package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.JdkApplicationProtocolNegotiator;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* loaded from: classes.dex */
public class JdkSslContext extends SslContext {
    private static final List<String> DEFAULT_CIPHERS;
    private static final String[] DEFAULT_PROTOCOLS;
    static final String PROTOCOL = "TLS";
    private static final Set<String> SUPPORTED_CIPHERS;
    private static final InternalLogger logger = InternalLoggerFactory.getInstance(JdkSslContext.class);
    private final JdkApplicationProtocolNegotiator apn;
    private final String[] cipherSuites;
    private final ClientAuth clientAuth;
    private final boolean isClient;
    private final String[] protocols;
    private final SSLContext sslContext;
    private final List<String> unmodifiableCipherSuites;

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:25:0x00a0
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    static {
        /*
            java.lang.Class<io.netty.handler.ssl.JdkSslContext> r0 = io.netty.handler.ssl.JdkSslContext.class
            io.netty.util.internal.logging.InternalLogger r0 = io.netty.util.internal.logging.InternalLoggerFactory.getInstance(r0)
            io.netty.handler.ssl.JdkSslContext.logger = r0
            java.lang.String r0 = "TLS"
            javax.net.ssl.SSLContext r0 = javax.net.ssl.SSLContext.getInstance(r0)     // Catch: java.lang.Exception -> Ldb
            r1 = 0
            r0.init(r1, r1, r1)     // Catch: java.lang.Exception -> Ldb
            javax.net.ssl.SSLEngine r0 = r0.createSSLEngine()
            java.lang.String[] r1 = r0.getSupportedProtocols()
            java.util.HashSet r2 = new java.util.HashSet
            int r3 = r1.length
            r2.<init>(r3)
            r3 = 0
            r4 = r3
        L22:
            int r5 = r1.length
            if (r4 >= r5) goto L2d
            r5 = r1[r4]
            r2.add(r5)
            int r4 = r4 + 1
            goto L22
        L2d:
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            java.lang.String r4 = "TLSv1.2"
            java.lang.String r5 = "TLSv1.1"
            java.lang.String r6 = "TLSv1"
            java.lang.String[] r4 = new java.lang.String[]{r4, r5, r6}
            io.netty.handler.ssl.SslUtils.addIfSupported(r2, r1, r4)
            boolean r2 = r1.isEmpty()
            if (r2 != 0) goto L54
            int r2 = r1.size()
            java.lang.String[] r2 = new java.lang.String[r2]
            java.lang.Object[] r1 = r1.toArray(r2)
            java.lang.String[] r1 = (java.lang.String[]) r1
        L51:
            io.netty.handler.ssl.JdkSslContext.DEFAULT_PROTOCOLS = r1
            goto L59
        L54:
            java.lang.String[] r1 = r0.getEnabledProtocols()
            goto L51
        L59:
            java.lang.String[] r1 = r0.getSupportedCipherSuites()
            java.util.HashSet r2 = new java.util.HashSet
            int r4 = r1.length
            r2.<init>(r4)
            io.netty.handler.ssl.JdkSslContext.SUPPORTED_CIPHERS = r2
            r2 = r3
        L66:
            int r4 = r1.length
            if (r2 >= r4) goto La3
            r4 = r1[r2]
            java.util.Set<java.lang.String> r5 = io.netty.handler.ssl.JdkSslContext.SUPPORTED_CIPHERS
            r5.add(r4)
            java.lang.String r5 = "SSL_"
            boolean r5 = r4.startsWith(r5)
            if (r5 == 0) goto La0
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            r5.<init>()
            java.lang.String r6 = "TLS_"
            r5.append(r6)
            java.lang.String r6 = "SSL_"
            int r6 = r6.length()
            java.lang.String r4 = r4.substring(r6)
            r5.append(r4)
            java.lang.String r4 = r5.toString()
            r5 = 1
            java.lang.String[] r5 = new java.lang.String[r5]     // Catch: java.lang.IllegalArgumentException -> La0
            r5[r3] = r4     // Catch: java.lang.IllegalArgumentException -> La0
            r0.setEnabledCipherSuites(r5)     // Catch: java.lang.IllegalArgumentException -> La0
            java.util.Set<java.lang.String> r5 = io.netty.handler.ssl.JdkSslContext.SUPPORTED_CIPHERS     // Catch: java.lang.IllegalArgumentException -> La0
            r5.add(r4)     // Catch: java.lang.IllegalArgumentException -> La0
        La0:
            int r2 = r2 + 1
            goto L66
        La3:
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            java.util.Set<java.lang.String> r2 = io.netty.handler.ssl.JdkSslContext.SUPPORTED_CIPHERS
            java.lang.String[] r3 = io.netty.handler.ssl.SslUtils.DEFAULT_CIPHER_SUITES
            io.netty.handler.ssl.SslUtils.addIfSupported(r2, r1, r3)
            java.lang.String[] r0 = r0.getEnabledCipherSuites()
            io.netty.handler.ssl.SslUtils.useFallbackCiphersIfDefaultIsEmpty(r1, r0)
            java.util.List r0 = java.util.Collections.unmodifiableList(r1)
            io.netty.handler.ssl.JdkSslContext.DEFAULT_CIPHERS = r0
            io.netty.util.internal.logging.InternalLogger r0 = io.netty.handler.ssl.JdkSslContext.logger
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto Lda
            io.netty.util.internal.logging.InternalLogger r0 = io.netty.handler.ssl.JdkSslContext.logger
            java.lang.String r1 = "Default protocols (JDK): {} "
            java.lang.String[] r2 = io.netty.handler.ssl.JdkSslContext.DEFAULT_PROTOCOLS
            java.util.List r2 = java.util.Arrays.asList(r2)
            r0.debug(r1, r2)
            io.netty.util.internal.logging.InternalLogger r0 = io.netty.handler.ssl.JdkSslContext.logger
            java.lang.String r1 = "Default cipher suites (JDK): {}"
            java.util.List<java.lang.String> r2 = io.netty.handler.ssl.JdkSslContext.DEFAULT_CIPHERS
            r0.debug(r1, r2)
        Lda:
            return
        Ldb:
            r0 = move-exception
            java.lang.Error r1 = new java.lang.Error
            java.lang.String r2 = "failed to initialize the default SSL context"
            r1.<init>(r2, r0)
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.JdkSslContext.<clinit>():void");
    }

