package org.bouncycastle.jsse.provider;

import android.support.v4.media.a;
import com.google.firebase.components.d;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.lang.reflect.Constructor;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;
import org.bouncycastle.jsse.BCX509ExtendedTrustManager;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.java.security.BCCryptoPrimitive;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvSSLContextSpi extends SSLContextSpi {
    public static final Logger j = Logger.getLogger(ProvSSLContextSpi.class.getName());
    public static final Set<BCCryptoPrimitive> k = JsseUtils.g;
    public static final Map<String, CipherSuiteInfo> l;
    public static final Map<String, CipherSuiteInfo> m;
    public static final Map<String, ProtocolVersion> n;
    public static final Map<String, ProtocolVersion> o;
    public static final List<String> p;
    public static final List<String> q;
    public static final List<String> r;
    public static final List<String> s;
    public final boolean a;
    public final JcaTlsCryptoProvider b;
    public final Map<String, CipherSuiteInfo> c;
    public final Map<String, ProtocolVersion> d;
    public final String[] e;
    public final String[] f;
    public final String[] g;
    public final String[] h;
    public ContextData i = null;

    /* renamed from: org.bouncycastle.jsse.provider.ProvSSLContextSpi$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public class AnonymousClass1 implements Comparator<ProtocolVersion> {
        @Override // java.util.Comparator
        public final int compare(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2) {
            ProtocolVersion protocolVersion3 = protocolVersion;
            ProtocolVersion protocolVersion4 = protocolVersion2;
            if (protocolVersion3.k(protocolVersion4)) {
                return -1;
            }
            return protocolVersion4.k(protocolVersion3) ? 1 : 0;
        }
    }

