package ru.CryptoPro.ssl;

import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.http.HttpStatusCodesKt;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.ssl.util.TLSSettings;

/* loaded from: classes3.dex */
public abstract class SSLContextImpl extends SSLContextSpi {
    public static final String DISABLE_DEFAULT_CONTEXT_SETTING = "disable_default_context";

    /* renamed from: o, reason: collision with root package name */
    private static final boolean f18663o = GetProperty.getBooleanProperty(DISABLE_DEFAULT_CONTEXT_SETTING, false);

    /* renamed from: d, reason: collision with root package name */
    private boolean f18667d;

    /* renamed from: e, reason: collision with root package name */
    private X509ExtendedKeyManager f18668e;

    /* renamed from: f, reason: collision with root package name */
    private X509TrustManager f18669f;

    /* renamed from: g, reason: collision with root package name */
    private SecureRandom f18670g;

    /* renamed from: i, reason: collision with root package name */
    private cl_86 f18672i;

    /* renamed from: j, reason: collision with root package name */
    private cl_86 f18673j;

    /* renamed from: k, reason: collision with root package name */
    private cl_86 f18674k;

    /* renamed from: l, reason: collision with root package name */
    private cl_16 f18675l;

    /* renamed from: m, reason: collision with root package name */
    private cl_16 f18676m;

    /* renamed from: n, reason: collision with root package name */
    private cl_16 f18677n;

    /* renamed from: h, reason: collision with root package name */
    private AlgorithmConstraints f18671h = new cl_93(null);

    /* renamed from: a, reason: collision with root package name */
    private final cl_35 f18664a = new cl_35();

    /* renamed from: b, reason: collision with root package name */
    private final SSLSessionContextImpl f18665b = new SSLSessionContextImpl();

    /* renamed from: c, reason: collision with root package name */
    private final SSLSessionContextImpl f18666c = new SSLSessionContextImpl();

    /* loaded from: classes3.dex */
    abstract class AbstractSSLContext extends SSLContextImpl {

        /* renamed from: a, reason: collision with root package name */
        private static final SSLParameters f18678a;

        /* renamed from: b, reason: collision with root package name */
        private static final SSLParameters f18679b;

        static {
            cl_87[] cl_87VarArr;
            SSLParameters sSLParameters = new SSLParameters();
            f18679b = sSLParameters;
            if (cl_42.a()) {
                cl_87 cl_87Var = cl_87.f19395f;
                cl_87 cl_87Var2 = cl_87.f19396g;
                cl_87 cl_87Var3 = cl_87.f19397h;
                sSLParameters.setProtocols(new String[]{cl_87Var.f19407q, cl_87Var2.f19407q, cl_87Var3.f19407q});
                cl_87VarArr = new cl_87[]{cl_87Var, cl_87Var2, cl_87Var3};
            } else {
                cl_87 cl_87Var4 = cl_87.f19395f;
                cl_87 cl_87Var5 = cl_87.f19396g;
                cl_87 cl_87Var6 = cl_87.f19397h;
                sSLParameters.setProtocols(new String[]{cl_87Var4.f19407q, cl_87Var5.f19407q, cl_87Var6.f19407q});
                cl_87VarArr = new cl_87[]{cl_87Var4, cl_87Var5, cl_87Var6};
            }
            SSLParameters sSLParameters2 = new SSLParameters();
            f18678a = sSLParameters2;
            sSLParameters2.setProtocols((String[]) a(cl_87VarArr).toArray(new String[0]));
        }

        private AbstractSSLContext() {
        }

        static List a(cl_87[] cl_87VarArr) {
            List emptyList = Collections.emptyList();
            if (cl_87VarArr != null && cl_87VarArr.length != 0) {
                emptyList = new ArrayList(cl_87VarArr.length);
                for (cl_87 cl_87Var : cl_87VarArr) {
                    if (cl_87.f19402m.contains(cl_87Var)) {
                        emptyList.add(cl_87Var.f19407q);
                    }
                }
            }
            return emptyList;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters e() {
            return f18678a;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return f18679b;
        }
    }

