package ru.CryptoPro.ssl;

import com.google.android.material.card.MaterialCardViewHelper;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.EnumSet;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.ssl.util.TLSSettings;

/* loaded from: classes4.dex */
public abstract class SSLContextImpl extends SSLContextSpi {
    public static final String DISABLE_DEFAULT_CONTEXT_SETTING = "disable_default_context";
    private static final boolean o = GetProperty.getBooleanProperty(DISABLE_DEFAULT_CONTEXT_SETTING, false);
    private boolean d;
    private X509ExtendedKeyManager e;
    private X509TrustManager f;
    private SecureRandom g;
    private cl_78 i;
    private cl_78 j;
    private cl_78 k;
    private cl_14 l;
    private cl_14 m;
    private cl_14 n;
    private AlgorithmConstraints h = new cl_85(null);

    /* renamed from: a, reason: collision with root package name */
    private final cl_30 f1814a = new cl_30();
    private final SSLSessionContextImpl b = new SSLSessionContextImpl();
    private final SSLSessionContextImpl c = new SSLSessionContextImpl();

    /* loaded from: classes4.dex */
    public final class DefaultSSLContext extends cl_92 {

        /* renamed from: a, reason: collision with root package name */
        private static volatile SSLContextImpl f1815a;
        private static TrustManager[] b;
        private static KeyManager[] c;

        public DefaultSSLContext() throws Exception {
            super();
            try {
                super.engineInit(m(), l(), null);
                if (f1815a == null) {
                    f1815a = this;
                }
                SSLLogger.trace("DefaultSSLContext initialized.");
            } catch (Exception e) {
                SSLLogger.error("default context init failed: ", (Throwable) e);
                throw e;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static synchronized SSLContextImpl k() throws Exception {
            SSLContextImpl sSLContextImpl;
            synchronized (DefaultSSLContext.class) {
                if (f1815a == null) {
                    new DefaultSSLContext();
                }
                sSLContextImpl = f1815a;
            }
            return sSLContextImpl;
        }

        private static synchronized TrustManager[] l() throws Exception {
            synchronized (DefaultSSLContext.class) {
                TrustManager[] trustManagerArr = b;
                if (trustManagerArr != null) {
                    return trustManagerArr;
                }
                KeyStore a2 = TrustManagerFactoryImpl.a("defaultctx");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(a2);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                b = trustManagers;
                return trustManagers;
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:29:0x00c9 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:32:0x00e5 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:36:0x00e9 A[Catch: all -> 0x0104, TryCatch #0 {, blocks: (B:4:0x0003, B:9:0x0009, B:11:0x0041, B:14:0x004a, B:15:0x0051, B:16:0x0052, B:18:0x0059, B:20:0x0061, B:21:0x006e, B:23:0x007c, B:24:0x0082, B:26:0x008a, B:29:0x00c9, B:30:0x00cc, B:32:0x00e5, B:33:0x00fc, B:36:0x00e9, B:38:0x00ef, B:39:0x00f9, B:40:0x0091, B:42:0x0097, B:44:0x009f, B:48:0x00aa, B:50:0x00b0, B:52:0x00bb, B:53:0x00c4, B:54:0x00c0), top: B:3:0x0003 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private static synchronized javax.net.ssl.KeyManager[] m() throws java.lang.Exception {
            /*
                Method dump skipped, instructions count: 263
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.ssl.SSLContextImpl.DefaultSSLContext.m():javax.net.ssl.KeyManager[]");
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }
    }

    /* loaded from: classes4.dex */
    public final class TLS10Context extends cl_92 {
        public TLS10Context() {
            super();
        }
    }

    /* loaded from: classes4.dex */
    public final class TLS11Context extends SSLContextImpl {

        /* renamed from: a, reason: collision with root package name */
        private static SSLParameters f1816a;
        private static SSLParameters b;
        private static SSLParameters c;

        static {
            if (cl_36.a()) {
                SSLParameters sSLParameters = new SSLParameters();
                c = sSLParameters;
                sSLParameters.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
                f1816a = c;
                SSLParameters sSLParameters2 = new SSLParameters();
                b = sSLParameters2;
                sSLParameters2.setProtocols(new String[]{cl_79.d.n, cl_79.e.n});
                return;
            }
            SSLParameters sSLParameters3 = new SSLParameters();
            c = sSLParameters3;
            sSLParameters3.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
            f1816a = c;
            SSLParameters sSLParameters4 = new SSLParameters();
            b = sSLParameters4;
            sSLParameters4.setProtocols(new String[]{cl_79.d.n, cl_79.e.n});
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters e() {
            return f1816a;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return b;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return c;
        }
    }

    /* loaded from: classes4.dex */
    public final class TLS12Context extends SSLContextImpl {

