package org.apache.hc.client5.http.ssl;

import java.net.SocketAddress;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.http.ssl.TlsCiphers;
import org.apache.hc.core5.http2.HttpVersionPolicy;
import org.apache.hc.core5.http2.ssl.ApplicationProtocol;
import org.apache.hc.core5.http2.ssl.H2TlsSupport;
import org.apache.hc.core5.net.NamedEndpoint;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
import org.apache.hc.core5.util.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Contract
/* loaded from: classes7.dex */
abstract class AbstractClientTlsStrategy implements TlsStrategy {

    /* renamed from: g, reason: collision with root package name */
    private static final Logger f137459g = LoggerFactory.getLogger((Class<?>) AbstractClientTlsStrategy.class);

    /* renamed from: a, reason: collision with root package name */
    private final SSLContext f137460a;

    /* renamed from: b, reason: collision with root package name */
    private final String[] f137461b;

    /* renamed from: c, reason: collision with root package name */
    private final String[] f137462c;

    /* renamed from: d, reason: collision with root package name */
    private final SSLBufferMode f137463d;

    /* renamed from: e, reason: collision with root package name */
    private final HostnameVerifier f137464e;

    /* renamed from: f, reason: collision with root package name */
    private final TlsSessionValidator f137465f;

    @Override // org.apache.hc.core5.http.nio.ssl.TlsStrategy
    public boolean a(TransportSecurityLayer transportSecurityLayer, final HttpHost httpHost, SocketAddress socketAddress, SocketAddress socketAddress2, final Object obj, Timeout timeout) {
        transportSecurityLayer.a(this.f137460a, httpHost, this.f137463d, new SSLSessionInitializer() { // from class: org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.1
            @Override // org.apache.hc.core5.reactor.ssl.SSLSessionInitializer
            public void a(NamedEndpoint namedEndpoint, SSLEngine sSLEngine) {
                Object obj2 = obj;
                HttpVersionPolicy httpVersionPolicy = obj2 instanceof HttpVersionPolicy ? (HttpVersionPolicy) obj2 : HttpVersionPolicy.NEGOTIATE;
                SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                if (AbstractClientTlsStrategy.this.f137461b != null) {
                    sSLParameters.setProtocols(AbstractClientTlsStrategy.this.f137461b);
                } else if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
                    sSLParameters.setProtocols(TLS.excludeWeak(sSLParameters.getProtocols()));
                }
                if (AbstractClientTlsStrategy.this.f137462c != null) {
                    sSLParameters.setCipherSuites(AbstractClientTlsStrategy.this.f137462c);
                } else if (httpVersionPolicy == HttpVersionPolicy.FORCE_HTTP_2) {
                    sSLParameters.setCipherSuites(TlsCiphers.a(sSLParameters.getCipherSuites()));
                }
                if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
                    H2TlsSupport.d(sSLParameters, false);
                }
                AbstractClientTlsStrategy.this.e(sSLEngine, sSLParameters, H2TlsSupport.b(obj));
                AbstractClientTlsStrategy.this.g(sSLEngine);
                if (AbstractClientTlsStrategy.f137459g.isDebugEnabled()) {
                    AbstractClientTlsStrategy.f137459g.debug("Enabled protocols: {}", Arrays.asList(sSLEngine.getEnabledProtocols()));
                    AbstractClientTlsStrategy.f137459g.debug("Enabled cipher suites:{}", Arrays.asList(sSLEngine.getEnabledCipherSuites()));
                }
            }
        }, new SSLSessionVerifier() { // from class: org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.2
            @Override // org.apache.hc.core5.reactor.ssl.SSLSessionVerifier
            public TlsDetails a(NamedEndpoint namedEndpoint, SSLEngine sSLEngine) {
                AbstractClientTlsStrategy.this.h(httpHost.b(), sSLEngine.getSession());
                TlsDetails f4 = AbstractClientTlsStrategy.this.f(sSLEngine);
                String cipherSuite = sSLEngine.getSession().getCipherSuite();
                if (f4 == null || !ApplicationProtocol.HTTP_2.id.equals(f4.a()) || !TlsCiphers.c(cipherSuite)) {
                    return f4;
                }
                throw new SSLHandshakeException("Cipher suite `" + cipherSuite + "` does not provide adequate security for HTTP/2");
            }
        }, timeout);
        return true;
    }

    abstract void e(SSLEngine sSLEngine, SSLParameters sSLParameters, String[] strArr);

    abstract TlsDetails f(SSLEngine sSLEngine);

    protected void g(SSLEngine sSLEngine) {
    }

    protected void h(String str, SSLSession sSLSession) {
        this.f137465f.a(str, sSLSession, this.f137464e);
    }
}
