package org.bouncycastle.jsse.provider;

import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.Vector;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;
import org.bouncycastle.jsse.BCX509ExtendedTrustManager;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.java.security.BCCryptoPrimitive;
import org.bouncycastle.jsse.provider.NamedGroupInfo;
import org.bouncycastle.jsse.provider.SignatureSchemeInfo;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public final class ContextData {
    private static final Set<BCCryptoPrimitive> TLS_CRYPTO_PRIMITIVES_BC = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
    private final JcaTlsCrypto crypto;
    private final String[] defaultCipherSuitesClient;
    private final String[] defaultCipherSuitesServer;
    private final String[] defaultProtocolsClient;
    private final String[] defaultProtocolsServer;
    private final boolean fipsMode;
    private final NamedGroupInfo.PerContext namedGroups;
    private final SignatureSchemeInfo.PerContext signatureSchemes;
    private final Map<String, CipherSuiteInfo> supportedCipherSuites;
    private final Map<String, ProtocolVersion> supportedProtocols;
    private final BCX509ExtendedKeyManager x509KeyManager;
    private final BCX509ExtendedTrustManager x509TrustManager;
    private final ProvSSLSessionContext clientSessionContext = new ProvSSLSessionContext(this);
    private final ProvSSLSessionContext serverSessionContext = new ProvSSLSessionContext(this);

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContextData(boolean z, JcaTlsCrypto jcaTlsCrypto, BCX509ExtendedKeyManager bCX509ExtendedKeyManager, BCX509ExtendedTrustManager bCX509ExtendedTrustManager, Map<String, CipherSuiteInfo> map, Map<String, ProtocolVersion> map2, String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4) {
        this.fipsMode = z;
        this.crypto = jcaTlsCrypto;
        this.x509KeyManager = bCX509ExtendedKeyManager;
        this.x509TrustManager = bCX509ExtendedTrustManager;
        this.supportedCipherSuites = map;
        this.supportedProtocols = map2;
        this.defaultCipherSuitesClient = strArr;
        this.defaultCipherSuitesServer = strArr2;
        this.defaultProtocolsClient = strArr3;
        this.defaultProtocolsServer = strArr4;
        NamedGroupInfo.PerContext createPerContext = NamedGroupInfo.createPerContext(z, jcaTlsCrypto);
        this.namedGroups = createPerContext;
        this.signatureSchemes = SignatureSchemeInfo.createPerContext(z, jcaTlsCrypto, createPerContext);
    }

    private String[] implGetDefaultCipherSuites(boolean z) {
        return z ? this.defaultCipherSuitesClient : this.defaultCipherSuitesServer;
    }