    static {
        TreeMap treeMap = new TreeMap();
        a(treeMap, "TLS_AES_128_CCM_8_SHA256", 4869);
        a(treeMap, "TLS_AES_128_CCM_SHA256", 4868);
        a(treeMap, "TLS_AES_128_GCM_SHA256", 4865);
        a(treeMap, "TLS_AES_256_GCM_SHA384", 4866);
        a(treeMap, "TLS_CHACHA20_POLY1305_SHA256", 4867);
        a(treeMap, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 19);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 50);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 64);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 162);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 56);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 106);
        a(treeMap, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 163);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 49218);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 49238);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 49219);
        a(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 49239);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 68);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 189);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 49280);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 135);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 195);
        a(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 49281);
        a(treeMap, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 22);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 51);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 103);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM", 49310);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM_8", 49314);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 158);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 57);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 107);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM", 49311);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM_8", 49315);
        a(treeMap, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 159);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 49220);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 49234);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 49221);
        a(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 49235);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 69);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 190);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49276);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 136);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 196);
        a(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49277);
        a(treeMap, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 52394);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 49160);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 49161);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 49187);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 49324);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 49326);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 49195);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 49162);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 49188);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 49325);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 49327);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 49196);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 49224);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 49244);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 49225);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 49245);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 49266);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 49286);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 49267);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 49287);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 52393);
        a(treeMap, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 49158);
        a(treeMap, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 49170);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 49171);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 49191);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 49199);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 49172);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 49192);
        a(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 49200);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 49228);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 49248);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 49229);
        a(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 49249);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 49270);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49290);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 49271);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49291);
        a(treeMap, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 52392);
        a(treeMap, "TLS_ECDHE_RSA_WITH_NULL_SHA", 49168);
        a(treeMap, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 10);
        a(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA", 47);
        a(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA256", 60);
        a(treeMap, "TLS_RSA_WITH_AES_128_CCM", 49308);
        a(treeMap, "TLS_RSA_WITH_AES_128_CCM_8", 49312);
        a(treeMap, "TLS_RSA_WITH_AES_128_GCM_SHA256", 156);
        a(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA", 53);
        a(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA256", 61);
        a(treeMap, "TLS_RSA_WITH_AES_256_CCM", 49309);
        a(treeMap, "TLS_RSA_WITH_AES_256_CCM_8", 49313);
        a(treeMap, "TLS_RSA_WITH_AES_256_GCM_SHA384", 157);
        a(treeMap, "TLS_RSA_WITH_ARIA_128_CBC_SHA256", 49212);
        a(treeMap, "TLS_RSA_WITH_ARIA_128_GCM_SHA256", 49232);
        a(treeMap, "TLS_RSA_WITH_ARIA_256_CBC_SHA384", 49213);
        a(treeMap, "TLS_RSA_WITH_ARIA_256_GCM_SHA384", 49233);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 65);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 186);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 49274);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 132);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 192);
        a(treeMap, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 49275);
        a(treeMap, "TLS_RSA_WITH_NULL_SHA", 2);
        a(treeMap, "TLS_RSA_WITH_NULL_SHA256", 59);
        Map<String, CipherSuiteInfo> unmodifiableMap = Collections.unmodifiableMap(treeMap);
        l = unmodifiableMap;
        LinkedHashMap linkedHashMap = new LinkedHashMap(unmodifiableMap);
        Set keySet = linkedHashMap.keySet();
        Set<String> set = FipsUtils.a;
        keySet.retainAll(set);
        m = Collections.unmodifiableMap(linkedHashMap);
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("TLSv1.3", ProtocolVersion.g);
        linkedHashMap2.put("TLSv1.2", ProtocolVersion.f);
        linkedHashMap2.put("TLSv1.1", ProtocolVersion.e);
        linkedHashMap2.put("TLSv1", ProtocolVersion.d);
        linkedHashMap2.put("SSLv3", ProtocolVersion.c);
        Map<String, ProtocolVersion> unmodifiableMap2 = Collections.unmodifiableMap(linkedHashMap2);
        n = unmodifiableMap2;
        LinkedHashMap linkedHashMap3 = new LinkedHashMap(unmodifiableMap2);
        Set keySet2 = linkedHashMap3.keySet();
        Set<String> set2 = FipsUtils.b;
        keySet2.retainAll(set2);
        o = Collections.unmodifiableMap(linkedHashMap3);
        Set<String> keySet3 = unmodifiableMap.keySet();
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLS_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_AES_256_GCM_SHA384");
        arrayList.add("TLS_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
        d.z(arrayList, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        d.z(arrayList, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
        d.z(arrayList, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
        d.z(arrayList, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        d.z(arrayList, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        d.z(arrayList, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
        d.z(arrayList, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA");
        arrayList.retainAll(keySet3);
        arrayList.trimToSize();
        List<String> unmodifiableList = Collections.unmodifiableList(arrayList);
        p = unmodifiableList;
        ArrayList arrayList2 = new ArrayList(unmodifiableList);
        arrayList2.retainAll(set);
        arrayList2.trimToSize();
        q = Collections.unmodifiableList(arrayList2);
        Set<String> keySet4 = unmodifiableMap2.keySet();
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("TLSv1.2");
        arrayList3.add("TLSv1.1");
        arrayList3.add("TLSv1");
        arrayList3.retainAll(keySet4);
        arrayList3.trimToSize();
        List<String> unmodifiableList2 = Collections.unmodifiableList(arrayList3);
        r = unmodifiableList2;
        ArrayList arrayList4 = new ArrayList(unmodifiableList2);
        arrayList4.retainAll(set2);
        arrayList4.trimToSize();
        s = Collections.unmodifiableList(arrayList4);
    }

