package sun.security.ssl;

import java.io.FileInputStream;
import java.security.AccessController;
import java.security.CryptoPrimitive;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import sun.security.action.GetPropertyAction;
import sun.security.ssl.HelloCookieManager;
import sun.security.ssl.SessionTicketExtension;

/* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl.class */
public abstract class SSLContextImpl extends SSLContextSpi {
    private boolean isInitialized;
    private X509ExtendedKeyManager keyManager;
    private X509TrustManager trustManager;
    private SecureRandom secureRandom;
    private volatile HelloCookieManager.Builder helloCookieManagerBuilder;
    private static final Collection<CipherSuite> clientCustomizedCipherSuites = getCustomizedCipherSuites("jdk.tls.client.cipherSuites");
    private static final Collection<CipherSuite> serverCustomizedCipherSuites = getCustomizedCipherSuites("jdk.tls.server.cipherSuites");
    private volatile StatusResponseManager statusResponseManager;
    private final boolean clientEnableStapling = Utilities.getBooleanProperty("jdk.tls.client.enableStatusRequestExtension", true);
    private final boolean serverEnableStapling = Utilities.getBooleanProperty("jdk.tls.server.enableStatusRequestExtension", false);
    private final ReentrantLock contextLock = new ReentrantLock();
    final HashMap<Integer, SessionTicketExtension.StatelessKey> keyHashMap = new HashMap<>();
    private final EphemeralKeyManager ephemeralKeyManager = new EphemeralKeyManager();
    private final SSLSessionContextImpl clientCache = new SSLSessionContextImpl(false);
    private final SSLSessionContextImpl serverCache = new SSLSessionContextImpl(true);

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$AbstractDTLSContext.class */
    private static abstract class AbstractDTLSContext extends SSLContextImpl {
        private static final List<ProtocolVersion> supportedProtocols = Arrays.asList(ProtocolVersion.DTLS12, ProtocolVersion.DTLS10);
        private static final List<ProtocolVersion> serverDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.DTLS12, ProtocolVersion.DTLS10});
        private static final List<CipherSuite> supportedCipherSuites = SSLContextImpl.getApplicableSupportedCipherSuites(supportedProtocols);
        private static final List<CipherSuite> serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(serverDefaultProtocols, false);

        private AbstractDTLSContext() {
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLParameters engineGetDefaultSSLParameters() {
            SSLEngine createSSLEngineImpl = createSSLEngineImpl();
            createSSLEngineImpl.setUseClientMode(true);
            return createSSLEngineImpl.getSSLParameters();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLParameters engineGetSupportedSSLParameters() {
            SSLEngine createSSLEngineImpl = createSSLEngineImpl();
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setCipherSuites(createSSLEngineImpl.getSupportedCipherSuites());
            sSLParameters.setProtocols(createSSLEngineImpl.getSupportedProtocols());
            return sSLParameters;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getSupportedProtocolVersions() {
            return supportedProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getSupportedCipherSuites() {
            return supportedCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl
        SSLEngine createSSLEngineImpl() {
            return new SSLEngineImpl(this);
        }

        @Override // sun.security.ssl.SSLContextImpl
        SSLEngine createSSLEngineImpl(String str, int i) {
            return new SSLEngineImpl(this, str, i);
        }

        @Override // sun.security.ssl.SSLContextImpl
        boolean isDTLS() {
            return true;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$AbstractTLSContext.class */
    private static abstract class AbstractTLSContext extends SSLContextImpl {
        private static final List<ProtocolVersion> supportedProtocols = Arrays.asList(ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10, ProtocolVersion.SSL30, ProtocolVersion.SSL20Hello);
        private static final List<ProtocolVersion> serverDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10});
        private static final List<CipherSuite> supportedCipherSuites = SSLContextImpl.getApplicableSupportedCipherSuites(supportedProtocols);
        private static final List<CipherSuite> serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(serverDefaultProtocols, false);

        private AbstractTLSContext() {
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getSupportedProtocolVersions() {
            return supportedProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getSupportedCipherSuites() {
            return supportedCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl
        SSLEngine createSSLEngineImpl() {
            return new SSLEngineImpl(this);
        }

        @Override // sun.security.ssl.SSLContextImpl
        SSLEngine createSSLEngineImpl(String str, int i) {
            return new SSLEngineImpl(this, str, i);
        }