    private String[] implGetDefaultProtocols(boolean z) {
        return z ? this.defaultProtocolsClient : this.defaultProtocolsServer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:10:0x0044  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x004d A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int[] getActiveCipherSuites(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r12, org.bouncycastle.jsse.provider.ProvSSLParameters r13, org.bouncycastle.tls.ProtocolVersion[] r14) {
        /*
            r11 = this;
            java.lang.String[] r0 = r13.getCipherSuitesArray()
            org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r13 = r13.getAlgorithmConstraints()
            org.bouncycastle.tls.ProtocolVersion r1 = org.bouncycastle.tls.ProtocolVersion.getLatestTLS(r14)
            org.bouncycastle.tls.ProtocolVersion r14 = org.bouncycastle.tls.ProtocolVersion.getEarliestTLS(r14)
            boolean r1 = org.bouncycastle.tls.TlsUtils.isTLSv13(r1)
            boolean r14 = org.bouncycastle.tls.TlsUtils.isTLSv13(r14)
            int r2 = r0.length
            int[] r2 = new int[r2]
            int r3 = r0.length
            r4 = 0
            r5 = 0
            r6 = 0
        L1f:
            if (r5 >= r3) goto L50
            r7 = r0[r5]
            java.util.Map<java.lang.String, org.bouncycastle.jsse.provider.CipherSuiteInfo> r8 = r11.supportedCipherSuites
            java.lang.Object r8 = r8.get(r7)
            org.bouncycastle.jsse.provider.CipherSuiteInfo r8 = (org.bouncycastle.jsse.provider.CipherSuiteInfo) r8
            if (r8 != 0) goto L2e
            goto L4d
        L2e:
            boolean r9 = r8.isTLSv13()
            if (r9 == 0) goto L37
            if (r1 != 0) goto L3a
            goto L4d
        L37:
            if (r14 == 0) goto L3a
            goto L4d
        L3a:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r9 = org.bouncycastle.jsse.provider.ContextData.TLS_CRYPTO_PRIMITIVES_BC
            r10 = 0
            boolean r7 = r13.permits(r9, r7, r10)
            if (r7 != 0) goto L44
            goto L4d
        L44:
            int r7 = r6 + 1
            int r8 = r8.getCipherSuite()
            r2[r6] = r8
            r6 = r7
        L4d:
            int r5 = r5 + 1
            goto L1f
        L50:
            int[] r12 = org.bouncycastle.tls.TlsUtils.getSupportedCipherSuites(r12, r2, r4, r6)
            int r13 = r12.length
            r14 = 1
            if (r13 < r14) goto L59
            return r12
        L59:
            java.lang.IllegalStateException r12 = new java.lang.IllegalStateException
            java.lang.String r13 = "No usable cipher suites enabled"
            r12.<init>(r13)
            goto L62
        L61:
            throw r12
        L62:
            goto L61
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ContextData.getActiveCipherSuites(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto, org.bouncycastle.jsse.provider.ProvSSLParameters, org.bouncycastle.tls.ProtocolVersion[]):int[]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion[] getActiveProtocolVersions(ProvSSLParameters provSSLParameters) {
        String[] protocolsArray = provSSLParameters.getProtocolsArray();
        BCAlgorithmConstraints algorithmConstraints = provSSLParameters.getAlgorithmConstraints();
        TreeSet treeSet = new TreeSet(new Comparator<ProtocolVersion>() { // from class: org.bouncycastle.jsse.provider.ContextData.1
            @Override // java.util.Comparator
            public int compare(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2) {
                if (protocolVersion.isLaterVersionOf(protocolVersion2)) {
                    return -1;
                }
                return protocolVersion2.isLaterVersionOf(protocolVersion) ? 1 : 0;
            }
        });
        for (String str : protocolsArray) {
            ProtocolVersion protocolVersion = this.supportedProtocols.get(str);
            if (protocolVersion != null && algorithmConstraints.permits(TLS_CRYPTO_PRIMITIVES_BC, str, null)) {
                treeSet.add(protocolVersion);
            }
        }
        if (treeSet.isEmpty()) {
            throw new IllegalStateException("No usable protocols enabled");
        }
        return (ProtocolVersion[]) treeSet.toArray(new ProtocolVersion[treeSet.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLSessionContext getClientSessionContext() {
        return this.clientSessionContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JcaTlsCrypto getCrypto() {
        return this.crypto;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getDefaultCipherSuites(boolean z) {
        return (String[]) implGetDefaultCipherSuites(z).clone();
    }

