package ru.CryptoPro.ssl;

import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.JCP.tools.SelfTester_Auxiliary;
import ru.CryptoPro.ssl.util.TLSSettings;

/* loaded from: classes5.dex */
public abstract class SSLContextImpl extends SSLContextSpi {
    public static final String DISABLE_DEFAULT_CONTEXT_SETTING = "disable_default_context";
    private static final boolean o = GetProperty.getBooleanProperty("disable_default_context", false);
    private boolean d;
    private X509ExtendedKeyManager e;
    private X509TrustManager f;
    private SecureRandom g;
    private cl_83 i;
    private cl_83 j;
    private cl_83 k;
    private cl_14 l;
    private cl_14 m;
    private cl_14 n;
    private AlgorithmConstraints h = new cl_90(null);
    private final cl_32 a = new cl_32();
    private final SSLSessionContextImpl b = new SSLSessionContextImpl();
    private final SSLSessionContextImpl c = new SSLSessionContextImpl();

    /* loaded from: classes5.dex */
    abstract class AbstractSSLContext extends SSLContextImpl {
        private static final SSLParameters a;
        private static final SSLParameters b;

        static {
            cl_84[] cl_84VarArr;
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            if (cl_39.a()) {
                sSLParameters.setProtocols(new String[]{cl_84.f.q, cl_84.g.q, cl_84.h.q});
                cl_84VarArr = new cl_84[]{cl_84.f, cl_84.g, cl_84.h};
            } else {
                sSLParameters.setProtocols(new String[]{cl_84.f.q, cl_84.g.q, cl_84.h.q});
                cl_84VarArr = new cl_84[]{cl_84.f, cl_84.g, cl_84.h};
            }
            SSLParameters sSLParameters2 = new SSLParameters();
            a = sSLParameters2;
            sSLParameters2.setProtocols((String[]) a(cl_84VarArr).toArray(new String[0]));
        }

        private AbstractSSLContext() {
        }

        static List a(cl_84[] cl_84VarArr) {
            List emptyList = Collections.emptyList();
            if (cl_84VarArr != null && cl_84VarArr.length != 0) {
                emptyList = new ArrayList(cl_84VarArr.length);
                for (cl_84 cl_84Var : cl_84VarArr) {
                    if (cl_84.m.contains(cl_84Var)) {
                        emptyList.add(cl_84Var.q);
                    }
                }
            }
            return emptyList;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLEngine a() {
            return new SSLEngineImpl(this);
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLEngine a(String str, int i) {
            return new SSLEngineImpl(this, str, i);
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return a;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters h() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    class CustomizedSSLContext extends AbstractSSLContext {
        private static final String a = "jdk.tls.client.protocols";
        private static final SSLParameters b;
        private static IllegalArgumentException c;

        static {
            cl_84[] cl_84VarArr;
            String[] strArr;
            String str = (String) AccessController.doPrivileged(new ru.CryptoPro.ssl.pc_0.cl_1(a));
            if (str == null || str.length() == 0) {
                cl_84VarArr = cl_39.a() ? new cl_84[]{cl_84.f, cl_84.g, cl_84.h} : new cl_84[]{cl_84.f, cl_84.g, cl_84.h};
            } else {
                if (str.length() > 1 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
                    str = str.substring(1, str.length() - 1);
                }
                if (str == null || str.length() == 0) {
                    c = new IllegalArgumentException("No protocol specified in jdk.tls.client.protocols system property");
                    strArr = new String[0];
                } else {
                    strArr = str.split(",");
                }
                int length = strArr.length;
                cl_84VarArr = new cl_84[length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = strArr[i].trim();
                    try {
                        cl_84VarArr[i] = cl_84.a(strArr[i]);
                    } catch (IllegalArgumentException e) {
                        c = new IllegalArgumentException("jdk.tls.client.protocols: " + strArr[i] + " is not a standard SSL/TLS protocol name", e);
                    }
                }
                if (c == null && cl_39.a()) {
                    for (int i2 = 0; i2 < length; i2++) {
                        cl_84 cl_84Var = cl_84VarArr[i2];
                        if (cl_84.d.n == cl_84Var.n || cl_84.e.n == cl_84Var.n) {
                            c = new IllegalArgumentException("jdk.tls.client.protocols: " + cl_84Var + " is not FIPS compliant");
                        }
                    }
                }
            }
            SSLParameters sSLParameters = new SSLParameters();
            b = sSLParameters;
            if (c == null) {
                sSLParameters.setProtocols((String[]) a(cl_84VarArr).toArray(new String[0]));
            }
        }

        protected CustomizedSSLContext() {
            super();
            IllegalArgumentException illegalArgumentException = c;
            if (illegalArgumentException != null) {
                throw illegalArgumentException;
            }
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return b;
        }
    }

