package org.openjsse.sun.security.ssl;

import A7.g;
import g.k;
import java.io.FileInputStream;
import java.security.AccessController;
import java.security.CryptoPrimitive;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.conscrypt.BuildConfig;
import org.openjsse.javax.net.ssl.SSLEngine;
import org.openjsse.sun.security.ssl.HelloCookieManager;
import sun.security.action.GetPropertyAction;
import v6.e;

/* loaded from: classes2.dex */
public abstract class SSLContextImpl extends SSLContextSpi {
    private static final Collection<CipherSuite> clientCustomizedCipherSuites = getCustomizedCipherSuites("jdk.tls.client.cipherSuites");
    private static final Collection<CipherSuite> serverCustomizedCipherSuites = getCustomizedCipherSuites("jdk.tls.server.cipherSuites");
    private volatile HelloCookieManager.Builder helloCookieManagerBuilder;
    private boolean isInitialized;
    private X509ExtendedKeyManager keyManager;
    private SecureRandom secureRandom;
    private volatile StatusResponseManager statusResponseManager;
    private X509TrustManager trustManager;
    private final boolean clientEnableStapling = Utilities.getBooleanProperty("jdk.tls.client.enableStatusRequestExtension", true);
    private final boolean serverEnableStapling = Utilities.getBooleanProperty("jdk.tls.server.enableStatusRequestExtension", false);
    private final EphemeralKeyManager ephemeralKeyManager = new EphemeralKeyManager();
    private final SSLSessionContextImpl clientCache = new SSLSessionContextImpl();
    private final SSLSessionContextImpl serverCache = new SSLSessionContextImpl();

    /* loaded from: classes2.dex */
    public static abstract class AbstractDTLSContext extends SSLContextImpl {
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static final List<ProtocolVersion> serverDefaultProtocols;
        private static final List<CipherSuite> supportedCipherSuites;
        private static final List<ProtocolVersion> supportedProtocols;

        static {
            ProtocolVersion protocolVersion = ProtocolVersion.DTLS12;
            ProtocolVersion protocolVersion2 = ProtocolVersion.DTLS10;
            List<ProtocolVersion> asList = Arrays.asList(protocolVersion, protocolVersion2);
            supportedProtocols = asList;
            List<ProtocolVersion> availableProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{protocolVersion, protocolVersion2});
            serverDefaultProtocols = availableProtocols;
            supportedCipherSuites = SSLContextImpl.getApplicableSupportedCipherSuites(asList);
            serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(availableProtocols, false);
        }

        private AbstractDTLSContext() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public SSLEngine createSSLEngineImpl() {
            return new SSLEngineImpl(this);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public SSLEngine createSSLEngineImpl(String str, int i8) {
            return new SSLEngineImpl(this, str, i8);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        public /* bridge */ /* synthetic */ javax.net.ssl.SSLEngine engineCreateSSLEngine() {
            return super.engineCreateSSLEngine();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        public /* bridge */ /* synthetic */ javax.net.ssl.SSLEngine engineCreateSSLEngine(String str, int i8) {
            return super.engineCreateSSLEngine(str, i8);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getSupportedCipherSuites() {
            return supportedCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getSupportedProtocolVersions() {
            return supportedProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public boolean isDTLS() {
            return true;
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class AbstractTLSContext extends SSLContextImpl {
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static final List<ProtocolVersion> serverDefaultProtocols;
        private static final List<CipherSuite> supportedCipherSuites;
        private static final List<ProtocolVersion> supportedProtocols;

