package ru.CryptoPro.sspiSSL;

import java.security.AccessController;
import java.security.CryptoPrimitive;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import ru.CryptoPro.JCP.Key.InternalGostPrivateKey;
import ru.CryptoPro.JCP.Key.PrivateKeyInterface;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.JCP.tools.SelfTester_Auxiliary;
import ru.CryptoPro.JCSP.Key.AbstractKeySpec;
import ru.CryptoPro.JCSP.MSCAPI.Sspi;
import ru.CryptoPro.ssl.SSLLogger;
import ru.CryptoPro.ssl.util.TLSSettings;

/* loaded from: classes5.dex */
public abstract class SSLContextImpl extends SSLContextSpi {
    public static final String DISABLE_DEFAULT_CONTEXT_SETTING = "disable_default_context";
    private static final boolean d = GetProperty.getBooleanProperty("disable_default_context", false);
    private boolean e;
    private cl_12 f;
    private cl_12 g;
    private cl_12 h;
    private cl_4 i;
    private cl_4 j;
    private cl_4 k;
    private X509ExtendedKeyManager l;
    private X509TrustManager m;
    private boolean n;
    private long[] o = null;
    Object a = new Object();
    private PrivateKey p = null;
    private X509Certificate[] q = null;
    private final SSLSessionContextImpl b = new SSLSessionContextImpl();
    private final SSLSessionContextImpl c = new SSLSessionContextImpl();

    /* loaded from: classes5.dex */
    abstract class AbstractSSLContext extends SSLContextImpl {
        private static final SSLParameters b;
        private static final SSLParameters c;

        static {
            SSLParameters sSLParameters = new SSLParameters();
            c = sSLParameters;
            sSLParameters.setProtocols(new String[]{cl_13.f.q, cl_13.g.q, cl_13.h.q, cl_13.i.q});
            cl_13[] cl_13VarArr = {cl_13.f, cl_13.g, cl_13.h, cl_13.i};
            SSLParameters sSLParameters2 = new SSLParameters();
            b = sSLParameters2;
            sSLParameters2.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
        }

        private AbstractSSLContext() {
        }

        static List a(cl_13[] cl_13VarArr) {
            List emptyList = Collections.emptyList();
            if (cl_13VarArr != null && cl_13VarArr.length != 0) {
                emptyList = new ArrayList(cl_13VarArr.length);
                for (cl_13 cl_13Var : cl_13VarArr) {
                    if (cl_13.m.contains(cl_13Var)) {
                        emptyList.add(cl_13Var.q);
                    }
                }
            }
            return emptyList;
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters f() {
            return b;
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters h() {
            return c;
        }
    }

    /* loaded from: classes5.dex */
    class CustomizedSSLContext extends AbstractSSLContext {
        private static final String b = "jdk.tls.client.protocols";
        private static final SSLParameters c;
        private static IllegalArgumentException d;

        static {
            cl_13[] cl_13VarArr;
            String[] strArr;
            String str = (String) AccessController.doPrivileged(new ru.CryptoPro.sspiSSL.pc_0.cl_1(b));
            if (str == null || str.length() == 0) {
                cl_13VarArr = new cl_13[]{cl_13.f, cl_13.g, cl_13.h, cl_13.i};
            } else {
                if (str.length() > 1 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
                    str = str.substring(1, str.length() - 1);
                }
                if (str == null || str.length() == 0) {
                    d = new IllegalArgumentException("No protocol specified in jdk.tls.client.protocols system property");
                    strArr = new String[0];
                } else {
                    strArr = str.split(",");
                }
                cl_13VarArr = new cl_13[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = strArr[i].trim();
                    try {
                        cl_13VarArr[i] = cl_13.a(strArr[i]);
                    } catch (IllegalArgumentException e) {
                        d = new IllegalArgumentException("jdk.tls.client.protocols: " + strArr[i] + " is not a standard SSL/TLS protocol name", e);
                    }
                }
            }
            SSLParameters sSLParameters = new SSLParameters();
            c = sSLParameters;
            if (d == null) {
                sSLParameters.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
            }
        }

        protected CustomizedSSLContext() {
            super();
            IllegalArgumentException illegalArgumentException = d;
            if (illegalArgumentException != null) {
                throw illegalArgumentException;
            }
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters g() {
            return c;
        }
    }

