package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.ByteBufInputStream;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;

/* loaded from: classes7.dex */
public abstract class JdkSslContext extends SslContext {
    public static final List<String> DEFAULT_CIPHERS;
    public static final String PROTOCOL = "TLS";
    public static final String[] PROTOCOLS;
    public static final Set<String> SUPPORTED_CIPHERS;
    public static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) JdkSslContext.class);
    public final JdkApplicationProtocolNegotiator apn;
    public final String[] cipherSuites;
    public final List<String> unmodifiableCipherSuites;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.netty.handler.ssl.JdkSslContext$1, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol = new int[ApplicationProtocolConfig.Protocol.values().length];
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior;

        static {
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 3;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 2;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    static {
        SSLContext sSLContext;
        try {
            sSLContext = SSLContext.getInstance("TLS");
        } catch (Exception e2) {
            e = e2;
        }
        try {
            sSLContext.init(null, null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
            HashSet hashSet = new HashSet(supportedProtocols.length);
            for (String str : supportedProtocols) {
                hashSet.add(str);
            }
            ArrayList arrayList = new ArrayList();
            addIfSupported(hashSet, arrayList, OpenSslEngine.PROTOCOL_TLS_V1_2, OpenSslEngine.PROTOCOL_TLS_V1_1, OpenSslEngine.PROTOCOL_TLS_V1);
            if (arrayList.isEmpty()) {
                PROTOCOLS = createSSLEngine.getEnabledProtocols();
            } else {
                PROTOCOLS = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
            SUPPORTED_CIPHERS = new HashSet(supportedCipherSuites.length);
            for (String str2 : supportedCipherSuites) {
                SUPPORTED_CIPHERS.add(str2);
            }
            ArrayList arrayList2 = new ArrayList();
            addIfSupported(SUPPORTED_CIPHERS, arrayList2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA");
            if (arrayList2.isEmpty()) {
                DEFAULT_CIPHERS = Collections.unmodifiableList(Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
            } else {
                DEFAULT_CIPHERS = Collections.unmodifiableList(arrayList2);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Default protocols (JDK): {} ", Arrays.asList(PROTOCOLS));
                logger.debug("Default cipher suites (JDK): {}", DEFAULT_CIPHERS);
            }
        } catch (Exception e3) {
            e = e3;
            throw new Error("failed to initialize the default SSL context", e);
        }
    }

    public JdkSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        this(iterable, cipherSuiteFilter, toNegotiator(applicationProtocolConfig, z));
    }

    public JdkSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, JdkApplicationProtocolNegotiator jdkApplicationProtocolNegotiator) {
        ObjectUtil.checkNotNull(jdkApplicationProtocolNegotiator, "apn");
        this.apn = jdkApplicationProtocolNegotiator;
        ObjectUtil.checkNotNull(cipherSuiteFilter, "cipherFilter");
        this.cipherSuites = cipherSuiteFilter.filterCipherSuites(iterable, DEFAULT_CIPHERS, SUPPORTED_CIPHERS);
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(this.cipherSuites));
    }

    public static void addIfSupported(Set<String> set, List<String> list, String... strArr) {
        for (String str : strArr) {
            if (set.contains(str)) {
                list.add(str);
            }
        }
    }

    public static KeyManagerFactory buildKeyManagerFactory(File file, File file2, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException {
        String property = Security.getProperty(SSLSocketFactoryFactory.SYSKEYMGRALGO);
        if (property == null) {
            property = "SunX509";
        }
        return buildKeyManagerFactory(file, property, file2, str, keyManagerFactory);
    }