        static {
            if (OpenJSSE.isFIPS()) {
                ProtocolVersion protocolVersion = ProtocolVersion.TLS13;
                ProtocolVersion protocolVersion2 = ProtocolVersion.TLS12;
                ProtocolVersion protocolVersion3 = ProtocolVersion.TLS11;
                ProtocolVersion protocolVersion4 = ProtocolVersion.TLS10;
                supportedProtocols = Arrays.asList(protocolVersion, protocolVersion2, protocolVersion3, protocolVersion4);
                serverDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{protocolVersion, protocolVersion2, protocolVersion3, protocolVersion4});
            } else {
                ProtocolVersion protocolVersion5 = ProtocolVersion.TLS13;
                ProtocolVersion protocolVersion6 = ProtocolVersion.TLS12;
                ProtocolVersion protocolVersion7 = ProtocolVersion.TLS11;
                ProtocolVersion protocolVersion8 = ProtocolVersion.TLS10;
                ProtocolVersion protocolVersion9 = ProtocolVersion.SSL30;
                ProtocolVersion protocolVersion10 = ProtocolVersion.SSL20Hello;
                supportedProtocols = Arrays.asList(protocolVersion5, protocolVersion6, protocolVersion7, protocolVersion8, protocolVersion9, protocolVersion10);
                serverDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{protocolVersion5, protocolVersion6, protocolVersion7, protocolVersion8, protocolVersion9, protocolVersion10});
            }
            supportedCipherSuites = SSLContextImpl.getApplicableSupportedCipherSuites(supportedProtocols);
            serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(serverDefaultProtocols, false);
        }

        private AbstractTLSContext() {
        }

        public static ProtocolVersion[] getSupportedProtocols() {
            return OpenJSSE.isFIPS() ? new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10} : new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30, ProtocolVersion.SSL20Hello};
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public SSLEngine createSSLEngineImpl() {
            return new SSLEngineImpl(this);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public SSLEngine createSSLEngineImpl(String str, int i8) {
            return new SSLEngineImpl(this, str, i8);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        public /* bridge */ /* synthetic */ javax.net.ssl.SSLEngine engineCreateSSLEngine() {
            return super.engineCreateSSLEngine();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        public /* bridge */ /* synthetic */ javax.net.ssl.SSLEngine engineCreateSSLEngine(String str, int i8) {
            return super.engineCreateSSLEngine(str, i8);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getSupportedCipherSuites() {
            return supportedCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getSupportedProtocolVersions() {
            return supportedProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public boolean isDTLS() {
            return false;
        }
    }

    /* loaded from: classes2.dex */
    public static class CustomizedDTLSContext extends AbstractDTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;
        private static IllegalArgumentException reservedException;
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static final List<ProtocolVersion> serverDefaultProtocols;

        static {
            IllegalArgumentException illegalArgumentException = CustomizedSSLProtocols.reservedException;
            reservedException = illegalArgumentException;
            if (illegalArgumentException != null) {
                clientDefaultProtocols = null;
                serverDefaultProtocols = null;
                clientDefaultCipherSuites = null;
                serverDefaultCipherSuites = null;
                return;
            }
            List<ProtocolVersion> customizedProtocols = customizedProtocols(true, CustomizedSSLProtocols.customizedClientProtocols);
            clientDefaultProtocols = customizedProtocols;
            List<ProtocolVersion> customizedProtocols2 = customizedProtocols(false, CustomizedSSLProtocols.customizedServerProtocols);
            serverDefaultProtocols = customizedProtocols2;
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(customizedProtocols, true);
            serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(customizedProtocols2, false);
        }

        public CustomizedDTLSContext() {
            super();
            IllegalArgumentException illegalArgumentException = reservedException;
            if (illegalArgumentException != null) {
                throw illegalArgumentException;
            }
        }

        private static List<ProtocolVersion> customizedProtocols(boolean z8, List<ProtocolVersion> list) {
            ProtocolVersion[] protocolVersionArr;
            ArrayList arrayList = new ArrayList();
            for (ProtocolVersion protocolVersion : list) {
                if (protocolVersion.isDTLS) {
                    arrayList.add(protocolVersion);
                }
            }
            if (arrayList.isEmpty()) {
                protocolVersionArr = new ProtocolVersion[]{ProtocolVersion.DTLS12, ProtocolVersion.DTLS10};
                if (!z8) {
                    return Arrays.asList(protocolVersionArr);
                }
            } else {
                protocolVersionArr = (ProtocolVersion[]) list.toArray(new ProtocolVersion[list.size()]);
            }
            return SSLContextImpl.getAvailableProtocols(protocolVersionArr);
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl.AbstractDTLSContext, org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl.AbstractDTLSContext, org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static class CustomizedSSLProtocols {
        private static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
        private static final String JDK_TLS_SERVER_PROTOCOLS = "jdk.tls.server.protocols";
        static final ArrayList<ProtocolVersion> customizedClientProtocols;
        static final ArrayList<ProtocolVersion> customizedServerProtocols;
        static IllegalArgumentException reservedException;

