package org.bouncycastle.jsse.provider;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;
import org.bouncycastle.jsse.BCX509ExtendedTrustManager;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.java.security.BCCryptoPrimitive;
import org.bouncycastle.tls.CipherSuite;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class am extends SSLContextSpi {
    private static final Logger hIJ = Logger.getLogger(am.class.getName());
    private static final Set<BCCryptoPrimitive> hUn = y.hTq;
    private static final Map<String, c> hUo;
    private static final Map<String, c> hUp;
    private static final Map<String, ProtocolVersion> hUq;
    private static final Map<String, ProtocolVersion> hUr;
    private static final List<String> hUs;
    private static final List<String> hUt;
    private static final List<String> hUu;
    private static final List<String> hUv;
    private d contextData = null;
    protected final boolean hSp;
    protected final String[] hUA;
    protected final String[] hUB;
    protected final String[] hUC;
    protected final JcaTlsCryptoProvider hUw;
    protected final Map<String, c> hUx;
    protected final Map<String, ProtocolVersion> hUy;
    protected final String[] hUz;

    static {
        Map<String, c> aTZ = aTZ();
        hUo = aTZ;
        hUp = F(aTZ);
        Map<String, ProtocolVersion> aUa = aUa();
        hUq = aUa;
        hUr = G(aUa);
        List<String> v = v(aTZ.keySet());
        hUs = v;
        hUt = cn(v);
        List<String> w = w(aUa.keySet());
        hUu = w;
        hUv = co(w);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public am(boolean z, JcaTlsCryptoProvider jcaTlsCryptoProvider, List<String> list) {
        this.hSp = z;
        this.hUw = jcaTlsCryptoProvider;
        Map<String, c> map = z ? hUp : hUo;
        this.hUx = map;
        Map<String, ProtocolVersion> map2 = z ? hUr : hUq;
        this.hUy = map2;
        List<String> list2 = z ? hUt : hUs;
        List<String> list3 = z ? hUv : hUu;
        this.hUz = b(map, list2);
        this.hUA = c(map, list2);
        this.hUB = a(map2, list3, list);
        this.hUC = d(map2, list3);
    }

    private static Map<String, c> F(Map<String, c> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map);
        n.R(linkedHashMap.keySet());
        return Collections.unmodifiableMap(linkedHashMap);
    }

    private static Map<String, ProtocolVersion> G(Map<String, ProtocolVersion> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map);
        n.S(linkedHashMap.keySet());
        return Collections.unmodifiableMap(linkedHashMap);
    }

    private static String[] H(Map<String, ?> map) {
        return Z(map.keySet());
    }

    private static String[] Z(Collection<String> collection) {
        return (String[]) collection.toArray(new String[collection.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String a(ProtocolVersion protocolVersion) {
        if (protocolVersion == null) {
            return "NONE";
        }
        for (Map.Entry<String, ProtocolVersion> entry : hUq.entrySet()) {
            if (entry.getValue().equals(protocolVersion)) {
                return entry.getKey();
            }
        }
        return "NONE";
    }

    private static void a(Map<String, c> map, String str, int i) {
        if (map.put(str, c.y(i, str)) != null) {
            throw new IllegalStateException("Duplicate names in supported-cipher-suites");
        }
    }

    private static String[] a(Map<String, c> map, String str, List<String> list) {
        List<String> j = j(str, list);
        String[] strArr = new String[j.size()];
        int i = 0;
        for (String str2 : j) {
            if (map.containsKey(str2) && ah.hUb.permits(hUn, str2, null)) {
                strArr[i] = str2;
                i++;
            }
        }
        return y.d(strArr, i);
    }

    private static String[] a(Map<String, ProtocolVersion> map, String str, List<String> list, List<String> list2) {
        if (list2 == null) {
            list2 = k(str, list);
        }
        String[] strArr = new String[list2.size()];
        int i = 0;
        for (String str2 : list2) {
            if (map.containsKey(str2) && ah.hUc.permits(hUn, str2, null)) {
                strArr[i] = str2;
                i++;
            }
        }
        return y.d(strArr, i);
    }

    private static String[] a(Map<String, ProtocolVersion> map, List<String> list, List<String> list2) {
        return a(map, "jdk.tls.client.protocols", list, list2);
    }

