package org.conscrypt;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes7.dex */
public final class SSLParametersImpl implements Cloneable {
    private static final String[] EMPTY_STRING_ARRAY = new String[0];
    private static volatile SSLParametersImpl defaultParameters;
    private static volatile X509KeyManager defaultX509KeyManager;
    private static volatile X509TrustManager defaultX509TrustManager;

    /* renamed from: a, reason: collision with root package name */
    public String[] f30861a;

    /* renamed from: b, reason: collision with root package name */
    public boolean f30862b;

    /* renamed from: c, reason: collision with root package name */
    public String[] f30863c;
    private final ClientSessionContext clientSessionContext;
    private boolean client_mode;
    private boolean ctVerificationEnabled;

    /* renamed from: d, reason: collision with root package name */
    public byte[] f30864d;

    /* renamed from: e, reason: collision with root package name */
    public byte[] f30865e;
    private boolean enable_session_creation;
    private String endpointIdentificationAlgorithm;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f30866f;

    /* renamed from: g, reason: collision with root package name */
    public ApplicationProtocolSelectorAdapter f30867g;

    /* renamed from: h, reason: collision with root package name */
    public boolean f30868h;

    /* renamed from: i, reason: collision with root package name */
    public boolean f30869i;
    private boolean need_client_auth;
    private final PSKKeyManager pskKeyManager;
    private final ServerSessionContext serverSessionContext;
    private boolean useCipherSuitesOrder;
    private Boolean useSni;
    private boolean want_client_auth;
    private final X509KeyManager x509KeyManager;
    private final X509TrustManager x509TrustManager;

    /* loaded from: classes7.dex */
    public interface AliasChooser {
        String chooseClientAlias(X509KeyManager x509KeyManager, X500Principal[] x500PrincipalArr, String[] strArr);

        String chooseServerAlias(X509KeyManager x509KeyManager, String str);
    }

    /* loaded from: classes7.dex */
    public interface PSKCallbacks {
        String chooseClientPSKIdentity(PSKKeyManager pSKKeyManager, String str);

        String chooseServerPSKIdentityHint(PSKKeyManager pSKKeyManager);

        SecretKey getPSKKey(PSKKeyManager pSKKeyManager, String str, String str2);
    }

    private SSLParametersImpl(ClientSessionContext clientSessionContext, ServerSessionContext serverSessionContext, X509KeyManager x509KeyManager, PSKKeyManager pSKKeyManager, X509TrustManager x509TrustManager, SSLParametersImpl sSLParametersImpl) {
        this.client_mode = true;
        this.need_client_auth = false;
        this.want_client_auth = false;
        this.enable_session_creation = true;
        this.f30866f = EmptyArray.f30754b;
        this.clientSessionContext = clientSessionContext;
        this.serverSessionContext = serverSessionContext;
        this.x509KeyManager = x509KeyManager;
        this.pskKeyManager = pSKKeyManager;
        this.x509TrustManager = x509TrustManager;
        String[] strArr = sSLParametersImpl.f30861a;
        this.f30861a = strArr == null ? null : (String[]) strArr.clone();
        this.f30862b = sSLParametersImpl.f30862b;
        String[] strArr2 = sSLParametersImpl.f30863c;
        this.f30863c = strArr2 == null ? null : (String[]) strArr2.clone();
        this.client_mode = sSLParametersImpl.client_mode;
        this.need_client_auth = sSLParametersImpl.need_client_auth;
        this.want_client_auth = sSLParametersImpl.want_client_auth;
        this.enable_session_creation = sSLParametersImpl.enable_session_creation;
        this.endpointIdentificationAlgorithm = sSLParametersImpl.endpointIdentificationAlgorithm;
        this.useCipherSuitesOrder = sSLParametersImpl.useCipherSuitesOrder;
        this.ctVerificationEnabled = sSLParametersImpl.ctVerificationEnabled;
        byte[] bArr = sSLParametersImpl.f30864d;
        this.f30864d = bArr == null ? null : (byte[]) bArr.clone();
        byte[] bArr2 = sSLParametersImpl.f30865e;
        this.f30865e = bArr2 == null ? null : (byte[]) bArr2.clone();
        byte[] bArr3 = sSLParametersImpl.f30866f;
        this.f30866f = bArr3 != null ? (byte[]) bArr3.clone() : null;
        this.f30867g = sSLParametersImpl.f30867g;
        this.f30868h = sSLParametersImpl.f30868h;
        this.useSni = sSLParametersImpl.useSni;
        this.f30869i = sSLParametersImpl.f30869i;
    }

