package defpackage;

import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.ssl.SslSelectionDump;

/* compiled from: psafe */
/* loaded from: classes8.dex */
public class kyd extends lxd implements oxd {
    public static final String R2;
    public static final TrustManager[] a2 = {new a()};
    public static final txd x2 = sxd.a((Class<?>) kyd.class);
    public static final String y2;
    public Password A;
    public Password B;
    public String C;
    public String D;
    public String E;
    public String F;
    public String G;
    public boolean H;
    public boolean I;
    public int J;
    public String K;
    public boolean L;
    public boolean M;
    public String N;
    public KeyStore O;
    public KeyStore P;
    public boolean Q;
    public int R;
    public int S;
    public SSLContext T;
    public String U;
    public boolean V;
    public boolean W;
    public int a1;
    public final Set<String> f;
    public final Set<String> g;
    public final Set<String> h;
    public final List<String> i;
    public final Map<String, lyd> j;
    public final Map<String, lyd> k;
    public final Map<String, lyd> l;
    public String[] m;
    public boolean n;
    public Comparator<String> o;
    public String[] p;
    public zxd q;
    public String r;
    public String s;
    public String t;
    public zxd u;
    public String v;
    public String w;
    public boolean x;
    public c x1;
    public boolean y;
    public PKIXCertPathChecker y1;
    public Password z;

    /* compiled from: psafe */
    /* loaded from: classes8.dex */
    public class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* compiled from: psafe */
    /* loaded from: classes8.dex */
    public class b extends SNIMatcher {
        public String a;
        public lyd b;

        public b() {
            super(0);
        }

        public String a() {
            return this.a;
        }

        public lyd b() {
            return this.b;
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            int indexOf;
            if (kyd.x2.isDebugEnabled()) {
                kyd.x2.b("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                String asciiName = ((SNIHostName) sNIServerName).getAsciiName();
                this.a = asciiName;
                String a = exd.a(asciiName);
                lyd lydVar = (lyd) kyd.this.k.get(a);
                this.b = lydVar;
                if (lydVar == null) {
                    lyd lydVar2 = (lyd) kyd.this.l.get(a);
                    this.b = lydVar2;
                    if (lydVar2 == null && (indexOf = a.indexOf(46)) >= 0) {
                        this.b = (lyd) kyd.this.l.get(a.substring(indexOf + 1));
                    }
                }
                if (kyd.x2.isDebugEnabled()) {
                    kyd.x2.b("SNI matched {}->{}", a, this.b);
                }
            } else if (kyd.x2.isDebugEnabled()) {
                kyd.x2.b("SNI no match for {}", sNIServerName);
            }
            return true;
        }
    }

    /* compiled from: psafe */
    /* loaded from: classes8.dex */
    public class c {
        public final SSLContext a;

        public c(kyd kydVar, KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.a = sSLContext;
        }
    }

    static {
        y2 = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        R2 = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm");
    }

    public kyd() {
        this(false);
    }

    public kyd(boolean z) {
        this(z, null);
    }

    public kyd(boolean z, String str) {
        this.f = new LinkedHashSet();
        this.g = new LinkedHashSet();
        this.h = new LinkedHashSet();
        this.i = new ArrayList();
        this.j = new HashMap();
        this.k = new HashMap();
        this.l = new HashMap();
        this.n = true;
        this.s = "JKS";
        this.x = false;
        this.y = false;
        this.D = "TLS";
        this.F = y2;
        this.G = R2;
        this.J = -1;
        this.L = false;
        this.M = false;
        this.Q = true;
        this.R = -1;
        this.S = -1;
        this.U = null;
        this.W = true;
        this.a1 = 5;
        a(z);
        a("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
        b("^.*_(MD5|SHA|SHA1)$");
        if (str != null) {
            d(str);
        }
    }