    /* loaded from: classes5.dex */
    public final class DefaultSSLContext extends CustomizedSSLContext {
        private static final String b = "NONE";
        private static final String c = "PKCS11";
        private static volatile SSLContextImpl d;
        private static TrustManager[] e;
        private static KeyManager[] f;

        public DefaultSSLContext() throws Exception {
            try {
                super.engineInit(n(), m(), null);
                if (d == null) {
                    d = this;
                }
                SSLLogger.info("DefaultSSLContext initialized.");
            } catch (Exception e2) {
                SSLLogger.warning("default context init failed: ", e2);
                throw e2;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static synchronized SSLContextImpl l() throws Exception {
            SSLContextImpl sSLContextImpl;
            synchronized (DefaultSSLContext.class) {
                if (d == null) {
                    new DefaultSSLContext();
                }
                sSLContextImpl = d;
            }
            return sSLContextImpl;
        }

        private static synchronized TrustManager[] m() throws Exception {
            synchronized (DefaultSSLContext.class) {
                TrustManager[] trustManagerArr = e;
                if (trustManagerArr != null) {
                    return trustManagerArr;
                }
                KeyStore a = TrustManagerFactoryImpl.a("defaultctx");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(a);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                e = trustManagers;
                return trustManagers;
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:29:0x00c3 A[Catch: all -> 0x00fe, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00c3, B:30:0x00c6, B:32:0x00df, B:33:0x00f6, B:36:0x00e3, B:38:0x00e9, B:39:0x00f3, B:40:0x0093, B:42:0x0099, B:46:0x00a4, B:48:0x00aa, B:50:0x00b5, B:51:0x00be, B:52:0x00ba), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:32:0x00df A[Catch: all -> 0x00fe, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00c3, B:30:0x00c6, B:32:0x00df, B:33:0x00f6, B:36:0x00e3, B:38:0x00e9, B:39:0x00f3, B:40:0x0093, B:42:0x0099, B:46:0x00a4, B:48:0x00aa, B:50:0x00b5, B:51:0x00be, B:52:0x00ba), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:36:0x00e3 A[Catch: all -> 0x00fe, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00c3, B:30:0x00c6, B:32:0x00df, B:33:0x00f6, B:36:0x00e3, B:38:0x00e9, B:39:0x00f3, B:40:0x0093, B:42:0x0099, B:46:0x00a4, B:48:0x00aa, B:50:0x00b5, B:51:0x00be, B:52:0x00ba), top: B:3:0x0003 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private static synchronized javax.net.ssl.KeyManager[] n() throws java.lang.Exception {
            /*
                Method dump skipped, instructions count: 257
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.SSLContextImpl.DefaultSSLContext.n():javax.net.ssl.KeyManager[]");
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS10Context extends AbstractSSLContext {
        private static final SSLParameters b;

        static {
            cl_13[] cl_13VarArr = {cl_13.f};
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
        }

        public TLS10Context() {
            super();
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters g() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS11Context extends AbstractSSLContext {
        private static final SSLParameters b;

        static {
            cl_13[] cl_13VarArr = {cl_13.f, cl_13.g};
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
        }

        public TLS11Context() {
            super();
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters g() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS12Context extends AbstractSSLContext {
        private static final SSLParameters b;

        static {
            cl_13[] cl_13VarArr = {cl_13.f, cl_13.g, cl_13.h};
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
        }

        public TLS12Context() {
            super();
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters g() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS13Context extends AbstractSSLContext {
        private static final SSLParameters b;

        static {
            cl_13[] cl_13VarArr = {cl_13.f, cl_13.g, cl_13.h, cl_13.i};
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_13VarArr).toArray(new String[0]));
        }

        public TLS13Context() {
            super();
        }

        @Override // ru.CryptoPro.sspiSSL.SSLContextImpl
        SSLParameters g() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLSContext extends CustomizedSSLContext {
    }

