package com.android.org.conscrypt;

import android.os.Trace;
import com.android.ims.ImsManager;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/android/org/conscrypt/SSLParametersImpl.class */
public class SSLParametersImpl implements Cloneable {
    private static volatile X509KeyManager defaultX509KeyManager;
    private static volatile X509TrustManager defaultX509TrustManager;
    private static volatile SecureRandom defaultSecureRandom;
    private static volatile SSLParametersImpl defaultParameters;
    private final ClientSessionContext clientSessionContext;
    private final ServerSessionContext serverSessionContext;
    private final X509KeyManager x509KeyManager;
    private final PSKKeyManager pskKeyManager;
    private final X509TrustManager x509TrustManager;
    private SecureRandom secureRandom;
    private String[] enabledProtocols;
    private boolean isEnabledProtocolsFiltered;
    private String[] enabledCipherSuites;
    private boolean client_mode = true;
    private boolean need_client_auth = false;
    private boolean want_client_auth = false;
    private boolean enable_session_creation = true;
    private String endpointIdentificationAlgorithm;
    private boolean useCipherSuitesOrder;
    private boolean ctVerificationEnabled;
    private byte[] sctExtension;
    private byte[] ocspResponse;
    private byte[] alpnProtocols;
    private boolean useSessionTickets;
    private Boolean useSni;
    boolean channelIdEnabled;
    private static final String[] EMPTY_STRING_ARRAY = new String[0];
    private static final String KEY_TYPE_RSA = "RSA";
    private static final String KEY_TYPE_DH_RSA = "DH_RSA";
    private static final String KEY_TYPE_EC = "EC";
    private static final String KEY_TYPE_EC_EC = "EC_EC";
    private static final String KEY_TYPE_EC_RSA = "EC_RSA";

    /* loaded from: input_file:com/android/org/conscrypt/SSLParametersImpl$AliasChooser.class */
    public interface AliasChooser {
        String chooseClientAlias(X509KeyManager x509KeyManager, X500Principal[] x500PrincipalArr, String[] strArr);

        String chooseServerAlias(X509KeyManager x509KeyManager, String str);
    }

    /* loaded from: input_file:com/android/org/conscrypt/SSLParametersImpl$PSKCallbacks.class */
    public interface PSKCallbacks {
        String chooseServerPSKIdentityHint(PSKKeyManager pSKKeyManager);

        String chooseClientPSKIdentity(PSKKeyManager pSKKeyManager, String str);

        SecretKey getPSKKey(PSKKeyManager pSKKeyManager, String str, String str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLParametersImpl(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom, ClientSessionContext clientSessionContext, ServerSessionContext serverSessionContext, String[] strArr) throws KeyManagementException {
        this.serverSessionContext = serverSessionContext;
        this.clientSessionContext = clientSessionContext;
        if (keyManagerArr == null) {
            this.x509KeyManager = getDefaultX509KeyManager();
            this.pskKeyManager = null;
        } else {
            this.x509KeyManager = findFirstX509KeyManager(keyManagerArr);
            this.pskKeyManager = findFirstPSKKeyManager(keyManagerArr);
        }
        if (trustManagerArr == null) {
            this.x509TrustManager = getDefaultX509TrustManager();
        } else {
            this.x509TrustManager = findFirstX509TrustManager(trustManagerArr);
        }
        this.secureRandom = secureRandom;
        this.enabledProtocols = (String[]) NativeCrypto.checkEnabledProtocols(strArr == null ? NativeCrypto.DEFAULT_PROTOCOLS : strArr).clone();
        this.enabledCipherSuites = getDefaultCipherSuites((this.x509KeyManager == null && this.x509TrustManager == null) ? false : true, this.pskKeyManager != null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SSLParametersImpl getDefault() throws KeyManagementException {
        SSLParametersImpl sSLParametersImpl = defaultParameters;
        if (sSLParametersImpl == null) {
            SSLParametersImpl sSLParametersImpl2 = new SSLParametersImpl(null, null, null, new ClientSessionContext(), new ServerSessionContext(), null);
            sSLParametersImpl = sSLParametersImpl2;
            defaultParameters = sSLParametersImpl2;
        }
        return (SSLParametersImpl) sSLParametersImpl.clone();
    }