    public SSLParametersImpl(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom, ClientSessionContext clientSessionContext, ServerSessionContext serverSessionContext, String[] strArr) throws KeyManagementException {
        this.client_mode = true;
        this.need_client_auth = false;
        this.want_client_auth = false;
        this.enable_session_creation = true;
        this.f30866f = EmptyArray.f30754b;
        this.serverSessionContext = serverSessionContext;
        this.clientSessionContext = clientSessionContext;
        if (keyManagerArr == null) {
            this.x509KeyManager = getDefaultX509KeyManager();
            this.pskKeyManager = null;
        } else {
            this.x509KeyManager = findFirstX509KeyManager(keyManagerArr);
            this.pskKeyManager = findFirstPSKKeyManager(keyManagerArr);
        }
        if (trustManagerArr == null) {
            this.x509TrustManager = e();
        } else {
            this.x509TrustManager = findFirstX509TrustManager(trustManagerArr);
        }
        this.f30861a = (String[]) NativeCrypto.d(strArr == null ? NativeCrypto.f30819s : strArr).clone();
        this.f30863c = getDefaultCipherSuites((this.x509KeyManager == null && this.x509TrustManager == null) ? false : true, this.pskKeyManager != null);
    }

    private static X509KeyManager createDefaultX509KeyManager() throws KeyManagementException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            X509KeyManager findFirstX509KeyManager = findFirstX509KeyManager(keyManagers);
            if (findFirstX509KeyManager != null) {
                return findFirstX509KeyManager;
            }
            throw new KeyManagementException("No X509KeyManager among default KeyManagers: " + Arrays.toString(keyManagers));
        } catch (KeyStoreException e2) {
            throw new KeyManagementException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyManagementException(e3);
        } catch (UnrecoverableKeyException e4) {
            throw new KeyManagementException(e4);
        }
    }

    private static X509TrustManager createDefaultX509TrustManager() throws KeyManagementException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            X509TrustManager findFirstX509TrustManager = findFirstX509TrustManager(trustManagers);
            if (findFirstX509TrustManager != null) {
                return findFirstX509TrustManager;
            }
            throw new KeyManagementException("No X509TrustManager in among default TrustManagers: " + Arrays.toString(trustManagers));
        } catch (KeyStoreException e2) {
            throw new KeyManagementException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyManagementException(e3);
        }
    }

    public static SSLParametersImpl d() throws KeyManagementException {
        SSLParametersImpl sSLParametersImpl = defaultParameters;
        if (sSLParametersImpl == null) {
            sSLParametersImpl = new SSLParametersImpl((KeyManager[]) null, (TrustManager[]) null, (SecureRandom) null, new ClientSessionContext(), new ServerSessionContext(), (String[]) null);
            defaultParameters = sSLParametersImpl;
        }
        return (SSLParametersImpl) sSLParametersImpl.clone();
    }

    public static X509TrustManager e() throws KeyManagementException {
        X509TrustManager x509TrustManager = defaultX509TrustManager;
        if (x509TrustManager != null) {
            return x509TrustManager;
        }
        X509TrustManager createDefaultX509TrustManager = createDefaultX509TrustManager();
        defaultX509TrustManager = createDefaultX509TrustManager;
        return createDefaultX509TrustManager;
    }

    private static String[] filterFromCipherSuites(String[] strArr, Set<String> set) {
        if (strArr == null || strArr.length == 0) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (!set.contains(str)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(EMPTY_STRING_ARRAY);
    }

    private static String[] filterFromProtocols(String[] strArr, String str) {
        if (strArr.length == 1 && str.equals(strArr[0])) {
            return EMPTY_STRING_ARRAY;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            if (!str.equals(str2)) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(EMPTY_STRING_ARRAY);
    }

    private static PSKKeyManager findFirstPSKKeyManager(KeyManager[] keyManagerArr) {
        int length = keyManagerArr.length;
        for (int i2 = 0; i2 < length; i2++) {
            KeyManager keyManager = keyManagerArr[i2];
            if (keyManager instanceof PSKKeyManager) {
                return (PSKKeyManager) keyManager;
            }
            if (keyManager != null) {
                try {
                    return DuckTypedPSKKeyManager.a(keyManager);
                } catch (NoSuchMethodException unused) {
                    continue;
                }
            }
        }
        return null;
    }

    private static X509KeyManager findFirstX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    private static X509TrustManager findFirstX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static String[] getDefaultCipherSuites(boolean z2, boolean z3) {
        return z2 ? z3 ? SSLUtils.b(NativeCrypto.f30814n, NativeCrypto.f30813m, new String[]{NativeCrypto.f30812l}) : SSLUtils.b(NativeCrypto.f30813m, new String[]{NativeCrypto.f30812l}) : z3 ? SSLUtils.b(NativeCrypto.f30814n, new String[]{NativeCrypto.f30812l}) : new String[]{NativeCrypto.f30812l};
    }