    public ProvSSLContextSpi(boolean z, JcaTlsCryptoProvider jcaTlsCryptoProvider, List<String> list) {
        this.a = z;
        this.b = jcaTlsCryptoProvider;
        Map<String, CipherSuiteInfo> map = z ? m : l;
        this.c = map;
        Map<String, ProtocolVersion> map2 = z ? o : n;
        this.d = map2;
        List<String> list2 = z ? q : p;
        List<String> list3 = z ? s : r;
        this.e = f(map, "jdk.tls.client.cipherSuites", list2);
        this.f = f(map, "jdk.tls.server.cipherSuites", list2);
        this.g = g(map2, "jdk.tls.client.protocols", list3, list);
        this.h = g(map2, "jdk.tls.server.protocols", list3, null);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:35:0x00d1. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:55:0x012c  */
    /* JADX WARN: Removed duplicated region for block: B:60:0x0154  */
    /* JADX WARN: Removed duplicated region for block: B:68:0x019d  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x01b9 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:72:0x01ba  */
    /* JADX WARN: Removed duplicated region for block: B:79:0x018e  */
    /* JADX WARN: Removed duplicated region for block: B:85:0x014a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(java.util.TreeMap r22, java.lang.String r23, int r24) {
        /*
            Method dump skipped, instructions count: 986
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvSSLContextSpi.a(java.util.TreeMap, java.lang.String, int):void");
    }

    public static String d(int i) {
        if (i == 0) {
            return "SSL_NULL_WITH_NULL_NULL";
        }
        if (!TlsUtils.V(i)) {
            return null;
        }
        for (CipherSuiteInfo cipherSuiteInfo : l.values()) {
            if (cipherSuiteInfo.a == i) {
                return cipherSuiteInfo.b;
            }
        }
        return null;
    }

    public static String[] f(Map<String, CipherSuiteInfo> map, String str, List<String> list) {
        Logger logger;
        String[] f = PropertyUtils.f(PropertyUtils.d(str));
        if (f != null) {
            ArrayList arrayList = new ArrayList(f.length);
            int length = f.length;
            int i = 0;
            while (true) {
                logger = j;
                if (i >= length) {
                    break;
                }
                String str2 = f[i];
                if (!arrayList.contains(str2)) {
                    if (l.containsKey(str2)) {
                        arrayList.add(str2);
                    } else {
                        logger.warning("'" + str + "' contains unsupported cipher suite: " + str2);
                    }
                }
                i++;
            }
            if (arrayList.isEmpty()) {
                logger.severe("'" + str + "' contained no supported cipher suites (ignoring)");
            } else {
                list = arrayList;
            }
        }
        int size = list.size();
        String[] strArr = new String[size];
        int i2 = 0;
        for (String str3 : list) {
            if (map.containsKey(str3) && ProvAlgorithmConstraints.h.permits(k, str3, null)) {
                strArr[i2] = str3;
                i2++;
            }
        }
        boolean z = JsseUtils.a;
        if (i2 >= size) {
            return strArr;
        }
        String[] strArr2 = new String[i2];
        System.arraycopy(strArr, 0, strArr2, 0, Math.min(size, i2));
        return strArr2;
    }

    public static String[] g(Map<String, ProtocolVersion> map, String str, List<String> list, List<String> list2) {
        Logger logger;
        if (list2 == null) {
            String[] f = PropertyUtils.f(PropertyUtils.d(str));
            if (f != null) {
                ArrayList arrayList = new ArrayList(f.length);
                int length = f.length;
                int i = 0;
                while (true) {
                    logger = j;
                    if (i >= length) {
                        break;
                    }
                    String str2 = f[i];
                    if (!arrayList.contains(str2)) {
                        if (n.containsKey(str2)) {
                            arrayList.add(str2);
                        } else {
                            logger.warning("'" + str + "' contains unsupported protocol: " + str2);
                        }
                    }
                    i++;
                }
                if (arrayList.isEmpty()) {
                    logger.severe("'" + str + "' contained no supported protocols (ignoring)");
                } else {
                    list = arrayList;
                }
            }
            list2 = list;
        }
        int size = list2.size();
        String[] strArr = new String[size];
        int i2 = 0;
        for (String str3 : list2) {
            if (map.containsKey(str3) && ProvAlgorithmConstraints.i.permits(k, str3, null)) {
                strArr[i2] = str3;
                i2++;
            }
        }
        boolean z = JsseUtils.a;
        if (i2 >= size) {
            return strArr;
        }
        String[] strArr2 = new String[i2];
        System.arraycopy(strArr, 0, strArr2, 0, Math.min(size, i2));
        return strArr2;
    }