    public AbstractSessionContext getSessionContext() {
        return this.client_mode ? this.clientSessionContext : this.serverSessionContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerSessionContext getServerSessionContext() {
        return this.serverSessionContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientSessionContext getClientSessionContext() {
        return this.clientSessionContext;
    }

    protected X509KeyManager getX509KeyManager() {
        return this.x509KeyManager;
    }

    protected PSKKeyManager getPSKKeyManager() {
        return this.pskKeyManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509TrustManager getX509TrustManager() {
        return this.x509TrustManager;
    }

    protected SecureRandom getSecureRandom() {
        if (this.secureRandom != null) {
            return this.secureRandom;
        }
        SecureRandom secureRandom = defaultSecureRandom;
        if (secureRandom == null) {
            SecureRandom secureRandom2 = new SecureRandom();
            secureRandom = secureRandom2;
            defaultSecureRandom = secureRandom2;
        }
        this.secureRandom = secureRandom;
        return this.secureRandom;
    }

    protected SecureRandom getSecureRandomMember() {
        return this.secureRandom;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getEnabledCipherSuites() {
        return (String[]) this.enabledCipherSuites.clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = (String[]) NativeCrypto.checkEnabledCipherSuites(strArr).clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getEnabledProtocols() {
        return (String[]) this.enabledProtocols.clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEnabledProtocols(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException("protocols == null");
        }
        String[] filterFromProtocols = filterFromProtocols(strArr, "SSLv3");
        this.isEnabledProtocolsFiltered = strArr.length != filterFromProtocols.length;
        this.enabledProtocols = (String[]) NativeCrypto.checkEnabledProtocols(filterFromProtocols).clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAlpnProtocols(String[] strArr) {
        setAlpnProtocols(SSLUtils.toLengthPrefixedList(strArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAlpnProtocols(byte[] bArr) {
        if (bArr != null && bArr.length == 0) {
            throw new IllegalArgumentException("alpnProtocols.length == 0");
        }
        this.alpnProtocols = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUseClientMode(boolean z) {
        this.client_mode = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getUseClientMode() {
        return this.client_mode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setNeedClientAuth(boolean z) {
        this.need_client_auth = z;
        this.want_client_auth = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getNeedClientAuth() {
        return this.need_client_auth;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setWantClientAuth(boolean z) {
        this.want_client_auth = z;
        this.need_client_auth = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getWantClientAuth() {
        return this.want_client_auth;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEnableSessionCreation(boolean z) {
        this.enable_session_creation = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getEnableSessionCreation() {
        return this.enable_session_creation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setUseSessionTickets(boolean z) {
        this.useSessionTickets = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUseSni(boolean z) {
        this.useSni = Boolean.valueOf(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getUseSni() {
        return this.useSni != null ? this.useSni.booleanValue() : isSniEnabledByDefault();
    }

    public void setCTVerificationEnabled(boolean z) {
        this.ctVerificationEnabled = z;
    }

    public void setSCTExtension(byte[] bArr) {
        this.sctExtension = bArr;
    }

    public void setOCSPResponse(byte[] bArr) {
        this.ocspResponse = bArr;
    }

    public byte[] getOCSPResponse() {
        return this.ocspResponse;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    static byte[][] encodeIssuerX509Principals(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        ?? r0 = new byte[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            r0[i] = x509CertificateArr[i].getIssuerX500Principal().getEncoded();
        }
        return r0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractOpenSSLSession getSessionToReuse(long j, String str, int i) throws SSLException {
        SSLSession cachedClientSession;
        OpenSSLSessionImpl openSSLSessionImpl = null;
        if (this.client_mode && (cachedClientSession = getCachedClientSession(this.clientSessionContext, str, i)) != null) {
            SSLSession unwrapSSLSession = Platform.unwrapSSLSession(cachedClientSession);
            if (unwrapSSLSession instanceof OpenSSLSessionImpl) {
                openSSLSessionImpl = (OpenSSLSessionImpl) unwrapSSLSession;
                NativeCrypto.SSL_set_session(j, openSSLSessionImpl.sslSessionNativePointer);
            }
        }
        return openSSLSessionImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTlsChannelId(long j, OpenSSLKey openSSLKey) throws SSLHandshakeException, SSLException {
        if (this.channelIdEnabled) {
            if (!this.client_mode) {
                NativeCrypto.SSL_enable_tls_channel_id(j);
            } else {
                if (openSSLKey == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(j, openSSLKey.getNativeRef());
            }
        }
    }

