package org.spongycastle.jsse.provider;

import androidx.appcompat.view.menu.SubMenuBuilder$$ExternalSyntheticOutline0;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.tls.ProtocolVersion;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsCrypto;
import org.spongycastle.tls.crypto.TlsCryptoProvider;

/* loaded from: classes4.dex */
class ProvSSLContextSpi extends SSLContextSpi {
    private static final List<String> DEFAULT_CIPHERSUITE_LIST;
    private static final List<String> DEFAULT_CIPHERSUITE_LIST_FIPS;
    private static final Map<String, Integer> SUPPORTED_CIPHERSUITE_MAP;
    private static final Map<String, Integer> SUPPORTED_CIPHERSUITE_MAP_FIPS;
    private static final Map<String, ProtocolVersion> supportedProtocols;
    private ProvSSLSessionContext clientSessionContext;
    private TlsCrypto crypto;
    protected final TlsCryptoProvider cryptoProvider;
    protected final List<String> defaultCipherSuites;
    protected final String[] defaultProtocols;
    protected boolean initialized = false;
    protected final boolean isInFipsMode;
    private X509KeyManager km;
    private ProvSSLSessionContext serverSessionContext;
    protected final Map<String, Integer> supportedCipherSuites;
    private X509TrustManager tm;

    static {
        Map<String, Integer> createSupportedCipherSuiteMap = createSupportedCipherSuiteMap();
        SUPPORTED_CIPHERSUITE_MAP = createSupportedCipherSuiteMap;
        SUPPORTED_CIPHERSUITE_MAP_FIPS = createSupportedCipherSuiteMapFips(createSupportedCipherSuiteMap);
        supportedProtocols = createSupportedProtocols();
        List<String> createDefaultCipherSuiteList = createDefaultCipherSuiteList(createSupportedCipherSuiteMap.keySet());
        DEFAULT_CIPHERSUITE_LIST = createDefaultCipherSuiteList;
        DEFAULT_CIPHERSUITE_LIST_FIPS = createDefaultCipherSuiteListFips(createDefaultCipherSuiteList);
    }

    public ProvSSLContextSpi(boolean z, TlsCryptoProvider tlsCryptoProvider, String[] strArr) {
        this.isInFipsMode = z;
        this.cryptoProvider = tlsCryptoProvider;
        this.defaultProtocols = strArr;
        this.supportedCipherSuites = z ? SUPPORTED_CIPHERSUITE_MAP_FIPS : SUPPORTED_CIPHERSUITE_MAP;
        this.defaultCipherSuites = z ? DEFAULT_CIPHERSUITE_LIST_FIPS : DEFAULT_CIPHERSUITE_LIST;
    }