    public JdkSslContext(SSLContext sSLContext, boolean z, ClientAuth clientAuth) {
        this(sSLContext, z, null, IdentityCipherSuiteFilter.INSTANCE, JdkDefaultApplicationProtocolNegotiator.INSTANCE, clientAuth, null, false);
    }

    public JdkSslContext(SSLContext sSLContext, boolean z, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth) {
        this(sSLContext, z, iterable, cipherSuiteFilter, toNegotiator(applicationProtocolConfig, z ? false : true), clientAuth, null, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JdkSslContext(SSLContext sSLContext, boolean z, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, JdkApplicationProtocolNegotiator jdkApplicationProtocolNegotiator, ClientAuth clientAuth, String[] strArr, boolean z2) {
        super(z2);
        this.apn = (JdkApplicationProtocolNegotiator) ObjectUtil.checkNotNull(jdkApplicationProtocolNegotiator, "apn");
        this.clientAuth = (ClientAuth) ObjectUtil.checkNotNull(clientAuth, "clientAuth");
        this.cipherSuites = ((CipherSuiteFilter) ObjectUtil.checkNotNull(cipherSuiteFilter, "cipherFilter")).filterCipherSuites(iterable, DEFAULT_CIPHERS, SUPPORTED_CIPHERS);
        this.protocols = strArr == null ? DEFAULT_PROTOCOLS : strArr;
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(this.cipherSuites));
        this.sslContext = (SSLContext) ObjectUtil.checkNotNull(sSLContext, "sslContext");
        this.isClient = z;
    }