    public boolean A0() {
        return this.I;
    }

    public final void B0() throws Exception {
        SSLContext sSLContext;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext2 = this.T;
        KeyStore keyStore = this.O;
        KeyStore keyStore2 = this.P;
        if (sSLContext2 == null) {
            if (keyStore == null && this.q == null && keyStore2 == null && this.u == null) {
                if (x0()) {
                    if (x2.isDebugEnabled()) {
                        x2.b("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    }
                    trustManagerArr = a2;
                } else {
                    trustManagerArr = null;
                }
                String g0 = g0();
                SecureRandom secureRandom = g0 == null ? null : SecureRandom.getInstance(g0);
                String str = this.C;
                sSLContext = str == null ? SSLContext.getInstance(this.D) : SSLContext.getInstance(this.D, str);
                sSLContext.init(null, trustManagerArr, secureRandom);
            } else {
                if (keyStore == null) {
                    keyStore = a(this.q);
                }
                if (keyStore2 == null) {
                    keyStore2 = b(this.u);
                }
                Collection<? extends CRL> b2 = b(M());
                if (keyStore != null) {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        Certificate certificate = keyStore.getCertificate(str2);
                        if (certificate != null && "X.509".equals(certificate.getType())) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            if (!lyd.a(x509Certificate)) {
                                lyd lydVar = new lyd(str2, x509Certificate);
                                this.j.put(str2, lydVar);
                                if (z0()) {
                                    cyd cydVar = new cyd(keyStore2, b2);
                                    cydVar.a(Y());
                                    cydVar.a(q0());
                                    cydVar.b(s0());
                                    cydVar.a(d0());
                                    cydVar.a(keyStore, x509Certificate);
                                }
                                x2.c("x509={} for {}", lydVar, this);
                                Iterator<String> it2 = lydVar.b().iterator();
                                while (it2.hasNext()) {
                                    this.k.put(it2.next(), lydVar);
                                }
                                Iterator<String> it3 = lydVar.c().iterator();
                                while (it3.hasNext()) {
                                    this.l.put(it3.next(), lydVar);
                                }
                            } else if (x2.isDebugEnabled()) {
                                x2.b("Skipping " + x509Certificate, new Object[0]);
                            }
                        }
                    }
                }
                KeyManager[] a3 = a(keyStore);
                TrustManager[] a4 = a(keyStore2, b2);
                String str3 = this.E;
                SecureRandom secureRandom2 = str3 != null ? SecureRandom.getInstance(str3) : null;
                String str4 = this.C;
                sSLContext = str4 == null ? SSLContext.getInstance(this.D) : SSLContext.getInstance(this.D, str4);
                sSLContext.init(a3, a4, secureRandom2);
            }
            sSLContext2 = sSLContext;
        }
        SSLSessionContext serverSessionContext = sSLContext2.getServerSessionContext();
        if (serverSessionContext != null) {
            if (i0() > -1) {
                serverSessionContext.setSessionCacheSize(i0());
            }
            if (j0() > -1) {
                serverSessionContext.setSessionTimeout(j0());
            }
        }
        SSLParameters defaultSSLParameters = sSLContext2.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext2.getSupportedSSLParameters();
        a(defaultSSLParameters.getCipherSuites(), supportedSSLParameters.getCipherSuites());
        b(defaultSSLParameters.getProtocols(), supportedSSLParameters.getProtocols());
        this.x1 = new c(this, keyStore, keyStore2, sSLContext2);
        if (x2.isDebugEnabled()) {
            x2.b("Selected Protocols {} of {}", Arrays.asList(this.m), Arrays.asList(supportedSSLParameters.getProtocols()));
            x2.b("Selected Ciphers   {} of {}", Arrays.asList(this.p), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    public final void C0() {
        this.x1 = null;
        this.m = null;
        this.p = null;
        this.j.clear();
        this.k.clear();
        this.l.clear();
    }

    public final void G() {
        if (l()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public String J() {
        return this.t;
    }

    public Comparator<String> L() {
        return this.o;
    }

    public String M() {
        return this.K;
    }

    public String N() {
        return this.U;
    }

    public String[] P() {
        return (String[]) this.h.toArray(new String[0]);
    }

    public String[] Q() {
        return (String[]) this.f.toArray(new String[0]);
    }

    public String[] R() {
        return (String[]) this.i.toArray(new String[0]);
    }