    private static Map<String, c> aTZ() {
        TreeMap treeMap = new TreeMap();
        a(treeMap, "TLS_AES_128_CCM_8_SHA256", CipherSuite.TLS_AES_128_CCM_8_SHA256);
        a(treeMap, "TLS_AES_128_CCM_SHA256", CipherSuite.TLS_AES_128_CCM_SHA256);
        a(treeMap, "TLS_AES_128_GCM_SHA256", CipherSuite.TLS_AES_128_GCM_SHA256);
        a(treeMap, "TLS_AES_256_GCM_SHA384", CipherSuite.TLS_AES_256_GCM_SHA384);
        a(treeMap, "TLS_CHACHA20_POLY1305_SHA256", CipherSuite.TLS_CHACHA20_POLY1305_SHA256);
        a(treeMap, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 19);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 50);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 64);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 162);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 56);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 106);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 163);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", CipherSuite.TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", CipherSuite.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", CipherSuite.TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", CipherSuite.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 68);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 189);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 49280);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 135);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 195);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 49281);
        a(treeMap, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 22);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 51);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 103);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM", 49310);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM_8", 49314);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 158);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 57);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 107);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM", 49311);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM_8", 49315);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 159);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", CipherSuite.TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", CipherSuite.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", CipherSuite.TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", CipherSuite.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 69);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 190);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49276);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 136);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 196);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49277);
        a(treeMap, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 49160);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 49161);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 49187);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 49324);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 49326);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 49195);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 49162);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 49188);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 49325);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 49327);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 49196);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", CipherSuite.TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", CipherSuite.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", CipherSuite.TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", CipherSuite.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 49266);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 49286);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 49267);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 49287);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 49158);
        a(treeMap, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 49170);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 49171);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 49191);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 49199);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 49172);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 49192);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 49200);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", CipherSuite.TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", CipherSuite.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", CipherSuite.TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", CipherSuite.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 49270);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49290);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 49271);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49291);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
        a(treeMap, "TLS_ECDHE_RSA_WITH_NULL_SHA", 49168);
        a(treeMap, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 10);
        a(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA", 47);
        a(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA256", 60);
        a(treeMap, "TLS_RSA_WITH_AES_128_CCM", 49308);
        a(treeMap, "TLS_RSA_WITH_AES_128_CCM_8", 49312);
        a(treeMap, "TLS_RSA_WITH_AES_128_GCM_SHA256", 156);
        a(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA", 53);
        a(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA256", 61);
        a(treeMap, "TLS_RSA_WITH_AES_256_CCM", 49309);
        a(treeMap, "TLS_RSA_WITH_AES_256_CCM_8", 49313);
        a(treeMap, "TLS_RSA_WITH_AES_256_GCM_SHA384", 157);
        a(treeMap, "TLS_RSA_WITH_ARIA_128_CBC_SHA256", CipherSuite.TLS_RSA_WITH_ARIA_128_CBC_SHA256);
        a(treeMap, "TLS_RSA_WITH_ARIA_128_GCM_SHA256", CipherSuite.TLS_RSA_WITH_ARIA_128_GCM_SHA256);
        a(treeMap, "TLS_RSA_WITH_ARIA_256_CBC_SHA384", CipherSuite.TLS_RSA_WITH_ARIA_256_CBC_SHA384);
        a(treeMap, "TLS_RSA_WITH_ARIA_256_GCM_SHA384", CipherSuite.TLS_RSA_WITH_ARIA_256_GCM_SHA384);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 65);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 186);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49274);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 132);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 192);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49275);
        a(treeMap, "TLS_RSA_WITH_NULL_SHA", 2);
        a(treeMap, "TLS_RSA_WITH_NULL_SHA256", 59);
        return Collections.unmodifiableMap(treeMap);
    }

    private static Map<String, ProtocolVersion> aUa() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("TLSv1.3", ProtocolVersion.TLSv13);
        linkedHashMap.put("TLSv1.2", ProtocolVersion.TLSv12);
        linkedHashMap.put("TLSv1.1", ProtocolVersion.TLSv11);
        linkedHashMap.put("TLSv1", ProtocolVersion.TLSv10);
        linkedHashMap.put("SSLv3", ProtocolVersion.SSLv3);
        return Collections.unmodifiableMap(linkedHashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManager[] aUb() throws Exception {
        ab aTX = ak.aTX();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(aTX.fJI, aTX.password);
        return keyManagerFactory.getKeyManagers();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManager[] aUc() throws Exception {
        KeyStore aUL = bj.aUL();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(aUL);
        return trustManagerFactory.getTrustManagers();
    }

    private static String[] b(Map<String, c> map, List<String> list) {
        return a(map, "jdk.tls.client.cipherSuites", list);
    }

    private static String[] c(Map<String, c> map, List<String> list) {
        return a(map, "jdk.tls.server.cipherSuites", list);
    }

    private static List<String> cn(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        n.R(arrayList);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static List<String> co(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        n.S(arrayList);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static String[] d(Map<String, ProtocolVersion> map, List<String> list) {
        return a(map, "jdk.tls.server.protocols", list, null);
    }

    private String[] dn(boolean z) {
        return z ? this.hUz : this.hUA;
    }

    /* renamed from: do, reason: not valid java name */
    private String[] m1023do(boolean z) {
        return z ? this.hUB : this.hUC;
    }

