package io.grpc.okhttp;

import com.squareup.okhttp.ConnectionSpec;
import defpackage.ah4;
import defpackage.dh4;
import defpackage.du6;
import defpackage.e1;
import defpackage.g37;
import defpackage.gu6;
import defpackage.hq0;
import defpackage.iq0;
import defpackage.jn0;
import defpackage.lx1;
import defpackage.mr2;
import defpackage.nx4;
import defpackage.po3;
import defpackage.qa0;
import defpackage.r70;
import defpackage.se2;
import defpackage.sp6;
import defpackage.v15;
import defpackage.v90;
import defpackage.wd0;
import defpackage.xf4;
import defpackage.zg4;
import defpackage.zz5;
import io.grpc.TlsChannelCredentials$Feature;
import io.grpc.internal.h;
import io.grpc.okhttp.internal.CipherSuite;
import io.grpc.okhttp.internal.TlsVersion;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public final class c extends e1 {
    public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;
    public static final Logger q = Logger.getLogger(c.class.getName());
    public static final iq0 r = new hq0(iq0.MODERN_TLS).cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256).tlsVersions(TlsVersion.TLS_1_2).supportsTlsExtensions(true).build();
    public static final long s = TimeUnit.DAYS.toNanos(1000);
    public static final zz5 t = zz5.forResource(new Object());
    public static final EnumSet u = EnumSet.of(TlsChannelCredentials$Feature.MTLS, TlsChannelCredentials$Feature.CUSTOM_MANAGERS);
    public final po3 b;
    public final du6 c;
    public xf4 d;
    public xf4 e;
    public SocketFactory f;
    public SSLSocketFactory g;
    public final boolean h;
    public HostnameVerifier i;
    public iq0 j;
    public OkHttpChannelBuilder$NegotiationType k;
    public long l;
    public long m;
    public int n;
    public boolean o;
    public int p;

    public c(String str) {
        this.c = gu6.getDefaultFactory();
        this.d = t;
        this.e = zz5.forResource(se2.TIMER_SERVICE);
        this.j = r;
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        this.l = Long.MAX_VALUE;
        this.m = se2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.n = 65535;
        this.p = Integer.MAX_VALUE;
        this.b = new po3(str, new ah4(this), new zg4(this));
        this.h = false;
    }

    public c(String str, qa0 qa0Var, r70 r70Var, SSLSocketFactory sSLSocketFactory) {
        this.c = gu6.getDefaultFactory();
        this.d = t;
        this.e = zz5.forResource(se2.TIMER_SERVICE);
        this.j = r;
        OkHttpChannelBuilder$NegotiationType okHttpChannelBuilder$NegotiationType = OkHttpChannelBuilder$NegotiationType.TLS;
        this.k = okHttpChannelBuilder$NegotiationType;
        this.l = Long.MAX_VALUE;
        this.m = se2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.n = 65535;
        this.p = Integer.MAX_VALUE;
        this.b = new po3(str, qa0Var, r70Var, new ah4(this), new zg4(this));
        this.g = sSLSocketFactory;
        this.k = sSLSocketFactory == null ? OkHttpChannelBuilder$NegotiationType.PLAINTEXT : okHttpChannelBuilder$NegotiationType;
        this.h = true;
    }

    public static KeyManager[] a(byte[] bArr, byte[] bArr2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            X509Certificate[] x509Certificates = v90.getX509Certificates(byteArrayInputStream);
            se2.closeQuietly(byteArrayInputStream);
            byteArrayInputStream = new ByteArrayInputStream(bArr2);
            try {
                try {
                    PrivateKey privateKey = v90.getPrivateKey(byteArrayInputStream);
                    se2.closeQuietly(byteArrayInputStream);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    try {
                        keyStore.load(null, null);
                        keyStore.setKeyEntry("key", privateKey, new char[0], x509Certificates);
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, new char[0]);
                        return keyManagerFactory.getKeyManagers();
                    } catch (IOException e) {
                        throw new GeneralSecurityException(e);
                    }
                } catch (IOException e2) {
                    throw new GeneralSecurityException("Unable to decode private key", e2);
                }
            } finally {
            }
        } finally {
        }
    }