    public static KeyManager[] h() throws Exception {
        Throwable th;
        BufferedInputStream bufferedInputStream;
        Logger logger = ProvKeyManagerFactorySpi.d;
        String defaultType = KeyStore.getDefaultType();
        String d = PropertyUtils.d("javax.net.ssl.keyStore");
        BufferedInputStream bufferedInputStream2 = null;
        if ("NONE".equals(d) || d == null || !new File(d).exists()) {
            d = null;
        }
        String d2 = PropertyUtils.d("javax.net.ssl.keyStoreType");
        if (d2 != null) {
            defaultType = d2;
        }
        String d3 = PropertyUtils.d("javax.net.ssl.keyStoreProvider");
        KeyStore keyStore = TlsUtils.J(d3) ? KeyStore.getInstance(defaultType) : KeyStore.getInstance(defaultType, d3);
        String c = PropertyUtils.c("javax.net.ssl.keyStorePassword");
        char[] charArray = c != null ? c.toCharArray() : null;
        Logger logger2 = ProvKeyManagerFactorySpi.d;
        try {
            if (d == null) {
                logger2.config("Initializing default key store as empty");
                bufferedInputStream = null;
            } else {
                logger2.config("Initializing default key store from path: ".concat(d));
                bufferedInputStream = new BufferedInputStream(new FileInputStream(d));
            }
            try {
                try {
                    keyStore.load(bufferedInputStream, charArray);
                } catch (NullPointerException unused) {
                    keyStore = KeyStore.getInstance("BCFKS");
                    keyStore.load(null, null);
                }
                if (bufferedInputStream != null) {
                    bufferedInputStream.close();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, charArray);
                return keyManagerFactory.getKeyManagers();
            } catch (Throwable th2) {
                th = th2;
                bufferedInputStream2 = bufferedInputStream;
                if (bufferedInputStream2 != null) {
                    bufferedInputStream2.close();
                }
                throw th;
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public static String j(ProtocolVersion protocolVersion) {
        if (protocolVersion == null) {
            return "NONE";
        }
        for (Map.Entry<String, ProtocolVersion> entry : n.entrySet()) {
            if (entry.getValue().b(protocolVersion)) {
                return entry.getKey();
            }
        }
        return "NONE";
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:131:0x00c9, code lost:
    
        if (r19.v(11) == false) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x008e, code lost:
    
        if (r19.v(8) == false) goto L41;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:33:0x0075. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:60:0x0157. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:116:0x01f4  */
    /* JADX WARN: Removed duplicated region for block: B:11:0x0046  */
    /* JADX WARN: Removed duplicated region for block: B:14:0x004d A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0126  */
    /* JADX WARN: Removed duplicated region for block: B:53:0x01f9  */
    /* JADX WARN: Removed duplicated region for block: B:56:0x01fe A[SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r8v0 */
    /* JADX WARN: Type inference failed for: r8v1, types: [int] */
    /* JADX WARN: Type inference failed for: r8v2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final int[] b(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r19, org.bouncycastle.jsse.provider.ProvSSLParameters r20, org.bouncycastle.tls.ProtocolVersion[] r21) {
        /*
            Method dump skipped, instructions count: 636
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvSSLContextSpi.b(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto, org.bouncycastle.jsse.provider.ProvSSLParameters, org.bouncycastle.tls.ProtocolVersion[]):int[]");
    }

    public final ProtocolVersion[] c(ProvSSLParameters provSSLParameters) {
        String[] strArr = provSSLParameters.c;
        BCAlgorithmConstraints bCAlgorithmConstraints = provSSLParameters.f;
        TreeSet treeSet = new TreeSet(new AnonymousClass1());
        for (String str : strArr) {
            ProtocolVersion protocolVersion = this.d.get(str);
            if (protocolVersion != null && bCAlgorithmConstraints.permits(k, str, null)) {
                treeSet.add(protocolVersion);
            }
        }
        if (treeSet.isEmpty()) {
            throw new IllegalStateException("No usable protocols enabled");
        }
        return (ProtocolVersion[]) treeSet.toArray(new ProtocolVersion[treeSet.size()]);
    }