    /* loaded from: classes3.dex */
    class CustomizedSSLContext extends AbstractSSLContext {

        /* renamed from: a, reason: collision with root package name */
        private static final String f18680a = "jdk.tls.client.protocols";

        /* renamed from: b, reason: collision with root package name */
        private static final SSLParameters f18681b;

        /* renamed from: c, reason: collision with root package name */
        private static IllegalArgumentException f18682c;

        static {
            cl_87[] cl_87VarArr;
            String[] strArr;
            String str = (String) AccessController.doPrivileged(new ru.CryptoPro.ssl.pc_0.cl_1(f18680a));
            if (str == null || str.length() == 0) {
                cl_87VarArr = cl_42.a() ? new cl_87[]{cl_87.f19395f, cl_87.f19396g, cl_87.f19397h} : new cl_87[]{cl_87.f19395f, cl_87.f19396g, cl_87.f19397h};
            } else {
                if (str.length() > 1 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
                    str = str.substring(1, str.length() - 1);
                }
                if (str == null || str.length() == 0) {
                    f18682c = new IllegalArgumentException("No protocol specified in jdk.tls.client.protocols system property");
                    strArr = new String[0];
                } else {
                    strArr = str.split(",");
                }
                int length = strArr.length;
                cl_87VarArr = new cl_87[length];
                for (int i10 = 0; i10 < strArr.length; i10++) {
                    String trim = strArr[i10].trim();
                    strArr[i10] = trim;
                    try {
                        cl_87VarArr[i10] = cl_87.a(trim);
                    } catch (IllegalArgumentException e10) {
                        f18682c = new IllegalArgumentException("jdk.tls.client.protocols: " + strArr[i10] + " is not a standard SSL/TLS protocol name", e10);
                    }
                }
                if (f18682c == null && cl_42.a()) {
                    for (int i11 = 0; i11 < length; i11++) {
                        cl_87 cl_87Var = cl_87VarArr[i11];
                        int i12 = cl_87.f19393d.f19404n;
                        int i13 = cl_87Var.f19404n;
                        if (i12 == i13 || cl_87.f19394e.f19404n == i13) {
                            f18682c = new IllegalArgumentException("jdk.tls.client.protocols: " + cl_87Var + " is not FIPS compliant");
                        }
                    }
                }
            }
            SSLParameters sSLParameters = new SSLParameters();
            f18681b = sSLParameters;
            if (f18682c == null) {
                sSLParameters.setProtocols((String[]) AbstractSSLContext.a(cl_87VarArr).toArray(new String[0]));
            }
        }

        protected CustomizedSSLContext() {
            super();
            IllegalArgumentException illegalArgumentException = f18682c;
            if (illegalArgumentException != null) {
                throw illegalArgumentException;
            }
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return f18681b;
        }
    }

    /* loaded from: classes3.dex */
    public final class DefaultSSLContext extends CustomizedSSLContext {

        /* renamed from: a, reason: collision with root package name */
        private static final String f18683a = "NONE";

        /* renamed from: b, reason: collision with root package name */
        private static final String f18684b = "PKCS11";

        /* renamed from: c, reason: collision with root package name */
        private static volatile SSLContextImpl f18685c;

        /* renamed from: d, reason: collision with root package name */
        private static TrustManager[] f18686d;

        /* renamed from: e, reason: collision with root package name */
        private static KeyManager[] f18687e;

        public DefaultSSLContext() {
            try {
                super.engineInit(m(), l(), null);
                if (f18685c == null) {
                    f18685c = this;
                }
                SSLLogger.info("DefaultSSLContext initialized.");
            } catch (Exception e10) {
                SSLLogger.warning("default context init failed: ", e10);
                throw e10;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static synchronized SSLContextImpl k() {
            SSLContextImpl sSLContextImpl;
            synchronized (DefaultSSLContext.class) {
                if (f18685c == null) {
                    new DefaultSSLContext();
                }
                sSLContextImpl = f18685c;
            }
            return sSLContextImpl;
        }

