package io.netty.handler.ssl;

import io.netty.buffer.InterfaceC3997j;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public abstract class U {
    static final CertificateFactory X509_CERT_FACTORY;
    private final S9.f attributes = new S9.k();
    private final boolean startTls;

    /* loaded from: classes2.dex */
    static /* synthetic */ class a {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$SslProvider;

        static {
            int[] iArr = new int[Y.values().length];
            $SwitchMap$io$netty$handler$ssl$SslProvider = iArr;
            try {
                iArr[Y.JDK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[Y.OPENSSL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[Y.OPENSSL_REFCNT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e10) {
            throw new IllegalStateException("unable to instance X.509 CertificateFactory", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public U(boolean z10) {
        this.startTls = z10;
    }

    static KeyManagerFactory buildKeyManagerFactory(KeyStore keyStore, String str, char[] cArr, KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory == null) {
            if (str == null) {
                str = KeyManagerFactory.getDefaultAlgorithm();
            }
            keyManagerFactory = KeyManagerFactory.getInstance(str);
        }
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, String str, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory, String str3) {
        if (str == null) {
            str = KeyManagerFactory.getDefaultAlgorithm();
        }
        char[] keyStorePassword = keyStorePassword(str2);
        return buildKeyManagerFactory(buildKeyStore(x509CertificateArr, privateKey, keyStorePassword, str3), str, keyStorePassword, keyManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyStore buildKeyStore(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr, String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", privateKey, cArr, x509CertificateArr);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        int i10 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i10), x509Certificate);
            i10++;
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static Y defaultClientProvider() {
        return defaultProvider();
    }

    private static Y defaultProvider() {
        return AbstractC4029q.isAvailable() ? Y.OPENSSL : Y.JDK;
    }

    public static Y defaultServerProvider() {
        return defaultProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static char[] keyStorePassword(String str) {
        return str == null ? U9.b.EMPTY_CHARS : str.toCharArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static U newClientContextInternal(Y y10, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, P9.b bVar, AbstractC4013a abstractC4013a, String[] strArr, long j10, long j11, boolean z10, String str2, Map.Entry<P9.j, Object>... entryArr) {
        Y defaultClientProvider = y10 == null ? defaultClientProvider() : y10;
        int i10 = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultClientProvider.ordinal()];
        if (i10 == 1) {
            if (!z10) {
                return new C4025m(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, strArr, j10, j11, str2);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultClientProvider);
        }
        if (i10 == 2) {
            verifyNullSslContextProvider(defaultClientProvider, provider);
            AbstractC4029q.ensureAvailability();
            return new C4032u(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, strArr, j10, j11, z10, str2, entryArr);
        }
        if (i10 != 3) {
            throw new Error(defaultClientProvider.toString());
        }
        verifyNullSslContextProvider(defaultClientProvider, provider);
        AbstractC4029q.ensureAvailability();
        return new P(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, strArr, j10, j11, z10, str2, entryArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static U newServerContextInternal(Y y10, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, P9.b bVar, AbstractC4013a abstractC4013a, long j10, long j11, P9.c cVar, String[] strArr, boolean z10, boolean z11, String str2, Map.Entry<P9.j, Object>... entryArr) {
        Y defaultServerProvider = y10 == null ? defaultServerProvider() : y10;
        int i10 = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultServerProvider.ordinal()];
        if (i10 == 1) {
            if (!z11) {
                return new C4028p(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, j10, j11, cVar, strArr, z10, str2);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultServerProvider);
        }
        if (i10 == 2) {
            verifyNullSslContextProvider(defaultServerProvider, provider);
            return new C(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, j10, j11, cVar, strArr, z10, z11, str2, entryArr);
        }
        if (i10 != 3) {
            throw new Error(defaultServerProvider.toString());
        }
        verifyNullSslContextProvider(defaultServerProvider, provider);
        return new S(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, bVar, abstractC4013a, j10, j11, cVar, strArr, z10, z11, str2, entryArr);
    }

    private static void verifyNullSslContextProvider(Y y10, Provider provider) {
        if (provider == null) {
            return;
        }
        throw new IllegalArgumentException("Java Security Provider unsupported for SslProvider: " + y10);
    }

    public abstract boolean isClient();

    public final boolean isServer() {
        return !isClient();
    }

    public abstract SSLEngine newEngine(InterfaceC3997j interfaceC3997j, String str, int i10);

    public final W newHandler(InterfaceC3997j interfaceC3997j, String str, int i10) {
        return newHandler(interfaceC3997j, str, i10, this.startTls);
    }

    protected W newHandler(InterfaceC3997j interfaceC3997j, String str, int i10, boolean z10) {
        return new W(newEngine(interfaceC3997j, str, i10), z10);
    }

    public abstract SSLSessionContext sessionContext();

    public long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }
}