        static {
            ArrayList<ProtocolVersion> arrayList = new ArrayList<>();
            customizedClientProtocols = arrayList;
            ArrayList<ProtocolVersion> arrayList2 = new ArrayList<>();
            customizedServerProtocols = arrayList2;
            populate(JDK_TLS_CLIENT_PROTOCOLS, arrayList);
            populate(JDK_TLS_SERVER_PROTOCOLS, arrayList2);
        }

        private CustomizedSSLProtocols() {
        }

        private static void populate(String str, ArrayList<ProtocolVersion> arrayList) {
            String privilegedGetProperty = GetPropertyAction.privilegedGetProperty(str);
            if (privilegedGetProperty == null) {
                return;
            }
            if (privilegedGetProperty.length() != 0 && privilegedGetProperty.length() > 1 && privilegedGetProperty.charAt(0) == '\"' && privilegedGetProperty.charAt(privilegedGetProperty.length() - 1) == '\"') {
                privilegedGetProperty = k.i(privilegedGetProperty, 1, 1);
            }
            if (privilegedGetProperty.length() != 0) {
                String[] split = privilegedGetProperty.split(",");
                for (int i8 = 0; i8 < split.length; i8++) {
                    String trim = split[i8].trim();
                    split[i8] = trim;
                    ProtocolVersion nameOf = ProtocolVersion.nameOf(trim);
                    if (nameOf == null) {
                        reservedException = new IllegalArgumentException(e.i(k.q(str, ": "), split[i8], " is not a supported SSL protocol name"));
                    }
                    if (OpenJSSE.isFIPS() && (nameOf == ProtocolVersion.SSL30 || nameOf == ProtocolVersion.SSL20Hello)) {
                        reservedException = new IllegalArgumentException(str + ": " + nameOf + " is not FIPS compliant");
                        return;
                    }
                    if (!arrayList.contains(nameOf)) {
                        arrayList.add(nameOf);
                    }
                }
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class CustomizedTLSContext extends AbstractTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;
        private static final IllegalArgumentException reservedException;
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static final List<ProtocolVersion> serverDefaultProtocols;

        static {
            IllegalArgumentException illegalArgumentException = CustomizedSSLProtocols.reservedException;
            reservedException = illegalArgumentException;
            if (illegalArgumentException != null) {
                clientDefaultProtocols = null;
                serverDefaultProtocols = null;
                clientDefaultCipherSuites = null;
                serverDefaultCipherSuites = null;
                return;
            }
            List<ProtocolVersion> customizedProtocols = customizedProtocols(true, CustomizedSSLProtocols.customizedClientProtocols);
            clientDefaultProtocols = customizedProtocols;
            List<ProtocolVersion> customizedProtocols2 = customizedProtocols(false, CustomizedSSLProtocols.customizedServerProtocols);
            serverDefaultProtocols = customizedProtocols2;
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(customizedProtocols, true);
            serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(customizedProtocols2, false);
        }

        public CustomizedTLSContext() {
            super();
            IllegalArgumentException illegalArgumentException = reservedException;
            if (illegalArgumentException != null) {
                throw illegalArgumentException;
            }
        }

        private static List<ProtocolVersion> customizedProtocols(boolean z8, List<ProtocolVersion> list) {
            ArrayList arrayList = new ArrayList();
            for (ProtocolVersion protocolVersion : list) {
                if (!protocolVersion.isDTLS) {
                    arrayList.add(protocolVersion);
                }
            }
            return SSLContextImpl.getAvailableProtocols(arrayList.isEmpty() ? z8 ? getProtocols() : AbstractTLSContext.getSupportedProtocols() : (ProtocolVersion[]) arrayList.toArray(new ProtocolVersion[arrayList.size()]));
        }

        public static ProtocolVersion[] getProtocols() {
            return OpenJSSE.isFIPS() ? new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10} : new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30};
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl.AbstractTLSContext, org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl.AbstractTLSContext, org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class DTLS10Context extends AbstractDTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            List<ProtocolVersion> availableProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.DTLS10});
            clientDefaultProtocols = availableProtocols;
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(availableProtocols, true);
        }

        public DTLS10Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class DTLS12Context extends AbstractDTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            List<ProtocolVersion> availableProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.DTLS12, ProtocolVersion.DTLS10});
            clientDefaultProtocols = availableProtocols;
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(availableProtocols, true);
        }

        public DTLS12Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class DTLSContext extends CustomizedDTLSContext {
    }