        private static synchronized TrustManager[] l() {
            synchronized (DefaultSSLContext.class) {
                TrustManager[] trustManagerArr = f18686d;
                if (trustManagerArr != null) {
                    return trustManagerArr;
                }
                KeyStore a10 = TrustManagerFactoryImpl.a("defaultctx");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(a10);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                f18686d = trustManagers;
                return trustManagers;
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:29:0x00c9 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:32:0x00e5 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:36:0x00e9 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private static synchronized javax.net.ssl.KeyManager[] m() {
            /*
                Method dump skipped, instructions count: 263
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.ssl.SSLContextImpl.DefaultSSLContext.m():javax.net.ssl.KeyManager[]");
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }
    }

    /* loaded from: classes3.dex */
    public final class TLS10Context extends AbstractSSLContext {

        /* renamed from: a, reason: collision with root package name */
        private static final SSLParameters f18689a;

        static {
            cl_87[] cl_87VarArr = cl_42.a() ? new cl_87[]{cl_87.f19395f} : new cl_87[]{cl_87.f19395f};
            SSLParameters sSLParameters = new SSLParameters();
            f18689a = sSLParameters;
            sSLParameters.setProtocols((String[]) AbstractSSLContext.a(cl_87VarArr).toArray(new String[0]));
        }

        public TLS10Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return f18689a;
        }
    }

    /* loaded from: classes3.dex */
    public final class TLS11Context extends AbstractSSLContext {

        /* renamed from: a, reason: collision with root package name */
        private static final SSLParameters f18690a;

        static {
            cl_87[] cl_87VarArr = cl_42.a() ? new cl_87[]{cl_87.f19395f, cl_87.f19396g} : new cl_87[]{cl_87.f19395f, cl_87.f19396g};
            SSLParameters sSLParameters = new SSLParameters();
            f18690a = sSLParameters;
            sSLParameters.setProtocols((String[]) AbstractSSLContext.a(cl_87VarArr).toArray(new String[0]));
        }

        public TLS11Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return f18690a;
        }
    }

    /* loaded from: classes3.dex */
    public final class TLS12Context extends AbstractSSLContext {

        /* renamed from: a, reason: collision with root package name */
        private static final SSLParameters f18691a;

        static {
            cl_87[] cl_87VarArr = cl_42.a() ? new cl_87[]{cl_87.f19395f, cl_87.f19396g, cl_87.f19397h} : new cl_87[]{cl_87.f19395f, cl_87.f19396g, cl_87.f19397h};
            SSLParameters sSLParameters = new SSLParameters();
            f18691a = sSLParameters;
            sSLParameters.setProtocols((String[]) AbstractSSLContext.a(cl_87VarArr).toArray(new String[0]));
        }

        public TLS12Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return f18691a;
        }
    }

    /* loaded from: classes3.dex */
    public final class TLSContext extends CustomizedSSLContext {
    }

    SSLContextImpl() {
    }

    private X509ExtendedKeyManager a(KeyManager[] keyManagerArr) {
        for (int i10 = 0; keyManagerArr != null && i10 < keyManagerArr.length; i10++) {
            KeyManager keyManager = keyManagerArr[i10];
            if (keyManager instanceof X509KeyManager) {
                if (cl_42.a()) {
                    if ((keyManager instanceof cl_118) || (keyManager instanceof cl_45)) {
                        return (X509ExtendedKeyManager) keyManager;
                    }
                    throw new KeyManagementException("FIPS mode: only JTLS KeyManagers may be used");
                }
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                SSLLogger.fine("X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use");
                return new cl_1((X509KeyManager) keyManager);
            }
        }
        return cl_24.f19042a;
    }

    private X509TrustManager a(TrustManager[] trustManagerArr) {
        for (int i10 = 0; trustManagerArr != null && i10 < trustManagerArr.length; i10++) {
            if (trustManagerArr[i10] instanceof X509TrustManager) {
                if (cl_42.a() && !(trustManagerArr[i10] instanceof cl_125)) {
                    throw new KeyManagementException("FIPS mode: only JTLS TrustManagers may be used");
                }
                TrustManager trustManager = trustManagerArr[i10];
                return trustManager instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManager : new cl_2((X509TrustManager) trustManagerArr[i10]);
            }
        }
        return cl_25.f19043a;
    }

