package K6;

import P6.AbstractC0457l;
import j$.util.DesugarCollections;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;

/* loaded from: classes.dex */
public abstract class D extends AbstractC0312g1 {
    private static final List<String> DEFAULT_CIPHERS;
    private static final List<String> DEFAULT_CIPHERS_NON_TLSV13;
    private static final String[] DEFAULT_PROTOCOLS;
    private static final Provider DEFAULT_PROVIDER;
    private static final Set<String> SUPPORTED_CIPHERS;
    private static final Set<String> SUPPORTED_CIPHERS_NON_TLSV13;
    private static final Q6.c logger;
    private final InterfaceC0353x apn;
    private final String[] cipherSuites;
    private final EnumC0325l clientAuth;
    private final String endpointIdentificationAlgorithm;
    private final boolean isClient;
    private final String[] protocols;
    private final SSLContext sslContext;
    private final List<String> unmodifiableCipherSuites;

    static {
        Q6.c dVar = Q6.d.getInstance((Class<?>) D.class);
        logger = dVar;
        C c9 = new C(null);
        c9.init();
        DEFAULT_PROVIDER = c9.defaultProvider;
        String[] strArr = c9.defaultProtocols;
        DEFAULT_PROTOCOLS = strArr;
        SUPPORTED_CIPHERS = c9.supportedCiphers;
        List<String> list = c9.defaultCiphers;
        DEFAULT_CIPHERS = list;
        DEFAULT_CIPHERS_NON_TLSV13 = c9.defaultCiphersNonTLSv13;
        SUPPORTED_CIPHERS_NON_TLSV13 = c9.supportedCiphersNonTLSv13;
        if (dVar.isDebugEnabled()) {
            dVar.debug("Default protocols (JDK): {} ", Arrays.asList(strArr));
            dVar.debug("Default cipher suites (JDK): {}", list);
        }
    }

    public D(SSLContext sSLContext, boolean z9, Iterable<String> iterable, InterfaceC0322k interfaceC0322k, InterfaceC0353x interfaceC0353x, EnumC0325l enumC0325l, String[] strArr, boolean z10, String str, C0294a1 c0294a1) {
        super(z10, c0294a1);
        Set<String> supportedCiphers;
        List<String> list;
        this.apn = (InterfaceC0353x) P6.C.checkNotNull(interfaceC0353x, "apn");
        this.clientAuth = (EnumC0325l) P6.C.checkNotNull(enumC0325l, "clientAuth");
        this.sslContext = (SSLContext) P6.C.checkNotNull(sSLContext, "sslContext");
        this.endpointIdentificationAlgorithm = str;
        if (DEFAULT_PROVIDER.equals(sSLContext.getProvider())) {
            strArr = strArr == null ? DEFAULT_PROTOCOLS : strArr;
            this.protocols = strArr;
            if (isTlsV13Supported(strArr)) {
                supportedCiphers = SUPPORTED_CIPHERS;
                list = DEFAULT_CIPHERS;
            } else {
                supportedCiphers = SUPPORTED_CIPHERS_NON_TLSV13;
                list = DEFAULT_CIPHERS_NON_TLSV13;
            }
        } else {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            try {
                if (strArr == null) {
                    this.protocols = defaultProtocols(sSLContext, createSSLEngine);
                } else {
                    this.protocols = strArr;
                }
                supportedCiphers = supportedCiphers(createSSLEngine);
                List<String> defaultCiphers = defaultCiphers(createSSLEngine, supportedCiphers);
                if (!isTlsV13Supported(this.protocols)) {
                    for (String str2 : N1.DEFAULT_TLSV13_CIPHER_SUITES) {
                        supportedCiphers.remove(str2);
                        defaultCiphers.remove(str2);
                    }
                }
                N6.J.release(createSSLEngine);
                list = defaultCiphers;
            } catch (Throwable th) {
                N6.J.release(createSSLEngine);
                throw th;
            }
        }
        String[] filterCipherSuites = ((InterfaceC0322k) P6.C.checkNotNull(interfaceC0322k, "cipherFilter")).filterCipherSuites(iterable, list, supportedCiphers);
        this.cipherSuites = filterCipherSuites;
        this.unmodifiableCipherSuites = DesugarCollections.unmodifiableList(Arrays.asList(filterCipherSuites));
        this.isClient = z9;
    }