        /* renamed from: a, reason: collision with root package name */
        private static SSLParameters f1817a;
        private static SSLParameters b;
        private static SSLParameters c;

        static {
            if (cl_36.a()) {
                SSLParameters sSLParameters = new SSLParameters();
                c = sSLParameters;
                sSLParameters.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
                f1817a = c;
                SSLParameters sSLParameters2 = new SSLParameters();
                b = sSLParameters2;
                sSLParameters2.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
                return;
            }
            SSLParameters sSLParameters3 = new SSLParameters();
            c = sSLParameters3;
            sSLParameters3.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
            f1817a = c;
            SSLParameters sSLParameters4 = new SSLParameters();
            b = sSLParameters4;
            sSLParameters4.setProtocols(new String[]{cl_79.d.n, cl_79.e.n, cl_79.f.n});
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters e() {
            return f1817a;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters f() {
            return b;
        }

        @Override // ru.CryptoPro.ssl.SSLContextImpl
        SSLParameters g() {
            return c;
        }
    }

    private X509ExtendedKeyManager a(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (int i = 0; keyManagerArr != null && i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509KeyManager) {
                if (cl_36.a()) {
                    if ((keyManager instanceof cl_116) || (keyManager instanceof cl_39)) {
                        return (X509ExtendedKeyManager) keyManager;
                    }
                    throw new KeyManagementException("FIPS mode: only JTLS KeyManagers may be used");
                }
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                SSLLogger.subTrace("X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use");
                return new cl_0((X509KeyManager) keyManager);
            }
        }
        return cl_22.f1862a;
    }

    private X509TrustManager a(TrustManager[] trustManagerArr) throws KeyManagementException {
        for (int i = 0; trustManagerArr != null && i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                if (cl_36.a() && !(trustManagerArr[i] instanceof cl_121)) {
                    throw new KeyManagementException("FIPS mode: only JTLS TrustManagers may be used");
                }
                TrustManager trustManager = trustManagerArr[i];
                return trustManager instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManager : new cl_1((X509TrustManager) trustManagerArr[i]);
            }
        }
        return cl_23.f1863a;
    }

    private cl_14 a(cl_78 cl_78Var, boolean z) {
        int i = z ? MaterialCardViewHelper.DEFAULT_FADE_ANIM_DURATION : 1;
        Collection<cl_9> c = cl_9.c();
        TreeSet treeSet = new TreeSet();
        if (!cl_78Var.a().isEmpty() && cl_78Var.f1898a.k != cl_79.f1899a.k) {
            for (cl_9 cl_9Var : c) {
                if (cl_9Var.i && cl_9Var.c >= i) {
                    if (!cl_9Var.a() || cl_9Var.j <= cl_78Var.f1898a.k || cl_9Var.k > cl_78Var.b.k) {
                        SSLLogger.subTrace(cl_9Var.j <= cl_78Var.f1898a.k ? "Ignoring obsoleted cipher suite:" : cl_9Var.k > cl_78Var.b.k ? "Ignoring unsupported cipher suite:" : "Ignoring unavailable cipher suite:", cl_9Var);
                    } else if (this.h.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cl_9Var.f1907a, null)) {
                        treeSet.add(cl_9Var);
                    }
                }
            }
        }
        return new cl_14(treeSet);
    }

    private void k() {
        this.n = null;
        this.l = null;
        this.m = null;
        cl_10.b();
        cl_68.b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRandom a() {
        return this.g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_78 a(boolean z) {
        if (z) {
            if (this.i == null) {
                this.i = new cl_78(e().getProtocols());
            }
            return this.i;
        }
        if (this.j == null) {
            this.j = new cl_78(f().getProtocols());
        }
        return this.j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(cl_78 cl_78Var) {
        return cl_78Var == this.i || cl_78Var == this.j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager b() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_14 b(boolean z) {
        synchronized (this) {
            k();
            if (z) {
                if (this.l == null) {
                    this.l = a(a(true), true);
                }
                return this.l;
            }
            if (this.m == null) {
                this.m = a(a(false), true);
            }
            return this.m;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager c() {
        return this.f;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_30 d() {
        return this.f1814a;
    }

    abstract SSLParameters e();

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        if (this.d) {
            return new SSLEngineImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        if (this.d) {
            return new SSLEngineImpl(this, str, i);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.c;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.d) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (this.d) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        SSLLogger.trace("SSLContextImpl init.");
        this.d = false;
        this.e = a(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception unused) {
            }
        }
        this.f = a(trustManagerArr);
        this.g = cl_68.d();
        SSLLogger.trace("trigger seeding of SecureRandom");
        this.g.nextInt();
        SSLLogger.trace("done seeding SecureRandom");
        if (!TLSSettings.getDefaultEnableRevocation() && TLSSettings.getTlsProhibitDisabledValidation()) {
            throw new KeyManagementException("Certificate validation is disabled but required. The check can be turned off using -Dtls_prohibit_disabled_validation=false or SetPrefs (see the programmer's guide) or TLSSettings.");
        }
        SSLLogger.trace("SSLContextImpl initialized.");
        this.d = true;
    }

    abstract SSLParameters f();

    abstract SSLParameters g();

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_78 h() {
        if (this.k == null) {
            this.k = new cl_78(g().getProtocols());
        }
        return this.k;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_14 i() {
        cl_14 cl_14Var;
        synchronized (this) {
            k();
            if (this.n == null) {
                this.n = a(h(), false);
            }
            cl_14Var = this.n;
        }
        return cl_14Var;
    }
}