    SSLContextImpl() {
        SelfTester_Auxiliary.checkClass(SSLContextImpl.class);
    }

    private X509ExtendedKeyManager a(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (int i = 0; keyManagerArr != null && i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509KeyManager) {
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                SSLLogger.fine("X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use");
                return new cl_0((X509KeyManager) keyManager);
            }
        }
        return cl_5.a;
    }

    private X509TrustManager a(TrustManager[] trustManagerArr) throws KeyManagementException {
        for (int i = 0; trustManagerArr != null && i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                return trustManagerArr[i] instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManagerArr[i] : new cl_1((X509TrustManager) trustManagerArr[i]);
            }
        }
        return cl_6.a;
    }

    private cl_4 a(cl_12 cl_12Var, boolean z) {
        int i = z ? 300 : 1;
        Collection<cl_3> d2 = cl_3.d();
        TreeSet treeSet = new TreeSet();
        if (!cl_12Var.a().isEmpty() && cl_12Var.a.n != cl_13.c.n) {
            for (cl_3 cl_3Var : d2) {
                if (cl_3Var.h && cl_3Var.g >= i) {
                    if (!cl_3Var.a() || cl_3Var.i <= cl_12Var.a.n || cl_3Var.j > cl_12Var.b.n) {
                        SSLLogger.fine(cl_3Var.i <= cl_12Var.a.n ? "Ignoring obsoleted cipher suite:" : cl_3Var.j > cl_12Var.b.n ? "Ignoring unsupported cipher suite:" : "Ignoring unavailable cipher suite:", cl_3Var);
                    } else if (cl_14.a.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cl_3Var.d, null)) {
                        treeSet.add(cl_3Var);
                    }
                }
            }
        }
        return new cl_4(treeSet);
    }

    private void l() {
        this.k = null;
        this.i = null;
        this.j = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_12 a(boolean z) {
        if (z) {
            if (this.f == null) {
                this.f = new cl_12(f().getProtocols());
            }
            return this.f;
        }
        if (this.g == null) {
            this.g = new cl_12(g().getProtocols());
        }
        return this.g;
    }