    private static List<String> createDefaultCipherSuiteList(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA");
        arrayList.retainAll(set);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static List<String> createDefaultCipherSuiteListFips(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        FipsUtils.removeNonFipsCipherSuites(arrayList);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.spongycastle.jsse.provider.ProvSSLContextSpi$1, java.util.Map] */
    private static Map<String, Integer> createSupportedCipherSuiteMap() {
        ?? r0 = new HashMap<String, Integer>() { // from class: org.spongycastle.jsse.provider.ProvSSLContextSpi.1
            @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
            public Integer put(String str, Integer num) {
                if (super.put((AnonymousClass1) str, (String) num) == null) {
                    return null;
                }
                throw new IllegalStateException("Duplicate names in supported-cipher-suites");
            }
        };
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(19, r0, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 50, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(64, r0, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 162, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(56, r0, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 106, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(163, r0, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 22, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(51, r0, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 103, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49310, r0, "TLS_DHE_RSA_WITH_AES_128_CCM", 49314, "TLS_DHE_RSA_WITH_AES_128_CCM_8");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(158, r0, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 57, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(107, r0, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 49311, "TLS_DHE_RSA_WITH_AES_256_CCM");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49315, r0, "TLS_DHE_RSA_WITH_AES_256_CCM_8", 159, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49160, r0, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 49161, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49187, r0, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 49324, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49326, r0, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 49195, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49162, r0, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 49188, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49325, r0, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 49327, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49196, r0, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 52393, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49158, r0, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 49170, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49171, r0, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 49191, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49199, r0, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 49172, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49192, r0, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 49200, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(52392, r0, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 49168, "TLS_ECDHE_RSA_WITH_NULL_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(10, r0, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 47, "TLS_RSA_WITH_AES_128_CBC_SHA");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(60, r0, "TLS_RSA_WITH_AES_128_CBC_SHA256", 49308, "TLS_RSA_WITH_AES_128_CCM");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49312, r0, "TLS_RSA_WITH_AES_128_CCM_8", 156, "TLS_RSA_WITH_AES_128_GCM_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(53, r0, "TLS_RSA_WITH_AES_256_CBC_SHA", 61, "TLS_RSA_WITH_AES_256_CBC_SHA256");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(49309, r0, "TLS_RSA_WITH_AES_256_CCM", 49313, "TLS_RSA_WITH_AES_256_CCM_8");
        ProvSSLContextSpi$$ExternalSyntheticOutline0.m(157, r0, "TLS_RSA_WITH_AES_256_GCM_SHA384", 2, "TLS_RSA_WITH_NULL_SHA");
        r0.put("TLS_RSA_WITH_NULL_SHA256", 59);
        return Collections.unmodifiableMap(r0);
    }

    private static Map<String, Integer> createSupportedCipherSuiteMapFips(Map<String, Integer> map) {
        HashMap hashMap = new HashMap(map);
        FipsUtils.removeNonFipsCipherSuites(hashMap.keySet());
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, ProtocolVersion> createSupportedProtocols() {
        HashMap hashMap = new HashMap();
        hashMap.put("TLSv1", ProtocolVersion.TLSv10);
        hashMap.put("TLSv1.1", ProtocolVersion.TLSv11);
        hashMap.put("TLSv1.2", ProtocolVersion.TLSv12);
        return Collections.unmodifiableMap(hashMap);
    }

    public void checkInitialized() {
        if (!this.initialized) {
            throw new IllegalStateException("SSLContext has not been initialized.");
        }
    }

    public int[] convertCipherSuites(String[] strArr) {
        int[] iArr = new int[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            iArr[i] = this.supportedCipherSuites.get(strArr[i]).intValue();
        }
        return iArr;
    }

    public ContextData createContextData() {
        return new ContextData(this.crypto, this.km, this.tm, this.clientSessionContext, this.serverSessionContext);
    }

    public ProvSSLSessionContext createSSLSessionContext() {
        return new ProvSSLSessionContext(this, this.crypto);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLEngine engineCreateSSLEngine() {
        checkInitialized();
        return new ProvSSLEngine(this, createContextData());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
        checkInitialized();
        return new ProvSSLEngine(this, createContextData(), str, i);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLSessionContext engineGetClientSessionContext() {
        return this.clientSessionContext;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLParameters engineGetDefaultSSLParameters() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setCipherSuites(getDefaultCipherSuites());
        sSLParameters.setProtocols(getDefaultProtocols());
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLSessionContext engineGetServerSessionContext() {
        return this.serverSessionContext;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLServerSocketFactory engineGetServerSocketFactory() {
        checkInitialized();
        return new ProvSSLServerSocketFactory(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLSocketFactory engineGetSocketFactory() {
        checkInitialized();
        return new ProvSSLSocketFactory(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLParameters engineGetSupportedSSLParameters() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setCipherSuites(getSupportedCipherSuites());
        sSLParameters.setProtocols(getSupportedProtocols());
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        this.initialized = false;
        this.crypto = this.cryptoProvider.create(secureRandom);
        this.km = selectKeyManager(keyManagerArr);
        this.tm = selectTrustManager(trustManagerArr);
        this.clientSessionContext = createSSLSessionContext();
        this.serverSessionContext = createSSLSessionContext();
        this.initialized = true;
    }