    String[] getDefaultProtocols(boolean z) {
        return (String[]) implGetDefaultProtocols(z).clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLParameters getDefaultSSLParameters(boolean z) {
        return new ProvSSLParameters(this, implGetDefaultCipherSuites(z), implGetDefaultProtocols(z));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NamedGroupInfo.PerConnection getNamedGroupsClient(ProvSSLParameters provSSLParameters, ProtocolVersion[] protocolVersionArr) {
        return NamedGroupInfo.createPerConnectionClient(this.namedGroups, provSSLParameters, protocolVersionArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NamedGroupInfo.PerConnection getNamedGroupsServer(ProvSSLParameters provSSLParameters, ProtocolVersion protocolVersion) {
        return NamedGroupInfo.createPerConnectionServer(this.namedGroups, provSSLParameters, protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLSessionContext getServerSessionContext() {
        return this.serverSessionContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<SignatureSchemeInfo> getSignatureSchemes(Vector<SignatureAndHashAlgorithm> vector) {
        return SignatureSchemeInfo.getSignatureSchemes(this.signatureSchemes, vector);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignatureSchemeInfo.PerConnection getSignatureSchemesClient(ProvSSLParameters provSSLParameters, ProtocolVersion[] protocolVersionArr, NamedGroupInfo.PerConnection perConnection) {
        return SignatureSchemeInfo.createPerConnectionClient(this.signatureSchemes, provSSLParameters, protocolVersionArr, perConnection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignatureSchemeInfo.PerConnection getSignatureSchemesServer(ProvSSLParameters provSSLParameters, ProtocolVersion protocolVersion, NamedGroupInfo.PerConnection perConnection) {
        return SignatureSchemeInfo.createPerConnectionServer(this.signatureSchemes, provSSLParameters, protocolVersion, perConnection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedCipherSuites() {
        return JsseUtils.getKeysArray(this.supportedCipherSuites);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedCipherSuites(String[] strArr) {
        if (strArr == null) {
            throw new NullPointerException("'cipherSuites' cannot be null");
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (TlsUtils.isNullOrEmpty(str)) {
                throw new IllegalArgumentException("'cipherSuites' cannot contain null or empty string elements");
            }
            if (this.supportedCipherSuites.containsKey(str)) {
                arrayList.add(str);
            }
        }
        return JsseUtils.getArray(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedProtocols() {
        return JsseUtils.getKeysArray(this.supportedProtocols);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLParameters getSupportedSSLParameters(boolean z) {
        return new ProvSSLParameters(this, getSupportedCipherSuites(), getSupportedProtocols());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BCX509ExtendedKeyManager getX509KeyManager() {
        return this.x509KeyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BCX509ExtendedTrustManager getX509TrustManager() {
        return this.x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isFipsMode() {
        return this.fipsMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSupportedProtocols(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !this.supportedProtocols.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDefaultSSLParameters(ProvSSLParameters provSSLParameters, boolean z) {
        if (provSSLParameters.getCipherSuitesArray() == implGetDefaultCipherSuites(!z)) {
            provSSLParameters.setCipherSuitesArray(implGetDefaultCipherSuites(z));
        }
        if (provSSLParameters.getProtocolsArray() == implGetDefaultProtocols(!z)) {
            provSSLParameters.setProtocolsArray(implGetDefaultProtocols(z));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String validateNegotiatedCipherSuite(ProvSSLParameters provSSLParameters, int i) {
        String cipherSuiteName = ProvSSLContextSpi.getCipherSuiteName(i);
        if (cipherSuiteName != null && JsseUtils.contains(provSSLParameters.getCipherSuitesArray(), cipherSuiteName) && provSSLParameters.getAlgorithmConstraints().permits(TLS_CRYPTO_PRIMITIVES_BC, cipherSuiteName, null) && this.supportedCipherSuites.containsKey(cipherSuiteName)) {
            return cipherSuiteName;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported ciphersuite: " + i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String validateNegotiatedProtocol(ProvSSLParameters provSSLParameters, ProtocolVersion protocolVersion) {
        String protocolVersionName = ProvSSLContextSpi.getProtocolVersionName(protocolVersion);
        if (protocolVersionName != null && JsseUtils.contains(provSSLParameters.getProtocolsArray(), protocolVersionName) && provSSLParameters.getAlgorithmConstraints().permits(TLS_CRYPTO_PRIMITIVES_BC, protocolVersionName, null) && this.supportedProtocols.containsKey(protocolVersionName)) {
            return protocolVersionName;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported protocol: " + protocolVersion);
    }
}