    void a() throws SSLException {
        boolean z;
        if (!this.e) {
            throw new SSLException("SSLContextImpl is not initialized");
        }
        SSLLogger.fine("Create new server credentials.");
        cl_13 cl_13Var = a(true).b;
        cl_4 b = b(true);
        int[] iArr = new int[b.c()];
        X509ExtendedKeyManager d2 = d();
        Iterator it = b.b().iterator();
        int i = 0;
        while (it.hasNext()) {
            iArr[i] = ((cl_3) it.next()).f;
            i++;
        }
        try {
            String[] serverAliases = d2.getServerAliases("GOST3410EL", null);
            if (serverAliases == null) {
                throw new SSLException("Server container not found.");
            }
            int length = serverAliases.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                String str = serverAliases[i2];
                SSLLogger.fine("Checking private key: " + str);
                X509Certificate[] certificateChain = d2.getCertificateChain(str);
                if (certificateChain != null && certificateChain.length != 0) {
                    SSLLogger.fine("Certificate chain " + str + " found.");
                    PrivateKey privateKey = d2.getPrivateKey(str);
                    if (privateKey != null) {
                        SSLLogger.fine("Private key " + str + " is available.");
                        this.p = privateKey;
                        this.q = certificateChain;
                        SSLLogger.fine("%% Chosen server alias: " + str);
                        break;
                    }
                }
                i2++;
            }
            PrivateKey privateKey2 = this.p;
            if (privateKey2 == null || this.q == null) {
                throw new SSLException("Server container not found.");
            }
            PrivateKeyInterface extractSpec = InternalGostPrivateKey.extractSpec(privateKey2);
            if (!(extractSpec instanceof AbstractKeySpec)) {
                throw new InvalidKeyException("Invalid key");
            }
            long handle = ((AbstractKeySpec) extractSpec).getKey().getProvHandle().getHandle();
            int keyType = ((AbstractKeySpec) extractSpec).getKeyType();
            byte[] encoded = this.q[0].getEncoded();
            X509TrustManager e = e();
            ArrayList arrayList = new ArrayList();
            if (e instanceof cl_28) {
                boolean equalsIgnoreCase = ((cl_28) e).a().equalsIgnoreCase(ru.CryptoPro.sspiSSL.pc_3.cl_5.j);
                for (X509Certificate x509Certificate : ((cl_28) e).getAcceptedIssuers()) {
                    arrayList.add(x509Certificate.getEncoded());
                }
                z = equalsIgnoreCase;
            } else {
                z = false;
            }
            this.o = Sspi.acquireCredentialsHandle(false, SSLEngineImpl.a(cl_13Var), iArr, encoded, handle, keyType, z, arrayList);
            SSLLogger.fine("Acquire server credentials done");
        } catch (Exception e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(cl_12 cl_12Var) {
        return cl_12Var == this.f || cl_12Var == this.g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_4 b(boolean z) {
        synchronized (this) {
            l();
            if (z) {
                if (this.i == null) {
                    this.i = a(a(true), true);
                }
                return this.i;
            }
            if (this.j == null) {
                this.j = a(a(false), true);
            }
            return this.j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long[] b() throws SSLException {
        long[] jArr;
        synchronized (this.a) {
            if (this.o == null) {
                a();
            }
            jArr = this.o;
        }
        return jArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLEngine c() {
        if (this.e) {
            return new SSLEngineImpl(this, true);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager d() {
        return this.l;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager e() {
        return this.m;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLEngine engineCreateSSLEngine() {
        if (this.e) {
            return new SSLEngineImpl(this, false);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        if (!this.e) {
            throw new IllegalStateException("SSLContextImpl is not initialized");
        }
        SSLEngineImpl sSLEngineImpl = new SSLEngineImpl(this, str, i);
        sSLEngineImpl.setNeedClientAuth(this.n);
        return sSLEngineImpl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.b;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSessionContext engineGetServerSessionContext() {
        return this.c;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.e) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (this.e) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        SSLLogger.info("SSLContextImpl init.");
        this.e = false;
        this.l = a(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception unused) {
            }
        }
        this.m = a(trustManagerArr);
        SecureRandom a = SSPISSL.a();
        SSLLogger.info("trigger seeding of SecureRandom");
        a.nextInt();
        SSLLogger.info("done seeding SecureRandom");
        if (!TLSSettings.getDefaultEnableRevocation() && TLSSettings.getTlsProhibitDisabledValidation()) {
            throw new KeyManagementException("Certificate validation is disabled but required. The check can be turned off using -Dtls_prohibit_disabled_validation=false or SetPrefs (see the programmer's guide) or TLSSettings.");
        }
        SSLLogger.info("SSLContextImpl initialized.");
        this.e = true;
    }

    abstract SSLParameters f();

    abstract SSLParameters g();

    public X509Certificate[] getLocalCerts() {
        return this.q;
    }

    public PrivateKey getLocalPrivateKey() {
        return this.p;
    }

    abstract SSLParameters h();

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_12 i() {
        if (this.h == null) {
            this.h = new cl_12(h().getProtocols());
        }
        return this.h;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_4 j() {
        cl_4 cl_4Var;
        synchronized (this) {
            l();
            if (this.k == null) {
                this.k = a(i(), false);
            }
            cl_4Var = this.k;
        }
        return cl_4Var;
    }

    public void setNeedClientAuth(boolean z) {
        this.n = z;
    }
}