    /* loaded from: classes2.dex */
    public static final class DefaultManagersHolder {
        private static final String NONE = "NONE";
        private static final String P11KEYSTORE = "PKCS11";
        private static final KeyManager[] keyManagers;
        private static final Exception reservedException;
        private static final TrustManager[] trustManagers;

        static {
            TrustManager[] trustManagerArr;
            KeyManager[] keyManagerArr;
            try {
                trustManagerArr = getTrustManagers();
                e = null;
            } catch (Exception e9) {
                e = e9;
                trustManagerArr = new TrustManager[0];
            }
            trustManagers = trustManagerArr;
            if (e == null) {
                try {
                    keyManagerArr = getKeyManagers();
                } catch (Exception e10) {
                    e = e10;
                    keyManagerArr = new KeyManager[0];
                }
                keyManagers = keyManagerArr;
            } else {
                keyManagers = new KeyManager[0];
            }
            reservedException = e;
        }

        private DefaultManagersHolder() {
        }

        private static KeyManager[] getKeyManagers() {
            FileInputStream fileInputStream;
            KeyStore keyStore;
            final HashMap hashMap = new HashMap();
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.openjsse.sun.security.ssl.SSLContextImpl.DefaultManagersHolder.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() {
                    hashMap.put("keyStore", System.getProperty("javax.net.ssl.keyStore", BuildConfig.FLAVOR));
                    hashMap.put("keyStoreType", System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()));
                    hashMap.put("keyStoreProvider", System.getProperty("javax.net.ssl.keyStoreProvider", BuildConfig.FLAVOR));
                    hashMap.put("keyStorePasswd", System.getProperty("javax.net.ssl.keyStorePassword", BuildConfig.FLAVOR));
                    return null;
                }
            });
            final String str = (String) hashMap.get("keyStore");
            String str2 = (String) hashMap.get("keyStoreType");
            String str3 = (String) hashMap.get("keyStoreProvider");
            boolean z8 = SSLLogger.isOn;
            if (z8 && SSLLogger.isOn("ssl,defaultctx")) {
                SSLLogger.fine(g.h("keyStore is : ", str), new Object[0]);
                SSLLogger.fine("keyStore type is : " + str2, new Object[0]);
                SSLLogger.fine("keyStore provider is : " + str3, new Object[0]);
            }
            if (P11KEYSTORE.equals(str2) && !NONE.equals(str)) {
                throw new IllegalArgumentException("if keyStoreType is PKCS11, then keyStore must be NONE");
            }
            FileInputStream fileInputStream2 = null;
            try {
                fileInputStream = (str.length() == 0 || NONE.equals(str)) ? null : (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: org.openjsse.sun.security.ssl.SSLContextImpl.DefaultManagersHolder.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public FileInputStream run() {
                        return new FileInputStream(str);
                    }
                });
            } catch (Throwable th) {
                th = th;
            }
            try {
                String str4 = (String) hashMap.get("keyStorePasswd");
                char[] charArray = str4.length() != 0 ? str4.toCharArray() : null;
                if (str2.length() != 0) {
                    if (z8 && SSLLogger.isOn("ssl,defaultctx")) {
                        SSLLogger.finest("init keystore", new Object[0]);
                    }
                    keyStore = str3.length() == 0 ? KeyStore.getInstance(str2) : KeyStore.getInstance(str2, str3);
                    keyStore.load(fileInputStream, charArray);
                } else {
                    keyStore = null;
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                if (z8 && SSLLogger.isOn("ssl,defaultctx")) {
                    SSLLogger.fine("init keymanager of type " + KeyManagerFactory.getDefaultAlgorithm(), new Object[0]);
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                if (P11KEYSTORE.equals(str2)) {
                    keyManagerFactory.init(keyStore, null);
                } else {
                    keyManagerFactory.init(keyStore, charArray);
                }
                return keyManagerFactory.getKeyManagers();
            } catch (Throwable th2) {
                th = th2;
                fileInputStream2 = fileInputStream;
                if (fileInputStream2 != null) {
                    fileInputStream2.close();
                }
                throw th;
            }
        }

        private static TrustManager[] getTrustManagers() {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            if ("OpenJSSE".equals(trustManagerFactory.getProvider().getName())) {
                trustManagerFactory.init((KeyStore) null);
            } else {
                trustManagerFactory.init(TrustStoreManager.getTrustedKeyStore());
            }
            return trustManagerFactory.getTrustManagers();
        }
    }

