package org.openeuler.sun.security.ssl;

import com.xiaomi.onetrack.util.z;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import org.openeuler.sun.security.ssl.SSLExtension;
import sun.security.action.GetIntegerAction;
import sun.security.action.GetPropertyAction;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public final class SSLConfiguration implements Cloneable {
    static final boolean useExtendedMasterSecret;
    boolean enableSessionCreation;
    List<CipherSuite> enabledCipherSuites;
    List<ProtocolVersion> enabledProtocols;
    BiFunction<SSLEngine, List<String>, String> engineAPSelector;
    HashMap<HandshakeCompletedListener, AccessControlContext> handshakeListeners;
    boolean isClientMode;
    ProtocolVersion maximumProtocolVersion;
    boolean noSniExtension;
    boolean noSniMatcher;
    List<SignatureScheme> signatureSchemes;
    BiFunction<SSLSocket, List<String>, String> socketAPSelector;
    static final boolean allowLegacyResumption = Utilities.getBooleanProperty("jdk.tls.allowLegacyResumption", true);
    static final boolean allowLegacyMasterSecret = Utilities.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true);
    static final boolean useCompatibilityMode = Utilities.getBooleanProperty("jdk.tls.client.useCompatibilityMode", true);
    static final boolean acknowledgeCloseNotify = Utilities.getBooleanProperty("jdk.tls.acknowledgeCloseNotify", false);
    static final int maxHandshakeMessageSize = ((Integer) AccessController.doPrivileged((PrivilegedAction) new GetIntegerAction("jdk.tls.maxHandshakeMessageSize", 32768))).intValue();
    static final int maxCertificateChainLength = ((Integer) AccessController.doPrivileged((PrivilegedAction) new GetIntegerAction("jdk.tls.maxCertificateChainLength", 10))).intValue();
    int maximumPacketSize = 0;
    AlgorithmConstraints userSpecifiedAlgorithmConstraints = SSLAlgorithmConstraints.DEFAULT;
    ClientAuthType clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
    String identificationProtocol = null;
    List<SNIServerName> serverNames = Collections.emptyList();
    Collection<SNIMatcher> sniMatchers = Collections.emptyList();
    boolean preferLocalCipherSuites = false;
    String[] applicationProtocols = new String[0];

    /* renamed from: org.openeuler.sun.security.ssl.SSLConfiguration$1, reason: invalid class name */
    /* loaded from: classes6.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openeuler$sun$security$ssl$ClientAuthType;

        static {
            int[] iArr = new int[ClientAuthType.values().length];
            $SwitchMap$org$openeuler$sun$security$ssl$ClientAuthType = iArr;
            try {
                iArr[ClientAuthType.CLIENT_AUTH_REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$openeuler$sun$security$ssl$ClientAuthType[ClientAuthType.CLIENT_AUTH_REQUESTED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static final class CustomizedClientSignatureSchemes {
        private static List<SignatureScheme> signatureSchemes = SSLConfiguration.getCustomizedSignatureScheme("jdk.tls.client.SignatureSchemes");

        private CustomizedClientSignatureSchemes() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static final class CustomizedServerSignatureSchemes {
        private static List<SignatureScheme> signatureSchemes = SSLConfiguration.getCustomizedSignatureScheme("jdk.tls.server.SignatureSchemes");