    private static List<String> j(String str, List<String> list) {
        String[] kr = af.kr(str);
        if (kr == null) {
            return list;
        }
        ArrayList arrayList = new ArrayList(kr.length);
        for (String str2 : kr) {
            if (!arrayList.contains(str2)) {
                if (hUo.containsKey(str2)) {
                    arrayList.add(str2);
                } else {
                    hIJ.warning("'" + str + "' contains unsupported cipher suite: " + str2);
                }
            }
        }
        if (!arrayList.isEmpty()) {
            return arrayList;
        }
        hIJ.severe("'" + str + "' contained no supported cipher suites (ignoring)");
        return list;
    }

    private static List<String> k(String str, List<String> list) {
        String[] kr = af.kr(str);
        if (kr == null) {
            return list;
        }
        ArrayList arrayList = new ArrayList(kr.length);
        for (String str2 : kr) {
            if (!arrayList.contains(str2)) {
                if (hUq.containsKey(str2)) {
                    arrayList.add(str2);
                } else {
                    hIJ.warning("'" + str + "' contains unsupported protocol: " + str2);
                }
            }
        }
        if (!arrayList.isEmpty()) {
            return arrayList;
        }
        hIJ.severe("'" + str + "' contained no supported protocols (ignoring)");
        return list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static c kv(String str) {
        return hUo.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ProtocolVersion kw(String str) {
        return hUq.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String qE(int i) {
        if (i == 0) {
            return "SSL_NULL_WITH_NULL_NULL";
        }
        if (!TlsUtils.isValidUint16(i)) {
            return null;
        }
        for (c cVar : hUo.values()) {
            if (cVar.getCipherSuite() == i) {
                return cVar.getName();
            }
        }
        return null;
    }

    private static List<String> v(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLS_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_AES_256_GCM_SHA384");
        arrayList.add("TLS_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA");
        arrayList.retainAll(set);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static List<String> w(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLSv1.2");
        arrayList.add("TLSv1.1");
        arrayList.add("TLSv1");
        arrayList.retainAll(set);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(ap apVar, int i) {
        String qE = qE(i);
        if (qE != null && y.c(apVar.aUj(), qE) && apVar.getAlgorithmConstraints().permits(hUn, qE, null) && this.hUx.containsKey(qE) && (!this.hSp || n.kc(qE))) {
            return qE;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported ciphersuite: " + i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(ap apVar, ProtocolVersion protocolVersion) {
        String a = a(protocolVersion);
        if (a != null && y.c(apVar.aUk(), a) && apVar.getAlgorithmConstraints().permits(hUn, a, null) && this.hUy.containsKey(a) && (!this.hSp || n.kd(a))) {
            return a;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported protocol: " + protocolVersion);
    }

    protected BCX509ExtendedKeyManager a(JcaJceHelper jcaJceHelper, KeyManager[] keyManagerArr) throws KeyManagementException {
        if (keyManagerArr != null) {
            for (KeyManager keyManager : keyManagerArr) {
                if (keyManager instanceof X509KeyManager) {
                    return bv.a(jcaJceHelper, (X509KeyManager) keyManager);
                }
            }
        }
        return g.hSQ;
    }