    @Deprecated
    protected static KeyManagerFactory buildKeyManagerFactory(File file, File file2, String str, KeyManagerFactory keyManagerFactory) {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return buildKeyManagerFactory(file, property, file2, str, keyManagerFactory);
    }

    @Deprecated
    protected static KeyManagerFactory buildKeyManagerFactory(File file, String str, File file2, String str2, KeyManagerFactory keyManagerFactory) {
        return buildKeyManagerFactory(toX509Certificates(file), str, toPrivateKey(file2, str2), str2, keyManagerFactory);
    }

    private SSLEngine configureAndWrapEngine(SSLEngine sSLEngine, ByteBufAllocator byteBufAllocator) {
        sSLEngine.setEnabledCipherSuites(this.cipherSuites);
        sSLEngine.setEnabledProtocols(this.protocols);
        sSLEngine.setUseClientMode(isClient());
        if (isServer()) {
            switch (this.clientAuth) {
                case OPTIONAL:
                    sSLEngine.setWantClientAuth(true);
                    break;
                case REQUIRE:
                    sSLEngine.setNeedClientAuth(true);
                    break;
                case NONE:
                    break;
                default:
                    throw new Error("Unknown auth " + this.clientAuth);
            }
        }
        JdkApplicationProtocolNegotiator.SslEngineWrapperFactory wrapperFactory = this.apn.wrapperFactory();
        return wrapperFactory instanceof JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory ? ((JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) wrapperFactory).wrapSslEngine(sSLEngine, byteBufAllocator, this.apn, isServer()) : wrapperFactory.wrapSslEngine(sSLEngine, this.apn, isServer());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        JdkDefaultApplicationProtocolNegotiator jdkDefaultApplicationProtocolNegotiator;
        if (applicationProtocolConfig == null) {
            jdkDefaultApplicationProtocolNegotiator = JdkDefaultApplicationProtocolNegotiator.INSTANCE;
        } else {
            switch (applicationProtocolConfig.protocol()) {
                case NONE:
                    jdkDefaultApplicationProtocolNegotiator = JdkDefaultApplicationProtocolNegotiator.INSTANCE;
                    break;
                case ALPN:
                    if (z) {
                        switch (applicationProtocolConfig.selectorFailureBehavior()) {
                            case FATAL_ALERT:
                                return new JdkAlpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                            case NO_ADVERTISE:
                                return new JdkAlpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                            default:
                                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
                        }
                    }
                    switch (applicationProtocolConfig.selectedListenerFailureBehavior()) {
                        case ACCEPT:
                            return new JdkAlpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        case FATAL_ALERT:
                            return new JdkAlpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
                    }
                case NPN:
                    if (z) {
                        switch (applicationProtocolConfig.selectedListenerFailureBehavior()) {
                            case ACCEPT:
                                return new JdkNpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                            case FATAL_ALERT:
                                return new JdkNpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                            default:
                                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
                        }
                    }
                    switch (applicationProtocolConfig.selectorFailureBehavior()) {
                        case FATAL_ALERT:
                            return new JdkNpnApplicationProtocolNegotiator(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        case NO_ADVERTISE:
                            return new JdkNpnApplicationProtocolNegotiator(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
                    }
                default:
                    throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.protocol() + " protocol");
            }
        }
        return jdkDefaultApplicationProtocolNegotiator;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.apn;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final List<String> cipherSuites() {
        return this.unmodifiableCipherSuites;
    }

    public final SSLContext context() {
        return this.sslContext;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean isClient() {
        return this.isClient;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return configureAndWrapEngine(context().createSSLEngine(), byteBufAllocator);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        return configureAndWrapEngine(context().createSSLEngine(str, i), byteBufAllocator);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionCacheSize() {
        return sessionContext().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLSessionContext sessionContext() {
        return isServer() ? context().getServerSessionContext() : context().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }
}
