package io.grpc.okhttp;

import androidx.activity.BackEventCompat$$ExternalSyntheticOutline0;
import com.google.common.base.Preconditions;
import io.grpc.okhttp.internal.ConnectionSpec;
import io.grpc.okhttp.internal.OkHostnameVerifier;
import io.grpc.okhttp.internal.Protocol;
import io.grpc.okhttp.internal.Util;
import java.net.Socket;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes4.dex */
public abstract class OkHttpTlsUpgrader {
    public static final List TLS_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(Protocol.HTTP_2));

    public static SSLSocket upgrade(SSLSocketFactory sSLSocketFactory, Socket socket, String str, int i, ConnectionSpec connectionSpec) {
        Preconditions.checkNotNull(sSLSocketFactory, "sslSocketFactory");
        Preconditions.checkNotNull(socket, "socket");
        Preconditions.checkNotNull(connectionSpec, "spec");
        SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, true);
        String[] strArr = connectionSpec.cipherSuites;
        ConnectionSpec build = new ConnectionSpec.Builder(connectionSpec).cipherSuites(strArr != null ? (String[]) Util.intersect(strArr, sSLSocket.getEnabledCipherSuites()) : null).tlsVersions((String[]) Util.intersect(connectionSpec.tlsVersions, sSLSocket.getEnabledProtocols())).build();
        sSLSocket.setEnabledProtocols(build.tlsVersions);
        String[] strArr2 = build.cipherSuites;
        if (strArr2 != null) {
            sSLSocket.setEnabledCipherSuites(strArr2);
        }
        OkHttpProtocolNegotiator okHttpProtocolNegotiator = OkHttpProtocolNegotiator.NEGOTIATOR;
        boolean z = connectionSpec.supportsTlsExtensions;
        List list = TLS_PROTOCOLS;
        String negotiate = okHttpProtocolNegotiator.negotiate(sSLSocket, str, z ? list : null);
        Preconditions.checkState(list.contains(Protocol.get(negotiate)), "Only " + list + " are supported, but negotiated protocol is %s", negotiate);
        if (OkHostnameVerifier.INSTANCE.verify((str.startsWith("[") && str.endsWith("]")) ? BackEventCompat$$ExternalSyntheticOutline0.m(1, 1, str) : str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException("Cannot verify hostname: ".concat(str));
    }
}