    void setCertificate(long j, String str) throws CertificateEncodingException, SSLException {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        X509Certificate[] certificateChain;
        if (str == null || (x509KeyManager = getX509KeyManager()) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null || (certificateChain = x509KeyManager.getCertificateChain(str)) == null) {
            return;
        }
        PublicKey publicKey = certificateChain.length > 0 ? certificateChain[0].getPublicKey() : null;
        OpenSSLX509Certificate[] openSSLX509CertificateArr = new OpenSSLX509Certificate[certificateChain.length];
        long[] jArr = new long[certificateChain.length];
        for (int i = 0; i < certificateChain.length; i++) {
            OpenSSLX509Certificate fromCertificate = OpenSSLX509Certificate.fromCertificate(certificateChain[i]);
            openSSLX509CertificateArr[i] = fromCertificate;
            jArr[i] = fromCertificate.getContext();
        }
        NativeCrypto.SSL_use_certificate(j, jArr);
        try {
            OpenSSLKey fromPrivateKeyForTLSStackOnly = OpenSSLKey.fromPrivateKeyForTLSStackOnly(privateKey, publicKey);
            NativeCrypto.SSL_use_PrivateKey(j, fromPrivateKeyForTLSStackOnly.getNativeRef());
            if (fromPrivateKeyForTLSStackOnly.isWrapped()) {
                return;
            }
            NativeCrypto.SSL_check_private_key(j);
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    private static String[] filterFromProtocols(String[] strArr, String str) {
        if (strArr.length == 1 && str.equals(strArr[0])) {
            return EMPTY_STRING_ARRAY;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            if (!str.equals(str2)) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(EMPTY_STRING_ARRAY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSSLParameters(long j, AliasChooser aliasChooser, PSKCallbacks pSKCallbacks, String str) throws SSLException, IOException {
        if (this.enabledProtocols.length == 0 && this.isEnabledProtocolsFiltered) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.SSL_configure_alpn(j, this.client_mode, this.alpnProtocols);
        NativeCrypto.setEnabledProtocols(j, this.enabledProtocols);
        NativeCrypto.setEnabledCipherSuites(j, this.enabledCipherSuites);
        if (!this.client_mode) {
            HashSet hashSet = new HashSet();
            for (long j2 : NativeCrypto.SSL_get_ciphers(j)) {
                String serverX509KeyType = getServerX509KeyType(j2);
                if (serverX509KeyType != null) {
                    hashSet.add(serverX509KeyType);
                }
            }
            if (getX509KeyManager() != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        setCertificate(j, aliasChooser.chooseServerAlias(this.x509KeyManager, (String) it.next()));
                    } catch (CertificateEncodingException e) {
                        throw new IOException(e);
                    }
                }
            }
            NativeCrypto.SSL_set_options(j, Trace.TRACE_TAG_ADB);
            if (this.sctExtension != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(j, this.sctExtension);
            }
            if (this.ocspResponse != null) {
                NativeCrypto.SSL_set_ocsp_response(j, this.ocspResponse);
            }
        }
        enablePSKKeyManagerIfRequested(j, pSKCallbacks);
        if (this.useSessionTickets) {
            NativeCrypto.SSL_clear_options(j, 16384L);
        }
        if (getUseSni() && AddressUtils.isValidSniHostname(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(j, str);
        }
        NativeCrypto.SSL_set_mode(j, 256L);
        boolean enableSessionCreation = getEnableSessionCreation();
        if (enableSessionCreation) {
            return;
        }
        NativeCrypto.SSL_set_session_creation_enabled(j, enableSessionCreation);
    }