    /* loaded from: classes2.dex */
    public static final class DefaultSSLContext extends CustomizedTLSContext {
        public DefaultSSLContext() {
            if (DefaultManagersHolder.reservedException != null) {
                throw DefaultManagersHolder.reservedException;
            }
            try {
                super.engineInit(DefaultManagersHolder.keyManagers, DefaultManagersHolder.trustManagers, null);
            } catch (Exception e9) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                    SSLLogger.fine("default context init failed: ", e9);
                }
                throw e9;
            }
        }

        public static SSLContextImpl getDefaultImpl() {
            Exception exc = DefaultSSLContextHolder.reservedException;
            if (exc == null) {
                return DefaultSSLContextHolder.sslContext;
            }
            throw exc;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        public void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }
    }

    /* loaded from: classes2.dex */
    public static final class DefaultSSLContextHolder {
        static Exception reservedException;
        private static final SSLContextImpl sslContext;

        static {
            DefaultSSLContext defaultSSLContext;
            if (DefaultManagersHolder.reservedException == null) {
                try {
                    defaultSSLContext = new DefaultSSLContext();
                } catch (Exception e9) {
                    reservedException = e9;
                }
                sslContext = defaultSSLContext;
            }
            reservedException = DefaultManagersHolder.reservedException;
            defaultSSLContext = null;
            sslContext = defaultSSLContext;
        }

        private DefaultSSLContextHolder() {
        }
    }

    /* loaded from: classes2.dex */
    public static final class TLS10Context extends AbstractTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            if (OpenJSSE.isFIPS()) {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS10});
            } else {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS10, ProtocolVersion.SSL30});
            }
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
        }

        public TLS10Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class TLS11Context extends AbstractTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            if (OpenJSSE.isFIPS()) {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS11, ProtocolVersion.TLS10});
            } else {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30});
            }
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
        }

        public TLS11Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class TLS12Context extends AbstractTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            if (OpenJSSE.isFIPS()) {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10});
            } else {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30});
            }
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
        }

        public TLS12Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class TLS13Context extends AbstractTLSContext {
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<ProtocolVersion> clientDefaultProtocols;

        static {
            if (OpenJSSE.isFIPS()) {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10});
            } else {
                clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30});
            }
            clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
        }

        public TLS13Context() {
            super();
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // org.openjsse.sun.security.ssl.SSLContextImpl
        public List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }
    }

    /* loaded from: classes2.dex */
    public static final class TLSContext extends CustomizedTLSContext {
    }

    private X509ExtendedKeyManager chooseKeyManager(KeyManager[] keyManagerArr) {
        for (int i8 = 0; keyManagerArr != null && i8 < keyManagerArr.length; i8++) {
            KeyManager keyManager = keyManagerArr[i8];
            if (keyManager instanceof X509KeyManager) {
                if (OpenJSSE.isFIPS()) {
                    if ((keyManager instanceof X509KeyManagerImpl) || (keyManager instanceof SunX509KeyManagerImpl)) {
                        return (X509ExtendedKeyManager) keyManager;
                    }
                    throw new KeyManagementException("FIPS mode: only OpenJSSE KeyManagers may be used");
                }
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                    SSLLogger.warning("X509KeyManager passed to SSLContext.init():  need an X509ExtendedKeyManager for SSLEngine use", new Object[0]);
                }
                return new AbstractKeyManagerWrapper((X509KeyManager) keyManager);
            }
        }
        return DummyX509KeyManager.INSTANCE;
    }

