package com.aliyun.apache.hc.client5.http.ssl;

import com.aliyun.apache.hc.client5.http.config.TlsConfig;
import com.aliyun.apache.hc.core5.concurrent.FutureCallback;
import com.aliyun.apache.hc.core5.http.HttpHost;
import com.aliyun.apache.hc.core5.http.nio.ssl.TlsStrategy;
import com.aliyun.apache.hc.core5.http.ssl.TLS;
import com.aliyun.apache.hc.core5.http.ssl.TlsCiphers;
import com.aliyun.apache.hc.core5.http2.HttpVersionPolicy;
import com.aliyun.apache.hc.core5.http2.ssl.ApplicationProtocol;
import com.aliyun.apache.hc.core5.http2.ssl.H2TlsSupport;
import com.aliyun.apache.hc.core5.net.NamedEndpoint;
import com.aliyun.apache.hc.core5.reactor.ssl.SSLBufferMode;
import com.aliyun.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
import com.aliyun.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
import com.aliyun.apache.hc.core5.reactor.ssl.TlsDetails;
import com.aliyun.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
import com.aliyun.apache.hc.core5.util.Args;
import com.aliyun.apache.hc.core5.util.Timeout;
import java.net.SocketAddress;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class AbstractClientTlsStrategy implements TlsStrategy {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractClientTlsStrategy.class);
    private final HostnameVerifier hostnameVerifier;
    private final SSLBufferMode sslBufferManagement;
    private final SSLContext sslContext;
    private final String[] supportedCipherSuites;
    private final String[] supportedProtocols;
    private final TlsSessionValidator tlsSessionValidator;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractClientTlsStrategy(SSLContext sSLContext, String[] strArr, String[] strArr2, SSLBufferMode sSLBufferMode, HostnameVerifier hostnameVerifier) {
        this.sslContext = (SSLContext) Args.notNull(sSLContext, "SSL context");
        this.supportedProtocols = strArr;
        this.supportedCipherSuites = strArr2;
        this.sslBufferManagement = sSLBufferMode == null ? SSLBufferMode.STATIC : sSLBufferMode;
        this.hostnameVerifier = hostnameVerifier == null ? HttpsSupport.getDefaultHostnameVerifier() : hostnameVerifier;
        this.tlsSessionValidator = new TlsSessionValidator(LOG);
    }

    abstract void applyParameters(SSLEngine sSLEngine, SSLParameters sSLParameters, String[] strArr);

    abstract TlsDetails createTlsDetails(SSLEngine sSLEngine);