    protected BCX509ExtendedTrustManager a(JcaJceHelper jcaJceHelper, TrustManager[] trustManagerArr) throws KeyManagementException {
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                hIJ.log(Level.WARNING, "Failed to load default trust managers", (Throwable) e);
            }
        }
        if (trustManagerArr != null) {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    return bw.a(this.hSp, jcaJceHelper, (X509TrustManager) trustManager);
                }
            }
        }
        return h.hSR;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(ap apVar, boolean z) {
        if (apVar.aUj() == dn(!z)) {
            apVar.u(dn(z));
        }
        if (apVar.aUk() == m1023do(!z)) {
            apVar.v(m1023do(z));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:10:0x0046  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x004f A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int[] a(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r13, org.bouncycastle.jsse.provider.ap r14, org.bouncycastle.tls.ProtocolVersion[] r15) {
        /*
            r12 = this;
            java.lang.String[] r0 = r14.aUj()
            org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r14 = r14.getAlgorithmConstraints()
            org.bouncycastle.tls.ProtocolVersion r1 = org.bouncycastle.tls.ProtocolVersion.getLatestTLS(r15)
            org.bouncycastle.tls.ProtocolVersion r15 = org.bouncycastle.tls.ProtocolVersion.getEarliestTLS(r15)
            boolean r1 = org.bouncycastle.tls.TlsUtils.isTLSv13(r1)
            boolean r15 = org.bouncycastle.tls.TlsUtils.isTLSv13(r15)
            r2 = 1
            r15 = r15 ^ r2
            int r3 = r0.length
            int[] r3 = new int[r3]
            int r4 = r0.length
            r5 = 0
            r6 = r5
            r7 = r6
        L21:
            if (r6 >= r4) goto L52
            r8 = r0[r6]
            java.util.Map<java.lang.String, org.bouncycastle.jsse.provider.c> r9 = r12.hUx
            java.lang.Object r9 = r9.get(r8)
            org.bouncycastle.jsse.provider.c r9 = (org.bouncycastle.jsse.provider.c) r9
            if (r9 != 0) goto L30
            goto L4f
        L30:
            boolean r10 = r9.aTj()
            if (r10 == 0) goto L39
            if (r1 != 0) goto L3c
            goto L4f
        L39:
            if (r15 != 0) goto L3c
            goto L4f
        L3c:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r10 = org.bouncycastle.jsse.provider.am.hUn
            r11 = 0
            boolean r8 = r14.permits(r10, r8, r11)
            if (r8 != 0) goto L46
            goto L4f
        L46:
            int r8 = r7 + 1
            int r9 = r9.getCipherSuite()
            r3[r7] = r9
            r7 = r8
        L4f:
            int r6 = r6 + 1
            goto L21
        L52:
            int[] r13 = org.bouncycastle.tls.TlsUtils.getSupportedCipherSuites(r13, r3, r5, r7)
            int r14 = r13.length
            if (r14 < r2) goto L5a
            return r13
        L5a:
            java.lang.IllegalStateException r13 = new java.lang.IllegalStateException
            java.lang.String r14 = "No usable cipher suites enabled"
            r13.<init>(r14)
            throw r13
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.am.a(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto, org.bouncycastle.jsse.provider.ap, org.bouncycastle.tls.ProtocolVersion[]):int[]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion[] a(ap apVar) {
        String[] aUk = apVar.aUk();
        BCAlgorithmConstraints algorithmConstraints = apVar.getAlgorithmConstraints();
        TreeSet treeSet = new TreeSet(new Comparator<ProtocolVersion>() { // from class: org.bouncycastle.jsse.provider.am.1
            @Override // java.util.Comparator
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public int compare(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2) {
                if (protocolVersion.isLaterVersionOf(protocolVersion2)) {
                    return -1;
                }
                return protocolVersion2.isLaterVersionOf(protocolVersion) ? 1 : 0;
            }
        });
        for (String str : aUk) {
            ProtocolVersion protocolVersion = this.hUy.get(str);
            if (protocolVersion != null && algorithmConstraints.permits(hUn, str, null)) {
                treeSet.add(protocolVersion);
            }
        }
        if (treeSet.isEmpty()) {
            throw new IllegalStateException("No usable protocols enabled");
        }
        return (ProtocolVersion[]) treeSet.toArray(new ProtocolVersion[treeSet.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean aUd() {
        return this.hSp;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized d aUe() {
        d dVar;
        dVar = this.contextData;
        if (dVar == null) {
            throw new IllegalStateException("SSLContext has not been initialized.");
        }
        return dVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] dk(boolean z) {
        return (String[]) dn(z).clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ap dl(boolean z) {
        return new ap(this, dn(z), m1023do(z));
    }

    ap dm(boolean z) {
        return new ap(this, getSupportedCipherSuites(), getSupportedProtocols());
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLEngine engineCreateSSLEngine() {
        return bp.a(aUe());
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
        return bp.a(aUe(), str, i);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLSessionContext engineGetClientSessionContext() {
        return aUe().aTm();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetDefaultSSLParameters() {
        aUe();
        return bq.c(dl(true));
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLSessionContext engineGetServerSessionContext() {
        return aUe().aTn();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        return new ar(aUe());
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        return new ba(aUe());
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetSupportedSSLParameters() {
        aUe();
        return bq.c(dm(true));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        this.contextData = null;
        JcaTlsCrypto create = this.hUw.create(secureRandom);
        JcaJceHelper helper = create.getHelper();
        BCX509ExtendedKeyManager a = a(helper, keyManagerArr);
        BCX509ExtendedTrustManager a2 = a(helper, trustManagerArr);
        create.getSecureRandom().nextInt();
        this.contextData = new d(this, create, a, a2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedCipherSuites() {
        return H(this.hUx);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedProtocols() {
        return H(this.hUy);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] s(String[] strArr) {
        Objects.requireNonNull(strArr, "'cipherSuites' cannot be null");
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (TlsUtils.isNullOrEmpty(str)) {
                throw new IllegalArgumentException("'cipherSuites' cannot contain null or empty string elements");
            }
            if (this.hUx.containsKey(str)) {
                arrayList.add(str);
            }
        }
        return Z(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean t(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !this.hUy.containsKey(str)) {
                return false;
            }
        }
        return true;
    }
}
