package io.grpc.okhttp;

import com.squareup.okhttp.ConnectionSpec;
import defpackage.c16;
import defpackage.cy1;
import defpackage.e1;
import defpackage.h25;
import defpackage.hv6;
import defpackage.ig4;
import defpackage.jq0;
import defpackage.k47;
import defpackage.kh4;
import defpackage.kq0;
import defpackage.kv6;
import defpackage.lh4;
import defpackage.ln0;
import defpackage.oh4;
import defpackage.ra0;
import defpackage.s70;
import defpackage.sr2;
import defpackage.w90;
import defpackage.wq6;
import defpackage.xd0;
import defpackage.ye2;
import defpackage.yo3;
import defpackage.zx4;
import io.grpc.TlsChannelCredentials$Feature;
import io.grpc.internal.h;
import io.grpc.okhttp.internal.CipherSuite;
import io.grpc.okhttp.internal.TlsVersion;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public final class c extends e1 {
    public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;
    public static final Logger q = Logger.getLogger(c.class.getName());
    public static final kq0 r = new jq0(kq0.MODERN_TLS).cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256).tlsVersions(TlsVersion.TLS_1_2).supportsTlsExtensions(true).build();
    public static final long s = TimeUnit.DAYS.toNanos(1000);
    public static final c16 t = c16.forResource(new Object());
    public static final EnumSet u = EnumSet.of(TlsChannelCredentials$Feature.MTLS, TlsChannelCredentials$Feature.CUSTOM_MANAGERS);
    public final yo3 b;
    public final hv6 c;
    public ig4 d;
    public ig4 e;
    public SocketFactory f;
    public SSLSocketFactory g;
    public final boolean h;
    public HostnameVerifier i;
    public kq0 j;
    public OkHttpChannelBuilder$NegotiationType k;
    public long l;
    public long m;
    public int n;
    public boolean o;
    public int p;

    public c(String str) {
        this.c = kv6.getDefaultFactory();
        this.d = t;
        this.e = c16.forResource(ye2.TIMER_SERVICE);
        this.j = r;
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        this.l = Long.MAX_VALUE;
        this.m = ye2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.n = 65535;
        this.p = Integer.MAX_VALUE;
        this.b = new yo3(str, new lh4(this), new kh4(this));
        this.h = false;
    }

    public c(String str, ra0 ra0Var, s70 s70Var, SSLSocketFactory sSLSocketFactory) {
        this.c = kv6.getDefaultFactory();
        this.d = t;
        this.e = c16.forResource(ye2.TIMER_SERVICE);
        this.j = r;
        OkHttpChannelBuilder$NegotiationType okHttpChannelBuilder$NegotiationType = OkHttpChannelBuilder$NegotiationType.TLS;
        this.k = okHttpChannelBuilder$NegotiationType;
        this.l = Long.MAX_VALUE;
        this.m = ye2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.n = 65535;
        this.p = Integer.MAX_VALUE;
        this.b = new yo3(str, ra0Var, s70Var, new lh4(this), new kh4(this));
        this.g = sSLSocketFactory;
        this.k = sSLSocketFactory == null ? OkHttpChannelBuilder$NegotiationType.PLAINTEXT : okHttpChannelBuilder$NegotiationType;
        this.h = true;
    }

    public static KeyManager[] a(byte[] bArr, byte[] bArr2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            X509Certificate[] x509Certificates = w90.getX509Certificates(byteArrayInputStream);
            ye2.closeQuietly(byteArrayInputStream);
            byteArrayInputStream = new ByteArrayInputStream(bArr2);
            try {
                try {
                    PrivateKey privateKey = w90.getPrivateKey(byteArrayInputStream);
                    ye2.closeQuietly(byteArrayInputStream);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    try {
                        keyStore.load(null, null);
                        keyStore.setKeyEntry("key", privateKey, new char[0], x509Certificates);
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, new char[0]);
                        return keyManagerFactory.getKeyManagers();
                    } catch (IOException e) {
                        throw new GeneralSecurityException(e);
                    }
                } catch (IOException e2) {
                    throw new GeneralSecurityException("Unable to decode private key", e2);
                }
            } finally {
            }
        } finally {
        }
    }

