package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.v;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* loaded from: classes4.dex */
public class a0 extends p1 {
    private static final io.netty.util.internal.logging.b k;
    private static final String[] l;
    private static final List<String> m;
    private static final List<String> n;
    private static final Set<String> o;
    private static final Set<String> p;
    private static final Provider q;
    private final String[] d;
    private final String[] e;
    private final List<String> f;
    private final v g;
    private final ClientAuth h;
    private final SSLContext i;
    private final boolean j;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class a {
        static final /* synthetic */ int[] a;
        static final /* synthetic */ int[] b;
        static final /* synthetic */ int[] c;
        static final /* synthetic */ int[] d;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.Protocol.values().length];
            d = iArr;
            try {
                iArr[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                d[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                d[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            c = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            int[] iArr4 = new int[ClientAuth.values().length];
            a = iArr4;
            try {
                iArr4[ClientAuth.OPTIONAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                a[ClientAuth.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                a[ClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    /* loaded from: classes4.dex */
    private static final class b {
        String[] a;
        List<String> b;
        List<String> c;
        Set<String> d;
        Set<String> e;
        Provider f;

        private b() {
        }

        /* synthetic */ b(a aVar) {
            this();
        }

        void a() {
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, null, null);
                this.f = sSLContext.getProvider();
                SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                this.a = a0.S(sSLContext, createSSLEngine);
                Set<String> unmodifiableSet = Collections.unmodifiableSet(a0.U(createSSLEngine));
                this.d = unmodifiableSet;
                this.b = Collections.unmodifiableList(a0.R(createSSLEngine, unmodifiableSet));
                ArrayList arrayList = new ArrayList(this.b);
                String[] strArr = u1.d;
                arrayList.removeAll(Arrays.asList(strArr));
                this.c = Collections.unmodifiableList(arrayList);
                LinkedHashSet linkedHashSet = new LinkedHashSet(this.d);
                linkedHashSet.removeAll(Arrays.asList(strArr));
                this.e = Collections.unmodifiableSet(linkedHashSet);
            } catch (Exception e) {
                throw new Error("failed to initialize the default SSL context", e);
            }
        }
    }

    static {
        io.netty.util.internal.logging.b b2 = io.netty.util.internal.logging.c.b(a0.class);
        k = b2;
        b bVar = new b(null);
        bVar.a();
        q = bVar.f;
        String[] strArr = bVar.a;
        l = strArr;
        o = bVar.d;
        List<String> list = bVar.b;
        m = list;
        n = bVar.c;
        p = bVar.e;
        if (b2.isDebugEnabled()) {
            b2.u("Default protocols (JDK): {} ", Arrays.asList(strArr));
            b2.u("Default cipher suites (JDK): {}", list);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a0(SSLContext sSLContext, boolean z, Iterable<String> iterable, j jVar, v vVar, ClientAuth clientAuth, String[] strArr, boolean z2) {
        super(z2);
        Set<String> U;
        List<String> list;
        this.g = (v) io.netty.util.internal.q.h(vVar, "apn");
        this.h = (ClientAuth) io.netty.util.internal.q.h(clientAuth, "clientAuth");
        this.i = (SSLContext) io.netty.util.internal.q.h(sSLContext, "sslContext");
        if (q.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? l : strArr;
            this.d = strArr;
            if (T(strArr)) {
                U = o;
                list = m;
            } else {
                U = p;
                list = n;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.d = S(sSLContext, createSSLEngine);
                } else {
                    this.d = strArr;
                }
                U = U(createSSLEngine);
                List<String> R = R(createSSLEngine, U);
                if (!T(this.d)) {
                    for (String str : u1.d) {
                        U.remove(str);
                        R.remove(str);
                    }
                }
                io.netty.util.u.a(createSSLEngine);
                list = R;
            } catch (Throwable th) {
                io.netty.util.u.a(createSSLEngine);
                throw th;
            }
        }
        String[] a2 = ((j) io.netty.util.internal.q.h(jVar, "cipherFilter")).a(iterable, list, U);
        this.e = a2;
        this.f = Collections.unmodifiableList(Arrays.asList(a2));
        this.j = z;
    }

    private SSLEngine O(SSLEngine sSLEngine, io.netty.buffer.k kVar) {
        sSLEngine.setEnabledCipherSuites(this.e);
        sSLEngine.setEnabledProtocols(this.d);
        sSLEngine.setUseClientMode(m());
        if (o()) {
            int i = a.a[this.h.ordinal()];
            if (i == 1) {
                sSLEngine.setWantClientAuth(true);
            } else if (i == 2) {
                sSLEngine.setNeedClientAuth(true);
            } else if (i != 3) {
                throw new Error("Unknown auth " + this.h);
            }
        }
        v.f f = this.g.f();
        return f instanceof v.a ? ((v.a) f).b(sSLEngine, kVar, this.g, o()) : f.a(sSLEngine, this.g, o());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<String> R(SSLEngine sSLEngine, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        u1.a(set, arrayList, u1.c);
        u1.w(arrayList, sSLEngine.getEnabledCipherSuites());
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] S(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        u1.a(hashSet, arrayList, "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(io.netty.util.internal.g.f) : sSLEngine.getEnabledProtocols();
    }

    private static boolean T(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Set<String> U(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                String str2 = "TLS_" + str.substring(4);
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{str2});
                    linkedHashSet.add(str2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static v V(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i;
        if (applicationProtocolConfig != null && (i = a.d[applicationProtocolConfig.a().ordinal()]) != 1) {
            if (i == 2) {
                if (z) {
                    int i2 = a.b[applicationProtocolConfig.c().ordinal()];
                    if (i2 == 1) {
                        return new s(true, applicationProtocolConfig.d());
                    }
                    if (i2 == 2) {
                        return new s(false, applicationProtocolConfig.d());
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
                }
                int i3 = a.c[applicationProtocolConfig.b().ordinal()];
                if (i3 == 1) {
                    return new s(false, applicationProtocolConfig.d());
                }
                if (i3 == 2) {
                    return new s(true, applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            if (i != 3) {
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.a() + " protocol");
            }
            if (z) {
                int i4 = a.c[applicationProtocolConfig.b().ordinal()];
                if (i4 == 1) {
                    return new y(false, applicationProtocolConfig.d());
                }
                if (i4 == 2) {
                    return new y(true, applicationProtocolConfig.d());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.b() + " failure behavior");
            }
            int i5 = a.b[applicationProtocolConfig.c().ordinal()];
            if (i5 == 1) {
                return new y(true, applicationProtocolConfig.d());
            }
            if (i5 == 2) {
                return new y(false, applicationProtocolConfig.d());
            }
            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.c() + " failure behavior");
        }
        return x.a;
    }

    @Override // io.netty.handler.ssl.p1
    public final SSLSessionContext D() {
        return o() ? P().getServerSessionContext() : P().getClientSessionContext();
    }

    public final SSLContext P() {
        return this.i;
    }

    @Override // io.netty.handler.ssl.p1
    public final boolean m() {
        return this.j;
    }

    @Override // io.netty.handler.ssl.p1
    public final SSLEngine t(io.netty.buffer.k kVar) {
        return O(P().createSSLEngine(), kVar);
    }

    @Override // io.netty.handler.ssl.p1
    public final SSLEngine u(io.netty.buffer.k kVar, String str, int i) {
        return O(P().createSSLEngine(str, i), kVar);
    }
}