    public String[] T() {
        return (String[]) this.g.toArray(new String[0]);
    }

    public String V() {
        return this.F;
    }

    public String W() {
        return this.r;
    }

    public String X() {
        return this.s;
    }

    public int Y() {
        return this.J;
    }

    public boolean Z() {
        return this.x;
    }

    public KeyStore a(zxd zxdVar) throws Exception {
        return byd.a(zxdVar, X(), W(), Objects.toString(this.z, null));
    }

    public SSLEngine a(String str, int i) {
        G();
        SSLContext h0 = h0();
        SSLEngine createSSLEngine = w0() ? h0.createSSLEngine(str, i) : h0.createSSLEngine();
        a(createSSLEngine);
        return createSSLEngine;
    }

    public SSLParameters a(SSLParameters sSLParameters) {
        sSLParameters.setEndpointIdentificationAlgorithm(N());
        sSLParameters.setUseCipherSuitesOrder(y0());
        if (!this.k.isEmpty() || !this.l.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new b()));
        }
        String[] strArr = this.p;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.m;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (p0()) {
            sSLParameters.setWantClientAuth(true);
        }
        if (Z()) {
            sSLParameters.setNeedClientAuth(true);
        }
        return sSLParameters;
    }

    @Override // defpackage.oxd
    public void a(Appendable appendable, String str) throws IOException {
        appendable.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(this.V)).append(System.lineSeparator());
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SslSelectionDump("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), Q(), T()));
            arrayList.add(new SslSelectionDump("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), P(), R()));
            ContainerLifeCycle.b(appendable, str, arrayList);
        } catch (NoSuchAlgorithmException e) {
            x2.b(e);
        }
    }

    public void a(List<String> list) {
        Iterator<String> it = this.h.iterator();
        while (it.hasNext()) {
            Pattern compile = Pattern.compile(it.next());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                if (compile.matcher(it2.next()).matches()) {
                    it2.remove();
                }
            }
        }
    }

    public void a(SSLEngine sSLEngine) {
        if (x2.isDebugEnabled()) {
            x2.b("Customize {}", sSLEngine);
        }
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        a(sSLParameters);
        sSLEngine.setSSLParameters(sSLParameters);
    }

    public void a(boolean z) {
        this.V = z;
        if (z) {
            c((String) null);
        }
    }

    public void a(String... strArr) {
        this.f.addAll(Arrays.asList(strArr));
    }

    public void a(String[] strArr, List<String> list) {
        for (String str : this.i) {
            Pattern compile = Pattern.compile(str);
            boolean z = false;
            for (String str2 : strArr) {
                if (compile.matcher(str2).matches()) {
                    list.add(str2);
                    z = true;
                }
            }
            if (!z) {
                x2.c("No Cipher matching '{}' is supported", str);
            }
        }
    }

    public void a(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        if (this.i.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            a(strArr2, arrayList);
        }
        a(arrayList);
        if (arrayList.isEmpty()) {
            x2.a("No supported ciphers from {}", Arrays.asList(strArr2));
        }
        Comparator<String> L = L();
        if (L != null) {
            if (x2.isDebugEnabled()) {
                x2.b("Sorting selected ciphers with {}", L);
            }
            arrayList.sort(L);
        }
        this.p = (String[]) arrayList.toArray(new String[0]);
    }

    public KeyManager[] a(KeyStore keyStore) throws Exception {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(V());
            Password password = this.A;
            keyManagerFactory.init(keyStore, (password == null && (password = this.z) == null) ? null : password.toString().toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
            if (keyManagerArr != null) {
                String J = J();
                if (J != null) {
                    for (int i = 0; i < keyManagerArr.length; i++) {
                        if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i] = new iyd((X509ExtendedKeyManager) keyManagerArr[i], J);
                        }
                    }
                }
                if (!this.l.isEmpty() || this.k.size() > 1) {
                    for (int i2 = 0; i2 < keyManagerArr.length; i2++) {
                        if (keyManagerArr[i2] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i2] = new jyd((X509ExtendedKeyManager) keyManagerArr[i2]);
                        }
                    }
                }
            }
        }
        if (x2.isDebugEnabled()) {
            x2.b("managers={} for {}", keyManagerArr, this);
        }
        return keyManagerArr;
    }

