package pa0;

import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import pa0.a;
import pa0.q;

/* loaded from: classes3.dex */
public class v extends j1 {
    private static final List<String> DEFAULT_CIPHERS;
    private static final List<String> DEFAULT_CIPHERS_NON_TLSV13;
    private static final String[] DEFAULT_PROTOCOLS;
    private static final Provider DEFAULT_PROVIDER;
    private static final Set<String> SUPPORTED_CIPHERS;
    private static final Set<String> SUPPORTED_CIPHERS_NON_TLSV13;
    private static final ua0.c logger;
    private final q apn;
    private final String[] cipherSuites;
    private final f clientAuth;
    private final boolean isClient;
    private final String[] protocols;
    private final SSLContext sslContext;
    private final List<String> unmodifiableCipherSuites;

    /* loaded from: classes3.dex */
    public static /* synthetic */ class a {
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ClientAuth;

        static {
            int[] iArr = new int[a.EnumC0660a.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol = iArr;
            try {
                iArr[a.EnumC0660a.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0660a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0660a.NPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[a.b.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior = iArr2;
            try {
                iArr2[a.b.ACCEPT.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[a.b.FATAL_ALERT.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[a.c.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior = iArr3;
            try {
                iArr3[a.c.FATAL_ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[a.c.NO_ADVERTISE.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            int[] iArr4 = new int[f.values().length];
            $SwitchMap$io$netty$handler$ssl$ClientAuth = iArr4;
            try {
                iArr4[f.OPTIONAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ClientAuth[f.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ClientAuth[f.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    static {
        ua0.c dVar = ua0.d.getInstance((Class<?>) v.class);
        logger = dVar;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            DEFAULT_PROVIDER = sSLContext.getProvider();
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] defaultProtocols = defaultProtocols(sSLContext, createSSLEngine);
            DEFAULT_PROTOCOLS = defaultProtocols;
            Set<String> unmodifiableSet = Collections.unmodifiableSet(supportedCiphers(createSSLEngine));
            SUPPORTED_CIPHERS = unmodifiableSet;
            List<String> unmodifiableList = Collections.unmodifiableList(defaultCiphers(createSSLEngine, unmodifiableSet));
            DEFAULT_CIPHERS = unmodifiableList;
            ArrayList arrayList = new ArrayList(unmodifiableList);
            String[] strArr = q1.DEFAULT_TLSV13_CIPHER_SUITES;
            arrayList.removeAll(Arrays.asList(strArr));
            DEFAULT_CIPHERS_NON_TLSV13 = Collections.unmodifiableList(arrayList);
            LinkedHashSet linkedHashSet = new LinkedHashSet(unmodifiableSet);
            linkedHashSet.removeAll(Arrays.asList(strArr));
            SUPPORTED_CIPHERS_NON_TLSV13 = Collections.unmodifiableSet(linkedHashSet);
            if (dVar.isDebugEnabled()) {
                dVar.debug("Default protocols (JDK): {} ", Arrays.asList(defaultProtocols));
                dVar.debug("Default cipher suites (JDK): {}", unmodifiableList);
            }
        } catch (Exception e3) {
            throw new Error("failed to initialize the default SSL context", e3);
        }
    }

    public v(SSLContext sSLContext, boolean z11, Iterable<String> iterable, e eVar, q qVar, f fVar, String[] strArr, boolean z12) {
        super(z12);
        Set<String> supportedCiphers;
        List<String> list;
        this.apn = (q) ta0.n.checkNotNull(qVar, "apn");
        this.clientAuth = (f) ta0.n.checkNotNull(fVar, "clientAuth");
        this.sslContext = (SSLContext) ta0.n.checkNotNull(sSLContext, "sslContext");
        if (DEFAULT_PROVIDER.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? DEFAULT_PROTOCOLS : strArr;
            this.protocols = strArr;
            if (isTlsV13Supported(strArr)) {
                supportedCiphers = SUPPORTED_CIPHERS;
                list = DEFAULT_CIPHERS;
            } else {
                supportedCiphers = SUPPORTED_CIPHERS_NON_TLSV13;
                list = DEFAULT_CIPHERS_NON_TLSV13;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.protocols = defaultProtocols(sSLContext, createSSLEngine);
                } else {
                    this.protocols = strArr;
                }
                supportedCiphers = supportedCiphers(createSSLEngine);
                List<String> defaultCiphers = defaultCiphers(createSSLEngine, supportedCiphers);
                if (!isTlsV13Supported(this.protocols)) {
                    for (String str : q1.DEFAULT_TLSV13_CIPHER_SUITES) {
                        supportedCiphers.remove(str);
                        defaultCiphers.remove(str);
                    }
                }
                ra0.r.release(createSSLEngine);
                list = defaultCiphers;
            } catch (Throwable th2) {
                ra0.r.release(createSSLEngine);
                throw th2;
            }
        }
        String[] filterCipherSuites = ((e) ta0.n.checkNotNull(eVar, "cipherFilter")).filterCipherSuites(iterable, list, supportedCiphers);
        this.cipherSuites = filterCipherSuites;
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(filterCipherSuites));
        this.isClient = z11;
    }