        @Override // sun.security.ssl.SSLContextImpl
        boolean isDTLS() {
            return false;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$CustomizedDTLSContext.class */
    private static class CustomizedDTLSContext extends AbstractDTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols;
        private static final List<ProtocolVersion> serverDefaultProtocols;
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static IllegalArgumentException reservedException;

        private static List<ProtocolVersion> customizedProtocols(boolean z, List<ProtocolVersion> list) {
            ProtocolVersion[] protocolVersionArr;
            ArrayList arrayList = new ArrayList();
            for (ProtocolVersion protocolVersion : list) {
                if (protocolVersion.isDTLS) {
                    arrayList.add(protocolVersion);
                }
            }
            if (arrayList.isEmpty()) {
                protocolVersionArr = new ProtocolVersion[]{ProtocolVersion.DTLS12, ProtocolVersion.DTLS10};
                if (!z) {
                    return Arrays.asList(protocolVersionArr);
                }
            } else {
                protocolVersionArr = (ProtocolVersion[]) list.toArray(new ProtocolVersion[list.size()]);
            }
            return SSLContextImpl.getAvailableProtocols(protocolVersionArr);
        }

        protected CustomizedDTLSContext() {
            if (reservedException != null) {
                throw reservedException;
            }
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl.AbstractDTLSContext, sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl.AbstractDTLSContext, sun.security.ssl.SSLContextImpl
        List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        static {
            reservedException = null;
            reservedException = CustomizedSSLProtocols.reservedException;
            if (reservedException == null) {
                clientDefaultProtocols = customizedProtocols(true, CustomizedSSLProtocols.customizedClientProtocols);
                serverDefaultProtocols = customizedProtocols(false, CustomizedSSLProtocols.customizedServerProtocols);
                clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
                serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(serverDefaultProtocols, false);
                return;
            }
            clientDefaultProtocols = null;
            serverDefaultProtocols = null;
            clientDefaultCipherSuites = null;
            serverDefaultCipherSuites = null;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$CustomizedSSLProtocols.class */
    private static class CustomizedSSLProtocols {
        private static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
        private static final String JDK_TLS_SERVER_PROTOCOLS = "jdk.tls.server.protocols";
        static IllegalArgumentException reservedException = null;
        static final ArrayList<ProtocolVersion> customizedClientProtocols = new ArrayList<>();
        static final ArrayList<ProtocolVersion> customizedServerProtocols = new ArrayList<>();

        private CustomizedSSLProtocols() {
        }

        private static void populate(String str, ArrayList<ProtocolVersion> arrayList) {
            String privilegedGetProperty = GetPropertyAction.privilegedGetProperty(str);
            if (privilegedGetProperty == null) {
                return;
            }
            if (!privilegedGetProperty.isEmpty() && privilegedGetProperty.length() > 1 && privilegedGetProperty.charAt(0) == '\"' && privilegedGetProperty.charAt(privilegedGetProperty.length() - 1) == '\"') {
                privilegedGetProperty = privilegedGetProperty.substring(1, privilegedGetProperty.length() - 1);
            }
            if (privilegedGetProperty.isEmpty()) {
                return;
            }
            String[] split = privilegedGetProperty.split(",");
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].trim();
                ProtocolVersion nameOf = ProtocolVersion.nameOf(split[i]);
                if (nameOf == null) {
                    reservedException = new IllegalArgumentException(str + ": " + split[i] + " is not a supported SSL protocol name");
                }
                if (!arrayList.contains(nameOf)) {
                    arrayList.add(nameOf);
                }
            }
        }

        static {
            populate(JDK_TLS_CLIENT_PROTOCOLS, customizedClientProtocols);
            populate(JDK_TLS_SERVER_PROTOCOLS, customizedServerProtocols);
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$CustomizedTLSContext.class */
    private static class CustomizedTLSContext extends AbstractTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols;
        private static final List<ProtocolVersion> serverDefaultProtocols;
        private static final List<CipherSuite> clientDefaultCipherSuites;
        private static final List<CipherSuite> serverDefaultCipherSuites;
        private static final IllegalArgumentException reservedException = CustomizedSSLProtocols.reservedException;

        private static List<ProtocolVersion> customizedProtocols(boolean z, List<ProtocolVersion> list) {
            ArrayList arrayList = new ArrayList();
            for (ProtocolVersion protocolVersion : list) {
                if (!protocolVersion.isDTLS) {
                    arrayList.add(protocolVersion);
                }
            }
            return SSLContextImpl.getAvailableProtocols(arrayList.isEmpty() ? new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10} : (ProtocolVersion[]) arrayList.toArray(new ProtocolVersion[arrayList.size()]));
        }

        protected CustomizedTLSContext() {
            if (reservedException != null) {
                throw reservedException;
            }
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl.AbstractTLSContext, sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getServerDefaultProtocolVersions() {
            return serverDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }

        @Override // sun.security.ssl.SSLContextImpl.AbstractTLSContext, sun.security.ssl.SSLContextImpl
        List<CipherSuite> getServerDefaultCipherSuites() {
            return serverDefaultCipherSuites;
        }

        static {
            if (reservedException == null) {
                clientDefaultProtocols = customizedProtocols(true, CustomizedSSLProtocols.customizedClientProtocols);
                serverDefaultProtocols = customizedProtocols(false, CustomizedSSLProtocols.customizedServerProtocols);
                clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);
                serverDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(serverDefaultProtocols, false);
                return;
            }
            clientDefaultProtocols = null;
            serverDefaultProtocols = null;
            clientDefaultCipherSuites = null;
            serverDefaultCipherSuites = null;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DTLS10Context.class */
    public static final class DTLS10Context extends AbstractDTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.DTLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DTLS12Context.class */
    public static final class DTLS12Context extends AbstractDTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.DTLS12, ProtocolVersion.DTLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DTLSContext.class */
    public static final class DTLSContext extends CustomizedDTLSContext {
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DefaultManagersHolder.class */
    private static final class DefaultManagersHolder {
        private static final String NONE = "NONE";
        private static final String P11KEYSTORE = "PKCS11";
        private static final TrustManager[] trustManagers;
        private static final KeyManager[] keyManagers;
        private static final Exception reservedException;

        private DefaultManagersHolder() {
        }

        private static TrustManager[] getTrustManagers() throws Exception {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            if ("SunJSSE".equals(trustManagerFactory.getProvider().getName())) {
                trustManagerFactory.init((KeyStore) null);
            } else {
                trustManagerFactory.init(TrustStoreManager.getTrustedKeyStore());
            }
            return trustManagerFactory.getTrustManagers();
        }

        /* JADX WARN: Finally extract failed */
        /* JADX WARN: Multi-variable type inference failed */
        private static KeyManager[] getKeyManagers() throws Exception {
            final HashMap hashMap = new HashMap();
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: sun.security.ssl.SSLContextImpl.DefaultManagersHolder.1
                @Override // java.security.PrivilegedExceptionAction
                /* renamed from: run */
                public Object run2() throws Exception {
                    Map.this.put("keyStore", System.getProperty("javax.net.ssl.keyStore", ""));
                    Map.this.put("keyStoreType", System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()));
                    Map.this.put("keyStoreProvider", System.getProperty("javax.net.ssl.keyStoreProvider", ""));
                    Map.this.put("keyStorePasswd", System.getProperty("javax.net.ssl.keyStorePassword", ""));
                    return null;
                }
            });
            final String str = (String) hashMap.get("keyStore");
            String str2 = (String) hashMap.get("keyStoreType");
            String str3 = (String) hashMap.get("keyStoreProvider");
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                SSLLogger.fine("keyStore is : " + str, new Object[0]);
                SSLLogger.fine("keyStore type is : " + str2, new Object[0]);
                SSLLogger.fine("keyStore provider is : " + str3, new Object[0]);
            }
            if (P11KEYSTORE.equals(str2) && !NONE.equals(str)) {
                throw new IllegalArgumentException("if keyStoreType is PKCS11, then keyStore must be NONE");
            }
            FileInputStream fileInputStream = null;
            KeyStore keyStore = null;
            char[] cArr = null;
            try {
                if (!str.isEmpty() && !NONE.equals(str)) {
                    fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: sun.security.ssl.SSLContextImpl.DefaultManagersHolder.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        /* renamed from: run */
                        public FileInputStream run2() throws Exception {
                            return new FileInputStream(String.this);
                        }
                    });
                }
                String str4 = (String) hashMap.get("keyStorePasswd");
                if (!str4.isEmpty()) {
                    cArr = str4.toCharArray();
                }
                if (str2.length() != 0) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                        SSLLogger.finest("init keystore", new Object[0]);
                    }
                    keyStore = str3.isEmpty() ? KeyStore.getInstance(str2) : KeyStore.getInstance(str2, str3);
                    keyStore.load(fileInputStream, cArr);
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                    SSLLogger.fine("init keymanager of type " + KeyManagerFactory.getDefaultAlgorithm(), new Object[0]);
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                if (P11KEYSTORE.equals(str2)) {
                    keyManagerFactory.init(keyStore, null);
                } else {
                    keyManagerFactory.init(keyStore, cArr);
                }
                return keyManagerFactory.getKeyManagers();
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }

        static {
            Exception exc = null;
            TrustManager[] trustManagerArr = null;
            try {
                trustManagerArr = getTrustManagers();
            } catch (Exception e) {
                exc = e;
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                    SSLLogger.warning("Failed to load default trust managers", e);
                }
            }
            KeyManager[] keyManagerArr = null;
            if (exc == null) {
                try {
                    keyManagerArr = getKeyManagers();
                } catch (Exception e2) {
                    exc = e2;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                        SSLLogger.warning("Failed to load default key managers", e2);
                    }
                }
            }
            if (exc != null) {
                trustManagers = new TrustManager[0];
                keyManagers = new KeyManager[0];
                reservedException = new KeyManagementException(exc.getMessage());
            } else {
                trustManagers = trustManagerArr;
                keyManagers = keyManagerArr;
                reservedException = null;
            }
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DefaultSSLContext.class */
    public static final class DefaultSSLContext extends CustomizedTLSContext {
        public DefaultSSLContext() throws Exception {
            if (DefaultManagersHolder.reservedException != null) {
                throw DefaultManagersHolder.reservedException;
            }
            try {
                super.engineInit(DefaultManagersHolder.keyManagers, DefaultManagersHolder.trustManagers, null);
            } catch (Exception e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                    SSLLogger.fine("default context init failed: ", e);
                }
                throw e;
            }
        }

        @Override // sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static SSLContextImpl getDefaultImpl() throws Exception {
            if (DefaultSSLContextHolder.reservedException != null) {
                throw DefaultSSLContextHolder.reservedException;
            }
            return DefaultSSLContextHolder.sslContext;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$DefaultSSLContextHolder.class */
    private static final class DefaultSSLContextHolder {
        private static final SSLContextImpl sslContext;
        private static final Exception reservedException;

        private DefaultSSLContextHolder() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v11, types: [java.lang.Exception] */
        static {
            KeyManagementException keyManagementException = null;
            DefaultSSLContext defaultSSLContext = null;
            if (DefaultManagersHolder.reservedException != null) {
                keyManagementException = DefaultManagersHolder.reservedException;
            } else {
                try {
                    defaultSSLContext = new DefaultSSLContext();
                } catch (Exception e) {
                    keyManagementException = new KeyManagementException(e.getMessage());
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
                        SSLLogger.warning("Failed to load default SSLContext", e);
                    }
                }
            }
            sslContext = defaultSSLContext;
            reservedException = keyManagementException;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$TLS10Context.class */
    public static final class TLS10Context extends AbstractTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$TLS11Context.class */
    public static final class TLS11Context extends AbstractTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS11, ProtocolVersion.TLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$TLS12Context.class */
    public static final class TLS12Context extends AbstractTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$TLS13Context.class */
    public static final class TLS13Context extends AbstractTLSContext {
        private static final List<ProtocolVersion> clientDefaultProtocols = SSLContextImpl.getAvailableProtocols(new ProtocolVersion[]{ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11, ProtocolVersion.TLS10});
        private static final List<CipherSuite> clientDefaultCipherSuites = SSLContextImpl.getApplicableEnabledCipherSuites(clientDefaultProtocols, true);

        @Override // sun.security.ssl.SSLContextImpl
        List<ProtocolVersion> getClientDefaultProtocolVersions() {
            return clientDefaultProtocols;
        }

        @Override // sun.security.ssl.SSLContextImpl
        List<CipherSuite> getClientDefaultCipherSuites() {
            return clientDefaultCipherSuites;
        }
    }

