break;
                    } else if ("TLSv1.3".equals(strArr2[i3])) {
                        break;
                    } else {
                        i3++;
                    }
                }
                if (!z2) {
                    String[] strArr3 = SslUtils.DEFAULT_TLSV13_CIPHER_SUITES;
                    int length3 = strArr3.length;
                    while (i < length3) {
                        String str = strArr3[i];
                        supportedCiphers.remove(str);
                        arrayList.remove(str);
                        i++;
                    }
                }
                ReferenceCountUtil.release(createSSLEngine);
                list = arrayList;
            } catch (Throwable th) {
                ReferenceCountUtil.release(createSSLEngine);
                throw th;
            }
        }
        if (cipherSuiteFilter == null) {
            throw new NullPointerException("cipherFilter");
        }
        String[] filterCipherSuites = cipherSuiteFilter.filterCipherSuites(iterable, list, supportedCiphers);
        this.cipherSuites = filterCipherSuites;
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(filterCipherSuites));
        this.isClient = z;
    }

    public static String[] defaultProtocols(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        SslUtils.addIfSupported(hashSet, arrayList, "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(R$color.EMPTY_STRINGS) : sSLEngine.getEnabledProtocols();
    }

    public static LinkedHashSet supportedCiphers(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                String str2 = "TLS_" + str.substring(4);
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{str2});
                    linkedHashSet.add(str2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    public static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i;
        int ordinal;
        JdkDefaultApplicationProtocolNegotiator jdkDefaultApplicationProtocolNegotiator = JdkDefaultApplicationProtocolNegotiator.INSTANCE;
        if (applicationProtocolConfig == null || (ordinal = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal((i = applicationProtocolConfig.protocol))) == 0) {
            return jdkDefaultApplicationProtocolNegotiator;
        }
        int i2 = applicationProtocolConfig.selectorBehavior;
        int i3 = applicationProtocolConfig.selectedBehavior;
        List<String> list = applicationProtocolConfig.supportedProtocols;
        if (ordinal == 1) {
            if (z) {
                int ordinal2 = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(i3);
                if (ordinal2 == 0) {
                    return new JdkNpnApplicationProtocolNegotiator(list, false);
                }
                if (ordinal2 == 1) {
                    return new JdkNpnApplicationProtocolNegotiator(list, true);
                }
                throw new UnsupportedOperationException("JDK provider does not support " + ErrorCorrectionLevel$EnumUnboxingLocalUtility.stringValueOf(i3) + " failure behavior");
            }
            int ordinal3 = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(i2);
            if (ordinal3 == 0) {
                return new JdkNpnApplicationProtocolNegotiator(list, true);
            }
            if (ordinal3 == 1) {
                return new JdkNpnApplicationProtocolNegotiator(list, false);
            }
            throw new UnsupportedOperationException("JDK provider does not support " + SslProvider$EnumUnboxingLocalUtility.stringValueOf(i2) + " failure behavior");
        }
        if (ordinal != 2) {
            throw new UnsupportedOperationException("JDK provider does not support " + FilterReply$EnumUnboxingLocalUtility.stringValueOf$1(i) + " protocol");
        }
        if (z) {
            int ordinal4 = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(i2);
            if (ordinal4 == 0) {
                return new JdkAlpnApplicationProtocolNegotiator(list, true);
            }
            if (ordinal4 == 1) {
                return new JdkAlpnApplicationProtocolNegotiator(list, false);
            }
            throw new UnsupportedOperationException("JDK provider does not support " + SslProvider$EnumUnboxingLocalUtility.stringValueOf(i2) + " failure behavior");
        }
        int ordinal5 = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(i3);
        if (ordinal5 == 0) {
            return new JdkAlpnApplicationProtocolNegotiator(list, false);
        }
        if (ordinal5 == 1) {
            return new JdkAlpnApplicationProtocolNegotiator(list, true);
        }
        throw new UnsupportedOperationException("JDK provider does not support " + ErrorCorrectionLevel$EnumUnboxingLocalUtility.stringValueOf(i3) + " failure behavior");
    }

    @Override // io.netty.handler.ssl.SslContext
    public final ApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.apn;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean isClient() {
        return this.isClient;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        int i;
        int ordinal;
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        createSSLEngine.setEnabledProtocols(this.protocols);
        createSSLEngine.setUseClientMode(this.isClient);
        if (isServer() && (ordinal = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal((i = this.clientAuth))) != 0) {
            if (ordinal == 1) {
                createSSLEngine.setWantClientAuth(true);
            } else {
                if (ordinal != 2) {
                    throw new Error("Unknown auth ".concat(ClientAuth$EnumUnboxingLocalUtility.stringValueOf$2(i)));
                }
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        JdkApplicationProtocolNegotiator jdkApplicationProtocolNegotiator = this.apn;
        JdkApplicationProtocolNegotiator.SslEngineWrapperFactory wrapperFactory = jdkApplicationProtocolNegotiator.wrapperFactory();
        return wrapperFactory instanceof JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory ? ((JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) wrapperFactory).wrapSslEngine(createSSLEngine, byteBufAllocator, jdkApplicationProtocolNegotiator, isServer()) : wrapperFactory.wrapSslEngine(createSSLEngine, jdkApplicationProtocolNegotiator, isServer());
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLSessionContext sessionContext() {
        boolean isServer = isServer();
        SSLContext sSLContext = this.sslContext;
        return isServer ? sSLContext.getServerSessionContext() : sSLContext.getClientSessionContext();
    }
}