    public static TrustManager[] b(byte[] bArr) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, null);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509Certificate[] x509Certificates = v90.getX509Certificates(byteArrayInputStream);
                se2.closeQuietly(byteArrayInputStream);
                for (X509Certificate x509Certificate : x509Certificates) {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Throwable th) {
                se2.closeQuietly(byteArrayInputStream);
                throw th;
            }
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public static dh4 c(qa0 qa0Var) {
        KeyManager[] keyManagerArr;
        TrustManager[] b;
        if (!(qa0Var instanceof sp6)) {
            if (qa0Var instanceof mr2) {
                return dh4.plaintext();
            }
            if (qa0Var instanceof jn0) {
                jn0 jn0Var = (jn0) qa0Var;
                return c(jn0Var.getChannelCredentials()).withCallCredentials(jn0Var.getCallCredentials());
            }
            if (!(qa0Var instanceof wd0)) {
                return dh4.error("Unsupported credential type: ".concat(qa0Var.getClass().getName()));
            }
            StringBuilder sb = new StringBuilder();
            Iterator<qa0> it = ((wd0) qa0Var).getCredentialsList().iterator();
            while (it.hasNext()) {
                dh4 c = c(it.next());
                if (c.error == null) {
                    return c;
                }
                sb.append(", ");
                sb.append(c.error);
            }
            return dh4.error(sb.substring(2));
        }
        sp6 sp6Var = (sp6) qa0Var;
        Set<TlsChannelCredentials$Feature> incomprehensible = sp6Var.incomprehensible(u);
        if (!incomprehensible.isEmpty()) {
            return dh4.error("TLS features not understood: " + incomprehensible);
        }
        List<KeyManager> keyManagers = sp6Var.getKeyManagers();
        Logger logger = q;
        if (keyManagers != null) {
            keyManagerArr = (KeyManager[]) sp6Var.getKeyManagers().toArray(new KeyManager[0]);
        } else if (sp6Var.getPrivateKey() == null) {
            keyManagerArr = null;
        } else {
            if (sp6Var.getPrivateKeyPassword() != null) {
                return dh4.error("byte[]-based private key with password unsupported. Use unencrypted file or KeyManager");
            }
            try {
                keyManagerArr = a(sp6Var.getCertificateChain(), sp6Var.getPrivateKey());
            } catch (GeneralSecurityException e) {
                logger.log(Level.FINE, "Exception loading private key from credential", (Throwable) e);
                return dh4.error("Unable to load private key: " + e.getMessage());
            }
        }
        if (sp6Var.getTrustManagers() != null) {
            b = (TrustManager[]) sp6Var.getTrustManagers().toArray(new TrustManager[0]);
        } else if (sp6Var.getRootCertificates() != null) {
            try {
                b = b(sp6Var.getRootCertificates());
            } catch (GeneralSecurityException e2) {
                logger.log(Level.FINE, "Exception loading root certificates from credential", (Throwable) e2);
                return dh4.error("Unable to load root certificates: " + e2.getMessage());
            }
        } else {
            b = null;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS", nx4.get().getProvider());
            sSLContext.init(keyManagerArr, b, null);
            return dh4.factory(sSLContext.getSocketFactory());
        } catch (GeneralSecurityException e3) {
            throw new RuntimeException("TLS Provider failure", e3);
        }
    }

    public static c forAddress(String str, int i) {
        return new c(se2.authorityFromHostAndPort(str, i));
    }

    public static c forAddress(String str, int i, qa0 qa0Var) {
        return forTarget(se2.authorityFromHostAndPort(str, i), qa0Var);
    }

    public static c forTarget(String str) {
        return new c(str);
    }

    public static c forTarget(String str, qa0 qa0Var) {
        dh4 c = c(qa0Var);
        if (c.error == null) {
            return new c(str, qa0Var, c.callCredentials, c.factory);
        }
        throw new IllegalArgumentException(c.error);
    }

    public c connectionSpec(ConnectionSpec connectionSpec) {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        v15.checkArgument(connectionSpec.isTls(), "plaintext ConnectionSpec is not accepted");
        this.j = g37.b(connectionSpec);
        return this;
    }

    public c flowControlWindow(int i) {
        v15.checkState(i > 0, "flowControlWindow must be positive");
        this.n = i;
        return this;
    }

    public c hostnameVerifier(HostnameVerifier hostnameVerifier) {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.i = hostnameVerifier;
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c keepAliveTime(long j, TimeUnit timeUnit) {
        v15.checkArgument(j > 0, "keepalive time must be positive");
        long nanos = timeUnit.toNanos(j);
        this.l = nanos;
        long clampKeepAliveTimeInNanos = h.clampKeepAliveTimeInNanos(nanos);
        this.l = clampKeepAliveTimeInNanos;
        if (clampKeepAliveTimeInNanos >= s) {
            this.l = Long.MAX_VALUE;
        }
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c keepAliveTimeout(long j, TimeUnit timeUnit) {
        v15.checkArgument(j > 0, "keepalive timeout must be positive");
        long nanos = timeUnit.toNanos(j);
        this.m = nanos;
        this.m = h.clampKeepAliveTimeoutInNanos(nanos);
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c keepAliveWithoutCalls(boolean z) {
        this.o = z;
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c maxInboundMessageSize(int i) {
        v15.checkArgument(i >= 0, "negative max");
        this.a = i;
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c maxInboundMetadataSize(int i) {
        v15.checkArgument(i > 0, "maxInboundMetadataSize must be > 0");
        this.p = i;
        return this;
    }

    @Deprecated
    public c negotiationType(NegotiationType negotiationType) {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        v15.checkNotNull(negotiationType, "type");
        int i = b.a[negotiationType.ordinal()];
        if (i == 1) {
            this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        } else {
            if (i != 2) {
                throw new AssertionError("Unknown negotiation type: " + negotiationType);
            }
            this.k = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        }
        return this;
    }

    public c scheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.e = new lx1((ScheduledExecutorService) v15.checkNotNull(scheduledExecutorService, "scheduledExecutorService"));
        return this;
    }

    public c socketFactory(SocketFactory socketFactory) {
        this.f = socketFactory;
        return this;
    }

    public c sslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.g = sSLSocketFactory;
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }

    public c tlsConnectionSpec(String[] strArr, String[] strArr2) {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        v15.checkNotNull(strArr, "tls versions must not null");
        v15.checkNotNull(strArr2, "ciphers must not null");
        this.j = new hq0(true).supportsTlsExtensions(true).tlsVersions(strArr).cipherSuites(strArr2).build();
        return this;
    }

    public c transportExecutor(Executor executor) {
        if (executor == null) {
            this.d = t;
        } else {
            this.d = new lx1(executor);
        }
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c usePlaintext() {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.k = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        return this;
    }

    @Override // defpackage.e1, defpackage.qm3
    public c useTransportSecurity() {
        v15.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }
}