    /* loaded from: classes5.dex */
    public final class DefaultSSLContext extends CustomizedSSLContext {
        private static final String a = "NONE";
        private static final String b = "PKCS11";
        private static volatile SSLContextImpl c;
        private static TrustManager[] d;
        private static KeyManager[] e;

        public DefaultSSLContext() throws Exception {
            try {
                super.engineInit(n(), m(), null);
                if (c == null) {
                    c = this;
                }
                SSLLogger.info("DefaultSSLContext initialized.");
            } catch (Exception e2) {
                SSLLogger.warning("default context init failed: ", e2);
                throw e2;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static synchronized SSLContextImpl l() throws Exception {
            SSLContextImpl sSLContextImpl;
            synchronized (DefaultSSLContext.class) {
                if (c == null) {
                    new DefaultSSLContext();
                }
                sSLContextImpl = c;
            }
            return sSLContextImpl;
        }

        private static synchronized TrustManager[] m() throws Exception {
            synchronized (DefaultSSLContext.class) {
                TrustManager[] trustManagerArr = d;
                if (trustManagerArr != null) {
                    return trustManagerArr;
                }
                KeyStore a2 = TrustManagerFactoryImpl.a("defaultctx");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(a2);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                d = trustManagers;
                return trustManagers;
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:29:0x00cb A[Catch: all -> 0x0106, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00cb, B:30:0x00ce, B:32:0x00e7, B:33:0x00fe, B:36:0x00eb, B:38:0x00f1, B:39:0x00fb, B:40:0x0093, B:42:0x0099, B:44:0x00a1, B:48:0x00ac, B:50:0x00b2, B:52:0x00bd, B:53:0x00c6, B:54:0x00c2), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:32:0x00e7 A[Catch: all -> 0x0106, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00cb, B:30:0x00ce, B:32:0x00e7, B:33:0x00fe, B:36:0x00eb, B:38:0x00f1, B:39:0x00fb, B:40:0x0093, B:42:0x0099, B:44:0x00a1, B:48:0x00ac, B:50:0x00b2, B:52:0x00bd, B:53:0x00c6, B:54:0x00c2), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:36:0x00eb A[Catch: all -> 0x0106, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0043, B:14:0x004c, B:15:0x0053, B:16:0x0054, B:18:0x005b, B:20:0x0063, B:21:0x0070, B:23:0x007e, B:24:0x0084, B:26:0x008c, B:29:0x00cb, B:30:0x00ce, B:32:0x00e7, B:33:0x00fe, B:36:0x00eb, B:38:0x00f1, B:39:0x00fb, B:40:0x0093, B:42:0x0099, B:44:0x00a1, B:48:0x00ac, B:50:0x00b2, B:52:0x00bd, B:53:0x00c6, B:54:0x00c2), top: B:3:0x0003 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private static synchronized javax.net.ssl.KeyManager[] n() throws java.lang.Exception {
            /*
                Method dump skipped, instructions count: 265
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.ssl.SSLContextImpl.DefaultSSLContext.n():javax.net.ssl.KeyManager[]");
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS10Context extends AbstractSSLContext {
        private static final SSLParameters a;

        static {
            cl_84[] cl_84VarArr = cl_39.a() ? new cl_84[]{cl_84.f} : new cl_84[]{cl_84.f};
            SSLParameters sSLParameters = new SSLParameters();
            a = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_84VarArr).toArray(new String[0]));
        }

        public TLS10Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return a;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS11Context extends AbstractSSLContext {
        private static final SSLParameters a;

        static {
            cl_84[] cl_84VarArr = cl_39.a() ? new cl_84[]{cl_84.f, cl_84.g} : new cl_84[]{cl_84.f, cl_84.g};
            SSLParameters sSLParameters = new SSLParameters();
            a = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_84VarArr).toArray(new String[0]));
        }

        public TLS11Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return a;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLS12Context extends AbstractSSLContext {
        private static final SSLParameters a;

        static {
            cl_84[] cl_84VarArr = cl_39.a() ? new cl_84[]{cl_84.f, cl_84.g, cl_84.h} : new cl_84[]{cl_84.f, cl_84.g, cl_84.h};
            SSLParameters sSLParameters = new SSLParameters();
            a = sSLParameters;
            sSLParameters.setProtocols((String[]) a(cl_84VarArr).toArray(new String[0]));
        }

        public TLS12Context() {
            super();
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return a;
        }
    }