    private void enablePSKKeyManagerIfRequested(long j, PSKCallbacks pSKCallbacks) throws SSLException {
        PSKKeyManager pSKKeyManager = getPSKKeyManager();
        if (pSKKeyManager != null) {
            boolean z = false;
            String[] strArr = this.enabledCipherSuites;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    String str = strArr[i];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
            if (z) {
                if (this.client_mode) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(j, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(j, true);
                    NativeCrypto.SSL_use_psk_identity_hint(j, pSKCallbacks.chooseServerPSKIdentityHint(pSKKeyManager));
                }
            }
        }
    }

    private boolean isSniEnabledByDefault() {
        String property = System.getProperty("jsse.enableSNIExtension", ImsManager.TRUE);
        if (ImsManager.TRUE.equalsIgnoreCase(property)) {
            return true;
        }
        if (ImsManager.FALSE.equalsIgnoreCase(property)) {
            return false;
        }
        throw new RuntimeException("Can only set \"jsse.enableSNIExtension\" to \"true\" or \"false\"");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertificateValidation(long j) throws IOException {
        boolean z;
        X509Certificate[] acceptedIssuers;
        if (this.client_mode) {
            return;
        }
        if (getNeedClientAuth()) {
            NativeCrypto.SSL_set_verify(j, 3);
            z = true;
        } else if (getWantClientAuth()) {
            NativeCrypto.SSL_set_verify(j, 1);
            z = true;
        } else {
            NativeCrypto.SSL_set_verify(j, 0);
            z = false;
        }
        if (!z || (acceptedIssuers = getX509TrustManager().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(j, encodeIssuerX509Principals(acceptedIssuers));
        } catch (CertificateEncodingException e) {
            throw new IOException("Problem encoding principals", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractOpenSSLSession setupSession(long j, long j2, AbstractOpenSSLSession abstractOpenSSLSession, String str, int i, boolean z) throws IOException {
        AbstractOpenSSLSession openSSLSessionImpl;
        if (abstractOpenSSLSession != null && NativeCrypto.SSL_session_reused(j2)) {
            openSSLSessionImpl = abstractOpenSSLSession;
            openSSLSessionImpl.setLastAccessedTime(System.currentTimeMillis());
            NativeCrypto.SSL_SESSION_free(j);
        } else {
            if (!getEnableSessionCreation()) {
                throw new IllegalStateException("SSL Session may not be created");
            }
            openSSLSessionImpl = new OpenSSLSessionImpl(j, OpenSSLX509Certificate.createCertChain(NativeCrypto.SSL_get_certificate(j2)), OpenSSLX509Certificate.createCertChain(NativeCrypto.SSL_get_peer_cert_chain(j2)), NativeCrypto.SSL_get_ocsp_response(j2), NativeCrypto.SSL_get_signed_cert_timestamp_list(j2), str, i, getSessionContext());
            if (z) {
                getSessionContext().putSession(openSSLSessionImpl);
            }
        }
        return openSSLSessionImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void chooseClientCertificate(byte[] bArr, byte[][] bArr2, long j, AliasChooser aliasChooser) throws SSLException, CertificateEncodingException {
        X500Principal[] x500PrincipalArr;
        Set<String> supportedClientKeyTypes = getSupportedClientKeyTypes(bArr);
        String[] strArr = (String[]) supportedClientKeyTypes.toArray(new String[supportedClientKeyTypes.size()]);
        if (bArr2 == null) {
            x500PrincipalArr = null;
        } else {
            x500PrincipalArr = new X500Principal[bArr2.length];
            for (int i = 0; i < bArr2.length; i++) {
                x500PrincipalArr[i] = new X500Principal(bArr2[i]);
            }
        }
        X509KeyManager x509KeyManager = getX509KeyManager();
        setCertificate(j, x509KeyManager != null ? aliasChooser.chooseClientAlias(x509KeyManager, x500PrincipalArr, strArr) : null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int clientPSKKeyRequested(String str, byte[] bArr, byte[] bArr2, PSKCallbacks pSKCallbacks) {
        byte[] bytes;
        PSKKeyManager pSKKeyManager = getPSKKeyManager();
        if (pSKKeyManager == null) {
            return 0;
        }
        String chooseClientPSKIdentity = pSKCallbacks.chooseClientPSKIdentity(pSKKeyManager, str);
        if (chooseClientPSKIdentity == null) {
            chooseClientPSKIdentity = "";
            bytes = EmptyArray.BYTE;
        } else if (chooseClientPSKIdentity.isEmpty()) {
            bytes = EmptyArray.BYTE;
        } else {
            try {
                bytes = chooseClientPSKIdentity.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("UTF-8 encoding not supported", e);
            }
        }
        if (bytes.length + 1 > bArr.length) {
            return 0;
        }
        if (bytes.length > 0) {
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        }
        bArr[bytes.length] = 0;
        byte[] encoded = pSKCallbacks.getPSKKey(pSKKeyManager, str, chooseClientPSKIdentity).getEncoded();
        if (encoded == null || encoded.length > bArr2.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int serverPSKKeyRequested(String str, String str2, byte[] bArr, PSKCallbacks pSKCallbacks) {
        byte[] encoded;
        PSKKeyManager pSKKeyManager = getPSKKeyManager();
        if (pSKKeyManager == null || (encoded = pSKCallbacks.getPSKKey(pSKKeyManager, str, str2).getEncoded()) == null || encoded.length > bArr.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr, 0, encoded.length);
        return encoded.length;
    }