    private static X509KeyManager getDefaultX509KeyManager() throws KeyManagementException {
        X509KeyManager x509KeyManager = defaultX509KeyManager;
        if (x509KeyManager != null) {
            return x509KeyManager;
        }
        X509KeyManager createDefaultX509KeyManager = createDefaultX509KeyManager();
        defaultX509KeyManager = createDefaultX509KeyManager;
        return createDefaultX509KeyManager;
    }

    private boolean isSniEnabledByDefault() {
        try {
            String property = System.getProperty("jsse.enableSNIExtension", "true");
            if ("true".equalsIgnoreCase(property)) {
                return true;
            }
            if ("false".equalsIgnoreCase(property)) {
                return false;
            }
            throw new RuntimeException("Can only set \"jsse.enableSNIExtension\" to \"true\" or \"false\"");
        } catch (SecurityException unused) {
            return true;
        }
    }

    public void A(String str) {
        this.endpointIdentificationAlgorithm = str;
    }

    public void B(boolean z2) {
        this.need_client_auth = z2;
        this.want_client_auth = false;
    }

    public void C(byte[] bArr) {
        this.f30865e = bArr;
    }

    public void D(byte[] bArr) {
        this.f30864d = bArr;
    }

    public void E(boolean z2) {
        this.useCipherSuitesOrder = z2;
    }

    public void F(boolean z2) {
        this.client_mode = z2;
    }

    public void G(boolean z2) {
        this.f30868h = z2;
    }

    public void H(boolean z2) {
        this.useSni = Boolean.valueOf(z2);
    }

    public void I(boolean z2) {
        this.want_client_auth = z2;
        this.need_client_auth = false;
    }

    public SSLParametersImpl a(X509TrustManager x509TrustManager) {
        return new SSLParametersImpl(this.clientSessionContext, this.serverSessionContext, this.x509KeyManager, this.pskKeyManager, x509TrustManager, this);
    }

    public String[] b() {
        return SSLUtils.c(this.f30866f);
    }

    public ClientSessionContext c() {
        return this.clientSessionContext;
    }

    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e2) {
            throw new AssertionError(e2);
        }
    }

    public boolean f() {
        return this.enable_session_creation;
    }

    public String[] g() {
        return Arrays.asList(this.f30861a).contains("TLSv1.3") ? SSLUtils.b(NativeCrypto.f30809i, this.f30863c) : (String[]) this.f30863c.clone();
    }

    public String[] h() {
        return (String[]) this.f30861a.clone();
    }

    public String i() {
        return this.endpointIdentificationAlgorithm;
    }

    public boolean j() {
        return this.need_client_auth;
    }

    public byte[] k() {
        return this.f30865e;
    }

    public PSKKeyManager l() {
        return this.pskKeyManager;
    }

    public AbstractSessionContext m() {
        return this.client_mode ? this.clientSessionContext : this.serverSessionContext;
    }

    public boolean n() {
        return this.useCipherSuitesOrder;
    }

    public boolean o() {
        return this.client_mode;
    }

    public boolean p() {
        Boolean bool = this.useSni;
        return bool != null ? bool.booleanValue() : isSniEnabledByDefault();
    }

    public boolean q() {
        return this.want_client_auth;
    }

    public X509KeyManager r() {
        return this.x509KeyManager;
    }

    public X509TrustManager s() {
        return this.x509TrustManager;
    }

    public boolean t(String str) {
        if (str == null) {
            return false;
        }
        if (this.ctVerificationEnabled) {
            return true;
        }
        return Platform.I(str);
    }

    public void u(ApplicationProtocolSelectorAdapter applicationProtocolSelectorAdapter) {
        this.f30867g = applicationProtocolSelectorAdapter;
    }

    public void v(String[] strArr) {
        this.f30866f = SSLUtils.e(strArr);
    }

    public void w(boolean z2) {
        this.ctVerificationEnabled = z2;
    }

    public void x(boolean z2) {
        this.enable_session_creation = z2;
    }

    public void y(String[] strArr) {
        this.f30863c = NativeCrypto.c(filterFromCipherSuites(strArr, NativeCrypto.f30811k));
    }

    public void z(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException("protocols == null");
        }
        String[] filterFromProtocols = filterFromProtocols(strArr, "SSLv3");
        this.f30862b = strArr.length != filterFromProtocols.length;
        this.f30861a = (String[]) NativeCrypto.d(filterFromProtocols).clone();
    }
}