    public X509KeyManager findX509KeyManager(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    public X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        if (trustManagerArr == null) {
            return null;
        }
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public String getCipherSuiteString(int i) {
        if (!TlsUtils.isValidUint16(i)) {
            return null;
        }
        for (Map.Entry<String, Integer> entry : this.supportedCipherSuites.entrySet()) {
            if (entry.getValue().intValue() == i) {
                return entry.getKey();
            }
        }
        return null;
    }

    public String[] getDefaultCipherSuites() {
        List<String> list = this.defaultCipherSuites;
        return (String[]) list.toArray(new String[list.size()]);
    }

    public String[] getDefaultProtocols() {
        return this.defaultProtocols;
    }

    public ProtocolVersion getMaximumVersion(String[] strArr) {
        ProtocolVersion protocolVersion;
        ProtocolVersion protocolVersion2 = null;
        if (strArr != null) {
            for (String str : strArr) {
                if (str != null && (protocolVersion = supportedProtocols.get(str)) != null && (protocolVersion2 == null || protocolVersion.isLaterVersionOf(protocolVersion2))) {
                    protocolVersion2 = protocolVersion;
                }
            }
        }
        return protocolVersion2;
    }

    public ProtocolVersion getMinimumVersion(String[] strArr) {
        ProtocolVersion protocolVersion;
        ProtocolVersion protocolVersion2 = null;
        if (strArr != null) {
            for (String str : strArr) {
                if (str != null && (protocolVersion = supportedProtocols.get(str)) != null && (protocolVersion2 == null || protocolVersion2.isLaterVersionOf(protocolVersion))) {
                    protocolVersion2 = protocolVersion;
                }
            }
        }
        return protocolVersion2;
    }

    public String getProtocolString(ProtocolVersion protocolVersion) {
        if (protocolVersion == null) {
            return null;
        }
        for (Map.Entry<String, ProtocolVersion> entry : supportedProtocols.entrySet()) {
            if (protocolVersion.equals(entry.getValue())) {
                return entry.getKey();
            }
        }
        return null;
    }

    public String[] getSupportedCipherSuites() {
        return (String[]) this.supportedCipherSuites.keySet().toArray(new String[this.supportedCipherSuites.size()]);
    }

    public String[] getSupportedProtocols() {
        Map<String, ProtocolVersion> map = supportedProtocols;
        return (String[]) map.keySet().toArray(new String[map.size()]);
    }

    public boolean isFips() {
        return this.isInFipsMode;
    }

    public boolean isSupportedCipherSuites(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !this.supportedCipherSuites.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    public boolean isSupportedProtocols(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !supportedProtocols.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    public X509KeyManager selectKeyManager(KeyManager[] keyManagerArr) throws KeyManagementException {
        if (keyManagerArr == null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(null, null);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (GeneralSecurityException e) {
                throw new KeyManagementException(e);
            }
        }
        return findX509KeyManager(keyManagerArr);
    }

    public X509TrustManager selectTrustManager(TrustManager[] trustManagerArr) throws KeyManagementException {
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (GeneralSecurityException e) {
                throw new KeyManagementException(e);
            }
        }
        return findX509TrustManager(trustManagerArr);
    }

    public void validateNegotiatedCipherSuite(int i) {
        String cipherSuiteString = getCipherSuiteString(i);
        if (cipherSuiteString == null || !this.supportedCipherSuites.containsKey(cipherSuiteString) || (this.isInFipsMode && !FipsUtils.isFipsCipherSuite(cipherSuiteString))) {
            throw new IllegalStateException(SubMenuBuilder$$ExternalSyntheticOutline0.m(i, "SSL connection negotiated unsupported ciphersuite: "));
        }
    }
}
