package org.spongycastle.est.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.spongycastle.est.u;
import org.spongycastle.util.t;

/* compiled from: DefaultESTClientSourceProvider.java */
/* loaded from: classes3.dex */
class c implements org.spongycastle.est.h {

    /* renamed from: a, reason: collision with root package name */
    private final SSLSocketFactory f27863a;

    /* renamed from: b, reason: collision with root package name */
    private final i f27864b;

    /* renamed from: c, reason: collision with root package name */
    private final int f27865c;

    /* renamed from: d, reason: collision with root package name */
    private final a f27866d;

    /* renamed from: e, reason: collision with root package name */
    private final Set<String> f27867e;

    /* renamed from: f, reason: collision with root package name */
    private final Long f27868f;

    /* renamed from: g, reason: collision with root package name */
    private final boolean f27869g;

    public c(SSLSocketFactory sSLSocketFactory, i iVar, int i5, a aVar, Set<String> set, Long l5, boolean z4) throws GeneralSecurityException {
        this.f27863a = sSLSocketFactory;
        this.f27864b = iVar;
        this.f27865c = i5;
        this.f27866d = aVar;
        this.f27867e = set;
        this.f27868f = l5;
        this.f27869g = z4;
    }

    @Override // org.spongycastle.est.h
    public u a(String str, int i5) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.f27863a.createSocket(str, i5);
        sSLSocket.setSoTimeout(this.f27865c);
        Set<String> set = this.f27867e;
        if (set != null && !set.isEmpty()) {
            if (this.f27869g) {
                HashSet hashSet = new HashSet();
                String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
                for (int i6 = 0; i6 != supportedCipherSuites.length; i6++) {
                    hashSet.add(supportedCipherSuites[i6]);
                }
                ArrayList arrayList = new ArrayList();
                for (String str2 : this.f27867e) {
                    if (hashSet.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
                if (arrayList.isEmpty()) {
                    throw new IllegalStateException("No supplied cipher suite is supported by the provider.");
                }
                sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            } else {
                Set<String> set2 = this.f27867e;
                sSLSocket.setEnabledCipherSuites((String[]) set2.toArray(new String[set2.size()]));
            }
        }
        sSLSocket.startHandshake();
        i iVar = this.f27864b;
        if (iVar != null && !iVar.a(str, sSLSocket.getSession())) {
            throw new IOException("Host name could not be verified.");
        }
        String j5 = t.j(sSLSocket.getSession().getCipherSuite());
        if (j5.contains("_des_") || j5.contains("_des40_") || j5.contains("_3des_")) {
            throw new IOException("EST clients must not use DES ciphers");
        }
        if (t.j(sSLSocket.getSession().getCipherSuite()).contains("null")) {
            throw new IOException("EST clients must not use NULL ciphers");
        }
        if (t.j(sSLSocket.getSession().getCipherSuite()).contains("anon")) {
            throw new IOException("EST clients must not use anon ciphers");
        }
        if (t.j(sSLSocket.getSession().getCipherSuite()).contains("export")) {
            throw new IOException("EST clients must not use export ciphers");
        }
        if (sSLSocket.getSession().getProtocol().equalsIgnoreCase("tlsv1")) {
            try {
                sSLSocket.close();
            } catch (Exception unused) {
            }
            throw new IOException("EST clients must not use TLSv1");
        }
        i iVar2 = this.f27864b;
        if (iVar2 == null || iVar2.a(str, sSLSocket.getSession())) {
            return new j(sSLSocket, this.f27866d, this.f27868f);
        }
        throw new IOException("Hostname was not verified: " + str);
    }
}