    private X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (int i8 = 0; trustManagerArr != null && i8 < trustManagerArr.length; i8++) {
            if (trustManagerArr[i8] instanceof X509TrustManager) {
                if (OpenJSSE.isFIPS() && !(trustManagerArr[i8] instanceof X509TrustManagerImpl)) {
                    throw new KeyManagementException("FIPS mode: only OpenJSSE TrustManagers may be used");
                }
                TrustManager trustManager = trustManagerArr[i8];
                return trustManager instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManager : new AbstractTrustManagerWrapper((X509TrustManager) trustManagerArr[i8]);
            }
        }
        return DummyX509TrustManager.INSTANCE;
    }

    private static List<CipherSuite> getApplicableCipherSuites(Collection<CipherSuite> collection, List<ProtocolVersion> list) {
        TreeSet treeSet = new TreeSet();
        if (list != null && !list.isEmpty()) {
            for (CipherSuite cipherSuite : collection) {
                if (cipherSuite.isAvailable()) {
                    Iterator<ProtocolVersion> it = list.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (cipherSuite.supports(it.next()) && cipherSuite.bulkCipher.isAvailable()) {
                            if (SSLAlgorithmConstraints.DEFAULT.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                                treeSet.add(cipherSuite);
                            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx,verbose")) {
                                SSLLogger.fine("Ignore disabled cipher suite: " + cipherSuite.name, new Object[0]);
                            }
                        }
                    }
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx,verbose")) {
                        SSLLogger.finest("Ignore unsupported cipher suite: " + cipherSuite, new Object[0]);
                    }
                }
            }
        }
        return new ArrayList(treeSet);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<CipherSuite> getApplicableEnabledCipherSuites(List<ProtocolVersion> list, boolean z8) {
        if (z8) {
            Collection<CipherSuite> collection = clientCustomizedCipherSuites;
            if (!collection.isEmpty()) {
                return getApplicableCipherSuites(collection, list);
            }
        } else {
            Collection<CipherSuite> collection2 = serverCustomizedCipherSuites;
            if (!collection2.isEmpty()) {
                return getApplicableCipherSuites(collection2, list);
            }
        }
        return getApplicableCipherSuites(CipherSuite.defaultCipherSuites(), list);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<CipherSuite> getApplicableSupportedCipherSuites(List<ProtocolVersion> list) {
        return getApplicableCipherSuites(CipherSuite.allowedCipherSuites(), list);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.List<org.openjsse.sun.security.ssl.ProtocolVersion>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.ArrayList] */
    public static List<ProtocolVersion> getAvailableProtocols(ProtocolVersion[] protocolVersionArr) {
        ?? emptyList = Collections.emptyList();
        if (protocolVersionArr != null && protocolVersionArr.length != 0) {
            emptyList = new ArrayList(protocolVersionArr.length);
            for (ProtocolVersion protocolVersion : protocolVersionArr) {
                if (protocolVersion.isAvailable) {
                    emptyList.add(protocolVersion);
                }
            }
        }
        return emptyList;
    }

    private static Collection<CipherSuite> getCustomizedCipherSuites(String str) {
        String privilegedGetProperty = GetPropertyAction.privilegedGetProperty(str);
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.fine(k.l("System property ", str, " is set to '", privilegedGetProperty, "'"), new Object[0]);
        }
        if (privilegedGetProperty != null && privilegedGetProperty.length() != 0 && privilegedGetProperty.length() > 1 && privilegedGetProperty.charAt(0) == '\"' && privilegedGetProperty.charAt(privilegedGetProperty.length() - 1) == '\"') {
            privilegedGetProperty = k.i(privilegedGetProperty, 1, 1);
        }
        if (privilegedGetProperty == null || privilegedGetProperty.length() == 0) {
            return Collections.emptyList();
        }
        String[] split = privilegedGetProperty.split(",");
        ArrayList arrayList = new ArrayList(split.length);
        for (int i8 = 0; i8 < split.length; i8++) {
            String trim = split[i8].trim();
            split[i8] = trim;
            if (!trim.isEmpty()) {
                try {
                    CipherSuite nameOf = CipherSuite.nameOf(split[i8]);
                    if (nameOf != null && nameOf.isAvailable()) {
                        arrayList.add(nameOf);
                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                        SSLLogger.fine("The current installed providers do not support cipher suite: " + split[i8], new Object[0]);
                    }
                } catch (IllegalArgumentException unused) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                        SSLLogger.fine("Unknown or unsupported cipher suite name: " + split[i8], new Object[0]);
                    }
                }
            }
        }
        return arrayList;
    }

    public abstract SSLEngine createSSLEngineImpl();

    public abstract SSLEngine createSSLEngineImpl(String str, int i8);