        private CustomizedServerSignatureSchemes() {
        }
    }

    static {
        boolean z = false;
        boolean booleanProperty = Utilities.getBooleanProperty("jdk.tls.useExtendedMasterSecret", true);
        if (booleanProperty) {
            try {
                JsseJce.getKeyGenerator("SunTlsExtendedMasterSecret");
            } catch (NoSuchAlgorithmException unused) {
            }
        }
        z = booleanProperty;
        useExtendedMasterSecret = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLConfiguration(SSLContextImpl sSLContextImpl, boolean z) {
        this.enabledProtocols = sSLContextImpl.getDefaultProtocolVersions(!z);
        this.enabledCipherSuites = sSLContextImpl.getDefaultCipherSuites(!z);
        this.signatureSchemes = z ? CustomizedClientSignatureSchemes.signatureSchemes : CustomizedServerSignatureSchemes.signatureSchemes;
        this.maximumProtocolVersion = ProtocolVersion.NONE;
        for (ProtocolVersion protocolVersion : this.enabledProtocols) {
            if (protocolVersion.compareTo(this.maximumProtocolVersion) > 0) {
                this.maximumProtocolVersion = protocolVersion;
            }
        }
        this.isClientMode = z;
        this.enableSessionCreation = true;
        this.socketAPSelector = null;
        this.engineAPSelector = null;
        this.handshakeListeners = null;
        this.noSniExtension = false;
        this.noSniMatcher = false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<SignatureScheme> getCustomizedSignatureScheme(String str) {
        String privilegedGetProperty = GetPropertyAction.privilegedGetProperty(str);
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.fine("System property " + str + " is set to '" + privilegedGetProperty + "'", new Object[0]);
        }
        if (privilegedGetProperty != null && !privilegedGetProperty.isEmpty() && privilegedGetProperty.length() > 1 && privilegedGetProperty.charAt(0) == '\"' && privilegedGetProperty.charAt(privilegedGetProperty.length() - 1) == '\"') {
            privilegedGetProperty = privilegedGetProperty.substring(1, privilegedGetProperty.length() - 1);
        }
        if (privilegedGetProperty == null || privilegedGetProperty.isEmpty()) {
            return Collections.emptyList();
        }
        String[] split = privilegedGetProperty.split(z.b);
        ArrayList arrayList = new ArrayList(split.length);
        for (int i = 0; i < split.length; i++) {
            String trim = split[i].trim();
            split[i] = trim;
            if (!trim.isEmpty()) {
                SignatureScheme nameOf = SignatureScheme.nameOf(split[i]);
                if (nameOf != null && nameOf.isAvailable) {
                    arrayList.add(nameOf);
                } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                    SSLLogger.fine("The current installed providers do not support signature scheme: " + split[i], new Object[0]);
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
        if (this.handshakeListeners == null) {
            this.handshakeListeners = new HashMap<>(4);
        }
        this.handshakeListeners.put(handshakeCompletedListener, AccessController.getContext());
    }

