package io.netty.handler.ssl;

import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;

/* loaded from: classes.dex */
public abstract class z extends av {

    /* renamed from: a, reason: collision with root package name */
    static final String f18867a = "TLS";

    /* renamed from: b, reason: collision with root package name */
    static final String[] f18868b;

    /* renamed from: c, reason: collision with root package name */
    static final List f18869c;

    /* renamed from: d, reason: collision with root package name */
    static final Set f18870d;

    /* renamed from: f, reason: collision with root package name */
    private static final gt.f f18871f = gt.g.a(z.class);

    /* renamed from: g, reason: collision with root package name */
    private final String[] f18872g;

    /* renamed from: h, reason: collision with root package name */
    private final List f18873h;

    /* renamed from: i, reason: collision with root package name */
    private final l f18874i;

    static {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
            HashSet hashSet = new HashSet(supportedProtocols.length);
            for (String str : supportedProtocols) {
                hashSet.add(str);
            }
            ArrayList arrayList = new ArrayList();
            a(hashSet, arrayList, "TLSv1.2", "TLSv1.1", "TLSv1");
            if (arrayList.isEmpty()) {
                f18868b = createSSLEngine.getEnabledProtocols();
            } else {
                f18868b = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
            f18870d = new HashSet(supportedCipherSuites.length);
            for (String str2 : supportedCipherSuites) {
                f18870d.add(str2);
            }
            ArrayList arrayList2 = new ArrayList();
            a(f18870d, arrayList2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA");
            if (arrayList2.isEmpty()) {
                f18869c = Collections.unmodifiableList(Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
            } else {
                f18869c = Collections.unmodifiableList(arrayList2);
            }
            if (f18871f.d()) {
                f18871f.b("Default protocols (JDK): {} ", Arrays.asList(f18868b));
                f18871f.b("Default cipher suites (JDK): {}", f18869c);
            }
        } catch (Exception e2) {
            throw new Error("failed to initialize the default SSL context", e2);
        }
    }

    z(Iterable iterable, e eVar, a aVar, boolean z2) {
        this(iterable, eVar, a(aVar, z2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z(Iterable iterable, e eVar, l lVar) {
        this.f18874i = (l) gr.r.a(lVar, "apn");
        this.f18872g = ((e) gr.r.a(eVar, "cipherFilter")).a(iterable, f18869c, f18870d);
        this.f18873h = Collections.unmodifiableList(Arrays.asList(this.f18872g));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static l a(a aVar, boolean z2) {
        if (aVar == null) {
            return r.f18857a;
        }
        switch (aVar.b()) {
            case NONE:
                return r.f18857a;
            case ALPN:
                if (z2) {
                    switch (aVar.c()) {
                        case FATAL_ALERT:
                            return new g(true, (Iterable) aVar.a());
                        case NO_ADVERTISE:
                            return new g(false, (Iterable) aVar.a());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + aVar.c() + " failure behavior");
                    }
                }
                switch (aVar.d()) {
                    case ACCEPT:
                        return new g(false, (Iterable) aVar.a());
                    case FATAL_ALERT:
                        return new g(true, (Iterable) aVar.a());
                    default:
                        throw new UnsupportedOperationException("JDK provider does not support " + aVar.d() + " failure behavior");
                }
            case NPN:
                if (z2) {
                    switch (aVar.d()) {
                        case ACCEPT:
                            return new t(false, (Iterable) aVar.a());
                        case FATAL_ALERT:
                            return new t(true, (Iterable) aVar.a());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + aVar.d() + " failure behavior");
                    }
                }
                switch (aVar.c()) {
                    case FATAL_ALERT:
                        return new t(true, (Iterable) aVar.a());
                    case NO_ADVERTISE:
                        return new t(false, (Iterable) aVar.a());
                    default:
                        throw new UnsupportedOperationException("JDK provider does not support " + aVar.c() + " failure behavior");
                }
            default:
                throw new UnsupportedOperationException("JDK provider does not support " + aVar.b() + " protocol");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyManagerFactory a(File file, File file2, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException {
        String property = Security.getProperty(SSLSocketFactoryFactory.SYSKEYMGRALGO);
        if (property == null) {
            property = "SunX509";
        }
        return a(file, property, file2, str, keyManagerFactory);
    }

    protected static KeyManagerFactory a(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException {
        PrivateKey generatePrivate;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
        fa.f b2 = as.b(file2);
        byte[] bArr = new byte[b2.g()];
        b2.a(bArr).M();
        char[] charArray = str2 == null ? gr.e.f15685b : str2.toCharArray();
        PKCS8EncodedKeySpec a2 = a(charArray, bArr);
        try {
            generatePrivate = keyFactory.generatePrivate(a2);
        } catch (InvalidKeySpecException e2) {
            generatePrivate = keyFactory2.generatePrivate(a2);
        }
        ArrayList arrayList = new ArrayList();
        fa.f[] a3 = as.a(file);
        try {
            for (fa.f fVar : a3) {
                arrayList.add(certificateFactory.generateCertificate(new fa.i(fVar)));
            }
            for (fa.f fVar2 : a3) {
                fVar2.M();
            }
            keyStore.setKeyEntry("key", generatePrivate, charArray, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
            if (keyManagerFactory == null) {
                keyManagerFactory = KeyManagerFactory.getInstance(str);
            }
            keyManagerFactory.init(keyStore, charArray);
            return keyManagerFactory;
        } catch (Throwable th) {
            for (fa.f fVar3 : a3) {
                fVar3.M();
            }
            throw th;
        }
    }

    private SSLEngine a(SSLEngine sSLEngine) {
        return this.f18874i.b().a(sSLEngine, this.f18874i, p());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustManagerFactory a(File file, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        int i2 = 0;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        fa.f[] a2 = as.a(file);
        try {
            for (fa.f fVar : a2) {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new fa.i(fVar));
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
            }
            if (trustManagerFactory == null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            }
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } finally {
            int length = a2.length;
            while (i2 < length) {
                a2[i2].M();
                i2++;
            }
        }
    }

    private static void a(Set set, List list, String... strArr) {
        for (String str : strArr) {
            if (set.contains(str)) {
                list.add(str);
            }
        }
    }

    @Override // io.netty.handler.ssl.av
    public final SSLEngine a(fa.g gVar) {
        SSLEngine createSSLEngine = b().createSSLEngine();
        createSSLEngine.setEnabledCipherSuites(this.f18872g);
        createSSLEngine.setEnabledProtocols(f18868b);
        createSSLEngine.setUseClientMode(a());
        return a(createSSLEngine);
    }

    @Override // io.netty.handler.ssl.av
    public final SSLEngine a(fa.g gVar, String str, int i2) {
        SSLEngine createSSLEngine = b().createSSLEngine(str, i2);
        createSSLEngine.setEnabledCipherSuites(this.f18872g);
        createSSLEngine.setEnabledProtocols(f18868b);
        createSSLEngine.setUseClientMode(a());
        return a(createSSLEngine);
    }

    public abstract SSLContext b();

    @Override // io.netty.handler.ssl.av
    public final SSLSessionContext c() {
        return p() ? b().getServerSessionContext() : b().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.av
    public final List d() {
        return this.f18873h;
    }

    @Override // io.netty.handler.ssl.av
    public final long e() {
        return c().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.av
    public final long f() {
        return c().getSessionTimeout();
    }

    @Override // io.netty.handler.ssl.av
    /* renamed from: g, reason: merged with bridge method [inline-methods] */
    public l h() {
        return this.f18874i;
    }
}