    public static TrustManager[] b(byte[] bArr) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, null);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509Certificate[] x509Certificates = w90.getX509Certificates(byteArrayInputStream);
                ye2.closeQuietly(byteArrayInputStream);
                for (X509Certificate x509Certificate : x509Certificates) {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Throwable th) {
                ye2.closeQuietly(byteArrayInputStream);
                throw th;
            }
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public static oh4 c(ra0 ra0Var) {
        KeyManager[] keyManagerArr;
        TrustManager[] b;
        if (!(ra0Var instanceof wq6)) {
            if (ra0Var instanceof sr2) {
                return oh4.plaintext();
            }
            if (ra0Var instanceof ln0) {
                ln0 ln0Var = (ln0) ra0Var;
                return c(ln0Var.getChannelCredentials()).withCallCredentials(ln0Var.getCallCredentials());
            }
            if (!(ra0Var instanceof xd0)) {
                return oh4.error("Unsupported credential type: ".concat(ra0Var.getClass().getName()));
            }
            StringBuilder sb = new StringBuilder();
            Iterator<ra0> it = ((xd0) ra0Var).getCredentialsList().iterator();
            while (it.hasNext()) {
                oh4 c = c(it.next());
                if (c.error == null) {
                    return c;
                }
                sb.append(", ");
                sb.append(c.error);
            }
            return oh4.error(sb.substring(2));
        }
        wq6 wq6Var = (wq6) ra0Var;
        Set<TlsChannelCredentials$Feature> incomprehensible = wq6Var.incomprehensible(u);
        if (!incomprehensible.isEmpty()) {
            return oh4.error("TLS features not understood: " + incomprehensible);
        }
        List<KeyManager> keyManagers = wq6Var.getKeyManagers();
        Logger logger = q;
        if (keyManagers != null) {
            keyManagerArr = (KeyManager[]) wq6Var.getKeyManagers().toArray(new KeyManager[0]);
        } else if (wq6Var.getPrivateKey() == null) {
            keyManagerArr = null;
        } else {
            if (wq6Var.getPrivateKeyPassword() != null) {
                return oh4.error("byte[]-based private key with password unsupported. Use unencrypted file or KeyManager");
            }
            try {
                keyManagerArr = a(wq6Var.getCertificateChain(), wq6Var.getPrivateKey());
            } catch (GeneralSecurityException e) {
                logger.log(Level.FINE, "Exception loading private key from credential", (Throwable) e);
                return oh4.error("Unable to load private key: " + e.getMessage());
            }
        }
        if (wq6Var.getTrustManagers() != null) {
            b = (TrustManager[]) wq6Var.getTrustManagers().toArray(new TrustManager[0]);
        } else if (wq6Var.getRootCertificates() != null) {
            try {
                b = b(wq6Var.getRootCertificates());
            } catch (GeneralSecurityException e2) {
                logger.log(Level.FINE, "Exception loading root certificates from credential", (Throwable) e2);
                return oh4.error("Unable to load root certificates: " + e2.getMessage());
            }
        } else {
            b = null;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS", zx4.get().getProvider());
            sSLContext.init(keyManagerArr, b, null);
            return oh4.factory(sSLContext.getSocketFactory());
        } catch (GeneralSecurityException e3) {
            throw new RuntimeException("TLS Provider failure", e3);
        }
    }

    public static c forAddress(String str, int i) {
        return new c(ye2.authorityFromHostAndPort(str, i));
    }

    public static c forAddress(String str, int i, ra0 ra0Var) {
        return forTarget(ye2.authorityFromHostAndPort(str, i), ra0Var);
    }

    public static c forTarget(String str) {
        return new c(str);
    }

    public static c forTarget(String str, ra0 ra0Var) {
        oh4 c = c(ra0Var);
        if (c.error == null) {
            return new c(str, ra0Var, c.callCredentials, c.factory);
        }
        throw new IllegalArgumentException(c.error);
    }

    public c connectionSpec(ConnectionSpec connectionSpec) {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        h25.checkArgument(connectionSpec.isTls(), "plaintext ConnectionSpec is not accepted");
        this.j = k47.b(connectionSpec);
        return this;
    }

    public c flowControlWindow(int i) {
        h25.checkState(i > 0, "flowControlWindow must be positive");
        this.n = i;
        return this;
    }

    public c hostnameVerifier(HostnameVerifier hostnameVerifier) {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.i = hostnameVerifier;
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c keepAliveTime(long j, TimeUnit timeUnit) {
        h25.checkArgument(j > 0, "keepalive time must be positive");
        long nanos = timeUnit.toNanos(j);
        this.l = nanos;
        long clampKeepAliveTimeInNanos = h.clampKeepAliveTimeInNanos(nanos);
        this.l = clampKeepAliveTimeInNanos;
        if (clampKeepAliveTimeInNanos >= s) {
            this.l = Long.MAX_VALUE;
        }
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c keepAliveTimeout(long j, TimeUnit timeUnit) {
        h25.checkArgument(j > 0, "keepalive timeout must be positive");
        long nanos = timeUnit.toNanos(j);
        this.m = nanos;
        this.m = h.clampKeepAliveTimeoutInNanos(nanos);
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c keepAliveWithoutCalls(boolean z) {
        this.o = z;
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c maxInboundMessageSize(int i) {
        h25.checkArgument(i >= 0, "negative max");
        this.a = i;
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c maxInboundMetadataSize(int i) {
        h25.checkArgument(i > 0, "maxInboundMetadataSize must be > 0");
        this.p = i;
        return this;
    }

    @Deprecated
    public c negotiationType(NegotiationType negotiationType) {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        h25.checkNotNull(negotiationType, "type");
        int i = b.a[negotiationType.ordinal()];
        if (i == 1) {
            this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        } else {
            if (i != 2) {
                throw new AssertionError("Unknown negotiation type: " + negotiationType);
            }
            this.k = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        }
        return this;
    }

    public c scheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.e = new cy1((ScheduledExecutorService) h25.checkNotNull(scheduledExecutorService, "scheduledExecutorService"));
        return this;
    }

    public c socketFactory(SocketFactory socketFactory) {
        this.f = socketFactory;
        return this;
    }

    public c sslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.g = sSLSocketFactory;
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }

    public c tlsConnectionSpec(String[] strArr, String[] strArr2) {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        h25.checkNotNull(strArr, "tls versions must not null");
        h25.checkNotNull(strArr2, "ciphers must not null");
        this.j = new jq0(true).supportsTlsExtensions(true).tlsVersions(strArr).cipherSuites(strArr2).build();
        return this;
    }

    public c transportExecutor(Executor executor) {
        if (executor == null) {
            this.d = t;
        } else {
            this.d = new cy1(executor);
        }
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c usePlaintext() {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.k = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        return this;
    }

    @Override // defpackage.e1, defpackage.zm3
    public c useTransportSecurity() {
        h25.checkState(!this.h, "Cannot change security when using ChannelCredentials");
        this.k = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }
}