    public TrustManager[] a(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        if (keyStore == null) {
            return null;
        }
        if (!A0() || !"PKIX".equalsIgnoreCase(k0())) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.G);
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        }
        PKIXBuilderParameters b2 = b(keyStore, collection);
        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(this.G);
        trustManagerFactory2.init(new CertPathTrustManagerParameters(b2));
        return trustManagerFactory2.getTrustManagers();
    }

    public KeyStore b(zxd zxdVar) throws Exception {
        String objects = Objects.toString(m0(), X());
        String objects2 = Objects.toString(l0(), W());
        String objects3 = Objects.toString(this.B, Objects.toString(this.z, null));
        if (zxdVar == null) {
            zxdVar = this.q;
        }
        return byd.a(zxdVar, objects, objects2, objects3);
    }

    public PKIXBuilderParameters b(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setMaxPathLength(this.J);
        pKIXBuilderParameters.setRevocationEnabled(true);
        PKIXCertPathChecker pKIXCertPathChecker = this.y1;
        if (pKIXCertPathChecker != null) {
            pKIXBuilderParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        if (collection != null && !collection.isEmpty()) {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection)));
        }
        if (this.L) {
            System.setProperty("com.sun.security.enableCRLDP", "true");
        }
        if (this.M) {
            Security.setProperty("ocsp.enable", "true");
            String str = this.N;
            if (str != null) {
                Security.setProperty("ocsp.responderURL", str);
            }
        }
        return pKIXBuilderParameters;
    }

    public Collection<? extends CRL> b(String str) throws Exception {
        return byd.a(str);
    }

    public void b(String... strArr) {
        this.h.clear();
        this.h.addAll(Arrays.asList(strArr));
    }

    public void b(String[] strArr, String[] strArr2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.g.isEmpty()) {
            linkedHashSet.addAll(Arrays.asList(strArr));
        } else {
            for (String str : this.g) {
                if (Arrays.asList(strArr2).contains(str)) {
                    linkedHashSet.add(str);
                } else {
                    x2.c("Protocol {} not supported in {}", str, Arrays.asList(strArr2));
                }
            }
        }
        linkedHashSet.removeAll(this.f);
        if (linkedHashSet.isEmpty()) {
            x2.a("No selected protocols from {}", Arrays.asList(strArr2));
        }
        this.m = (String[]) linkedHashSet.toArray(new String[0]);
    }

    public void c(String str) {
        this.U = str;
    }

    public void d(String str) {
        try {
            this.q = zxd.a(str);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public String d0() {
        return this.N;
    }

    public int e0() {
        return this.a1;
    }

    public String g0() {
        return this.E;
    }

    public SSLContext h0() {
        SSLContext sSLContext;
        if (!l()) {
            return this.T;
        }
        synchronized (this) {
            sSLContext = this.x1.a;
        }
        return sSLContext;
    }

    public int i0() {
        return this.R;
    }

    public int j0() {
        return this.S;
    }

    public String k0() {
        return this.G;
    }

    public String l0() {
        return this.v;
    }

    public String m0() {
        return this.w;
    }

    public boolean p0() {
        return this.y;
    }

    public boolean q0() {
        return this.L;
    }

    public boolean s0() {
        return this.M;
    }

    @Override // defpackage.lxd
    public void t() throws Exception {
        super.t();
        synchronized (this) {
            B0();
        }
    }

    public boolean t0() {
        return this.W;
    }

    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", kyd.class.getSimpleName(), Integer.valueOf(hashCode()), this.C, this.q, this.u);
    }

    @Override // defpackage.lxd
    public void u() throws Exception {
        synchronized (this) {
            C0();
        }
        super.u();
    }

    public boolean w0() {
        return this.Q;
    }

    public boolean x0() {
        return this.V;
    }

    public boolean y0() {
        return this.n;
    }

    public boolean z0() {
        return this.H;
    }
}
