package h2.b.d.b;

import h2.b.d.b.m;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;

/* loaded from: classes2.dex */
public class r extends b1 {
    public static final List<String> DEFAULT_CIPHERS;
    public static final List<String> DEFAULT_CIPHERS_NON_TLSV13;
    public static final String[] DEFAULT_PROTOCOLS;
    public static final Provider DEFAULT_PROVIDER;
    public static final Set<String> SUPPORTED_CIPHERS;
    public static final Set<String> SUPPORTED_CIPHERS_NON_TLSV13;
    public static final h2.b.f.x.l0.c logger;
    public final m apn;
    public final String[] cipherSuites;
    public final e clientAuth;
    public final boolean isClient;
    public final String[] protocols;
    public final SSLContext sslContext;
    public final List<String> unmodifiableCipherSuites;

    static {
        h2.b.f.x.l0.c dVar = h2.b.f.x.l0.d.getInstance(r.class.getName());
        logger = dVar;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            DEFAULT_PROVIDER = sSLContext.getProvider();
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] defaultProtocols = defaultProtocols(sSLContext, createSSLEngine);
            DEFAULT_PROTOCOLS = defaultProtocols;
            Set<String> unmodifiableSet = Collections.unmodifiableSet(supportedCiphers(createSSLEngine));
            SUPPORTED_CIPHERS = unmodifiableSet;
            ArrayList arrayList = new ArrayList();
            k1.addIfSupported(unmodifiableSet, arrayList, k1.DEFAULT_CIPHER_SUITES);
            k1.useFallbackCiphersIfDefaultIsEmpty(arrayList, Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
            List<String> unmodifiableList = Collections.unmodifiableList(arrayList);
            DEFAULT_CIPHERS = unmodifiableList;
            ArrayList arrayList2 = new ArrayList(unmodifiableList);
            String[] strArr = k1.DEFAULT_TLSV13_CIPHER_SUITES;
            arrayList2.removeAll(Arrays.asList(strArr));
            DEFAULT_CIPHERS_NON_TLSV13 = Collections.unmodifiableList(arrayList2);
            LinkedHashSet linkedHashSet = new LinkedHashSet(unmodifiableSet);
            linkedHashSet.removeAll(Arrays.asList(strArr));
            SUPPORTED_CIPHERS_NON_TLSV13 = Collections.unmodifiableSet(linkedHashSet);
            if (dVar.isDebugEnabled()) {
                dVar.debug("Default protocols (JDK): {} ", Arrays.asList(defaultProtocols));
                dVar.debug("Default cipher suites (JDK): {}", unmodifiableList);
            }
        } catch (Exception e) {
            throw new Error("failed to initialize the default SSL context", e);
        }
    }

    public r(SSLContext sSLContext, boolean z, Iterable<String> iterable, d dVar, m mVar, e eVar, String[] strArr, boolean z2) {
        super(z2);
        Set<String> supportedCiphers;
        List<String> list;
        this.apn = mVar;
        Objects.requireNonNull(eVar, "clientAuth");
        this.clientAuth = eVar;
        Objects.requireNonNull(sSLContext, "sslContext");
        this.sslContext = sSLContext;
        if (DEFAULT_PROVIDER.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? DEFAULT_PROTOCOLS : strArr;
            this.protocols = strArr;
            if (isTlsV13Supported(strArr)) {
                supportedCiphers = SUPPORTED_CIPHERS;
                list = DEFAULT_CIPHERS;
            } else {
                supportedCiphers = SUPPORTED_CIPHERS_NON_TLSV13;
                list = DEFAULT_CIPHERS_NON_TLSV13;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.protocols = defaultProtocols(sSLContext, createSSLEngine);
                } else {
                    this.protocols = strArr;
                }
                supportedCiphers = supportedCiphers(createSSLEngine);
                ArrayList arrayList = new ArrayList();
                k1.addIfSupported(supportedCiphers, arrayList, k1.DEFAULT_CIPHER_SUITES);
                k1.useFallbackCiphersIfDefaultIsEmpty(arrayList, Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
                if (!isTlsV13Supported(this.protocols)) {
                    for (String str : k1.DEFAULT_TLSV13_CIPHER_SUITES) {
                        supportedCiphers.remove(str);
                        arrayList.remove(str);
                    }
                }
                h2.b.f.p.release(createSSLEngine);
                list = arrayList;
            } catch (Throwable th) {
                h2.b.f.p.release(createSSLEngine);
                throw th;
            }
        }
        Objects.requireNonNull(dVar, "cipherFilter");
        String[] filterCipherSuites = dVar.filterCipherSuites(iterable, list, supportedCiphers);
        this.cipherSuites = filterCipherSuites;
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(filterCipherSuites));
        this.isClient = z;
    }