    public final synchronized ContextData e() {
        ContextData contextData;
        contextData = this.i;
        if (contextData == null) {
            throw new IllegalStateException("SSLContext has not been initialized.");
        }
        return contextData;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final synchronized SSLEngine engineCreateSSLEngine() {
        ContextData e;
        e = e();
        return SSLEngineUtil.c ? new ProvSSLEngine_8(e) : new ProvSSLEngine(e);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
        ContextData e;
        e = e();
        return SSLEngineUtil.c ? new ProvSSLEngine_8(e, str, i) : new ProvSSLEngine(e, str, i);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final synchronized SSLSessionContext engineGetClientSessionContext() {
        return e().e;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final SSLParameters engineGetDefaultSSLParameters() {
        e();
        return SSLParametersUtil.b(i(true));
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final synchronized SSLSessionContext engineGetServerSessionContext() {
        return e().f;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final SSLServerSocketFactory engineGetServerSocketFactory() {
        return new ProvSSLServerSocketFactory(e());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final SSLSocketFactory engineGetSocketFactory() {
        return new ProvSSLSocketFactory(e());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public final SSLParameters engineGetSupportedSSLParameters() {
        e();
        String[] k2 = k();
        Set<String> keySet = this.d.keySet();
        return SSLParametersUtil.b(new ProvSSLParameters(this, k2, (String[]) keySet.toArray(new String[keySet.size()])));
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        BCX509ExtendedKeyManager bCX509ExtendedKeyManager;
        this.i = null;
        JcaTlsCrypto a = this.b.a(secureRandom);
        JcaJceHelper jcaJceHelper = a.a;
        if (keyManagerArr != null) {
            for (KeyManager keyManager : keyManagerArr) {
                if (keyManager instanceof X509KeyManager) {
                    X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                    bCX509ExtendedKeyManager = x509KeyManager instanceof BCX509ExtendedKeyManager ? (BCX509ExtendedKeyManager) x509KeyManager : x509KeyManager instanceof X509ExtendedKeyManager ? new ImportX509KeyManager_5((X509ExtendedKeyManager) x509KeyManager) : new ImportX509KeyManager_4(x509KeyManager);
                    BCX509ExtendedTrustManager l2 = l(jcaJceHelper, trustManagerArr);
                    a.b.nextInt();
                    this.i = new ContextData(this, a, bCX509ExtendedKeyManager, l2);
                }
            }
        }
        bCX509ExtendedKeyManager = DummyX509KeyManager.a;
        BCX509ExtendedTrustManager l22 = l(jcaJceHelper, trustManagerArr);
        a.b.nextInt();
        this.i = new ContextData(this, a, bCX509ExtendedKeyManager, l22);
    }

    public final ProvSSLParameters i(boolean z) {
        return new ProvSSLParameters(this, z ? this.e : this.f, z ? this.g : this.h);
    }

    public final String[] k() {
        Set<String> keySet = this.c.keySet();
        return (String[]) keySet.toArray(new String[keySet.size()]);
    }

    public final BCX509ExtendedTrustManager l(JcaJceHelper jcaJceHelper, TrustManager[] trustManagerArr) throws KeyManagementException {
        BCX509ExtendedTrustManager importX509TrustManager_5;
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                j.log(Level.WARNING, "Failed to load default trust managers", (Throwable) e);
            }
        }
        if (trustManagerArr != null) {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                    Class<?> cls = X509TrustManagerUtil.a;
                    if (x509TrustManager instanceof BCX509ExtendedTrustManager) {
                        return (BCX509ExtendedTrustManager) x509TrustManager;
                    }
                    if (x509TrustManager instanceof ExportX509TrustManager) {
                        return ((ExportX509TrustManager) x509TrustManager).a();
                    }
                    Constructor<? extends BCX509ExtendedTrustManager> constructor = X509TrustManagerUtil.c;
                    if (constructor != null && X509TrustManagerUtil.a.isInstance(x509TrustManager)) {
                        try {
                            importX509TrustManager_5 = constructor.newInstance(x509TrustManager);
                        } catch (Exception unused) {
                        }
                        return importX509TrustManager_5;
                    }
                    importX509TrustManager_5 = new ImportX509TrustManager_5(this.a, jcaJceHelper, x509TrustManager);
                    return importX509TrustManager_5;
                }
            }
        }
        return DummyX509TrustManager.a;
    }