    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLContextImpl$TLSContext.class */
    public static final class TLSContext extends CustomizedTLSContext {
    }

    SSLContextImpl() {
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        this.isInitialized = false;
        this.keyManager = chooseKeyManager(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
            }
        }
        this.trustManager = chooseTrustManager(trustManagerArr);
        if (secureRandom == null) {
            this.secureRandom = new SecureRandom();
        } else {
            this.secureRandom = secureRandom;
        }
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.finest("trigger seeding of SecureRandom", new Object[0]);
        }
        this.secureRandom.nextInt();
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.finest("done seeding of SecureRandom", new Object[0]);
        }
        this.isInitialized = true;
    }

    private X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) throws KeyManagementException {
        for (int i = 0; trustManagerArr != null && i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                return trustManagerArr[i] instanceof X509ExtendedTrustManager ? (X509TrustManager) trustManagerArr[i] : new AbstractTrustManagerWrapper((X509TrustManager) trustManagerArr[i]);
            }
        }
        return DummyX509TrustManager.INSTANCE;
    }

    private X509ExtendedKeyManager chooseKeyManager(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (int i = 0; keyManagerArr != null && i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509KeyManager) {
                if (keyManager instanceof X509ExtendedKeyManager) {
                    return (X509ExtendedKeyManager) keyManager;
                }
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                    SSLLogger.warning("X509KeyManager passed to SSLContext.init():  need an X509ExtendedKeyManager for SSLEngine use", new Object[0]);
                }
                return new AbstractKeyManagerWrapper((X509KeyManager) keyManager);
            }
        }
        return DummyX509KeyManager.INSTANCE;
    }

    abstract SSLEngine createSSLEngineImpl();

    abstract SSLEngine createSSLEngineImpl(String str, int i);

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        if (this.isInitialized) {
            return createSSLEngineImpl();
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        if (this.isInitialized) {
            return createSSLEngineImpl(str, i);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (!this.isInitialized) {
            throw new IllegalStateException("SSLContext is not initialized");
        }
        if (isDTLS()) {
            throw new UnsupportedOperationException("DTLS not supported with SSLSocket");
        }
        return new SSLSocketFactoryImpl(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (!this.isInitialized) {
            throw new IllegalStateException("SSLContext is not initialized");
        }
        if (isDTLS()) {
            throw new UnsupportedOperationException("DTLS not supported with SSLServerSocket");
        }
        return new SSLServerSocketFactoryImpl(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.clientCache;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.serverCache;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager getX509KeyManager() {
        return this.keyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager getX509TrustManager() {
        return this.trustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EphemeralKeyManager getEphemeralKeyManager() {
        return this.ephemeralKeyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
        if (this.helloCookieManagerBuilder == null) {
            this.contextLock.lock();
            try {
                if (this.helloCookieManagerBuilder == null) {
                    this.helloCookieManagerBuilder = new HelloCookieManager.Builder(this.secureRandom);
                }
            } finally {
                this.contextLock.unlock();
            }
        }
        return this.helloCookieManagerBuilder.valueOf(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StatusResponseManager getStatusResponseManager() {
        if (this.serverEnableStapling && this.statusResponseManager == null) {
            this.contextLock.lock();
            try {
                if (this.statusResponseManager == null) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                        SSLLogger.finest("Initializing StatusResponseManager", new Object[0]);
                    }
                    this.statusResponseManager = new StatusResponseManager();
                }
            } finally {
                this.contextLock.unlock();
            }
        }
        return this.statusResponseManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract List<ProtocolVersion> getSupportedProtocolVersions();

    abstract List<ProtocolVersion> getServerDefaultProtocolVersions();

    abstract List<ProtocolVersion> getClientDefaultProtocolVersions();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract List<CipherSuite> getSupportedCipherSuites();

    abstract List<CipherSuite> getServerDefaultCipherSuites();

    abstract List<CipherSuite> getClientDefaultCipherSuites();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract boolean isDTLS();