    SSLSession getCachedClientSession(ClientSessionContext clientSessionContext, String str, int i) {
        SSLSession session;
        if (str == null || (session = clientSessionContext.getSession(str, i)) == null) {
            return null;
        }
        String protocol = session.getProtocol();
        boolean z = false;
        String[] strArr = this.enabledProtocols;
        int length = strArr.length;
        int i2 = 0;
        while (true) {
            if (i2 >= length) {
                break;
            }
            if (protocol.equals(strArr[i2])) {
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            return null;
        }
        String cipherSuite = session.getCipherSuite();
        boolean z2 = false;
        String[] strArr2 = this.enabledCipherSuites;
        int length2 = strArr2.length;
        int i3 = 0;
        while (true) {
            if (i3 >= length2) {
                break;
            }
            if (cipherSuite.equals(strArr2[i3])) {
                z2 = true;
                break;
            }
            i3++;
        }
        if (z2) {
            return session;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e) {
            throw new AssertionError(e);
        }
    }

    private static X509KeyManager getDefaultX509KeyManager() throws KeyManagementException {
        X509KeyManager x509KeyManager = defaultX509KeyManager;
        if (x509KeyManager == null) {
            X509KeyManager createDefaultX509KeyManager = createDefaultX509KeyManager();
            x509KeyManager = createDefaultX509KeyManager;
            defaultX509KeyManager = createDefaultX509KeyManager;
        }
        return x509KeyManager;
    }

    private static X509KeyManager createDefaultX509KeyManager() throws KeyManagementException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            X509KeyManager findFirstX509KeyManager = findFirstX509KeyManager(keyManagers);
            if (findFirstX509KeyManager == null) {
                throw new KeyManagementException("No X509KeyManager among default KeyManagers: " + Arrays.toString(keyManagers));
            }
            return findFirstX509KeyManager;
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagementException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyManagementException(e3);
        }
    }

    private static X509KeyManager findFirstX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    private static PSKKeyManager findFirstPSKKeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof PSKKeyManager) {
                return (PSKKeyManager) keyManager;
            }
            if (keyManager != null) {
                try {
                    return DuckTypedPSKKeyManager.getInstance(keyManager);
                } catch (NoSuchMethodException e) {
                }
            }
        }
        return null;
    }

    public static X509TrustManager getDefaultX509TrustManager() throws KeyManagementException {
        X509TrustManager x509TrustManager = defaultX509TrustManager;
        if (x509TrustManager == null) {
            X509TrustManager createDefaultX509TrustManager = createDefaultX509TrustManager();
            x509TrustManager = createDefaultX509TrustManager;
            defaultX509TrustManager = createDefaultX509TrustManager;
        }
        return x509TrustManager;
    }