    private SSLEngine configureAndWrapEngine(SSLEngine sSLEngine, ia0.k kVar) {
        sSLEngine.setEnabledCipherSuites(this.cipherSuites);
        sSLEngine.setEnabledProtocols(this.protocols);
        sSLEngine.setUseClientMode(isClient());
        if (isServer()) {
            int i2 = a.$SwitchMap$io$netty$handler$ssl$ClientAuth[this.clientAuth.ordinal()];
            if (i2 == 1) {
                sSLEngine.setWantClientAuth(true);
            } else if (i2 == 2) {
                sSLEngine.setNeedClientAuth(true);
            } else if (i2 != 3) {
                StringBuilder c11 = a.c.c("Unknown auth ");
                c11.append(this.clientAuth);
                throw new Error(c11.toString());
            }
        }
        q.f wrapperFactory = this.apn.wrapperFactory();
        return wrapperFactory instanceof q.a ? ((q.a) wrapperFactory).wrapSslEngine(sSLEngine, kVar, this.apn, isServer()) : wrapperFactory.wrapSslEngine(sSLEngine, this.apn, isServer());
    }

    private static List<String> defaultCiphers(SSLEngine sSLEngine, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        q1.addIfSupported(set, arrayList, q1.DEFAULT_CIPHER_SUITES);
        q1.useFallbackCiphersIfDefaultIsEmpty(arrayList, sSLEngine.getEnabledCipherSuites());
        return arrayList;
    }

    private static String[] defaultProtocols(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        q1.addIfSupported(hashSet, arrayList, "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(new String[0]) : sSLEngine.getEnabledProtocols();
    }

    private static boolean isTlsV13Supported(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    private static Set<String> supportedCiphers(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                StringBuilder c11 = a.c.c("TLS_");
                c11.append(str.substring(4));
                String sb2 = c11.toString();
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{sb2});
                    linkedHashSet.add(sb2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    public static q toNegotiator(pa0.a aVar, boolean z11) {
        int i2;
        if (aVar != null && (i2 = a.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[aVar.protocol().ordinal()]) != 1) {
            if (i2 == 2) {
                if (z11) {
                    int i11 = a.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[aVar.selectorFailureBehavior().ordinal()];
                    if (i11 == 1) {
                        return new p(true, aVar.supportedProtocols());
                    }
                    if (i11 == 2) {
                        return new p(false, aVar.supportedProtocols());
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectorFailureBehavior() + " failure behavior");
                }
                int i12 = a.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[aVar.selectedListenerFailureBehavior().ordinal()];
                if (i12 == 1) {
                    return new p(false, aVar.supportedProtocols());
                }
                if (i12 == 2) {
                    return new p(true, aVar.supportedProtocols());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectedListenerFailureBehavior() + " failure behavior");
            }
            if (i2 != 3) {
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.protocol() + " protocol");
            }
            if (z11) {
                int i13 = a.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[aVar.selectedListenerFailureBehavior().ordinal()];
                if (i13 == 1) {
                    return new t(false, aVar.supportedProtocols());
                }
                if (i13 == 2) {
                    return new t(true, aVar.supportedProtocols());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectedListenerFailureBehavior() + " failure behavior");
            }
            int i14 = a.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[aVar.selectorFailureBehavior().ordinal()];
            if (i14 == 1) {
                return new t(true, aVar.supportedProtocols());
            }
            if (i14 == 2) {
                return new t(false, aVar.supportedProtocols());
            }
            throw new UnsupportedOperationException("JDK provider does not support " + aVar.selectorFailureBehavior() + " failure behavior");
        }
        return s.INSTANCE;
    }

    public final SSLContext context() {
        return this.sslContext;
    }

    @Override // pa0.j1
    public final boolean isClient() {
        return this.isClient;
    }

    @Override // pa0.j1
    public final SSLEngine newEngine(ia0.k kVar, String str, int i2) {
        return configureAndWrapEngine(context().createSSLEngine(str, i2), kVar);
    }
}