    private cl_16 a(cl_86 cl_86Var, boolean z10) {
        int i10 = z10 ? HttpStatusCodesKt.HTTP_MULT_CHOICE : 1;
        Collection<cl_10> c10 = cl_10.c();
        TreeSet treeSet = new TreeSet();
        if (!cl_86Var.a().isEmpty() && cl_86Var.f19385a.f19404n != cl_87.f19392c.f19404n) {
            for (cl_10 cl_10Var : c10) {
                if (cl_10Var.f18870l && cl_10Var.f18864f >= i10) {
                    if (!cl_10Var.a() || cl_10Var.f18871m <= cl_86Var.f19385a.f19404n || cl_10Var.f18872n > cl_86Var.f19386b.f19404n) {
                        SSLLogger.fine(cl_10Var.f18871m <= cl_86Var.f19385a.f19404n ? "Ignoring obsoleted cipher suite:" : cl_10Var.f18872n > cl_86Var.f19386b.f19404n ? "Ignoring unsupported cipher suite:" : "Ignoring unavailable cipher suite:", cl_10Var);
                    } else if (cl_93.f19449a.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cl_10Var.f18862d, null)) {
                        treeSet.add(cl_10Var);
                    }
                }
            }
        }
        return new cl_16(treeSet);
    }

    private void k() {
        this.f18677n = null;
        this.f18675l = null;
        this.f18676m = null;
        cl_11.b();
        cl_76.b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRandom a() {
        return this.f18670g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_86 a(boolean z10) {
        if (z10) {
            if (this.f18672i == null) {
                this.f18672i = new cl_86(e().getProtocols());
            }
            return this.f18672i;
        }
        if (this.f18673j == null) {
            this.f18673j = new cl_86(f().getProtocols());
        }
        return this.f18673j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(cl_86 cl_86Var) {
        return cl_86Var == this.f18672i || cl_86Var == this.f18673j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager b() {
        return this.f18668e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_16 b(boolean z10) {
        synchronized (this) {
            k();
            if (z10) {
                if (this.f18675l == null) {
                    this.f18675l = a(a(true), true);
                }
                return this.f18675l;
            }
            if (this.f18676m == null) {
                this.f18676m = a(a(false), true);
            }
            return this.f18676m;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager c() {
        return this.f18669f;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_35 d() {
        return this.f18664a;
    }

    abstract SSLParameters e();

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        if (this.f18667d) {
            return new SSLEngineImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i10) {
        if (this.f18667d) {
            return new SSLEngineImpl(this, str, i10);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.f18665b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.f18666c;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.f18667d) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (this.f18667d) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
        SSLLogger.info("SSLContextImpl init.");
        this.f18667d = false;
        this.f18668e = a(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception unused) {
            }
        }
        this.f18669f = a(trustManagerArr);
        this.f18670g = cl_76.d();
        SSLLogger.info("trigger seeding of SecureRandom");
        this.f18670g.nextInt();
        SSLLogger.info("done seeding SecureRandom");
        if (!TLSSettings.getDefaultEnableRevocation() && TLSSettings.getTlsProhibitDisabledValidation()) {
            throw new KeyManagementException("Certificate validation is disabled but required. The check can be turned off using -Dtls_prohibit_disabled_validation=false or SetPrefs (see the programmer's guide) or TLSSettings.");
        }
        SSLLogger.info("SSLContextImpl initialized.");
        this.f18667d = true;
    }

    abstract SSLParameters f();

    abstract SSLParameters g();

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_86 h() {
        if (this.f18674k == null) {
            this.f18674k = new cl_86(g().getProtocols());
        }
        return this.f18674k;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_16 i() {
        cl_16 cl_16Var;
        synchronized (this) {
            k();
            if (this.f18677n == null) {
                this.f18677n = a(h(), false);
            }
            cl_16Var = this.f18677n;
        }
        return cl_16Var;
    }
}
