package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.util.internal.logging.InternalLogger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;

/* loaded from: classes2.dex */
public class k extends ai {

    /* renamed from: a, reason: collision with root package name */
    static final String[] f5041a;
    static final List<String> b;
    static final Set<String> c;
    private static final InternalLogger d = io.netty.util.internal.logging.b.getInstance((Class<?>) k.class);
    private final String[] e;
    private final List<String> f;
    private final JdkApplicationProtocolNegotiator g;
    private final ClientAuth i;
    private final SSLContext j;
    private final boolean k;

    static {
        try {
            SSLContext sSLContext = SSLContext.getInstance(com.duolebo.appbase.prj.b.b.TLS);
            sSLContext.init(null, null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
            HashSet hashSet = new HashSet(supportedProtocols.length);
            for (String str : supportedProtocols) {
                hashSet.add(str);
            }
            ArrayList arrayList = new ArrayList();
            a(hashSet, arrayList, "TLSv1.2", "TLSv1.1", "TLSv1");
            if (arrayList.isEmpty()) {
                f5041a = createSSLEngine.getEnabledProtocols();
            } else {
                f5041a = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
            c = new HashSet(supportedCipherSuites.length);
            for (String str2 : supportedCipherSuites) {
                c.add(str2);
            }
            ArrayList arrayList2 = new ArrayList();
            a(c, arrayList2, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA");
            if (arrayList2.isEmpty()) {
                for (String str3 : createSSLEngine.getEnabledCipherSuites()) {
                    if (!str3.contains("_RC4_")) {
                        arrayList2.add(str3);
                    }
                }
            }
            b = Collections.unmodifiableList(arrayList2);
            if (d.isDebugEnabled()) {
                d.debug("Default protocols (JDK): {} ", Arrays.asList(f5041a));
                d.debug("Default cipher suites (JDK): {}", b);
            }
        } catch (Exception e) {
            throw new Error("failed to initialize the default SSL context", e);
        }
    }

    public k(SSLContext sSLContext, boolean z, ClientAuth clientAuth) {
        this(sSLContext, z, null, c.INSTANCE, g.INSTANCE, clientAuth, false);
    }

    public k(SSLContext sSLContext, boolean z, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth) {
        this(sSLContext, z, iterable, cipherSuiteFilter, a(applicationProtocolConfig, !z), clientAuth, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public k(SSLContext sSLContext, boolean z, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, JdkApplicationProtocolNegotiator jdkApplicationProtocolNegotiator, ClientAuth clientAuth, boolean z2) {
        super(z2);
        this.g = (JdkApplicationProtocolNegotiator) io.netty.util.internal.k.checkNotNull(jdkApplicationProtocolNegotiator, "apn");
        this.i = (ClientAuth) io.netty.util.internal.k.checkNotNull(clientAuth, "clientAuth");
        this.e = ((CipherSuiteFilter) io.netty.util.internal.k.checkNotNull(cipherSuiteFilter, "cipherFilter")).filterCipherSuites(iterable, b, c);
        this.f = Collections.unmodifiableList(Arrays.asList(this.e));
        this.j = (SSLContext) io.netty.util.internal.k.checkNotNull(sSLContext, "sslContext");
        this.k = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JdkApplicationProtocolNegotiator a(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        if (applicationProtocolConfig == null) {
            return g.INSTANCE;
        }
        switch (applicationProtocolConfig.protocol()) {
            case NONE:
                return g.INSTANCE;
            case ALPN:
                if (z) {
                    switch (applicationProtocolConfig.selectorFailureBehavior()) {
                        case FATAL_ALERT:
                            return new d(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        case NO_ADVERTISE:
                            return new d(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
                    }
                }
                switch (applicationProtocolConfig.selectedListenerFailureBehavior()) {
                    case ACCEPT:
                        return new d(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    case FATAL_ALERT:
                        return new d(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    default:
                        throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
                }
            case NPN:
                if (z) {
                    switch (applicationProtocolConfig.selectedListenerFailureBehavior()) {
                        case ACCEPT:
                            return new h(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        case FATAL_ALERT:
                            return new h(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                        default:
                            throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " failure behavior");
                    }
                }
                switch (applicationProtocolConfig.selectorFailureBehavior()) {
                    case FATAL_ALERT:
                        return new h(true, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    case NO_ADVERTISE:
                        return new h(false, (Iterable<String>) applicationProtocolConfig.supportedProtocols());
                    default:
                        throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " failure behavior");
                }
            default:
                throw new UnsupportedOperationException("JDK provider does not support " + applicationProtocolConfig.protocol() + " protocol");
        }
    }

    private SSLEngine a(SSLEngine sSLEngine) {
        sSLEngine.setEnabledCipherSuites(this.e);
        sSLEngine.setEnabledProtocols(f5041a);
        sSLEngine.setUseClientMode(isClient());
        if (isServer()) {
            switch (this.i) {
                case OPTIONAL:
                    sSLEngine.setWantClientAuth(true);
                    break;
                case REQUIRE:
                    sSLEngine.setNeedClientAuth(true);
                    break;
            }
        }
        return this.g.wrapperFactory().wrapSslEngine(sSLEngine, this.g, isServer());
    }

    private static void a(Set<String> set, List<String> list, String... strArr) {
        for (String str : strArr) {
            if (set.contains(str)) {
                list.add(str);
            }
        }
    }

    @Override // io.netty.handler.ssl.ai
    public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.g;
    }

    @Override // io.netty.handler.ssl.ai
    public final List<String> cipherSuites() {
        return this.f;
    }

    public final SSLContext context() {
        return this.j;
    }

    @Override // io.netty.handler.ssl.ai
    public final boolean isClient() {
        return this.k;
    }

    @Override // io.netty.handler.ssl.ai
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return a(context().createSSLEngine());
    }

    @Override // io.netty.handler.ssl.ai
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        return a(context().createSSLEngine(str, i));
    }

    @Override // io.netty.handler.ssl.ai
    public final long sessionCacheSize() {
        return sessionContext().getSessionCacheSize();
    }

    @Override // io.netty.handler.ssl.ai
    public final SSLSessionContext sessionContext() {
        return isServer() ? context().getServerSessionContext() : context().getClientSessionContext();
    }

    @Override // io.netty.handler.ssl.ai
    public final long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }
}