    public Object clone() {
        try {
            SSLConfiguration sSLConfiguration = (SSLConfiguration) super.clone();
            HashMap<HandshakeCompletedListener, AccessControlContext> hashMap = this.handshakeListeners;
            if (hashMap != null) {
                sSLConfiguration.handshakeListeners = (HashMap) hashMap.clone();
            }
            return sSLConfiguration;
        } catch (CloneNotSupportedException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLExtension[] getEnabledExtensions(SSLHandshake sSLHandshake) {
        ArrayList arrayList = new ArrayList();
        for (SSLExtension sSLExtension : SSLExtension.values()) {
            if (sSLExtension.handshakeType == sSLHandshake && isAvailable(sSLExtension)) {
                arrayList.add(sSLExtension);
            }
        }
        return (SSLExtension[]) arrayList.toArray(new SSLExtension[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLExtension[] getEnabledExtensions(SSLHandshake sSLHandshake, List<ProtocolVersion> list) {
        ArrayList arrayList = new ArrayList();
        for (SSLExtension sSLExtension : SSLExtension.values()) {
            if (sSLExtension.handshakeType == sSLHandshake && isAvailable(sSLExtension)) {
                Iterator<ProtocolVersion> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (sSLExtension.isAvailable(it.next())) {
                        arrayList.add(sSLExtension);
                        break;
                    }
                }
            }
        }
        return (SSLExtension[]) arrayList.toArray(new SSLExtension[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLExtension[] getEnabledExtensions(SSLHandshake sSLHandshake, ProtocolVersion protocolVersion) {
        return getEnabledExtensions(sSLHandshake, Arrays.asList(protocolVersion));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLExtension[] getExclusiveExtensions(SSLHandshake sSLHandshake, List<SSLExtension> list) {
        ArrayList arrayList = new ArrayList();
        for (SSLExtension sSLExtension : SSLExtension.values()) {
            if (sSLExtension.handshakeType == sSLHandshake && isAvailable(sSLExtension) && !list.contains(sSLExtension)) {
                arrayList.add(sSLExtension);
            }
        }
        return (SSLExtension[]) arrayList.toArray(new SSLExtension[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setAlgorithmConstraints(this.userSpecifiedAlgorithmConstraints);
        sSLParameters.setProtocols(ProtocolVersion.toStringArray(this.enabledProtocols));
        sSLParameters.setCipherSuites(CipherSuite.namesOf(this.enabledCipherSuites));
        int i = AnonymousClass1.$SwitchMap$org$openeuler$sun$security$ssl$ClientAuthType[this.clientAuthType.ordinal()];
        if (i == 1) {
            sSLParameters.setNeedClientAuth(true);
        } else if (i != 2) {
            sSLParameters.setWantClientAuth(false);
        } else {
            sSLParameters.setWantClientAuth(true);
        }
        sSLParameters.setEndpointIdentificationAlgorithm(this.identificationProtocol);
        if (!this.serverNames.isEmpty() || this.noSniExtension) {
            sSLParameters.setServerNames(this.serverNames);
        } else {
            sSLParameters.setServerNames(null);
        }
        if (!this.sniMatchers.isEmpty() || this.noSniMatcher) {
            sSLParameters.setSNIMatchers(this.sniMatchers);
        } else {
            sSLParameters.setSNIMatchers(null);
        }
        sSLParameters.setApplicationProtocols(this.applicationProtocols);
        sSLParameters.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
        return sSLParameters;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAvailable(SSLExtension sSLExtension) {
        Iterator<ProtocolVersion> it = this.enabledProtocols.iterator();
        while (it.hasNext()) {
            if (sSLExtension.isAvailable(it.next())) {
                if (this.isClientMode) {
                    if (SSLExtension.ClientExtensions.defaults.contains(sSLExtension)) {
                        return true;
                    }
                } else if (SSLExtension.ServerExtensions.defaults.contains(sSLExtension)) {
                    return true;
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAvailable(SSLExtension sSLExtension, ProtocolVersion protocolVersion) {
        return sSLExtension.isAvailable(protocolVersion) && (!this.isClientMode ? !SSLExtension.ServerExtensions.defaults.contains(sSLExtension) : !SSLExtension.ClientExtensions.defaults.contains(sSLExtension));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
        HashMap<HandshakeCompletedListener, AccessControlContext> hashMap = this.handshakeListeners;
        if (hashMap == null) {
            throw new IllegalArgumentException("no listeners");
        }
        if (hashMap.remove(handshakeCompletedListener) == null) {
            throw new IllegalArgumentException("listener not registered");
        }
        if (this.handshakeListeners.isEmpty()) {
            this.handshakeListeners = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSSLParameters(SSLParameters sSLParameters) {
        String[] applicationProtocols;
        AlgorithmConstraints algorithmConstraints = sSLParameters.getAlgorithmConstraints();
        if (algorithmConstraints != null) {
            this.userSpecifiedAlgorithmConstraints = algorithmConstraints;
        }
        String[] cipherSuites = sSLParameters.getCipherSuites();
        if (cipherSuites != null) {
            this.enabledCipherSuites = CipherSuite.validValuesOf(cipherSuites);
        }
        String[] protocols = sSLParameters.getProtocols();
        if (protocols != null) {
            List<ProtocolVersion> namesOf = ProtocolVersion.namesOf(protocols);
            this.enabledProtocols = namesOf;
            this.maximumProtocolVersion = ProtocolVersion.NONE;
            for (ProtocolVersion protocolVersion : namesOf) {
                if (protocolVersion.compareTo(this.maximumProtocolVersion) > 0) {
                    this.maximumProtocolVersion = protocolVersion;
                }
            }
        }
        if (sSLParameters.getNeedClientAuth()) {
            this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUIRED;
        } else if (sSLParameters.getWantClientAuth()) {
            this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUESTED;
        } else {
            this.clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
        }
        String endpointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm();
        if (endpointIdentificationAlgorithm != null) {
            this.identificationProtocol = endpointIdentificationAlgorithm;
        }
        List<SNIServerName> serverNames = sSLParameters.getServerNames();
        if (serverNames != null) {
            this.noSniExtension = serverNames.isEmpty();
            this.serverNames = serverNames;
        }
        Collection<SNIMatcher> sNIMatchers = sSLParameters.getSNIMatchers();
        if (sNIMatchers != null) {
            this.noSniMatcher = sNIMatchers.isEmpty();
            this.sniMatchers = sNIMatchers;
        }
        applicationProtocols = sSLParameters.getApplicationProtocols();
        if (applicationProtocols != null) {
            this.applicationProtocols = applicationProtocols;
        }
        this.preferLocalCipherSuites = sSLParameters.getUseCipherSuitesOrder();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void toggleClientMode() {
        boolean z = !this.isClientMode;
        this.isClientMode = z;
        this.signatureSchemes = z ? CustomizedClientSignatureSchemes.signatureSchemes : CustomizedServerSignatureSchemes.signatureSchemes;
    }
}