    public static KeyManagerFactory buildKeyManagerFactory(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException {
        PrivateKey generatePrivate;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
        ByteBuf readPrivateKey = PemReader.readPrivateKey(file2);
        byte[] bArr = new byte[readPrivateKey.readableBytes()];
        readPrivateKey.readBytes(bArr).release();
        char[] charArray = str2 == null ? EmptyArrays.EMPTY_CHARS : str2.toCharArray();
        PKCS8EncodedKeySpec generateKeySpec = SslContext.generateKeySpec(charArray, bArr);
        try {
            generatePrivate = keyFactory.generatePrivate(generateKeySpec);
        } catch (InvalidKeySpecException e2) {
            generatePrivate = keyFactory2.generatePrivate(generateKeySpec);
        }
        ArrayList arrayList = new ArrayList();
        ByteBuf[] readCertificates = PemReader.readCertificates(file);
        try {
            for (ByteBuf byteBuf : readCertificates) {
                arrayList.add(certificateFactory.generateCertificate(new ByteBufInputStream(byteBuf)));
            }
            keyStore.setKeyEntry("key", generatePrivate, charArray, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
            KeyManagerFactory keyManagerFactory2 = keyManagerFactory == null ? KeyManagerFactory.getInstance(str) : keyManagerFactory;
            keyManagerFactory2.init(keyStore, charArray);
            return keyManagerFactory2;
        } finally {
            for (ByteBuf byteBuf2 : readCertificates) {
                byteBuf2.release();
            }
        }
    }

    public static TrustManagerFactory buildTrustManagerFactory(File file, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteBuf[] readCertificates = PemReader.readCertificates(file);
        try {
            for (ByteBuf byteBuf : readCertificates) {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteBufInputStream(byteBuf));
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
            }
            if (trustManagerFactory == null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            }
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } finally {
            for (ByteBuf byteBuf2 : readCertificates) {
                byteBuf2.release();
            }
        }
    }

    public static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i2;
        if (applicationProtocolConfig != null && (i2 = AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[applicationProtocolConfig.protocol().ordinal()]) != 1) {
            if (i2 == 2) {
                if (z) {
                    int i3 = AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[applicationProtocolConfig.selectorFailureBehavior().ordinal()];
                    if (i3 == 1) {
                        return new JdkAlpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    }
                    if (i3 == 2) {
                        return new JdkAlpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    }
                    throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
                }
                int i4 = AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[applicationProtocolConfig.selectedListenerFailureBehavior().ordinal()];
                if (i4 == 1) {
                    return new JdkAlpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                }
                if (i4 == 2) {
                    return new JdkAlpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
            }
            if (i2 != 3) {
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.protocol() + " protocol");
            }
            if (z) {
                int i5 = AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[applicationProtocolConfig.selectedListenerFailureBehavior().ordinal()];
                if (i5 == 1) {
                    return new JdkNpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                }
                if (i5 == 2) {
                    return new JdkNpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                }
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
            }
            int i6 = AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[applicationProtocolConfig.selectorFailureBehavior().ordinal()];
            if (i6 == 1) {
                return new JdkNpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
            }
            if (i6 == 2) {
                return new JdkNpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
            }
            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
        }
        return JdkDefaultApplicationProtocolNegotiator.INSTANCE;
    }

    private SSLEngine wrapEngine(SSLEngine sSLEngine) {
        return this.apn.wrapperFactory().wrapSslEngine(sSLEngine, this.apn, isServer());
    }

    @Override // io.netty.handler.ssl.SslContext
    public JdkApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.apn;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final List<String> cipherSuites() {
        return this.unmodifiableCipherSuites;
    }

    public abstract SSLContext context();

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        SSLEngine createSSLEngine = context().createSSLEngine();
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        createSSLEngine.setEnabledProtocols(PROTOCOLS);
        createSSLEngine.setUseClientMode(isClient());
        return wrapEngine(createSSLEngine);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i2) {
        SSLEngine createSSLEngine = context().createSSLEngine(str, i2);
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        createSSLEngine.setEnabledProtocols(PROTOCOLS);
        createSSLEngine.setUseClientMode(isClient());
        return wrapEngine(createSSLEngine);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionCacheSize() {
        return sessionContext().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLSessionContext sessionContext() {
        return isServer() ? context().getServerSessionContext() : context().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }
}