    public static String[] defaultProtocols(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        k1.addIfSupported(hashSet, arrayList, "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(new String[0]) : sSLEngine.getEnabledProtocols();
    }

    public static boolean isTlsV13Supported(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static Set<String> supportedCiphers(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                StringBuilder i1 = b.d.b.a.a.i1("TLS_");
                i1.append(str.substring(4));
                String sb = i1.toString();
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{sb});
                    linkedHashSet.add(sb);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    public static m toNegotiator(a aVar, boolean z) {
        int ordinal;
        if (aVar != null && (ordinal = aVar.protocol.ordinal()) != 0) {
            if (ordinal == 1) {
                if (z) {
                    int ordinal2 = aVar.selectedBehavior.ordinal();
                    if (ordinal2 == 0) {
                        return new p(false, aVar.supportedProtocols);
                    }
                    if (ordinal2 == 1) {
                        return new p(true, aVar.supportedProtocols);
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectedBehavior + " failure behavior");
                }
                int ordinal3 = aVar.selectorBehavior.ordinal();
                if (ordinal3 == 0) {
                    return new p(true, aVar.supportedProtocols);
                }
                if (ordinal3 == 1) {
                    return new p(false, aVar.supportedProtocols);
                }
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectorBehavior + " failure behavior");
            }
            if (ordinal != 2) {
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.protocol + " protocol");
            }
            if (z) {
                int ordinal4 = aVar.selectorBehavior.ordinal();
                if (ordinal4 == 0) {
                    return new l(true, aVar.supportedProtocols);
                }
                if (ordinal4 == 1) {
                    return new l(false, aVar.supportedProtocols);
                }
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectorBehavior + " failure behavior");
            }
            int ordinal5 = aVar.selectedBehavior.ordinal();
            if (ordinal5 == 0) {
                return new l(false, aVar.supportedProtocols);
            }
            if (ordinal5 == 1) {
                return new l(true, aVar.supportedProtocols);
            }
            throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectedBehavior + " failure behavior");
        }
        return o.INSTANCE;
    }

    @Override // h2.b.d.b.b1
    public final boolean isClient() {
        return this.isClient;
    }

    @Override // h2.b.d.b.b1
    public final SSLEngine newEngine(h2.b.b.k kVar, String str, int i) {
        int ordinal;
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine(str, i);
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        createSSLEngine.setEnabledProtocols(this.protocols);
        createSSLEngine.setUseClientMode(this.isClient);
        if (isServer() && (ordinal = this.clientAuth.ordinal()) != 0) {
            if (ordinal == 1) {
                createSSLEngine.setWantClientAuth(true);
            } else {
                if (ordinal != 2) {
                    StringBuilder i1 = b.d.b.a.a.i1("Unknown auth ");
                    i1.append(this.clientAuth);
                    throw new Error(i1.toString());
                }
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        m.f wrapperFactory = this.apn.wrapperFactory();
        return wrapperFactory instanceof m.a ? ((m.a) wrapperFactory).wrapSslEngine(createSSLEngine, kVar, this.apn, isServer()) : wrapperFactory.wrapSslEngine(createSSLEngine, this.apn, isServer());
    }
}