    private SSLEngine configureAndWrapEngine(SSLEngine sSLEngine, B6.F f5) {
        sSLEngine.setEnabledCipherSuites(this.cipherSuites);
        sSLEngine.setEnabledProtocols(this.protocols);
        sSLEngine.setUseClientMode(isClient());
        if (isServer()) {
            int i9 = B.$SwitchMap$io$netty$handler$ssl$ClientAuth[this.clientAuth.ordinal()];
            if (i9 == 1) {
                sSLEngine.setWantClientAuth(true);
            } else if (i9 == 2) {
                sSLEngine.setNeedClientAuth(true);
            } else if (i9 != 3) {
                throw new Error("Unknown auth " + this.clientAuth);
            }
        }
        configureEndpointVerification(sSLEngine);
        InterfaceC0351w wrapperFactory = this.apn.wrapperFactory();
        return wrapperFactory instanceof AbstractC0349v ? ((AbstractC0349v) wrapperFactory).a(sSLEngine, f5, this.apn, isServer()) : wrapperFactory.wrapSslEngine(sSLEngine, this.apn, isServer());
    }

    private void configureEndpointVerification(SSLEngine sSLEngine) {
        if (P6.Z.javaVersion() >= 7) {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            AbstractC0345t.setEndpointIdentificationAlgorithm(sSLParameters, this.endpointIdentificationAlgorithm);
            sSLEngine.setSSLParameters(sSLParameters);
        }
    }

    public static List<String> defaultCiphers(SSLEngine sSLEngine, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        N1.addIfSupported(set, arrayList, N1.DEFAULT_CIPHER_SUITES);
        N1.useFallbackCiphersIfDefaultIsEmpty(arrayList, sSLEngine.getEnabledCipherSuites());
        return arrayList;
    }

    public static String[] defaultProtocols(SSLContext sSLContext, SSLEngine sSLEngine) {
        String[] protocols = sSLContext.getDefaultSSLParameters().getProtocols();
        HashSet hashSet = new HashSet(protocols.length);
        Collections.addAll(hashSet, protocols);
        ArrayList arrayList = new ArrayList();
        N1.addIfSupported(hashSet, arrayList, "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
        return !arrayList.isEmpty() ? (String[]) arrayList.toArray(AbstractC0457l.EMPTY_STRINGS) : sSLEngine.getEnabledProtocols();
    }

    private static boolean isTlsV13Supported(String[] strArr) {
        for (String str : strArr) {
            if ("TLSv1.3".equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static Set<String> supportedCiphers(SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        LinkedHashSet linkedHashSet = new LinkedHashSet(supportedCipherSuites.length);
        for (String str : supportedCipherSuites) {
            linkedHashSet.add(str);
            if (str.startsWith("SSL_")) {
                String str2 = "TLS_" + str.substring(4);
                try {
                    sSLEngine.setEnabledCipherSuites(new String[]{str2});
                    linkedHashSet.add(str2);
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return linkedHashSet;
    }

    public static InterfaceC0353x toNegotiator(AbstractC0301d abstractC0301d, boolean z9) {
        return C0357z.INSTANCE;
    }

    public final SSLContext context() {
        return this.sslContext;
    }

    @Override // K6.AbstractC0312g1
    public final boolean isClient() {
        return this.isClient;
    }

    @Override // K6.AbstractC0312g1
    public final SSLEngine newEngine(B6.F f5, String str, int i9) {
        return configureAndWrapEngine(context().createSSLEngine(str, i9), f5);
    }

    @Override // K6.AbstractC0312g1
    public final SSLSessionContext sessionContext() {
        return isServer() ? context().getServerSessionContext() : context().getClientSessionContext();
    }
}