    protected void initializeEngine(SSLEngine sSLEngine) {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$upgrade$0$com-aliyun-apache-hc-client5-http-ssl-AbstractClientTlsStrategy, reason: not valid java name */
    public /* synthetic */ void m1207x20e82025(Object obj, Timeout timeout, NamedEndpoint namedEndpoint, SSLEngine sSLEngine) {
        TlsConfig tlsConfig = obj instanceof TlsConfig ? (TlsConfig) obj : TlsConfig.DEFAULT;
        HttpVersionPolicy httpVersionPolicy = tlsConfig.getHttpVersionPolicy();
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        String[] supportedProtocols = tlsConfig.getSupportedProtocols();
        if (supportedProtocols != null) {
            sSLParameters.setProtocols(supportedProtocols);
        } else {
            String[] strArr = this.supportedProtocols;
            if (strArr != null) {
                sSLParameters.setProtocols(strArr);
            } else if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
                sSLParameters.setProtocols(TLS.excludeWeak(sSLParameters.getProtocols()));
            }
        }
        String[] supportedCipherSuites = tlsConfig.getSupportedCipherSuites();
        if (supportedCipherSuites != null) {
            sSLParameters.setCipherSuites(supportedCipherSuites);
        } else {
            String[] strArr2 = this.supportedCipherSuites;
            if (strArr2 != null) {
                sSLParameters.setCipherSuites(strArr2);
            } else if (httpVersionPolicy == HttpVersionPolicy.FORCE_HTTP_2) {
                sSLParameters.setCipherSuites(TlsCiphers.excludeH2Blacklisted(sSLParameters.getCipherSuites()));
            }
        }
        if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
            H2TlsSupport.setEnableRetransmissions(sSLParameters, false);
        }
        applyParameters(sSLEngine, sSLParameters, H2TlsSupport.selectApplicationProtocols(httpVersionPolicy));
        initializeEngine(sSLEngine);
        Logger logger = LOG;
        if (logger.isDebugEnabled()) {
            logger.debug("Enabled protocols: {}", Arrays.asList(sSLEngine.getEnabledProtocols()));
            logger.debug("Enabled cipher suites:{}", Arrays.asList(sSLEngine.getEnabledCipherSuites()));
            logger.debug("Starting handshake ({})", timeout);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$upgrade$1$com-aliyun-apache-hc-client5-http-ssl-AbstractClientTlsStrategy, reason: not valid java name */
    public /* synthetic */ TlsDetails m1208x6ea79826(NamedEndpoint namedEndpoint, NamedEndpoint namedEndpoint2, SSLEngine sSLEngine) throws SSLException {
        verifySession(namedEndpoint.getHostName(), sSLEngine.getSession());
        TlsDetails createTlsDetails = createTlsDetails(sSLEngine);
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        if (createTlsDetails == null || !ApplicationProtocol.HTTP_2.id.equals(createTlsDetails.getApplicationProtocol()) || !TlsCiphers.isH2Blacklisted(cipherSuite)) {
            return createTlsDetails;
        }
        throw new SSLHandshakeException("Cipher suite `" + cipherSuite + "` does not provide adequate security for HTTP/2");
    }

    @Override // com.aliyun.apache.hc.core5.http.nio.ssl.TlsStrategy
    public void upgrade(TransportSecurityLayer transportSecurityLayer, final NamedEndpoint namedEndpoint, final Object obj, final Timeout timeout, FutureCallback<TransportSecurityLayer> futureCallback) {
        transportSecurityLayer.startTls(this.sslContext, namedEndpoint, this.sslBufferManagement, new SSLSessionInitializer() { // from class: com.aliyun.apache.hc.client5.http.ssl.AbstractClientTlsStrategy$$ExternalSyntheticLambda0
            @Override // com.aliyun.apache.hc.core5.reactor.ssl.SSLSessionInitializer
            public final void initialize(NamedEndpoint namedEndpoint2, SSLEngine sSLEngine) {
                AbstractClientTlsStrategy.this.m1207x20e82025(obj, timeout, namedEndpoint2, sSLEngine);
            }
        }, new SSLSessionVerifier() { // from class: com.aliyun.apache.hc.client5.http.ssl.AbstractClientTlsStrategy$$ExternalSyntheticLambda1
            @Override // com.aliyun.apache.hc.core5.reactor.ssl.SSLSessionVerifier
            public final TlsDetails verify(NamedEndpoint namedEndpoint2, SSLEngine sSLEngine) {
                return AbstractClientTlsStrategy.this.m1208x6ea79826(namedEndpoint, namedEndpoint2, sSLEngine);
            }
        }, timeout, futureCallback);
    }

    @Override // com.aliyun.apache.hc.core5.http.nio.ssl.TlsStrategy
    @Deprecated
    public boolean upgrade(TransportSecurityLayer transportSecurityLayer, HttpHost httpHost, SocketAddress socketAddress, SocketAddress socketAddress2, Object obj, Timeout timeout) {
        upgrade(transportSecurityLayer, httpHost, obj, timeout, null);
        return true;
    }

    protected void verifySession(String str, SSLSession sSLSession) throws SSLException {
        this.tlsSessionValidator.verifySession(str, sSLSession, this.hostnameVerifier);
    }
}