    public final void m(ProvSSLParameters provSSLParameters, boolean z) {
        String[] strArr = provSSLParameters.b;
        boolean z2 = !z;
        String[] strArr2 = this.e;
        String[] strArr3 = this.f;
        if (strArr == (z2 ? strArr2 : strArr3)) {
            if (!z) {
                strArr2 = strArr3;
            }
            provSSLParameters.b = strArr2;
        }
        String[] strArr4 = provSSLParameters.c;
        String[] strArr5 = this.g;
        String[] strArr6 = this.h;
        if (strArr4 == (z2 ? strArr5 : strArr6)) {
            if (!z) {
                strArr5 = strArr6;
            }
            provSSLParameters.c = strArr5;
        }
    }

    public final String n(ProvSSLParameters provSSLParameters, int i) {
        String d = d(i);
        if (d != null) {
            String[] strArr = provSSLParameters.b;
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 >= strArr.length) {
                    break;
                }
                if (d.equals(strArr[i2])) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (z && provSSLParameters.f.permits(k, d, null) && this.c.containsKey(d) && (!this.a || FipsUtils.a.contains(d))) {
                return d;
            }
        }
        throw new IllegalStateException(a.h("SSL connection negotiated unsupported ciphersuite: ", i));
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x003e, code lost:
    
        if ((org.bouncycastle.jsse.provider.FipsUtils.b.contains(r0)) != false) goto L23;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String o(org.bouncycastle.jsse.provider.ProvSSLParameters r7, org.bouncycastle.tls.ProtocolVersion r8) {
        /*
            r6 = this;
            java.lang.String r0 = j(r8)
            if (r0 == 0) goto L41
            java.lang.String[] r1 = r7.c
            r2 = 0
            r3 = r2
        La:
            int r4 = r1.length
            r5 = 1
            if (r3 >= r4) goto L1b
            r4 = r1[r3]
            boolean r4 = r0.equals(r4)
            if (r4 == 0) goto L18
            r1 = r5
            goto L1c
        L18:
            int r3 = r3 + 1
            goto La
        L1b:
            r1 = r2
        L1c:
            if (r1 == 0) goto L41
            org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r7 = r7.f
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r1 = org.bouncycastle.jsse.provider.ProvSSLContextSpi.k
            r3 = 0
            boolean r7 = r7.permits(r1, r0, r3)
            if (r7 == 0) goto L41
            java.util.Map<java.lang.String, org.bouncycastle.tls.ProtocolVersion> r7 = r6.d
            boolean r7 = r7.containsKey(r0)
            if (r7 == 0) goto L41
            boolean r7 = r6.a
            if (r7 == 0) goto L40
            java.util.Set<java.lang.String> r7 = org.bouncycastle.jsse.provider.FipsUtils.b
            boolean r7 = r7.contains(r0)
            if (r7 == 0) goto L3e
            r2 = r5
        L3e:
            if (r2 == 0) goto L41
        L40:
            return r0
        L41:
            java.lang.IllegalStateException r7 = new java.lang.IllegalStateException
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r1 = "SSL connection negotiated unsupported protocol: "
            r0.<init>(r1)
            r0.append(r8)
            java.lang.String r8 = r0.toString()
            r7.<init>(r8)
            throw r7
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvSSLContextSpi.o(org.bouncycastle.jsse.provider.ProvSSLParameters, org.bouncycastle.tls.ProtocolVersion):java.lang.String");
    }
}