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<ProtocolVersion> getDefaultProtocolVersions(boolean z) {
        return z ? getServerDefaultProtocolVersions() : getClientDefaultProtocolVersions();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<CipherSuite> getDefaultCipherSuites(boolean z) {
        return z ? getServerDefaultCipherSuites() : getClientDefaultCipherSuites();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDefaultProtocolVesions(List<ProtocolVersion> list) {
        return list == getServerDefaultProtocolVersions() || list == getClientDefaultProtocolVersions();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDefaultCipherSuiteList(List<CipherSuite> list) {
        return list == getServerDefaultCipherSuites() || list == getClientDefaultCipherSuites();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isStaplingEnabled(boolean z) {
        return z ? this.clientEnableStapling : this.serverEnableStapling;
    }

    private static List<CipherSuite> getApplicableSupportedCipherSuites(List<ProtocolVersion> list) {
        return getApplicableCipherSuites(CipherSuite.allowedCipherSuites(), list);
    }

    private static List<CipherSuite> getApplicableEnabledCipherSuites(List<ProtocolVersion> list, boolean z) {
        if (z) {
            if (!clientCustomizedCipherSuites.isEmpty()) {
                return getApplicableCipherSuites(clientCustomizedCipherSuites, list);
            }
        } else if (!serverCustomizedCipherSuites.isEmpty()) {
            return getApplicableCipherSuites(serverCustomizedCipherSuites, list);
        }
        return getApplicableCipherSuites(CipherSuite.defaultCipherSuites(), list);
    }

    private static List<CipherSuite> getApplicableCipherSuites(Collection<CipherSuite> collection, List<ProtocolVersion> list) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (list != null && !list.isEmpty()) {
            for (CipherSuite cipherSuite : collection) {
                if (cipherSuite.isAvailable()) {
                    boolean z = false;
                    Iterator<ProtocolVersion> it = list.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (cipherSuite.supports(it.next()) && cipherSuite.bulkCipher.isAvailable()) {
                            if (SSLAlgorithmConstraints.DEFAULT.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                                linkedHashSet.add(cipherSuite);
                                z = true;
                            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx,verbose")) {
                                SSLLogger.fine("Ignore disabled cipher suite: " + cipherSuite.name, new Object[0]);
                            }
                        }
                    }
                    if (!z && SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx,verbose")) {
                        SSLLogger.finest("Ignore unsupported cipher suite: " + ((Object) cipherSuite), new Object[0]);
                    }
                }
            }
        }
        return new ArrayList(linkedHashSet);
    }

    private static Collection<CipherSuite> getCustomizedCipherSuites(String str) {
        String privilegedGetProperty = GetPropertyAction.privilegedGetProperty(str);
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
            SSLLogger.fine("System property " + str + " is set to '" + privilegedGetProperty + "'", new Object[0]);
        }
        if (privilegedGetProperty != null && !privilegedGetProperty.isEmpty() && privilegedGetProperty.length() > 1 && privilegedGetProperty.charAt(0) == '\"' && privilegedGetProperty.charAt(privilegedGetProperty.length() - 1) == '\"') {
            privilegedGetProperty = privilegedGetProperty.substring(1, privilegedGetProperty.length() - 1);
        }
        if (privilegedGetProperty == null || privilegedGetProperty.isEmpty()) {
            return Collections.emptyList();
        }
        String[] split = privilegedGetProperty.split(",");
        ArrayList arrayList = new ArrayList(split.length);
        for (int i = 0; i < split.length; i++) {
            split[i] = split[i].trim();
            if (!split[i].isEmpty()) {
                try {
                    CipherSuite nameOf = CipherSuite.nameOf(split[i]);
                    if (nameOf != null && nameOf.isAvailable()) {
                        arrayList.add(nameOf);
                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                        SSLLogger.fine("The current installed providers do not support cipher suite: " + split[i], new Object[0]);
                    }
                } catch (IllegalArgumentException e) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                        SSLLogger.fine("Unknown or unsupported cipher suite name: " + split[i], new Object[0]);
                    }
                }
            }
        }
        return arrayList;
    }

    private static List<ProtocolVersion> getAvailableProtocols(ProtocolVersion[] protocolVersionArr) {
        List<ProtocolVersion> emptyList = Collections.emptyList();
        if (protocolVersionArr != null && protocolVersionArr.length != 0) {
            emptyList = new ArrayList(protocolVersionArr.length);
            for (ProtocolVersion protocolVersion : protocolVersionArr) {
                if (protocolVersion.isAvailable) {
                    emptyList.add(protocolVersion);
                }
            }
        }
        return emptyList;
    }
}