    /* loaded from: classes5.dex */
    public final class TLSContext extends CustomizedSSLContext {
    }

    SSLContextImpl() {
        SelfTester_Auxiliary.checkClass(SSLContextImpl.class);
    }

    private X509ExtendedKeyManager a(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (int i = 0; keyManagerArr != null && i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509KeyManager) {
                if (cl_39.a()) {
                    if ((keyManager instanceof cl_115) || (keyManager instanceof cl_43)) {
                        return (X509ExtendedKeyManager) keyManager;
                    }
                    throw new KeyManagementException("FIPS mode: only JTLS KeyManagers may be used");
                }
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                SSLLogger.fine("X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use");
                return new cl_1((X509KeyManager) keyManager);
            }
        }
        return cl_22.a;
    }

    private X509TrustManager a(TrustManager[] trustManagerArr) throws KeyManagementException {
        for (int i = 0; trustManagerArr != null && i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                if (!cl_39.a() || (trustManagerArr[i] instanceof cl_122)) {
                    return trustManagerArr[i] instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManagerArr[i] : new cl_2((X509TrustManager) trustManagerArr[i]);
                }
                throw new KeyManagementException("FIPS mode: only JTLS TrustManagers may be used");
            }
        }
        return cl_23.a;
    }

    private cl_14 a(cl_83 cl_83Var, boolean z) {
        int i = z ? 300 : 1;
        Collection<cl_8> c = cl_8.c();
        TreeSet treeSet = new TreeSet();
        if (!cl_83Var.a().isEmpty() && cl_83Var.a.n != cl_84.c.n) {
            for (cl_8 cl_8Var : c) {
                if (cl_8Var.l && cl_8Var.f >= i) {
                    if (!cl_8Var.a() || cl_8Var.m <= cl_83Var.a.n || cl_8Var.n > cl_83Var.b.n) {
                        SSLLogger.fine(cl_8Var.m <= cl_83Var.a.n ? "Ignoring obsoleted cipher suite:" : cl_8Var.n > cl_83Var.b.n ? "Ignoring unsupported cipher suite:" : "Ignoring unavailable cipher suite:", cl_8Var);
                    } else if (cl_90.a.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cl_8Var.d, null)) {
                        treeSet.add(cl_8Var);
                    }
                }
            }
        }
        return new cl_14(treeSet);
    }

    private void l() {
        this.n = null;
        this.l = null;
        this.m = null;
        cl_9.b();
        cl_73.b();
    }

    abstract SSLEngine a();

    abstract SSLEngine a(String str, int i);

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_83 a(boolean z) {
        if (z) {
            if (this.i == null) {
                this.i = new cl_83(f().getProtocols());
            }
            return this.i;
        }
        if (this.j == null) {
            this.j = new cl_83(g().getProtocols());
        }
        return this.j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(cl_83 cl_83Var) {
        return cl_83Var == this.i || cl_83Var == this.j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRandom b() {
        return this.g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_14 b(boolean z) {
        synchronized (this) {
            l();
            if (z) {
                if (this.l == null) {
                    this.l = a(a(true), true);
                }
                return this.l;
            }
            if (this.m == null) {
                this.m = a(a(false), true);
            }
            return this.m;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager c() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager d() {
        return this.f;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_32 e() {
        return this.a;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        if (this.d) {
            return a();
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        if (this.d) {
            return a(str, i);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.c;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.d) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (this.d) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        SSLLogger.info("SSLContextImpl init.");
        this.d = false;
        this.e = a(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception unused) {
            }
        }
        this.f = a(trustManagerArr);
        this.g = cl_73.d();
        SSLLogger.info("trigger seeding of SecureRandom");
        this.g.nextInt();
        SSLLogger.info("done seeding SecureRandom");
        if (!TLSSettings.getDefaultEnableRevocation() && TLSSettings.getTlsProhibitDisabledValidation()) {
            throw new KeyManagementException("Certificate validation is disabled but required. The check can be turned off using -Dtls_prohibit_disabled_validation=false or SetPrefs (see the programmer's guide) or TLSSettings.");
        }
        SSLLogger.info("SSLContextImpl initialized.");
        this.d = true;
    }

    abstract SSLParameters f();

    abstract SSLParameters g();

    abstract SSLParameters h();

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_83 i() {
        if (this.k == null) {
            this.k = new cl_83(h().getProtocols());
        }
        return this.k;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_14 j() {
        cl_14 cl_14Var;
        synchronized (this) {
            l();
            if (this.n == null) {
                this.n = a(i(), false);
            }
            cl_14Var = this.n;
        }
        return cl_14Var;
    }
}