    @Override // javax.net.ssl.SSLContextSpi
    public SSLEngine engineCreateSSLEngine() {
        if (this.isInitialized) {
            return createSSLEngineImpl();
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLEngine engineCreateSSLEngine(String str, int i8) {
        if (this.isInitialized) {
            return createSSLEngineImpl(str, i8);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.clientCache;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.serverCache;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.isInitialized) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLSocketFactory engineGetSocketFactory() {
        if (this.isInitialized) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    public void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
        this.isInitialized = false;
        this.keyManager = chooseKeyManager(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception unused) {
            }
        }
        this.trustManager = chooseTrustManager(trustManagerArr);
        if (secureRandom == null) {
            this.secureRandom = JsseJce.getSecureRandom();
        } else {
            if (OpenJSSE.isFIPS() && secureRandom.getProvider() != OpenJSSE.cryptoProvider) {
                throw new KeyManagementException("FIPS mode: SecureRandom must be from provider " + OpenJSSE.cryptoProvider.getName());
            }
            this.secureRandom = secureRandom;
        }
        boolean z8 = SSLLogger.isOn;
        if (z8 && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.finest("trigger seeding of SecureRandom", new Object[0]);
        }
        this.secureRandom.nextInt();
        if (z8 && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.finest("done seeding of SecureRandom", new Object[0]);
        }
        this.isInitialized = true;
    }

    public abstract List<CipherSuite> getClientDefaultCipherSuites();

    public abstract List<ProtocolVersion> getClientDefaultProtocolVersions();

    public List<CipherSuite> getDefaultCipherSuites(boolean z8) {
        return z8 ? getServerDefaultCipherSuites() : getClientDefaultCipherSuites();
    }

    public List<ProtocolVersion> getDefaultProtocolVersions(boolean z8) {
        return z8 ? getServerDefaultProtocolVersions() : getClientDefaultProtocolVersions();
    }

    public EphemeralKeyManager getEphemeralKeyManager() {
        return this.ephemeralKeyManager;
    }

    public HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
        if (this.helloCookieManagerBuilder == null) {
            synchronized (this) {
                try {
                    if (this.helloCookieManagerBuilder == null) {
                        this.helloCookieManagerBuilder = new HelloCookieManager.Builder(this.secureRandom);
                    }
                } finally {
                }
            }
        }
        return this.helloCookieManagerBuilder.valueOf(protocolVersion);
    }

    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    public abstract List<CipherSuite> getServerDefaultCipherSuites();

    public abstract List<ProtocolVersion> getServerDefaultProtocolVersions();

    public StatusResponseManager getStatusResponseManager() {
        if (this.serverEnableStapling && this.statusResponseManager == null) {
            synchronized (this) {
                try {
                    if (this.statusResponseManager == null) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                            SSLLogger.finest("Initializing StatusResponseManager", new Object[0]);
                        }
                        this.statusResponseManager = new StatusResponseManager();
                    }
                } finally {
                }
            }
        }
        return this.statusResponseManager;
    }

    public abstract List<CipherSuite> getSupportedCipherSuites();

    public abstract List<ProtocolVersion> getSupportedProtocolVersions();

    public X509ExtendedKeyManager getX509KeyManager() {
        return this.keyManager;
    }

    public X509TrustManager getX509TrustManager() {
        return this.trustManager;
    }

    public abstract boolean isDTLS();

    public boolean isDefaultCipherSuiteList(List<CipherSuite> list) {
        return list == getServerDefaultCipherSuites() || list == getClientDefaultCipherSuites();
    }

    public boolean isDefaultProtocolVesions(List<ProtocolVersion> list) {
        return list == getServerDefaultProtocolVersions() || list == getClientDefaultProtocolVersions();
    }

    public boolean isStaplingEnabled(boolean z8) {
        return z8 ? this.clientEnableStapling : this.serverEnableStapling;
    }
}