    private static X509TrustManager createDefaultX509TrustManager() throws KeyManagementException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            X509TrustManager findFirstX509TrustManager = findFirstX509TrustManager(trustManagers);
            if (findFirstX509TrustManager == null) {
                throw new KeyManagementException("No X509TrustManager in among default TrustManagers: " + Arrays.toString(trustManagers));
            }
            return findFirstX509TrustManager;
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagementException(e2);
        }
    }

    private static X509TrustManager findFirstX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public String getEndpointIdentificationAlgorithm() {
        return this.endpointIdentificationAlgorithm;
    }

    public void setEndpointIdentificationAlgorithm(String str) {
        this.endpointIdentificationAlgorithm = str;
    }

    public boolean getUseCipherSuitesOrder() {
        return this.useCipherSuitesOrder;
    }

    public void setUseCipherSuitesOrder(boolean z) {
        this.useCipherSuitesOrder = z;
    }

    private static String getServerX509KeyType(long j) throws SSLException {
        String SSL_CIPHER_get_kx_name = NativeCrypto.SSL_CIPHER_get_kx_name(j);
        if (SSL_CIPHER_get_kx_name.equals("RSA") || SSL_CIPHER_get_kx_name.equals("DHE_RSA") || SSL_CIPHER_get_kx_name.equals("ECDHE_RSA")) {
            return "RSA";
        }
        if (SSL_CIPHER_get_kx_name.equals("ECDHE_ECDSA")) {
            return "EC";
        }
        if (SSL_CIPHER_get_kx_name.equals("ECDH_RSA")) {
            return KEY_TYPE_EC_RSA;
        }
        if (SSL_CIPHER_get_kx_name.equals("ECDH_ECDSA")) {
            return KEY_TYPE_EC_EC;
        }
        if (SSL_CIPHER_get_kx_name.equals(KEY_TYPE_DH_RSA)) {
            return KEY_TYPE_DH_RSA;
        }
        return null;
    }

    public static String getClientKeyType(byte b) {
        switch (b) {
            case 1:
                return "RSA";
            case 3:
                return KEY_TYPE_DH_RSA;
            case 64:
                return "EC";
            case 65:
                return KEY_TYPE_EC_RSA;
            case 66:
                return KEY_TYPE_EC_EC;
            default:
                return null;
        }
    }

    public static Set<String> getSupportedClientKeyTypes(byte[] bArr) {
        HashSet hashSet = new HashSet(bArr.length);
        for (byte b : bArr) {
            String clientKeyType = getClientKeyType(b);
            if (clientKeyType != null) {
                hashSet.add(clientKeyType);
            }
        }
        return hashSet;
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [java.lang.String[], java.lang.String[][]] */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.String[], java.lang.String[][]] */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.String[], java.lang.String[][]] */
    private static String[] getDefaultCipherSuites(boolean z, boolean z2) {
        return z ? z2 ? concat(new String[]{NativeCrypto.DEFAULT_PSK_CIPHER_SUITES, NativeCrypto.DEFAULT_X509_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}}) : concat(new String[]{NativeCrypto.DEFAULT_X509_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}}) : z2 ? concat(new String[]{NativeCrypto.DEFAULT_PSK_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}}) : new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV};
    }

    private static String[] concat(String[]... strArr) {
        int i = 0;
        for (String[] strArr2 : strArr) {
            i += strArr2.length;
        }
        String[] strArr3 = new String[i];
        int i2 = 0;
        for (String[] strArr4 : strArr) {
            System.arraycopy(strArr4, 0, strArr3, i2, strArr4.length);
            i2 += strArr4.length;
        }
        return strArr3;
    }

    public boolean isCTVerificationEnabled(String str) {
        if (str == null) {
            return false;
        }
        if (this.ctVerificationEnabled) {
            return true;
        }
        return Platform.isCTVerificationRequired(str);
    }
}
